Solved

Change LAN IP on Cisco 1721

Posted on 2006-07-18
21
344 Views
Last Modified: 2010-03-19
I want to change my inside IP to a private network (192.168.0.1 or something). I have included my startup-config (replacing both IPs with 333 and 111 for security). Any help is ALWAYS appreciated!


interface FastEthernet0
 --More--                            description To Office FastEthernet
 --More--                            ip address 33.333.333.333 255.255.255.224 secondary
 --More--                            ip address 111.111.1.11 255.255.255.248
 --More--                            speed auto
 --More--                           !
 --More--                           interface Serial0
 --More--                            description To UUNET (wcomw0l31128)
 --More--                            bandwidth 1536
 --More--                            no ip address
 --More--                            encapsulation frame-relay IETF
 --More--                            no fair-queue
 --More--                            frame-relay lmi-type ansi
 --More--                           !
 --More--                           interface Serial0.1 point-to-point
 --More--                            bandwidth 1536
 --More--                            ip unnumbered FastEthernet0
 --More--                            frame-relay interface-dlci 500 IETF  
 --More--                           !
 --More--                           ip classless
 --More--                           ip route 0.0.0.0 0.0.0.0 Serial0.1
 --More--                           no ip http server
 --More--                           ip pim bidir-enable
 --More--                           !
 --More--                           !
 --More--                           !
 --More--                           !
 --More--                           line con 0
 --More--                            password eb78c1ed61
 --More--                            login
 --More--                            transport preferred none
 --More--                           line aux 0
 --More--                            password eb78c1ed61
 --More--                            login
 --More--                            modem InOut
 --More--                            transport preferred none
 --More--                            transport input all
 --More--                            transport output pad udptn telnet rlogin ssh
 --More--                            stopbits 1
 --More--                            flowcontrol hardware
 --More--                           line vty 0 4
 --More--                            password eb78c1ed61
 --More--                            login
 --More--                            transport preferred none
 --More--                           !
 --More--                           no scheduler allocate
 --More--                           end
0
Comment
Question by:mburke3434
  • 8
  • 7
  • 6
21 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
Comment Utility
Telnet to the router;

config t

int fastethernet0
ip address 192.168.0.1 255.255.255.0

This will change the address from 111.111.111.111 to 192.168.0.1

If you want to remove 333.333.333.333, then at that prompt do this;

no ip address 333.333.333.333 255.255.255.224 secondary

Cheers,
Rajesh
0
 
LVL 12

Assisted Solution

by:Scotty_cisco
Scotty_cisco earned 250 total points
Comment Utility
!
 --More--                           interface Serial0.1 point-to-point
 --More--                            bandwidth 1536
 --More--                            ip unnumbered FastEthernet0
 --More--                            frame-relay interface-dlci 500 IETF  

I see a problem here

your serial is unnumbered to FastEthernet0 so this needs to remain a public address are you serving out public address off of this same network?

If that is the case you can't go to a private address without NATing the outbound traffic.

Thanks
scott
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Yeah I saw it there too, I assume that the author needs to have that part and apart from that, he is trying to switch his private ip inside.

Cheers,
Rajesh
0
 

Author Comment

by:mburke3434
Comment Utility
Question....

ip address 33.333.333.333 255.255.255.224 secondary   (THIS IS MY OFFICE SIDE)

ip address 111.111.1.11 255.255.255.248 (THIS IS MY OUT SIDE)

Your way had me changing Outside IP. Could you help me with the inside?

Also why are two Ip's on the same interface? shouldn't they be seperated? Did the guy who set this up do a poor job? What is meant by secondary?

Thanks for your efforts...
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Ok then do this;

Telnet to the router;

config t

int fastethernet0
ip address 192.168.0.1 255.255.255.0 secondary
no ip address 33.333.333.333 255.255.255.224 secondary  

This will change the address from 333.333.333.333 to 192.168.0.1


Regarding the configuration no the guy didn't do a poor job. Actually the advantage you get here is 2 networks on a single interface. In the same way you could have as many as (don't remember the limit, it is too high :-)) The reason on why the guy did that way is probably the router had only 2 interfaces and he had to configure 3 networks. I mean the requirement might have been like that when it was setup.

Cheers,
Rajesh
0
 

Author Comment

by:mburke3434
Comment Utility
Sorry didn't refresh the questions in awhile.....

Some background.....For whatever reason the previous admins (contract) had the doctor purchase 50 public IP's for the T1 at his practice. The PC's are all Hard coded with these 63.000.000.000 addresses. The outside is 208.000.00.000. I have dealt with all the vendors and outside services and there is no reason they all needed public IP's. One static outside IP would have suited them just fine.

I am ready to deploy a 2003 server and would like to use a private IP scheme with DHCP. How do I get my Interfaces to allow the traffic?
0
 

Author Comment

by:mburke3434
Comment Utility
Also we have another network that is 10.0.0.0 for a digital xray setup.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
I would tie the outside to a loopback if you want to stay unnumbered and then use the publics as a nat pool or whatever but I seperate the 2 address ranges.

Thanks
scott
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
You think right man. I don't believe it, I mean 50 public ips???? Jeez...

Okay, you can do it with a single public ip and can go like this;

Assumptions: => You'll have to correct me if any of this is wrong.

1. You only need outside access (clients browsing net), no webserver, email server etc.

2. You are connecting both the 10.x.x.x network and the planned 192.168.0.x network to the same router;

Configurations;

interface FastEthernet0
description To Office FastEthernet
ip address 192.168.0.1 255.255.255.0
ip address 10.0.0.1 255.255.255.0 secondary
ip nat inside
speed auto
!
interface loopback0
ip address 208.000.00.000 255.255.255.0 =>substitute for actual ip and mask
no shut

interface Serial0
 description To UUNET (wcomw0l31128)
 bandwidth 1536
 no ip address
 encapsulation frame-relay IETF
 no fair-queue
 frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
 bandwidth 1536
 ip unnumbered loopback0
 frame-relay interface-dlci 500 IETF  
 ip nat outside
!
ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server
ip pim bidir-enable
!
!
!
!
line con 0
 password eb78c1ed61
 login
 transport preferred none
line aux 0
 password eb78c1ed61
 login
 modem InOut
 transport preferred none
 transport input all
 transport output pad udptn telnet rlogin ssh
 stopbits 1
 flowcontrol hardware
line vty 0 4
 password eb78c1ed61
 login
 transport preferred none
!
no scheduler allocate
end

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
That provides the seperation but you would still need to NAT to the public's either a pool or to the interface.

Thanks
scott
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
I have those in there too Scott;

ip nat inside source list 1 interface serial0.1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255


Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
also a consideration is what services are being provided on the inside

mail server
ftp server

ECT please respond with the additional services that you need inside or if any services are in use currently that need to be mapped.

Thanks
Scott
0
 

Author Comment

by:mburke3434
Comment Utility
No mail server or ftp server....eventual TS server for offsite billing.
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Okay then the config above should work just fine. If you are adding a TS server to be accessed from internet, the addition for the configuration would be;

ip nat inside source static <PublicIPYouassignforTS> <InternalPrivateIPforTS>

that should be it and you can add access-lists to control the traffic flow for security reasons too.

Cheers,
Rajesh
0
 

Author Comment

by:mburke3434
Comment Utility
Excellent...now lets see if I can make all the configurations  work.... : )

Can I copy your startup, replace the IP's with the correct ones, and drop into the router?

Would that work?
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
that should work fine.

Thanks
Scott
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Ya. Go ahead.

Cheers,
Rajesh
0
 

Author Comment

by:mburke3434
Comment Utility
Great TY....I'll let you know how it goes....
0
 

Author Comment

by:mburke3434
Comment Utility
Thank you both....I am sure we will talk again soon!
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
My Pleasure :-)

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
anytime :D

Scott
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 72
Sonicwall NSA240 AppFlow 2 28
Homegroup issues 6 34
vMotion VLAN or just any IP address will do ? 8 26
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now