ISP Gave us 2 ranges. Not sure what to do.

[scottatwittenberg]

So we have something like this:

Network ID: 64.120.180.40/30
Gateway: 64.120.180.41
Customer IP: 64.120.180.42
Broadcast: 64.120.180.43
Subnet: 255.255.255.252

64.119.36.128/25 is statically routed to 64.120.180.42

....
There is fiber coming in, we put it into a Catalyst 2960c 8 port switch.
If I set all of the ports to "Switch", plug a laptop into the switch, and give it the "customer ip" I can get out on the internet.

How do we use the /25 ip addresses that give us all of the static IPs?
Can we use the Catalyst as a router, put the /30 ip addresses into it, and the /25 into the Firewall? Would the gateway on the firewall be 64.119.36.129 or would it be 64.120.180.41?

I am just missing some concept here. If anyone could clarify, it would be very helpful.
Thanks in advance

 

[corge]

The /30 is your point to point with your ISP. You will need a router to handle this and the switch you have is layer 2 only.

On your router, you set the outside interface to 64.120.180.42 255.255.255.252
For your IP route statement, you route your stuff to their side, or 64.120.180.41 255.255.255.252

You might use something like:
interface GigabitEthernet0/0
description -------------> EXTERNAL TO ISP 64.120.180.41
ip address 64.120.180.42 255.255.255.252
no ip redirects
ip nat outside
ip virtual-reassembly
duplex full
speed 1000

Your ip route statement would look like:
ip route 0.0.0.0 0.0.0.0 64.120.180.41

If you want GigabitEthernet0/1 to be your inside port, I would tell you to set the sub-interface now just so you don't have to later. So something like:

interface GigabitEthernet0/1
no ip address
duplex full
speed 1000
!
interface GigabitEthernet0/1.1
description -------------> Private LAN VLAN 2
encapsulation dot1Q 2 native
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly

As you can see, the 0/0 is doing NAT OUTSIDE and the 0/1 interface is doing NAT INSIDE. That will allow you to pass those routed IP's to your devices inside your network.

You NAT all of the other IP addresses assigned to you, for example:

ip nat inside source static tcp 192.168.1.10 80 64.119.36.130 80 extendable

 

[tangoseal]

What kind of router do you have ?

You are not going to be able to route using that 2960, well there is a version of IOS floating around that will allow static routing but its very limited in what it can do. Lets just ask what kind of router you are using?

 

[/usr/home]

Corge has it pretty much bang on.

 

[scottatwittenberg]

We don't have a router. The ISP said we could put a mini-GBIC in the 2960 and make it work. So that's what we did.
All they supplied is fiber.
We have a lot of Watchguard Firebox firewalls of various flavors. I don't know the models off hand.
We downloaded the newest IOS for that 2960 that said it is able to do routing. I couldn't update the 2960 through the web interface though, it wouldn't get past the part where it uploaded the firmware to the switch.

Let me ask. What kind of router should we get? Preferably one that can use the mini-GBIC that we bought for the 2960, so it won't go to waste. (rackmount as well)

 

[corge]

You can find a Cisco 1841 or so for pretty cheap. It's the previous model to the 1900, 2900, 3900 series out right now. You can probably get a 1921 for pretty cheap right now too.

The 2960 will do static routing. I would still recommend an actual router though and not depend on what is really a layer two switch to handle routing functions.

Really what I think Cisco was trying to accomplish was let you route between SVIs and not to the Internet.

 

[/usr/home]

The switch is meant for VLAN routing and not really internet routing. You could probably make it work, but using a real router is the best way.

 

[scottatwittenberg]

The best bet would be to get something through CDW.

This was the first result under their "data routers" category:
http://www.cdw.com/shop/products/Ci...er-router-desktop-rack-mountable/2096274.aspx

Would this support the mini-GBIC? Or would we still use the 2960 to convert the fiber to Ethernet, then run into the router?

 

[/usr/home]

How does the fiber come in? Through RJ45 or LC or SC fiber? All our facilities our ISP provides us with fibre to RJ45 converters or they use a cisco router to do it. I think using the switch just to convert is a waste. Have you looked for a router with a fiber interface? How fast is your internet connection?

 

[scottatwittenberg]

50mb connection.
We tested it yesterday and it as about 97mb down and 85mb up.. I was able to download an ubuntu torrent at 8.7Mb/s.

All they provided was a metal box with 6 SC fiber connections in it. They told us to use the first 2. So we got an SC/LC cable and ran it to the mini-GBIC.

We didn't look for a router with a fiber interface, we didn't know we were supposed to get one.
Yes, every other ISP I have worked with provides a router, I don't know why this one didn't. It probably has to do with why they got such a good price on the 50mb fiber.

 

[Electrofreak]

50mb connection.
We tested it yesterday and it as about 97mb down and 85mb up.. I was able to download an ubuntu torrent at 8.7Mb/s.

All they provided was a metal box with 6 SC fiber connections in it. They told us to use the first 2. So we got an SC/LC cable and ran it to the mini-GBIC.

We didn't look for a router with a fiber interface, we didn't know we were supposed to get one.
Yes, every other ISP I have worked with provides a router, I don't know why this one didn't. It probably has to do with why they got such a good price on the 50mb fiber.

You have 50Mbps fiber and you're pulling almost 100 on download?

Someone screwed up on the shaper!

 

[just2cool]

All our facilities our ISP provides us with fibre to RJ45 converters or they use a cisco router to do it. I think using the switch just to convert is a waste.

If you care about reliability, you should never use those. All of them are cheaply made crap ... I looked like a hero when I first went to my new job and fixed a lot of circuit issues by taking all media converters and throwing them on the curb for SPs to pick up later.

Also, some SPs provide you with a fiber handoff and no router if its a building where they have a mux downstairs already -- this is especially common with metro ethernet. In SP terms, it's when the "building is lit".

 

[/usr/home]

If you care about reliability, you should never use those. All of them are cheaply made crap ... I looked like a hero when I first went to my new job and fixed a lot of circuit issues by taking all media converters and throwing them on the curb for SPs to pick up later.

Also, some SPs provide you with a fiber handoff and no router if its a building where they have a mux downstairs already -- this is especially common with metro ethernet. In SP terms, it's when the "building is lit".

These aren't your trendnet cheapo media converters, they are enterprise grade ones. Never ever have we had issues with our 12 sites.