Don't Back Down

It's somewhat rare that I work with Cisco equipment, but it does happen from time to time. Those days that I do, I almost always end up glad that I don't do it more often. Of course, if I did it more often, I would probably be better at it, in which case I wouldn't have quite the problems that I do. So it's sort of a catch-22 - if I did it more often, I'd not run into all the issues I do, and since I don't, I have problems. But that's not really the point here.

I was working on a Cisco 1721 Modular Access Router - this is something like a Linksys Router on steroids, and you can even find them on Amazon (this one came from eBay, I think). There are two primary differences, however - one is that, barring some utilities from Cisco, you have to configure them from the command line and two is that it's modular, meaning you can plug in all sorts of access cards.

One of those cards, the WIC-1ENET, provides an Ethernet connection for the WAN, making it even more like your standard home router. The problem is making this card work like a typical home router.

The first problem is getting an address from your Internet provider. If you're using a typical router, you check a box or choose an option from a drop-down menu that says "obtain address dynamically". Unfortunately, it's not so easy on the Cisco. You have to go in and configure the interface to retrieve the address. It will look something like this:

configure terminal<cr>
interface ethernet0<cr>
ip address dhcp client-id ethernet0<cr>
ip nat outside<cr>
control-z

At this point, your ethernet0 interface is configured to retrieve its IP address dynamically. If the WIC-1ENET card is in a different slot, you'll need to update that value accordingly. If you have a static IP address from your provider, you'll want to specify that instead of using the dhcp command. This series of commands also tells the router that the ethernet0 interface is the outside for NAT (Network Address Translation).

Now you need to assign an IP address to the inside interface. It should look like this:

configure terminal<cr>
interface fastethernet0<cr>
ip address 192.168.1.1 255.255.255.0<cr>
ip nat inside<cr>
control-z

In this example, you are accessing the fastethernet0 interface, and assigning an actual IP address (so you can use this format if you want to assign an address to the ethernet0 interface as well - just make sure to get the addresses on the correct interface). Then you tell the router that this it the inside for NAT. Almost there!

Last, but certainly not least, you need to provide some router configuration values to make everything work:

configure terminal<cr>
no ip source-route<cr>
ip nat inside source list 1 interface ethernet0 overload<cr>
access-list 1 permit 192.168.1.0 0.0.0.255<cr>
control-z

The first option may not be strictly necessary - I think it comes as a default. But if it's not on, then you will have to provide a default gateway, and that can get messy. Specifically, if you need to use the ip route command with the WIC-1ENET, you'll want to use the address of the interface - unlike some other interfaces, if you do not use the address assigned to it, it will not work.

The second option sets up the NAT pool, to which all your inside addresses will be assigned - and when they do, they will pull from the outside address, which will be "overloaded" - meaning that they will share that address. If you do not use the overload option, then you will need one outside address per inside address! The third option tells the router which inside addresses are allowed to access that pool of NAT addresses.

There is no DHCP server on the router - so if you need that, you'll need to set it up separately (I may put together an article on that, let me know if you'd like to see it). You can either use another DHCP server, or simply assign addresses manually. Just make sure that you do not assign address 192.168.1.1. If you use a different subnet, say 10.1.1.1, then just replace the address where needed above.

Did this work for you? If there's anything else you'd like to see, let me know!