Solved

Router config

Posted on 2013-05-23
21
432 Views
Last Modified: 2013-05-28
Experts need some pointers in identifying some info. i'm a bit confused...

i have a router that i will use as a customer edge router in an MPLS network....
the router is a 2800 series...

physical int
T1/E1 0
T1/E1 1

F0/0
F0/1


the provider gave me their IP info but im confused on what IP goes where...

WAN: 15.x.x.16/30
ISP IP: 15.x.x.17/30
Customer IP: 15.x.x.18/30
Mask: 255.255.255.252

LAN: 31.x.x.32/30
Gateway IP: 31.x.x.33/30
Usable IP: 31.x.x.34/30
Mask: 255.255.255.252


i will configure a PAT using the LAN side IP. I also have my inside network i thought that would be the inside LAN but my ISP gave me a LAN IP....my inside network 10.24.x.x/24 (our private inside network)

what goes where????

does the ISP mean "LAN" really my "WAN"...terminology is getting mixed up in my head....

T1/E1 0 >> 157.x.x.18/30 (this interface connects to the circuit)

F0/0 >> 31.x.x.34/30 (this interface goes to my switch)

so where do i configure my inside private network >> 10.24.x.x/24 ???

thanks in advance
0
Comment
Question by:lurezero
  • 9
  • 4
  • 3
  • +2
21 Comments
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39193356
In some respects, LAN and WAN are interchangeable. (i.e. when there's no NAT)
In some cases, (like the Cisco RV042), the WAN side of the router *has* to point toward the internet connection.  
This means if branch offices are going to get internet connection over the MPLS then the LAN side of their RV042s would be on their LAN - but not for the main office where it would be the opposite.
I doubt that's the case for other routers but I don't know.
To me, a router used in router mode should not have a WAN or a LAN really but just interfaces with different subnets on each.  They would not have a "direction" or "orientation".

In general, the routers would be set up in "router" or "non-NAT" mode if that matters to you.

Who has control of these routers?  The description doesn't sound like typical MPLS setups that I know of.  

What I'm used to seeing is an MPLS that looks like a switch from all offices.
This looks more like the ISP has routers involved.

The real question for you should be "What IP address do I route to for Site 1?  For Site 2? For Site 3? etc.  I don't see that information here.  It appears to only address a single site.
Normally I see the *customer* deciding these things.

Here's an example:

Site 1 < > Router 1 <> MPLS
Site 2 <> Router 2 <> MPLS
Site 3 <> Router 3 <> MPLS
etc.
Also examples:
[10.0.1.0/24] Router 1 10.100.100.1/24
[10.0.2.0/24] Router 2 10.100.100.2/24
[10.0.3.0/24] Router 3 10.100.100.3/24
so the MPLS is used with an "interim subnet" 10.100.100.0/24 and there is no gateway or ISP IP address (same thing to me).
Otherwise, it looks like you don't have a private MPLS but rather a public internet set of VPN links of sorts.  Not the same thing......

But I only have experience with one ISP in doing this.
Experience may vary.
Perhaps someone else can shed some light on the approach they've given you.....
0
 
LVL 3

Expert Comment

by:corower
ID: 39193450
wan goes on the "outside" (towards ISP).
lan - goes towards inside (local LAN).

what might be wrong - your provider gave you a /30 network for your internal needs, whereas you planned to use your own private IPs via nat/pat/masq. probably your provider thinks, that you will use another router/appliance on the "lan" side of your 2800.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39193460
WAN: 15.x.x.16/30
ISP IP: 15.x.x.17/30
Customer IP: 15.x.x.18/30
Mask: 255.255.255.252


This is a dedicated IP address to connect to your ISP. The mask is 30 here, means that only 2 host allowed in the subnet, you and your ISP.

So, you will have your T1/E1 configured with 15.x.x.18 255.255.255.252 and you will have a default route pointing to 15.x.x.17

ip route 0.0.0.0 0.0.0.0 15.x.x.17

LAN: 31.x.x.32/30
Gateway IP: 31.x.x.33/30
Usable IP: 31.x.x.34/30
Mask: 255.255.255.252


These are public IP address you can use for your email/website publishing/NAT.
The ISP will have the following route configured on their router

ip route 31.x.x.32 255.255.255.252 15.x.x.18 - pointing to you

Very strange they gave only 2 ip addresses. We have the same scenario in my organization, but we purchased 254 ip addresses (class C subnet) for publishing. You can probably buy more addresses from them

Anyway, it goes to fa0/1

conf t
int fa0/1
ip address 31.x.x.33 255.255.255.252

and

fa0/0
ip address 10.24.x.1 255.255.255.0
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39193522
One more thing to add:

conf t
int fa0/1
ip address 31.x.x.33 255.255.255.252
ip nat outside

and

fa0/0
ip address 10.24.x.1 255.255.255.0
ip nat inside


You internal subnet will be NATed to 31.x.x.33
0
 

Author Comment

by:lurezero
ID: 39194175
thank you fgasimzade. question:


demarc/circuit/PE router (15.x.x.17) >>>>    connects to >>>>   my T1 (15.x.x.18)

my F0/0 (31.x.x.34)                           >>>>>   connects to >>>>  my switch




where do i configure my 10.24 subnet? and what would it connect to?
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39194184
Do you have only 1 ethernet port on the router?
0
 

Author Comment

by:lurezero
ID: 39194241
these are my physical interfaces:

T1/E1 0
T1/E1 1

F0/0
F0/1
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39194260
You can configure it on fa0/1
0
 

Author Comment

by:lurezero
ID: 39194263
ok, and what would that interface fa0/1 connect to????
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39194269
To your switch, as well as you fa0/0 with 31 subnet
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39194708
I still don't understand how you can have a private MPLS with public internet addresses.
Are the addresses you've given real??
0
 
LVL 10

Accepted Solution

by:
Mohammed Rahman earned 250 total points
ID: 39198466
A router has to has its adjascent IPs in same network. This goes good for the WAN part WAN: 15.x.x.16/30 - ISP IP: 15.x.x.17/30

But I have no clue how can that be acheived on LAN side with LAN: 31.x.x.32/30 (provided by ISP) and 10.24.x.x/24 (that you are interested in)

The LAN interface of your router MUST have to be in the same 10.24.x.x/24 network.

F0/0 >> 31.x.x.34/30 (this interface goes to my switch)
As switch cannot do routing, how will traffic from 10.24.x.x/24 flow via switch to the router's LAN 31.x.x.32/30 ? (I am not a network expert, but I think this is not possible under normal conditions)

Probably you will not require the LAN IP provided by ISP.

Please have a look at the solution/advise on link below.
** You will have to change the IP addresses and interfaces in the below solution, as per your requirements. :)

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_21814067.html
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 250 total points
ID: 39198541
@mody2579

This is absolutely possible, he will NAT his 10.24.x.x/24 subnet to the F0/0 >> 31.x.x.34/30 on the router.

Switch should not do any routing here, default gateway for 10.24.x.x/24 will be configured on the router as F0/1, router will just NAT this traffic and forward it to the internet

I assume only 31.x.x.34/30 is routed by ISP on the Internet, 15.x.x.16/30 subnet is just used for peering and is not routable in the Internet
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 39198647
@fgasimzade

Thanks for that info.  
When you said default gateway for 10.24.x.x/24 will be configured on the router as F0/1

does it mean, 10.24.x.x/24 traffic will hit the interface F0/0 -- it will then be NAT by F0/1 as 31.x.x.34/30 and then routed to WAN interface 15.x.x.16/30

If Yes, why can't we jump from F0/0 (10.24.x.x/24) to WAN? is it not unnecessary to introduce F0/1 as 31.x.x.34/30 ?

Why shouldn't we configure F0/0 with 10.24.x.x/24 and connect 254 devices (including this router) and avoid NAT (assuming, lurezero is not in need of connecting more than 253 devices).

** Please educate me (if you are in leisure). Any links to articles explaining this phenomena or a detailed description by you would be of great help. Again, I am just learning networking, not an expert :)
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39198659
Yes, we can NAT to 15.x.x.x subnet  directly, but it depends on the ISP.

As I said in the previous post, I assume ISP routes only 31.x.x.x subnet in the Internet, 15.x.x.x is used only for peering and is not known to the outside world
0
 
LVL 3

Expert Comment

by:corower
ID: 39198688
As I said in the previous post, I assume ISP routes only 31.x.x.x subnet in the Internet, 15.x.x.x is used only for peering and is not known to the outside world  

FMPOV it seems as extremely bad practice. unnecessary hop + unnecesary micro-splitting... 15.x.x.x are absolutely normal public addresses, if they're supposed to be "not known to internet" then addresses from 10/8 or 172.16/12 or 192.168/16 should be used.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39198690
Yes, they are public, but ISP may decide not to advertise them to the outside world
0
 
LVL 3

Expert Comment

by:corower
ID: 39200364
then why use them in the first place ? :)
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39200415
It is up to ISP to decide :)

I have the same topology in my organization, /30 subnet was given from ISP for peering and we purchased /24 subnet for use
0
 
LVL 3

Expert Comment

by:corower
ID: 39201771
this is a different story - if you have the urge to route (and firewall and account) some (more than one) public IPs, that are to be all allocated to one client via PTP link, and you still are able to use that 1 IP you have on PTP links your end, it might be justified. otherwise i would look for ways of making that peering PTP link more transparent to get rid of that /30 subnet... and i would try to allocate a single IP for that client, not waste two /30s (8 IPs). okay, it's not that simple to get rid of PTP links IPs (if you want clients IP to be public), but either clients /30 or the PTP one is a complete waste. really, i can hardly imagine a situation, when ISP is unable to implement this by one hop less than it is drawn now.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39202200
How does one "not advertise"???
If it's connected into the internet then it hardly matters what you call it.

There is NO point in using public addresses (even if not connected to the internet) as there are plenty of private addresses available for your (private) use.  But, if someone who is connected to you does that then you may be stuck with it.  It's hard to imagine though that you would be constrained from using private address ranges on YOUR side of the box.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now