|
|
|
|
05-19-2009, 09:03 PM
|
#1 |
I work for a small WISP and have a customer that owns a few office buildings. Our company feeds the internet to the buildings and the owner resells it to their tenants. We split the revenue and it's a win/win for all.
In one building we bought a Cisco 871 integrated services router and everyone can get out to the internet but I cannot remotely access tenant routers behind it or ping it! At our WISP we have multiple class C IP address ranges. We have one half of a class C set up for this office building. We run a static environment, so no DHCP anywhere. Also each tenant gets a public IP address. My boss said he couldn’t get the internet access working unless NAT was being used…Why would that be? Why would you give a tenant a public IP only to NAT it behind the router? Seems like a waste of IP’s to me. Here’s and example of what is set up: WAN (our feed to the building) 200.200.50.x LAN (for the office building tenants) 200.200.51.x (x = 130 – 254) A voip system has the 10.10.10.x Needs to be removed 200.200.49.x Here’s the router configuration: User Access Verification Username: admin Password: yourname#show running-config Building configuration... Current configuration : 4320 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname yourname ! boot-start-marker boot-end-marker ! logging buffered 52000 debugging ! no aaa new-model ! resource policy ! clock timezone NewYork -5 clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00 ip subnet-zero ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ip domain name yourdomain.com ip name-server 200.200.50.13 ip name-server 200.200.50.12 ! ! crypto pki trustpoint TP-self-signed-3075099920 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3075099920 revocation-check none rsakeypair TP-self-signed-3075099920 ! ! crypto pki certificate chain TP-self-signed-3075099920 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33303735 30393939 3230301E 170D3032 30333031 30303539 34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30373530 39393932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100DEC9 D21B4F4F C6A0EB90 E3382B20 EDA5F91C C9F201F8 1B55A0BD 0D06DADA 5FE1C9D9 DCA8AD14 EC6B4932 8918E4ED 0DEABEA9 EAB966AC E495BB90 D0902453 06D3E228 3E914A04 F9FF236B 60C8349D A26B9B7A 01BFED51 AC773A61 70FE69CA D902ED4F 4AB4D806 61CA2F48 521C5A39 3F03953D B92C24E5 7AE41866 C6A563C9 E61F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 149B76BF 23902CB9 43E64CCC B72D503F 6E3FC78B FA301D06 03551D0E 04160414 9B76BF23 902CB943 E64CCCB7 2D503F6E 3FC78BFA 300D0609 2A864886 F70D0101 04050003 8181003A 3B3822BF B2C183E1 FB21C48F 18C387AC 8EF01C91 F7A5272A 2BC884A6 AEEF4ED4 91EC1FA8 3D1C770C DB592F4F ABEB8268 B92E84E0 02874578 8A72D4A1 A2CF3F55 F4BC2580 FBCFD9AE 79218D40 CD7B8702 11B1A045 2D531D09 887EB87A D7C09097 ACD7B89A B92A9B86 63F33080 1EA0960B 71BE6924 296DE80A AA3F16C3 17AC4C quit username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXX ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ETH-LAN$ ip address 200.200.50.124 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface Vlan1 ip address 200.200.51.129 255.255.255.128 ip nat inside ip virtual-reassembly ! router rip network 200.200.51.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet4 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 3 interface FastEthernet4 overload ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.10.10.0 0.0.0.7 access-list 2 remark SDM_ACL Category=2 access-list 2 permit 200.200.49.0 0.0.0.255 access-list 3 remark SDM_ACL Category=2 access-list 3 permit 200.200.51.128 0.0.0.127 no cdp run ! control-plane ! banner login ^C ----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". The default username and password have a privilege le vel of 15. Please change these publicly known initial credentials using SDM or the IOS CLI. Here are the Cisco IOS commands. username <myuser> privilege 15 secret 0 <mypassword> no username cisco Replace <myuser> and <mypassword> with the username and password you want to use . ----------------------------------------------------------------------- ^C ! line con 0 login local no modem enable line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 end Beachguy |
|
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Cisco 6509, SUP2, IPv6, upgrade IOS failed | fabianV | Hardware | 0 | 07-06-2009 04:33 PM |
| Link 2 Pbx and Data through Cisco 2811 | faroz | Hardware | 0 | 04-26-2009 08:34 AM |
| Intermittent 100% Backplane Utilisation on Cisco 6500 | pkcwu | Hardware | 0 | 11-13-2008 12:13 AM |
| Immediate Cisco ICM Engineer Opportunity | StevenFalcon | Hardware | 0 | 03-07-2007 04:17 PM |
| Cisco PIX 535 No bootable image in flash | Dmitriy_K | Hardware | 1 | 11-22-2006 04:51 AM |
