1 2 Previous Next 17 Replies Latest reply: Oct 18, 2010 8:30 AM by Ray33Plex RSS

    Default gateway and ip from isp

    Ray33Plex

      Ok, if the router is directly connected to the cable modem and the ip given from the isp is x.x.x.x and the default gatway is the lowest on that same subnet should the intenet port on the router be assigned the ip from the isp or should it be given the default gateway being the lowest ip from that range?

        • 1. Re: Default gateway and ip from isp
          Paul Stewart  -  CCIE Security

          If we didn't have a router, but were assigned an IP address, we would assign this address directly to the only PC that we could have on the internet.  We would then configure the "default gateway" field on the pc to be the gateway given to us by the ISP.  In other words, our IP address on the PC would be that assigned to us and the gateway would be the address that we would route all of our traffic.  When we introduce a router, the internet port of the router will receive the IP address assigned to us by the ISP and we will set the router up to use the default gateway that the ISP told us to use.  Then our pc's will use some private addressing and point to the internal port on the router as their gateway.  Make sense?

          • 2. Re: Default gateway and ip from isp
            Ray33Plex

            Ok so you are saying that the internat/wan port of the router should be given the default gateway given by the isp not the ip given? and also when routing the default route i.e 0.0.0.0. 0.0.0.0 x.x.x.x  x.x.x.x that should be assigned to the default gateway as well and not the private ip?

            • 3. Re: Default gateway and ip from isp
              Paul Stewart  -  CCIE Security

              So to be clear, your isp can give you this information via document, or via dhcp.  This includes your address, your subnet mask and the default gateway.  This information is to be configured into the device that connects to your ISP from a layer 3 perspective.  This can be a PC or a router.  The IP address, subnet mask, and default gateway is entered into your device (again pc or router, whatever connects to the ISP).  Again, this can be provided by document (for you to configure) or provided automatically via DHCP.  The IP address is what identifies the unique location of your device on the global internet.  The subnet mask is what tells the device how much of the IP address is the Network and how much of it is the host bits.  The default gateway should be a host on the network that is derived from a combination of the subnet mask and IP address.  This gateway is your ISP's router, and it is what your device uses for off-site traffic.  So I'm struggling with "should be given the default gateway given by the isp not the ip given".  You cannot derive the gateway from the IP alone, ever.  In a few cases you can derived the gateway from the subnet mask and IP combination.  The usual case is that your ISP tell you what IP address and mask to use as well as what to use for your default gateway (their router's IP address).  Again, this can be provided to you by document, or automatically by DHCP.

              • 4. Re: Default gateway and ip from isp
                Ray33Plex

                ok wow that was an explaination and a half, i appreciate it. ok heres what is happeneing. Taking the network concept that you explained though very helpfull does not take care of the problem i have at hand here. Allright i take the modem and hook it directly to the pc, do an ipconfig/all and it shows my default gateway, my subnet mask, and my ip and dns servers and such. Now when i configure the router with the 10.10.10.0 private range with a 10.10.10.2 - 10.10.10.6 pool range with ip nat inside using the 10.10.10.1 as the routers ip, Do i then assign the the default gateway as what i saw in the ipconfig/all and do i give my internet port on the router the ip my isp has given me with nat outside?

                Ok what i am trying to ask is this

                internet port = isp ip address given  or

                internet port =  isp default gateway given

                Also is it nec to set a gateway of last resort when i have just one router hooked to the pc and internet, and if so do i set it to point to the gateway or to the ip from the isp or do i set it to got to the private ip i have set for the router.

                example

                Ip route 0.0.0.0 0.0.0.0 Gateway ip address here

                ip route 0.0.0.0 0.0.0.0 routers private ip here

                or do i not need to set a gateway of last resort?

                Set up is just from pc - router - modem

                 

                 

                Please any help would be greatly apreciated

                • 5. Re: Default gateway and ip from isp
                  Paul Stewart  -  CCIE Security

                  So based on this, your modem very likely has routing capabilities as well.  In other words, the fact that you are getting a private address from the modem tells me that NAT is already being performed somewhere (most likely in your cable modem/router).  That is, in my opinion, making it confusing for you.  So this actually leads to a couple of thought processes.  The modem/router is providing an address so we could just tell your new router to automatically obtain an address and use a different internal network.  So maybe it uses 192.168.1.1 internally and 10.10.10.x on its internet port.  The internet port would be set as "nat outside" and the internal set as nat inside.  The address it receives might be 10.10.10.2 possibly with a mask of 255.255.255.0.  The gateway might be 10.10.10.1 (it would be the same gateway as was given to the pc).  Internally, it may issue 192.168.1.2-254 to PC's with a mask of 255.255.255.0.  The gateway that it gives to the PC's would then be 192.168.1.1.  Now here is the rub.  Since you are doing NAT in your new router and your cable modem/router is also doing NAT it is less than desirable (but will work with most protocols).

                   

                  Ideally, the service provider would help you put your modem/router into bridge mode and provide you with the appropriate information for you using your own router.  In this case, there would be a public IP address provided to the internet side of your router.  This could be assigned automatically via DHCP, or statically by you (based on the information they provide).  They would give you the IP address of the gateway automatically if using DHCP, or give it to you if you are doing manual assignment.  The PC's would still get an address off of the inside pool that is created by your router and would have their gateway set to the ip address of the inside address of your router.  Hope that helps.

                  • 6. Re: Default gateway and ip from isp
                    Ray33Plex

                    The modem they gave me is a cisco dpc 2100


                    Ok so you are saying that the default gateway that the pc's should be looking at would be the private ip range assigned to the routers inside ports. So if i assigned a pool range in the 10.10.10.0 range and the inside port of 10.10.10.1 for the router the default gateway should be 10.10.10.1?

                    And are you saying that i should assign a private ip for the internet port of the router with nat outside on that port to see if that works? I have been assigning the internet port the ip that the isp has provided after looking in the ipconfig after hooking it directly to the pc. When i hook the pc to the modem directly i see

                    Ip address

                    gateway address

                    dns servers

                    dhcp server

                     

                    Oh and the modem does not have any other ports except one ethernet and one usb and the coax cable for the net.

                    Now what i did was assign a dhcp pool as stated befor in the 10.10.10.0 range,nat inside with the 10.10.10.1 as the routers ip for the pc connection.

                    And for the internet i was setting it to the ip the isp gave when seen in the ipconfig when directly connected to the modem

                    also do i need to assign a gateway of last resort when doing all of this,i.e 0.0.0.0 0.0.0.0 and if so what do i assign the gateway of last resort to if it is needed for this simple setup.

                    Thank you for your patience and respnonses

                    http://www.cisco.com/web/consumer/support/modem_DPC2100.html

                    • 7. Re: Default gateway and ip from isp
                      Paul Stewart  -  CCIE Security

                      See if the attached drawing is clearer than my explanation.  Keep in mind, the GW is a global concept to the device and should not be considered part of the interface addressing.  Layer 3 (router) devices build a routing table to choose how to send traffic.  This table is not per interface, but holistic to the device.  Also, note that my first example is doing no Network Address Translation (NAT).  The second example is doing NAT on the internal router and the cable modem is a simple bridging device.  The third example shows the modem as a L3 (routing) device and is doing NAT in two places.  You should avoid doing NAT more than once if possible.

                      • 8. Question from PAUL STEWART ..
                        ijlal.tech

                        Hope u r going good... i saw this discussion informative and confusing, am sure other person is still in confusion he didn't understand yet, fortunately i was  about to perform this practicle in my home and saw this post. i am from pakistan here we get DSL lines connection that you have shown in your 3 scenario in .png file... my Question is that if i will nat my private 192.168.2.x address into another private address which 10.x.x.x address on router, will it nat and take it to the internet or give error. your answer will be highy appreciatable..thanks in ADV...

                        • 9. Re: Question from PAUL STEWART ..
                          Paul Stewart  -  CCIE Security

                          It will work if you NAT an already NAT'd address.  In other words, if your ISP gives you a private address, you can NAT it again.  Keep in mind that NAT is not a perfect solution and some protocols embed address information inside the data of a packet as opposed to just having addressing in the headers.  Telephony and FTP are examples of this.  So NAT has to look deeper into things based on protocol and if either NAT device is unaware of a particular protocol that is doing this, it might break that protocol.  So basically we are introducing complexity and potential for problems.  However in many cases around the world, ISPs are now issuing private addresses that have already been NAT'd.

                           

                          To the original poster, please post back any further confusion.  Some of these topics are fairly easy to describe on a white board interactively, but more difficult to explain in a forum like this.

                          • 10. Re: Question from PAUL STEWART ..
                            Ray33Plex

                            AHHH i see what you are saying now, that chart was handy, the only thing is when the modem is connectly directly to the PC it gives a public ip and the gateway is  in the same range except it is the lowest ip of the same range as the ip given. So what i tried originally was to assign the public ip on the outside internet port and create a dhcp pool range for the private side and give the same public gateway ip as seen on the pc when modem was directly hooked up up. For some reaosn it does not connect to Internet, very odd. It does assign the PC a private ip from the range given i even made the pool higher in host numberics and it assigned a 10.10.10.3 when i assigned that as the starteing number and a 10.10.10.2 when that was the starting ip, so the dhcp is alive and kicking in the router it just will not connect to the internet when assigned the public ip's given from the isp for some strange reason. I am at a loss. I am not sure if the modem has router capabilities since it does not assign a private ip when hooking directly to the PC just public ip's. Im thinking there must be something i am missing in the config or i am not assigning the right things. Mybe the gateway of last resort I copied my startup-config i will post it.

                            Thank you for your replies i appreciate this and le me know what you think from what i just posted.

                            Ray

                            Why can i not copy and paste my config. I will upload it from the text file. For some reason there is no paste option here,odd.

                             

                            • 11. Re: Question from PAUL STEWART ..
                              Ray33Plex

                              sorry it cut my config off here is the whole thing.

                               

                               

                               

                              Router1#show startup-config
                              Using 2499 out of 131072 bytes
                              !
                              ! Last configuration change at 18:54:18 PCTime Sat Oct 16 2010 by Ray
                              ! NVRAM config last updated at 18:54:19 PCTime Sat Oct 16 2010 by Ray
                              !
                              version 12.4
                              no service pad
                              service timestamps debug datetime msec
                              service timestamps log datetime msec
                              no service password-encryption
                              !
                              hostname Router1
                              !
                              boot-start-marker
                              boot-end-marker
                              !
                              logging buffered 51200 warnings
                              enable secret 5 $1$58e3$a7eDxxCc6zxVrrqjxxQBuQ1
                              !
                              no aaa new-model
                              !
                              resource policy
                              !
                              clock timezone PCTime -5
                              clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
                              !
                              !
                              no ip dhcp use vrf connected
                              ip dhcp excluded-address 10.0.0.1 10.10.10.1
                              ip dhcp excluded-address 10.10.10.7 10.255.255.254
                              !
                              ip dhcp pool RayPool
                                 import all
                                 network 10.0.0.0 255.0.0.0
                                 default-router 10.10.10.1
                                 dns-server 68.x.x.xxx 68.xx.xxx.xxx
                                 lease 7
                              !
                              !
                              ip cef
                              ip name-server 68.xx.xx.xxx
                              ip name-server 68.xx.xx.xxx
                              !
                              !
                              crypto pki trustpoint TP-self-signed-3666762474
                              enrollment selfsigned
                              subject-name cn=IOS-Self-Signed-Certificate-3666762474
                              revocation-check none
                              rsakeypair TP-self-signed-3666762474
                              !
                              !
                              crypto pki certificate chain TP-self-signed-3666762474
                              certificate self-signed 01 nvram:IOS-Self-Sig#3401.cer
                              username Ray privilege 15 password 0 xxxxxxxxxxxx
                              !
                              !
                              !
                              !
                              !
                              interface Ethernet0
                              description $ETH-LAN$
                              ip address 10.10.10.1 255.0.0.0
                              ip nat inside
                              ip virtual-reassembly
                              !
                              interface Ethernet1
                              description Internet$ETH-WAN$
                              ip address 17x.xx.xxx.xx 255.255.xxx.0
                              ip nat outside
                              ip virtual-reassembly
                              duplex auto
                              !
                              interface Ethernet2
                              no ip address
                              shutdown
                              !
                              interface FastEthernet1
                              duplex auto
                              speed auto
                              !
                              interface FastEthernet2
                              duplex auto
                              speed auto
                              !
                              interface FastEthernet3
                              duplex auto
                              speed auto
                              !
                              interface FastEthernet4
                              duplex auto
                              speed auto
                              !
                              !
                              ip http server
                              ip http authentication local
                              ip http secure-server
                              !
                              ip nat inside source list 5 interface Ethernet1 overload
                              !
                              access-list 1 remark SDM_ACL Category=2
                              access-list 1 permit 192.168.1.0 0.0.0.255
                              access-list 2 remark SDM_ACL Category=2
                              access-list 2 permit 192.168.1.0 0.0.0.255
                              access-list 3 remark SDM_ACL Category=2
                              access-list 3 permit 192.168.1.0 0.0.0.255
                              access-list 4 remark SDM_ACL Category=2
                              access-list 4 permit 10.0.0.0 0.255.255.255
                              access-list 5 remark SDM_ACL Category=2
                              access-list 5 permit 10.0.0.0 0.255.255.255
                              !
                              !
                              control-plane
                              !
                              !
                              line con 0
                              no modem enable
                              speed 115200
                              line aux 0
                              line vty 0 4
                              privilege level 15
                              login local
                              transport input telnet ssh
                              !
                              scheduler max-task-time 5000
                              end

                              • 12. Re: Question from PAUL STEWART ..
                                Ray33Plex

                                Anyone there?

                                • 13. Re: Question from PAUL STEWART ..
                                  Paul Stewart  -  CCIE Security

                                  So the only thing that I can spot is that there is no default route in your router.  If you look at my second example, I configured an IP address of 2.2.2.2 on the internet facing interface, and I said the ISP's router was 2.2.2.1.  I would have a route statement like "ip route 0.0.0.0 0.0.0.0 2.2.2.1" in my configuration.  So let's look at the relevant parts of your configuration.

                                   

                                  //next several lines are for DHCP
                                  //looks like you will assign addresses
                                  //10.10.10.2 - 10.10.10.6
                                  ip dhcp excluded-address 10.0.0.1 10.10.10.1
                                  ip dhcp excluded-address 10.10.10.7 10.255.255.254
                                  !
                                  ip dhcp pool RayPool
                                     import all
                                     network 10.0.0.0 255.0.0.0
                                     default-router 10.10.10.1
                                     dns-server 68.x.x.xxx 68.xx.xxx.xxx
                                     lease 7

                                   

                                  //inside interface
                                  interface Ethernet0
                                  description $ETH-LAN$
                                  ip address 10.10.10.1 255.0.0.0
                                  ip nat inside
                                  ip virtual-reassembly
                                  !

                                   

                                  //outside interface
                                  interface Ethernet1
                                  description Internet$ETH-WAN$
                                  ip address 17x.xx.xxx.xx 255.255.xxx.0
                                  ip nat outside
                                  ip virtual-reassembly
                                  duplex auto
                                  !

                                   


                                  //nat and nat acl
                                  ip nat inside source list 5 interface Ethernet1 overload
                                  !
                                  access-list 5 remark SDM_ACL Category=2
                                  access-list 5 permit 10.0.0.0 0.255.255.255
                                  !

                                   


                                  //the above is all you need except a route statement
                                  //I don't know what your ISP's first hop address is, but
                                  //it would have to be on the 17.x.xx.xxx.xx 255.255.xxx.0 network
                                  //so it would look something like

                                   

                                  ip route 0.0.0.0 0.0.0.0 17x.xx.xxx.?

                                  • 14. Re: Question from PAUL STEWART ..
                                    Ray33Plex

                                    YES YES I GOT IT...Thank you, i apreciate it. I was assigning the  default gateway all wrong and the staic default route was not set right,  once i set the default route/gateway of last resort to point to the ISP  default gateway i.e 0.0.0.0 0.0.0.0.0 ISP_Default.gateway_here , it worked.Thank you for your help I greatly apreciate  this and your patience.Also what I did was do a tracert domain_name_here.com in windows cmd and sure enough the next hop was the isp's gateway which comfirmed previuos posts. So I set the gateway of last resort using that ip.

                                    Also i had to disconnect the modem for about ten seconds also then reconnect.

                                    Once again thank you.

                                    Ray

                                    1 2 Previous Next