Simple routing (non-nat) on a Cisco 2621xm

I want to provide 5 useable IPs to the client out of our xx.146.180.128/25 address space
outside gateway is xx.146.180.129

255.255.255.248    Netmask
 xx.146.180.184    Broadcast
 xx.146.180.185    Default Gateway
 xx.146.180.186    Usable IP 1    
 xx.146.180.187    Usable IP 2    
 xx.146.180.188    Usable IP 3    
 xx.146.180.189    Usable IP 4
 xx.146.180.190    Usable IP 5
 xx.146.180.191    Broadcast


Client <--> 2621 router  <---->   internet (gw=xx.146.180.129)


How do I configure the Cisco 2621xm?

Something like:
Interface fa0/0
 Ip address xx.146.180.184 255.255.255.248
 Ip route 0.0.0.0 0.0.0.0 xx.146.180.129
 Network xx.146.180.128

How do I config fa0/1?

Thanks,
Robert
rubearAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shauncroucherCommented:
Yes, you set the ip address at the interface level and then the default root out of interface mode,

en
conf t
Interface fa0/0
ip address xx.146.180.184 255.255.255.248
exit
Ip route 0.0.0.0 0.0.0.0 xx.146.180.129

Then it depends on your routing protocol for the network statement, for RIP:

en
conf t
router rip
no auto-summary
network xx.146.180.0
end
copy run start

Shaun
0
rubearAuthor Commented:
I get "Bad mask /29 for address xx.146.180.184"
0
shauncroucherCommented:
Sorry, yes thats the broadcast.

Try

ip address xx.146.180.186 255.255.255.248

Shaun
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

shauncroucherCommented:
Also, your subnetting is a bit off there.

For the IP xx.156.180.186 it has the following network structure:

Network: xx.156.180.184
Useable address 185 - 190
Broadcast xx.156.180.191

Shaun
0
shauncroucherCommented:
So your default route would need to be reachable on one of the interfaces attached, which that one wouldn't be.

Shaun
0
sidetrackedCommented:
will u be using NAT in the 2621 router ?

if so u could do static NAT "ip nat inside source static xxxxx" using f0/0 as ip nat outside and f0/1 as ip nat inside. your f0/1 interface would then use a private address range of your choice.
0
rubearAuthor Commented:
No, not using NAT
0
sidetrackedCommented:
disregard my comment, i should read better before i comment
0
sidetrackedCommented:
if not using nat in this scenario, why use the router? what address are u thinking of using for inside and outside? u have to use different networks internally and externally for routing to take place.
0
shauncroucherCommented:
That's right, it would seem your default route is on a different network?

Ip route 0.0.0.0 0.0.0.0 xx.146.180.129

Shaun
0
rubearAuthor Commented:
We are an ISP.  We don't want the customer to have access to our entire outside netblock and especially don't want to share the outside gateway.
We count packets on the customer's interface.  Sometimes customers misbehave, bittorrent, etc.  We get threats form Time-Warner, and somethimes have to sniff.  Etc.
0
sidetrackedCommented:
u really can't do it the way u suggest.

My company is also an ISP in Sweden, when we need to assign a number of addresses to a customer we use routing to accomplish that.

like this.

we have our BGP routers peering with a number of other ISP:s and from the internet point of view inside those we have our eigrp network spreading our /19 network amongst routers in a Vlan. in one of these routers i then set up the customer network with, depending on the customer, appropriate masked network, generally /28 or /29 networks. then the customer get their little network served to them in one of our Vlans.
0
rubearAuthor Commented:
We use  VLANs to get to our customers.  All of the VLANs are at our office via a trunk.  Normally we NAT the customers, but in some cases we need simple routes with outside IPs.
0
sidetrackedCommented:
how have u made it in the past?
0
rubearAuthor Commented:
We have a fiber trunk to our facility.  On this truck is our upstream (internet) and multiple VLANs.
Must of those VLANS connect to wireless APs.  Some customers are on fiber.  We NAT to the customers at our facility via Cisco ASAs, Pixes, and Linux boxes.  In one case we use simple bridging via a Linux box for non-NAT routing.  We are trying to convert that box to a Cisco 2621.
0
rubearAuthor Commented:
>> Ip route 0.0.0.0 0.0.0.0 xx.146.180.129

No, it's not.  Here is the config:

Note the address range has changed as I'm testing on a different network segment:
x.146.180.208/28: (A 16 address block with 13 usable customer IPs.)

255.255.255.240    11110000    Netmask
 xxx.146.180.208    11010000    Broadcast
 xxx.146.180.209    11010001    Default Gateway
 xxx.146.180.210    11010010    Usable IP 1
 xxx.146.180.211    11010011    Usable IP 2
 xxx.146.180.212    11010100    Usable IP 3
 xxx.146.180.213    11010101    Usable IP 4
 xxx.146.180.214    11010110    Usable IP 5
 xxx.146.180.215    11010111    Usable IP 6
 xxx.146.180.216    11011000    Usable IP 7
 xxx.146.180.217    11011001    Usable IP 8
 xxx.146.180.218    11011010    Usable IP 9
 xxx.146.180.219    11011011    Usable IP 10
 xxx.146.180.220    11011100    Usable IP 11
 xxx.146.180.221    11011101    Usable IP 12
 xxx.146.180.222    11011110    Usable IP 13
 xxx.146.180.223    11011111    Broadcast

#router show run

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address xxx.146.180.209 255.255.255.240
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
router rip
 network xxx.0.0.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.146.180.129
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

Router#
0
rubearAuthor Commented:
OK, this is working.  I had to assign an IP to the router's outside interface (fa0/1) that had a netmask that encompassed its gateway, but did not overlap the inside address space.  So I gave it to lowest unused IP of our address space so the netmask could be as tight as possible.  I did this because Cisco does not allow an interface's netspace to overlap another interface's netspace

We have a /25 address space:
xxx.146.180.128 - xx.146.180.255

Router's outside IP: xxx.146.180.135/28
Router's outside IP: xxx.146.180.135
Router's gateway: xxx.146.180.129

Inside IPs that are routed:
xxx.146.180.210 - xxx.146.180.222
xxx.146.180.209 is the gateway for inside clients.

Here is the config:
*****************************************
hostname Router
!
!
ip subnet-zero
!
!
call rsvp-sync
!
!
interface FastEthernet0/0
 ip address xxx.146.180.209 255.255.255.240
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address xxx.146.180.135 255.255.255.240
 duplex auto
 speed auto
!
router rip
 network xxx.0.0.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.146.180.129
ip http server
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
 login
!
end
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.