Zen Internet Support Forum

Hi,

I am working for a Zen customer that has an ADSL connection with a public subnet. I have been asked to resolve a problem on the Cisco router that terminates the ADSL connection. My collegue that previously installed the router could not find any way to configure the router other than running NAT between the dialer and the LAN interfaces. However, we have a firewall behind the router and this is not a workable solution. My brief is to remove NAT from the Cisco router terminating the ADSL so that the firewall is the only NAT device.

In my previous experiences, I have placed the public subnet on the LAN port of the router and the dialer interface will be dynamically assigned an IP address outside of the customer's public subnet. The router would then route between the LAN and the dialer interfaces.

My collegue informed me that he was told that Zen could not supply this configuration. Is this true? If so, I need to bridge between the dialer and the LAN port - any ideas on how this can be achieved on a Cisco router? Or can you use ip unnumbered on the dialer interface?

Failing that, the firewall supports pppoe. Can the ADSL be bridged to the LAN so that the firewall can use pppoe to install the public IP addresses?

 Many thanks

 David Stevens

I am not familiar with Cisco routers - somebody else may be able to help there - but this is certainly possible with a Netgear DG834.

With NAT disabled on the DG834, its WAN interface acquires one of the public subnet IPs. Its LAN interface is either bridged or shares the same IP; I'm not certain as it's the gateway in either case. That configuration is sufficient to route the public subnet in and out of the network.

To support additional devices beyond the usable IP limit, I have a custom networking device behind the DG834 which NATs private IPs to one of the public IPs.

Hi Jay,

 Yes, I have also done this with a Netgear DG834G. I am hoping I can get it working with the existing Cisco router as it would be difficult to explain to the customer why I need to swap out a router costing a few hundred pounds with one costing about £50!

 Can anyone suggest the best way - is it ip unnumbered? I am going to test at home but I have only one public IP (static though which is useful).

 David

Yes - use IP unnumbered, which should be the easiest solution. This is how we assume all routers are set up when we allocate IP addresses, as the radius IP is an IP address in your range of public IPs

There is a possible alternative setup where you split your block of 8 public IP addresses into two /30 subnets (4 IPs per block), - assign the router IP (#7 in your complete range) to the external interface with a /32 subnet mask and then use one of the 4 from the lower subnet
on the internal interface with a /30 subnet mask (eg #2) leaving 1 usable IP address to assign to a device behind the router (ie #3)

eg you are assigned IPs 10.0.0.0 -> 10.0.0.7 (10.0.0.0/29 in slash notation)
Router External interface = 10.0.0.6/32
Router Internal interface = 10.0.0.1/30
Firewall WAN interface = 10.10.0.2/30

Not actually tried a setup like that myself, but it should work in theory!
 

I know you dont want to swap a Expensive Cisco box out for a cheap one, maybe you could pursuade the customer that the swap is an upgrade...

ie swap it out for a DM111p netgear modem, bridge it and use pppoe on the firwall, it works for me. that way they are future proofed for ADSL2+

I have no experience of the Cisco box... so cant help there?

Hope you come to a suitable solution.

Regards

IP Unnumbered is the easiest way to do this, and your IP addresses remain publically routeable.
I have a Cisco 3620 using an unnumbered DSL interface and it works fine - I can give you a config if you want?

The scenario James explained doesn't work too well (although it should in theory).  That was how I had it before I reconfigured the router.