I recently found need to replace my BT infinity setup with BT Business Broadband because I needed a static IP along with additional IP addresses. Unfortunately this meant upgrading to their business package. BT offer 5 additional IP’s for the same price as just one so foolish not to take them up on this. This config will also work for 12 static addresses.
If you want to pass traffic through a router for multiple IP’s there a lots of guides out there on how to accomplish this but here is my setup and config as I am sure there are others out there wanting a similar set up to use with BT Business Broadband with multiple static IP’s. I will post the ASA config at a later date once I have finalised my set up and tidied it up a little. Apologies if this a “little baby steps” for the more Cisco savvy reading this, hopefully the not so techie will be able to follow this as well.
My set up is a Cisco 837ADSL router > Cisco ASA 5505 > Cisco 2960 Switch. I wanted to route all my available IP’s through to my firewall rather than NAT them at the router, any NAT’ing would be carried out by the firewall.
If you have the BT router home hub box, un-plug it and place it under the bed and forget about it. Then get yourself a good Cisco 837 ADSL router cheap off of the Bay of E. Less than a tenner should secure you a good one with the power supply. If you haven’t already got one then another Bay of E purchase will secure you nice blue Cisco console roll over cable. Make sure you have a com port on your PC/Server/Laptop otherwise, back to the Bay of E for a usb to com port adapter.
Next thing you will need is a copy of Putty free from http://www.putty.org and once installed your pretty much ready to go.
Before we get started there are a few things you will need from BT which they should have provided to you on email.
First you will need your username and password supplied to you.
Second you will need the IP range allocated to you. You will have 8 static IP addresses assigned to you of which 3 of these will be reserved. For example:
81.141.xx.xx2 will be your network address.
81.141.xx.xx3 – 81.141.xx.xx7 will be for use by you as you see fit.
81.141.xx.xx8 will be your router address.
81.141.xx.xx9 will be your broadcast address.
Subnet for this will be 255.255.255.248 or /29
OK ready? Here we go.
Connect your console cable to your com port or usb and the console port on the router. Make sure your putty settings are set to Serial and change the COM port to the one that’s configured for your computer to use. If you unsure check in device manager or just change the COM port number in putty until you hit the right one. Click Open to open the session.
Power on the router and you should see within a few seconds, the router running through its start up sequence. Now for the purpose of this post I am assuming you have either bought or have a router that has had its config wiped or set back to default, if not then read my other posts or google up the simple procedure of setting a router back to its default config.
If it prompts you to enter the initial configuration dialog as below enter NO and hit return. Press Return to get started and let the router run through its start up which should take 30 seconds or so.
You should finish up at the router prompt Router> if not then hit enter a couple of times.
Type en to enable exec mode which will change the prompt to Router#
No for the next bit I would suggest you copy and past the below config into your favourite text editor and modify the required sections to suit your own config and delete my comments including the (brackets). This also serves as having a backup of the router config somewhere just in case!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
Hostname router
!
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
enable secret PASSWORD123 (replace PASSWORD123 with one of your choice)
!
username admin password PASSWORD1234 (this sets the user name as admin, replace PASSWORD1234 with one of your choice)
no aaa new-model
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description ETHERNET_TO_FIREWALL (you can give the description of your choice or leave it as it is)
ip address 81.141.xx.xx8 255.255.255.248 (Use the router IP address that was supplied to you by BT)
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
hold-queue 100 out
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
description OUTSIDE_INTERFACE (you can give the description of your choice or leave as is)
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname myusername@hg70.btclick.com (enter the username provided to you by BT)
ppp chap password mypassword (enter the password provided to you by BT)
ppp pap sent-username myusername@hg70.btclick.com password mypassword (enter the username and password provided to you by BT)
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 1
no ip http secure-server
!
access-list 1 remark HTTP Access-class list
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 81.141.xx.xx2 0.0.0.7 (Use the network IP address that was supplied to you by BT)
access-list 1 deny any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 81.141.xx.xx2 0.0.0.7 any (Use the network IP address that was supplied to you by BT)
access-list 100 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 100 in
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
!
end
Once you have edited the above config to suit your own setup and removed all the comments you are ready to copy and paste it into your router.
At the Router# prompt enter the command conf t
This will drop you into configuration mode and the router prompt will show Router (config)#
Copy and paste your config from the text file you created into the router (note: use right click of the mouse to drop the contents of the clipboard into putty)
Once the config is copied it should drop you out of config mode but in case it doesn’t use either CTRL-Z or type exit to drop you out of config mode and back into exec mode.
At this point make sure save the running config to start up. There are two ways to do this. Either type wr mem or copy run start
Once the config has built and saved type reload to reboot the router, confirm the reload. Let it reboot and this time you will be prompted to enter a username and password. Enter the credentials you used in your config. Assuming you entered them correctly this will allow access to the router. Type en to enable exec mode and again enter the password you used in your config.
Finally we need to bring the ports up we configured. Make sure we are in exec mode Router# type conf t to enter configuration mode and type the following commands into the router.
int dialer1
no shut
int atm0
no shut
int eth0
no shut
exit
Finish up by saving the config again using the wr mem command.
Now if you have got this far without any issues we can test the router and connection. Plug your ADSL cable from the wall socket straight into your router port labelled ADSL. Also add yourself a network cable into port 0 and connect this to your laptop/pc/server NIC.
Configure your NIC TCP/IPv4 settings with the following IP address details. Use one of your static IP’s available to you for testing.
IP address: 81.141.xx.xx3
Subnet: 255.255.255.248
Gateway: 81.141.xx.xx8 (This is the IP for the router)
For the DNS enter Google’s standard DNS of 8.8.8.8
If all is right you should be able to ping external sites and browse the internet. It doesn’t matter which of your available static addresses you use for testing, as they all should be routed through.
It really isn’t as complicated as it first appears and to the more technically astute I am sure there are a ton of improvements that can be made to this config but its simple, works and is secure.
Next up is the firewall. Ahem!