Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!
To answer a recent question from a member, I decided to address the basics of Cisco router configuration in a three-part series. In part 1 of this series, "Router Configuration 101: Setting up the router," I walked you through the process of connecting a new Cisco router, configuring it through the console, and familiarizing yourself with the different IOS administrative modes the router offers. In part 2, "Router Configuration 101: Configuring and securing the router," we secured the router with passwords, applied IP addresses to interfaces, and enabled those interfaces for use.
We'll wrap up this series by connecting the router to the Internet. This process is comparable to connecting a home network to the Internet with a Linksys, Netgear, or D-Link router. These routers use Network Address Translation (NAT), which allows you to use a single IP address for several computers. We'll do the same thing with the Cisco router.
Before we get started, take a look at Figure A, which you'll recognize from our last article. This offers an illustration of what our example network looks like.
If you're wondering why using NAT is necessary, it's because we choose the IP address scheme for the LAN from the blocks of RFC 1918 private IP addresses. Because these IP addresses aren't usable on the Internet, we must translate these IP addresses into a real Internet IP address, such as one provided by an ISP.
Depending on how you want to use your network, a number of ways are available to accomplish this. However, for the purposes of this article, we just want to connect the router to the Internet. (To learn more about NAT and related topics, check out these articles: "Set up NAT using the Cisco IOS" and "Set up Port Address Translation (PAT) in the Cisco IOS.")
So, we'll use NAT to provide the IP address translation from our LAN to our WAN. While most consumer-based routers refer to NAT as a ubiquitous term, there are a few different kinds of NAT, including static NAT, pooled NAT, and NAT overload (also called port address translation, or PAT).
Consumer-based routers typically use NAT overload, which is what we'll use for this example. NAT overload involves using a single Internet IP address and multiple inside IP addresses.
Let's look at the step-by-step process for configuring NAT overload. The router needs to be in Global Configuration Mode, and the prompt should look like this: Internet-Router(config)#.
Create a pool of Internet IP addresses
For this example, we're going to overload a single Internet IP address. Since this is the only IP address we have, we'll create a pool with only one IP address in it. Listing A shows an example.
Create an access list
Next, we must determine who the router allows to use NAT to access the Internet using our NAT pool, which we can accomplish by creating an access list. For this example, we'll allow the entire internal network to use NAT to access the Internet. Listing B shows an example.
Create the NAT source list
Now, we must connect the pool and the list of users. We can accomplish this by telling the router that we want to use NAT from the inside (using the access list to define our possible source IP addresses) and go to the outside using the pool that contains our single Internet IP address. In addition, we want to overload this single Internet IP address using PAT. Listing C shows an example.
Define the inside and the outside NAT interfaces
Next, we need to tell the router which interface is the inside and which is the outside. Here's an example:
Internet-Router(config)# interface ethernet 0/0 Internet-Router(config-if)# ip nat inside Internet-Router(config-if)# exit Internet-Router(config)# Internet-Router(config)# interface serial 0/0 Internet-Router(config-if)# ip nat outside Internet-Router(config-if)# exit Internet-Router(config)#
Figure B offers a graphic representation of this process.
Configure a default route
Last time, we configured IP addresses on the router's two interfaces, letting it know which two networks it connects to. However, it doesn't know what to do with traffic that isn't on these two networks—such as the Web-browsing traffic you'll forward to it.
So, we need to tell the router to send any traffic it doesn't know what to do with to the ISP (i.e., the Internet). In other words, we need to configure a default route to the ISP. Here's an example:
Internet-Router(config)# ip route 0.0.0.0 0.0.0.0 22.214.171.124
Configure a static IP address, subnet mask, and more
Since we haven't configured Dynamic Host Configuration Protocol (DHCP) on the router, we must statically configure the PC's IP address, subnet mask, default gateway, and DNS servers. Of course, the IP address should be in the 192.168.1.2 to 254 range, and the subnet mask should be 255.255.255.0. The default gateway should match the router's LAN IP address—in this case, 192.168.1.1. You can get the DNS server IP addresses from your ISP.
After you've configured this on your PC, you should be able to browse the Internet using the router. Listing D shows a sample router's configuration.
Don't forget that this series details the basics of router configuration and takes a rather simplistic view of the process. Using a Cisco router to connect a LAN to the Internet can be quite complex and easily become frustrating, but hopefully this article will help you start off on the right foot.
David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.