Sunteți pe pagina 1din 6

The Cisco 800 series routers are part of the Branch Office category, used mainly for SOHO

purposes or for connecting remote branch offices to a central location They are fi!ed
hard"are configuration de#ices, meaning that they don$t ha#e any plug%in hard"are slots for
inserting additional interfaces to the de#ice &all the interfaces are fi!ed'
(ll the 800 series models come "ith a )%port *0+*00 managed s"itch used for connecting the
internal ,(- computers, and "ith an .OS soft"are that supports security features including the
/ire"all set The main difference of each model is the 0(- interface (ll models that end "ith
1 in the model number &ie 81*, 82*, 83*, 88*, 84*' ha#e a *0+*00 /ast 5thernet interface
as a 0(- port The other models ha#e an !6S, type 0(- port &ie (6S,, 7SH6,, 86S,9'
(lso, all models ha#e the option of a 0i/i :adio interface &the model number ends "ith a W,
eg 81*0, 8130, 82*0 etc'
.n this post . "ill describe a basic configuration scenario for connecting a Cisco 800 router for
.nternet access . "ill use a model "ith an 5thernet 0(- interface &such as 81*, 82*, 83*,
etc' since those models are the most popular
Something to ha#e in mind for all 800 series routers, the four ,(- interfaces &/50 up to /5;'
are ,ayer9 s"itch interfaces that are assigned by default to 8lan* This means that you can
not assign an .< address directly to the ,(- interfaces The .< address for the ,(-%facing side
of the router is assigned under interface Vlan1 On the other hand, the 0(- interface
&/5)' is a normal ,ayer; router port, "hich means you can assign an .< address directly on
the interface &interface FastEthernet4'
. "ill describe three basic scenarios "hich are fre=uently encountered in real net"or>s
1. Scenario *? 0(- .< address of router is assigned dynamically by the .S< ,(- .<
addresses assigned dynamically from the router to the internal <Cs
2. Scenario 9? 0(- .< address of router is static ,(- .< addresses assigned dynamically
from the router
3. Scenario ;? 0(- .< address of router is static (n internal ,(- 0eb Ser#er e!ists The
router performs a static <ort -(T &port redirection' to for"ard traffic from .nternet
to"ards the internal 0eb Ser#er
Scenario 1:
Configuration?
The follo"ing is the basic configuration needed for the simple scenario abo#e
configure terminal
enable secret somesecretpassword
! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 19!1"#!1!$ %%!%%!%%!$
default&router 19!1"#!1!1
dns&server 1$$!1$$!1$$!'"
! Do not assign addresses 1 to 30
ip dhcp e(cluded&address 19!1"#!1!1 19!1"#!1!'$
! This is the LAN facing interface of the 800 router. sed as gate!a" for PCs
interface vlan 1
ip address 19!1"#!1!1 %%!%%!%%!$
ip nat inside
no shut
! #nterfaces $%0 to $%3 are La"er & interfaces
interface FastEthernet$
no shut
interface FastEthernet1
no shut
interface FastEthernet
no shut
interface FastEthernet'
no shut
! This is the 'AN interface getting address (ia DHCP fro) the #*P
interface FastEthernet 4
no shut
ip address dhcp
ip nat outside
! Configure NAT. All internal hosts !ill +e nated on the 'AN interface
ip nat inside source list 1 interface fastethernet4 overload
access&list 1 permit 19!1"#!1!$ %%!%%!%%!$
ip route $!$!$!$ $!$!$!$ fastethernet4
line vt) $ 4
password somestrongpassword
Scenario :
Configuration?
This is the same configuration as scenario * e!cept that the 0(- .< address is static and also
the default gate"ay of our .S< is >no"n
The only difference from the configuration abo#e is on the 0(- interface and on default route?
! This is the 'AN interface !ith static #P
interface FastEthernet 4
no shut
ip address 1$$!1$$!1$$!1 %%!%%!%%!$
ip nat outside
ip route $!$!$!$ $!$!$!$ 1$$!1$$!1$$!
Scenario ':
Configuration?
Here the 0(- address is static and "e ha#e also an internal 0eb Ser#er for "hich "e need to
allo" HTT< access from .nternet To do this "e must configure a static -(T "ith port
redirection Traffic that comes to"ards our 0(- public address *00*00*00* on port 80 "ill
be redirected by the router to the internal 0eb Ser#er at address *49*28**0 on port 80
configure terminal
enable secret somesecretpassword
! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 19!1"#!1!$ %%!%%!%%!$
default&router 19!1"#!1!1
dns&server 1$$!1$$!1$$!'"
! Do not assign addresses 1 to 30
ip dhcp e(cluded&address 19!1"#!1!1 19!1"#!1!'$
! This is the LAN facing interface of the 800 router. sed as gate!a" for PCs
interface vlan 1
ip address 19!1"#!1!1 %%!%%!%%!$
ip nat inside
no shut
! #nterfaces $%0 to $%3 are La"er & interfaces
interface FastEthernet$
no shut
interface FastEthernet1
no shut
interface FastEthernet
no shut
interface FastEthernet'
no shut
! This is the 'AN interface !ith static #P
interface FastEthernet 4
no shut
ip address 1$$!1$$!1$$!1 %%!%%!%%!$
ip nat outside
! Configure NAT. All internal hosts !ill +e nated on the 'AN interface
ip nat inside source list 1 interface fastethernet4 overload
access&list 1 permit 19!1"#!1!$ %%!%%!%%!$
! Configure static NAT for port redirection
ip nat inside source static tcp 19!1"#!1!1$ #$ 1$$!1$$!1$$!1 #$ e(tendable
ip route $!$!$!$ $!$!$!$ 1$$!1$$!1$$!
line vt) $ 4
password somestrongpassword

S-ar putea să vă placă și