Configure a cisco Route and a cisco route through a fixed IP address or dial-up

Configure a cisco Route and a cisco route through a fixed IP address or dial-up

First, we will introduce the fixed IP address Internet access configuration:

Existing customers need to use cisco's 2811 router to access the Internet. The user is 10 m optical fiber and has applied for 16 fixed IP addresses,

The IP address is 58.240.160.2-58.240.160.14. The default gateway is 58.240.160.1. Intranet IP segment 192.168.1.0,

The customer wants to enable the Internet access from 192.168.1.10 to 192.168.1.20, but not from other clients.

Vroe1 e1/0 is a WAN Internet interface, and e1/1 is a LAN Intranet Interface

The topology is as follows:

Cisco2811 # configure terminal

Cisco2811 (config) # interface ethernet 1/0 enters the ethernet 1/0 interface (this port connects directly to the Internet)

Cisco2811 (config-if) # ip address 58.240.160.2 255.255.255.255.240 set the port IP address

// You can use either of the 58.240.160.2-14 addresses.

Cisco2811 (config-if) # ip nat outside sets this port as an external interface for nat address ing

Cisco2811 (config-if) # full-duplex

Cisco2811 (config-if) # no shutdown enabled Port

Cisco2811 (config-if) # interface ethernet 1/1 enters the ethernet 1/1 interface (this port is an internal network)

Cisco2811 (config-if) # ip address 192.168.1.1 255.255.255.0 set the port IP address

Cisco2811 (config-if) # ip nat inside sets this port as an internal interface for nat address ing

Cisco2811 (config-if) # full-duplex

Cisco2811 (config-if) # no shutdown enabled Port

Cisco2811 (config-if) # exit

// Set the allowed IP addresses below to access the Internet list

Cisco2811 (config) # no access-list 1 first cancel access Control list 1 in factory status

Cisco2811 (config) # access-list 1 permit host 192.168.1.10 allow access from a single host

Cisco2811 (config) # access-list 1 permit host 192.168.1.11

Cisco2811 (config) # access-list 1 permit host 192.168.1.12

Cisco2811 (config) # access-list 1 permit host 192.168.1.13

Cisco2811 (config) # access-list 1 permit host 192.168.1.14

Cisco2811 (config) # access-list 1 permit host 192.168.1.15

Cisco2811 (config) # access-list 1 permit host 192.168.1.16

Cisco2811 (config) # access-list 1 permit host 192.168.1.17

Cisco2811 (config) # access-list 1 permit host 192.168.1.18

Cisco2811 (config) # access-list 1 permit host 192.168.1.18

Cisco2811 (config) # access-list 1 permit host 192.168.1.19

Cisco2811 (config) # access-list 1 permit host 192.168.1.20

// If You Want To allow access from a CIDR Block, run the following command: access-list 1 permit 192.168.1.0 0.0.255:

Allow access from CIDR blocks of 192.168.1.0/24

Cisco2811 (config) # ip nat pool timed out 58.240.160.2 58.240.160.14 netmask timed out 240

// Define the public IP Address requested from the ISP supplier. Here, a nat address pool named "natout" is defined, and the IP address defined in this pool (58.240.160.2 to 58.240.160.14) users on the Intranet can select any available Internet IP address to access the Internet. If the ISP service provider only gives an ip address (for example, 58.240.160.2), you can write "ip nat pool natout 58.240.160.2 58.240.160.2 netmask subnet 255.255.255.240" here"

Cisco2811 (config) # ip nat inside source list 1 pool timed out overload

// Bind Access Control List 1 to address pool 'timed out. It means that when all hosts in "192.168.1.10-192.168.20" are surfing the Internet, their intranet addresses will be converted to "58.240.160.2-58.240.160.14 ".

. The subsequent "overload" indicates that if there are more than the number of addresses defined in the address pool (for example, there were 10 users accessing the internet, their respective Internet addresses are 58.240.160.2, 58.240.160.3, 58.240.160.4, 58.240.160.5, Shanghai, Shanghai, 58.240.160.8, Shanghai, 58.240.160.10, and 58.240.160.11 ). If more than 30 users suddenly access the Internet, this is to execute a task according to the above command, that is, to allow multiple Intranet users to use the same Internet address, if many users need to access the Internet, they must add the overload command. Otherwise, they can only access the Internet with the number of public IP addresses at the same time.

Cisco2811 (config) # ip route 0.0.0.0 0.0.0.0 58.240.160.1

// Set the default gateway, that is, the gateway address of the Internet IP address is the next hop address. After this configuration, you can access the Internet. However, the client must set a fixed IP address and DNS. If no DHCP service is enabled, you must set a fixed IP address.

You need to configure DHCP as follows:

Cisco2811 (config) # ip dhcp pool DHCP-test defines a DHCP address pool name

Cisco2811 (dhcp-config) # network 192.168.1.0 defines the network address range of the DHCP address pool

Cisco2811 (dhcp-config) # default-router 192.168.1.1 set the default route (that is, the gateway)

Cisco2811 (dhcp-config) # Set the dns address for DNS-server 221.6.4.66 (the migrated DNS address here)

Cisco2811 (dhcp-config) # ip dhcp excluded-address 192.168.1.1 the address of the gateway must be removed from the DHCP dynamic address pool. Otherwise, the gateway address will be dynamically allocated, resulting in a conflict.

* If there is no ip address restriction, the whole subnet can access the internet. Delete the access-list 1 permit host 192.168.1.10 to access-list 1 permit host 192.168.1.20.

Add access-list 1 permit 192.168.1.0 0.0.255.

PPPOE dial-up Internet access configuration:

The configurations of the Ethernet interface LAN remain unchanged for setting PPPOE to access the Internet. You need to change the WAN configuration and access control list of the Internet port,

Add VPDN configuration. Assume that the user name is admin and the password is 123456. The configuration process is as follows:

In this case, XX Telecom's adsl PPPoE access requires a common adsl modem, a cisco 2600 router (dual Ethernet port), and an IOS 12.2 (15) T to achieve LAN Internet sharing.

The configuration of this case is divided into seven steps:

Step 1: Configure vpdn

Vpdn enable)

Vpdn-group office (create a vpdn group named office)

Request-dialin (initialize a vpnd tunnel and create a vpdn sub-group to which the request is dial ,)

Protocol pppoe (vpdn sub-group uses pppoe to establish a session tunnel)

Step 2: configure the router interface connecting to the adsl modem (that is, the port connecting to the ISP supplier device)

Interface Ethernet1/0 (Internet interface)

No ip address

Pppoe enable allows the Ethernet interface to run pppoe

Pppoe-client dial-pool-number 1 Add the pppoe dialing client of the Ethernet interface to the dialing pool 1

Step 3: configure the logical dialing interface:

Interface Dialer1

Ip address negotiated previous automatically obtains the ip address through negotiation (or obtains the ip address through dynamic negotiation by the adsl service provider)

Ip nat outside enables NAT for this interface

Encapsulation ppp encapsulates the ppp protocol for this interface

Dialer pool 1 this interface uses the dial-up pool No. 1 for dialing

Dialer-group 1 this interface uses the dial-up pool group No. 1 for dialing, corresponding to the number of the dial-up pool

Ppp authentication pap callin enable ppp pap verification name callin

Ppp pap sent-username admin password 0 123456 use the applied user name and password (0 indicates the password

The encryption level of the Code is 0, that is, the password is not encrypted. There are 0-7 levels in total)

Step 4: Configure internal network interfaces

Interface Ethernet 1/1 (internal network interface)

Ip address 192.168.1.1 255.255.255.0

Ip nat inside enables NAT for this interface

Step 5: configure the router to provide dhcp service for the internal network host

Ip dhcp excluded-address 192.168.1.1 this IP address will not be allocated by DHCP

Ip dhcp pool dhcp-test configure dhcp address pool

Import all (import dns and wins server)

IP address range of network 192.168.1.0 255.255.255.0 DHCP address pool

Default-router 192.168.1.1 set the default route (that is, the gateway)

Step 6: Configure NAT:

Access-list 1 permit 10.1.1.0 0.0.255 set the range of IP addresses allowed to access the Internet

Ip nat inside source list 1 interface Dialer 1 overload set the source IP address for NAT address translation

And the egress port. list 1 is defined by the source IP address through the acl list, and interface dialer 1 is Intranet access.

The egress port of the Internet. Overload indicates that public IP addresses can be reused to ensure that all Intranet IP addresses can access the public network.

Step 7: configure the default route

Ip route 0.0.0.0 0.0.0.0 Dialer1