Skip navigation
Login   |   Register
Cisco Learning Home > Certifications > IP Networking (CCENT) > Discussions

_Communities

8701 Views 17 Replies Latest reply: Oct 18, 2010 8:30 AM by Ray33Plex RSS 1 2 Previous Next

Currently Being Moderated

Default gateway and ip from isp

Oct 16, 2010 10:58 AM

Ray33Plex 186 posts since
Oct 10, 2010

Ok, if the router is directly connected to the cable modem and the ip given from the isp is x.x.x.x and the default gatway is the lowest on that same subnet should the intenet port on the router be assigned the ip from the isp or should it be given the default gateway being the lowest ip from that range?

  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    1. Oct 16, 2010 11:19 AM (in response to Ray33Plex)
    Re: Default gateway and ip from isp

    If we didn't have a router, but were assigned an IP address, we would assign this address directly to the only PC that we could have on the internet.  We would then configure the "default gateway" field on the pc to be the gateway given to us by the ISP.  In other words, our IP address on the PC would be that assigned to us and the gateway would be the address that we would route all of our traffic.  When we introduce a router, the internet port of the router will receive the IP address assigned to us by the ISP and we will set the router up to use the default gateway that the ISP told us to use.  Then our pc's will use some private addressing and point to the internal port on the router as their gateway.  Make sense?

    Join this discussion now: Login / Register
  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    3. Oct 16, 2010 2:39 PM (in response to Ray33Plex)
    Re: Default gateway and ip from isp

    So to be clear, your isp can give you this information via document, or via dhcp.  This includes your address, your subnet mask and the default gateway.  This information is to be configured into the device that connects to your ISP from a layer 3 perspective.  This can be a PC or a router.  The IP address, subnet mask, and default gateway is entered into your device (again pc or router, whatever connects to the ISP).  Again, this can be provided by document (for you to configure) or provided automatically via DHCP.  The IP address is what identifies the unique location of your device on the global internet.  The subnet mask is what tells the device how much of the IP address is the Network and how much of it is the host bits.  The default gateway should be a host on the network that is derived from a combination of the subnet mask and IP address.  This gateway is your ISP's router, and it is what your device uses for off-site traffic.  So I'm struggling with "should be given the default gateway given by the isp not the ip given".  You cannot derive the gateway from the IP alone, ever.  In a few cases you can derived the gateway from the subnet mask and IP combination.  The usual case is that your ISP tell you what IP address and mask to use as well as what to use for your default gateway (their router's IP address).  Again, this can be provided to you by document, or automatically by DHCP.

    Join this discussion now: Login / Register
  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    5. Oct 16, 2010 3:34 PM (in response to Ray33Plex)
    Re: Default gateway and ip from isp

    So based on this, your modem very likely has routing capabilities as well.  In other words, the fact that you are getting a private address from the modem tells me that NAT is already being performed somewhere (most likely in your cable modem/router).  That is, in my opinion, making it confusing for you.  So this actually leads to a couple of thought processes.  The modem/router is providing an address so we could just tell your new router to automatically obtain an address and use a different internal network.  So maybe it uses 192.168.1.1 internally and 10.10.10.x on its internet port.  The internet port would be set as "nat outside" and the internal set as nat inside.  The address it receives might be 10.10.10.2 possibly with a mask of 255.255.255.0.  The gateway might be 10.10.10.1 (it would be the same gateway as was given to the pc).  Internally, it may issue 192.168.1.2-254 to PC's with a mask of 255.255.255.0.  The gateway that it gives to the PC's would then be 192.168.1.1.  Now here is the rub.  Since you are doing NAT in your new router and your cable modem/router is also doing NAT it is less than desirable (but will work with most protocols).

     

    Ideally, the service provider would help you put your modem/router into bridge mode and provide you with the appropriate information for you using your own router.  In this case, there would be a public IP address provided to the internet side of your router.  This could be assigned automatically via DHCP, or statically by you (based on the information they provide).  They would give you the IP address of the gateway automatically if using DHCP, or give it to you if you are doing manual assignment.  The PC's would still get an address off of the inside pool that is created by your router and would have their gateway set to the ip address of the inside address of your router.  Hope that helps.

    Join this discussion now: Login / Register
  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    7. Oct 16, 2010 7:55 PM (in response to Ray33Plex)
    Re: Default gateway and ip from isp

    See if the attached drawing is clearer than my explanation.  Keep in mind, the GW is a global concept to the device and should not be considered part of the interface addressing.  Layer 3 (router) devices build a routing table to choose how to send traffic.  This table is not per interface, but holistic to the device.  Also, note that my first example is doing no Network Address Translation (NAT).  The second example is doing NAT on the internal router and the cable modem is a simple bridging device.  The third example shows the modem as a L3 (routing) device and is doing NAT in two places.  You should avoid doing NAT more than once if possible.

    Attachments:
    Join this discussion now: Login / Register
  • ijlal.tech 56 posts since
    Oct 5, 2010
    Currently Being Moderated
    Question from PAUL STEWART ..

    Hope u r going good... i saw this discussion informative and confusing, am sure other person is still in confusion he didn't understand yet, fortunately i was  about to perform this practicle in my home and saw this post. i am from pakistan here we get DSL lines connection that you have shown in your 3 scenario in .png file... my Question is that if i will nat my private 192.168.2.x address into another private address which 10.x.x.x address on router, will it nat and take it to the internet or give error. your answer will be highy appreciatable..thanks in ADV...

    Join this discussion now: Login / Register
  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    9. Oct 17, 2010 6:08 AM (in response to ijlal.tech)
    Re: Question from PAUL STEWART ..

    It will work if you NAT an already NAT'd address.  In other words, if your ISP gives you a private address, you can NAT it again.  Keep in mind that NAT is not a perfect solution and some protocols embed address information inside the data of a packet as opposed to just having addressing in the headers.  Telephony and FTP are examples of this.  So NAT has to look deeper into things based on protocol and if either NAT device is unaware of a particular protocol that is doing this, it might break that protocol.  So basically we are introducing complexity and potential for problems.  However in many cases around the world, ISPs are now issuing private addresses that have already been NAT'd.

     

    To the original poster, please post back any further confusion.  Some of these topics are fairly easy to describe on a white board interactively, but more difficult to explain in a forum like this.

    Join this discussion now: Login / Register
  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    13. Oct 17, 2010 2:29 PM (in response to Ray33Plex)
    Re: Question from PAUL STEWART ..

    So the only thing that I can spot is that there is no default route in your router.  If you look at my second example, I configured an IP address of 2.2.2.2 on the internet facing interface, and I said the ISP's router was 2.2.2.1.  I would have a route statement like "ip route 0.0.0.0 0.0.0.0 2.2.2.1" in my configuration.  So let's look at the relevant parts of your configuration.

     

    //next several lines are for DHCP
    //looks like you will assign addresses
    //10.10.10.2 - 10.10.10.6
    ip dhcp excluded-address 10.0.0.1 10.10.10.1
    ip dhcp excluded-address 10.10.10.7 10.255.255.254
    !
    ip dhcp pool RayPool
       import all
       network 10.0.0.0 255.0.0.0
       default-router 10.10.10.1
       dns-server 68.x.x.xxx 68.xx.xxx.xxx
       lease 7

     

    //inside interface
    interface Ethernet0
    description $ETH-LAN$
    ip address 10.10.10.1 255.0.0.0
    ip nat inside
    ip virtual-reassembly
    !

     

    //outside interface
    interface Ethernet1
    description Internet$ETH-WAN$
    ip address 17x.xx.xxx.xx 255.255.xxx.0
    ip nat outside
    ip virtual-reassembly
    duplex auto
    !

     


    //nat and nat acl
    ip nat inside source list 5 interface Ethernet1 overload
    !
    access-list 5 remark SDM_ACL Category=2
    access-list 5 permit 10.0.0.0 0.255.255.255
    !

     


    //the above is all you need except a route statement
    //I don't know what your ISP's first hop address is, but
    //it would have to be on the 17.x.xx.xxx.xx 255.255.xxx.0 network
    //so it would look something like

     

    ip route 0.0.0.0 0.0.0.0 17x.xx.xxx.?

    Join this discussion now: Login / Register

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)