Configuring IPv4 Addresses
This chapter contains information about, and instructions for configuring IPv4 addresses on interfaces that are part of a
networking device.
Note |
All further references to IPv4 addresses in this document use only IP in the text, not IPv4. |
Reference the Chapter Map here
Information About IP Addresses
Binary Numbering
IP addresses are 32 bits long. The 32 bits are divided into four octets (8-bits). A basic understanding of binary numbering
is very helpful if you are going to manage IP addresses in a network because changes in the values of the 32 bits indicate
either a different IP network address or IP host address.
A value in binary is represented by the number (0 or 1) in each position multiplied by the number 2 to the power of the position
of the number in sequence, starting with 0 and increasing to 7, working right to left. The figure below is an example of an
8-digit binary number.
The figure below provides binary to decimal number conversion for 0 through 134.
The figure below provides binary to decimal number conversion for 135 through 255.
IP Address Structure
An IP host address identifies a device to which IP packets can be sent. An IP network address identifies a specific network
segment to which one or more hosts can be connected. The following are characteristics of IP addresses:
-
IP addresses are 32 bits long
-
IP addresses are divided into four sections of one byte (octet) each
-
IP addresses are typically written in a format known as dotted decimal
The table below shows some examples of IP addresses.
|
IP Addresses in Dotted Decimal |
IP Addresses in Binary |
|---|---|
|
10.34.216.75 |
00001010.00100010.11011000.01001011 |
|
172.16.89.34 |
10101100.00010000.01011001.00100010 |
|
192.168.100.4 |
11000000.10101000.01100100.00000100 |
|
Note |
The IP addresses in the table above are from RFC 1918, |
IP addresses are further subdivided into two sections known as network and host. The division is accomplished by arbitrarily
ranges of IP addresses to classes. For more information see RFC 791 Internet Protocol at
http://www.ietf.org/rfc/rfc0791.txt .
IP Address Classes
In order to provide some structure to the way IP addresses are assigned, IP addresses are grouped into classes. Each class
has a range of IP addresses. The range of IP addresses in each class is determined by the number of bits allocated to the
network section of the 32-bit IP address. The number of bits allocated to the network section is represented by a mask written
in dotted decimal or with the abbreviation /n where
n = the numbers of bits in the mask.
The table below lists ranges of IP addresses by class and the masks associated with each class. The digits in bold indicate
the network section of the IP address for each class. The remaining digits are available for host IP addresses. For example,
IP address 10.90.45.1 with a mask of 255.0.0.0 is broken down into a network IP address of 10.0.0.0 and a host IP address
of 0.90.45.1.
|
Class |
Range |
|---|---|
|
A (range/mask in dotted decimal) |
|
|
A (range in binary) |
|
|
A (mask in binary) |
11111111.00000000.00000000.00000000/8 |
|
B (range/mask in dotted decimal) |
|
|
B (range in binary) |
|
|
B (mask in binary) |
|
|
C (range/mask in dotted decimal) |
|
|
C (range in binary) |
|
|
C (mask in binary) |
11111111.11111111.11111111.0000000/24 |
|
D1 (range/mask in dotted decimal) |
|
|
D (range in binary) |
|
|
D (mask in binary) |
11111111.11111111.11111111.11111111/32 |
|
E2 (range/mask in dotted decimal) |
|
|
E (range in binary) |
|
|
E (mask in binary) |
11111111.11111111.11111111.11111111/32 |
|
Note |
Some IP addresses in these ranges are reserved for special uses. For more information refer to RFC 3330, |
When a digit that falls within the network mask changes from 1 to 0 or 0 to 1 the network address is changed. For example,
if you change 10101100.00010000.01011001.00100010/16 to 10101100.00110000.01011001.00100010/16 you have changed the network
address from 172.16.89.34/16 to 172.48.89.34/16.
When a digit that falls outside the network mask changes from 1 to 0 or 0 to 1 the host address is changed. For example,
if you change 10101100.00010000.01011001.00100010/16 to 10101100.00010000.01011001.00100011/16 you have changed the host address
from 172.16.89.34/16 to 172.16.89.35/16.
Each class of IP address supports a specific range of IP network addresses and IP host addresses. The range of IP network
addresses available for each class is determined with the formula 2 to the power of the number of available bits. In the case
of class A addresses, the value of the first bit in the 1st octet (as shown in the table above) is fixed at 0. This leaves
7 bits for creating additional network addresses. Therefore there are 128 IP network addresses available for class A (27 =
128).
The number of IP host addresses available for an IP address class is determined by the formula 2 to the power of the number
of available bits minus 2. There are 24 bits available in a class A addresses for IP host addresses. Therefore there are 16,777,214
IP hosts addresses available for class A ((224) — 2 = 16,777,214)).
|
Note |
The 2 is subtracted because there are 2 IP addresses that cannot be used for a host. The all 0’s host address cannot be used |
The table below shows the network and host addresses available for each class of IP address.
|
Class |
Network Addresses |
Host Addresses |
|---|---|---|
|
A |
128 |
16,777,214 |
|
B |
16,3843 |
65534 |
|
C |
2,097,1524 |
254 |
.
IP Network Subnetting
The arbitrary subdivision of network and host bits in IP address classes resulted in an inefficient allocation of IP space.
For example, if your network has 16 separate physical segments you will need 16 IP network addresses. If you use 16 class
B IP network addresses, you would be able to support 65,534 hosts on each of the physical segments. Your total number of supported
host IP addresses is 1,048,544 (16 * 65,534 = 1,048,544). Very few network technologies can scale to having 65,534 hosts on
a single network segment. Very few companies need 1,048,544 IP host addresses. This problem required the development of a
new strategy that permitted the subdivision of IP network addresses into smaller groupings of IP subnetwork addresses. This
strategy is known as subnetting.
If your network has 16 separate physical segments you will need 16 IP subnetwork addresses. This can be accomplished with
one class B IP address. For example, start with the class B IP address of 172.16.0.0 you can reserve 4 bits from the third
octet as subnet bits. This gives you 16 subnet IP addresses 24 = 16. The table below shows the IP subnets for 172.16.0.0/20.
|
Number |
IP Subnet Addresses in Dotted Decimal |
IP Subnet Addresses in Binary |
|---|---|---|
|
05 |
172.16.0.0 |
10101100.00010000.00000000.00000000 |
|
1 |
172.16.16.0 |
10101100.00010000.00010000.00000000 |
|
2 |
172.16.32.0 |
10101100.00010000.00100000.00000000 |
|
3 |
172.16.48.0 |
10101100.00010000.00110000.00000000 |
|
4 |
172.16.64.0 |
10101100.00010000.01000000.00000000 |
|
5 |
172.16.80.0 |
10101100.00010000.01010000.00000000 |
|
6 |
172.16.96.0 |
10101100.00010000.01100000.00000000 |
|
7 |
172.16.112.0 |
10101100.00010000.01110000.00000000 |
|
8 |
172.16.128.0 |
10101100.00010000.10000000.00000000 |
|
9 |
172.16.144.0 |
10101100.00010000.10010000.00000000 |
|
10 |
172.16.160.0 |
10101100.00010000.10100000.00000000 |
|
11 |
172.16.176.0 |
10101100.00010000.10110000.00000000 |
|
12 |
172.16.192.0 |
10101100.00010000.11000000.00000000 |
|
13 |
172.16.208.0 |
10101100.00010000.11010000.00000000 |
|
14 |
172.16.224.0 |
10101100.00010000.11100000.00000000 |
|
15 |
172.16.240.0 |
10101100.00010000.11110000.00000000 |
address and must be used carefully.
When a digit that falls within the subnetwork (subnet) mask changes from 1 to 0 or 0 to 1 the subnetwork address is changed.
For example, if you change 10101100.00010000.01011001.00100010/20 to 10101100.00010000.01111001.00100010/20 you have changed
the network address from 172.16.89.34/20 to 172.16.121.34/20.
When a digit that falls outside the subnet mask changes from 1 to 0 or 0 to 1 the host address is changed. For example, if
you change 10101100.00010000.01011001.00100010/20 to 10101100.00010000.01011001.00100011/20 you have changed the host address
from 172.16.89.34/20 to 172.16.89.35/20.
Timesaver |
To avoid having to do manual IP network, subnetwork, and host calculations, use one of the free IP subnet calculators available |
Some people get confused about the terms network address and subnet or subnetwork addresses and when to use them. In the
most general sense the term network address means “the IP address that routers use to route traffic to a specific network
segment so that the intended destination IP host on that segment can receive it”. Therefore the term network address can apply
to both non-subnetted and subnetted IP network addresses. When you are troubleshooting problems with forwarding traffic from
a router to a specific IP network address that is actually a subnetted network address, it can help to be more specific by
referring to the destination network address as a subnet network address because some routing protocols handle advertising
subnet network routes differently from network routes. For example, the default behavior for RIP v2 is to automatically summarize
the subnet network addresses that it is connected to their non-subnetted network addresses (172.16.32.0/24 is advertised by
RIP v2 as 172.16.0.0/16) when sending routing updates to other routers. Therefore the other routers might have knowledge of
the IP network addresses in the network, but not the subnetted network addresses of the IP network addresses.
Tip |
The term IP address space is sometimes used to refer to a range of IP addresses. For example, “We have to allocate a new |
IP Network Address Assignments
Routers keep track of IP network addresses to understand the network IP topology (layer 3 of the OSI reference model) of
the network to ensure that IP traffic can be routed properly. In order for the routers to understand the network layer (IP)
topology, every individual physical network segment that is separated from any other physical network segment by a router
must have a unique IP network address.
The figure below shows an example of a simple network with correctly configured IP network addresses. The routing table in
R1 looks like the table below.
|
Interface Ethernet 0 |
Interface Ethernet 1 |
|---|---|
|
172.31.32.0/24 (Connected) |
172.31.16.0/24 (Connected) |
The figure below shows an example of a simple network with incorrectly configured IP network addresses. The routing table
in R1 looks like the table below. If the PC with IP address 172.31.32.3 attempts to send IP traffic to the PC with IP address
172.31.32.54, router R1 cannot determine which interface that the PC with IP address 172.31.32.54 is connected to.
|
Ethernet 0 |
Ethernet 1 |
|---|---|
|
172.31.32.0/24 (Connected) |
172.31.32.0/24 (Connected) |
To help prevent mistakes as shown in the figure above, Cisco IOS-based networking devices will not allow you to configure
the same IP network address on two or more interfaces in the router when IP routing is enabled.
The only way to prevent the mistake shown in the figure below, where 172.16.31.0/24 is used in R2 and R3, is to have very
accurate network documentation that shows where you have assigned IP network addresses.
|
Ethernet 0 |
Serial 0 |
Serial 1 |
|---|---|---|
|
172.16.32.0/24 (Connected) |
192.168.100.4/29 (Connected) 172.16.31.0/24 RIP |
192.168.100.8/29 (Connected) 172.16.31.0/24 RIP |
For a more thorough explanation of IP routing, see the «Related Documents» section for a list of documents related to IP
routing.
Classless Inter-Domain Routing
Due to the continuing increase in internet use and the limitations on how IP addresses can be assigned using the class structure
shown in the table above, a more flexible method for allocating IP addresses was required. The new method is documented in
RFC 1519
Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy. CIDR allows network administrators to apply arbitrary masks to IP addresses to create an IP addressing plan that meets the
requirements of the networks that they administrate.
For more information on CIDR, refer to RFC 1519 at
http://www.ietf.org/rfc/rfc1519.txt.
Prefixes
The term prefix is often used to refer to the number of bits of an IP network address that are of importance for building
routing tables. If you are using only classful (strict adherence to A, B, and C network address boundaries) IP addresses,
the prefixes are the same as the masks for the classes of addresses. For example, using classful IP addressing, a class C
IP network address such as 192.168.10.0 uses a 24-bit mask (/24 or 255.255.255.0) and can also be said to have a 24-bit prefix.
If you are using CIDR, the prefixes are arbitrarily assigned to IP network addresses based on how you want to populate the
routing tables in your network. For example, a group of class C IP addresses such as 192.168.10.0, 192.168.11.0, 192.168.12.0,
192.168.13.0 can be advertised as a single route to 192.168.0.0 with a 16-bit prefix (192.168.0.0/16). This results in a 4:1
reduction in the number of routes that the routers in your network need to manage.
How to Configure IP Addresses
Establishing IP Connectivity to a Network by Assigning an IP Address to an Interface
Perform this task to configure an IP address on an interface.
SUMMARY STEPS
-
enable
-
configure
terminal
-
interface
type
number
-
no
shutdown
-
ip
address
ip-address
mask
-
end
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
Example: |
Enters global configuration mode. |
|
Step 3 |
Example: |
Specifies an interface and enters interface configuration mode. |
|
Step 4 |
Example: |
Enables the interface. |
|
Step 5 |
Example: |
Configures the IP address on the interface. |
|
Step 6 |
Example: |
Exits the current configuration mode and returns to privileged EXEC mode. |
Troubleshooting Tips
The following commands can help troubleshoot IP addressing:
-
show
ip
interface
—Displays the IP parameters for the interface. -
show
ip
route
connected
—Displays the IP networks the networking device is connected to.
Increasing the Number of IP Hosts that Are Supported on a Network by Using Secondary IP Addresses
If you have a situation in which you need to connect more IP hosts to
a network segment and you have used all of the available IP host addresses for
the subnet to which you have assigned the segment, you can avoid having to
readdress all of the hosts with a different subnet by adding a second IP
network address to the network segment.
Perform this task to configure a secondary IP address on an
interface.
SUMMARY STEPS
-
enable
-
configure
terminal
-
interface
type
number
-
no
shutdown
-
ip
address
ip-address
mask
-
ip
address
ip-address
mask
secondary
-
end
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
Example: |
Enters global configuration mode. |
|
Step 3 |
Example: |
Specifies an interface and enters interface configuration mode. |
|
Step 4 |
Example: |
Enables the interface. |
|
Step 5 |
Example: |
Configures the IP address on the interface. |
|
Step 6 |
Example: |
Configures the secondary IP address on the interface. |
|
Step 7 |
Example: |
Exits the current configuration mode and returns to privileged |
Troubleshooting Tips
The following commands can help troubleshoot IP addressing:
-
show
ip
interface
—Displays the IP parameters for the interface. -
show
ip
route
connected
—Displays the IP networks the networking device is connected to.
What to Do Next
If your network has two or more routers and you have already configured a routing protocol, make certain that the other routers
can reach the new IP network that you assigned. You might need to modify the configuration for the routing protocol on the
router so that it advertises the new network. Consult the
Cisco IOS IP Routing: Protocol-Independent Configuration Guide for information on configuring routing protocols.
Maximizing the Number of Available IP Subnets by Allowing the Use of IP Subnet Zero
If you using subnetting in your network and you are running out of network addresses, you can configure your networking device
to allow the configuration of subnet zero. This adds one more usable network address for every subnet in your IP addressing
scheme. The table above shows the IP subnets (including subnet 0) for 172.16.0.0/20.
Perform this task to enable the use of IP subnet zero on your networking device.
SUMMARY STEPS
-
enable
-
configure
terminal
-
ip
subnet-zero
-
interface
type
number
-
no
shutdown
-
ip
address
ip-address
mask
-
end
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
Example: |
Enters global configuration mode. |
|
Step 3 |
Example: |
Enables the use of IP subnet zero. |
|
Step 4 |
Example: |
Specifies an interface and enters interface configuration mode. |
|
Step 5 |
Example: |
Enables the interface. |
|
Step 6 |
Example: |
Configures the subnet zero IP address on the interface. |
|
Step 7 |
Example: |
Exits the current configuration mode and returns to privileged EXEC mode. |
Troubleshooting Tips
The following commands can help troubleshoot IP addressing:
-
show
ip
interface
—Displays the IP parameters for the interface. -
show
ip
route
connected
—Displays the IP networks the networking device is connected to.
Specifying the Format of Network Masks
By default,
show commands display an IP address and then its netmask in dotted decimal notation. For example, a subnet would be displayed
as 131.108.11.55 255.255.255.0.
You might find it more convenient to display the network mask in hexadecimal format or bit count format instead. The hexadecimal
format is commonly used on UNIX systems. The previous example would be displayed as 131.108.11.55 0XFFFFFF00.
The bit count format for displaying network masks is to append a slash (/) and the total number of bits in the netmask to
the address itself. The previous example would be displayed as 131.108.11.55/24.
Specifying the Format in Which Netmasks Appear for the Current Session
Perform this task to specify the format in which netmasks appear for the current session.
SUMMARY STEPS
-
enable
-
term
ip
netmask-format
{bitcount | decimal | hexadecimal }
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
Example: |
Specifies the format the router uses to display network masks. |
Specifying the Format in Which Netmasks Appear for an Individual Line
Perform this task to specify the format in which netmasks appear for an individual line.
SUMMARY STEPS
-
enable
-
configure
terminal
-
line
vty
first
last
-
term
ip
netmask-format
{bitcount | decimal | hexadecimal } -
end
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
Example: |
Enters global configuration mode. |
|
Step 3 |
Example: |
Enters line configuration mode for the range of lines specified by the first and last arguments. |
|
Step 4 |
Example: |
Specifies the format the router uses to display the network mask for an individual line. |
|
Step 5 |
Example: |
Exits the current configuration mode and returns to privileged EXEC mode. |
Using IP Unnumbered
Interfaces on Point-to-Point WAN Interfaces to Limit Number of IP Addresses
Required
If you have a limited
number of IP network or subnet addresses and you have point-to-point WANs in
your network, you can use the IP Unnumbered Interfaces feature to enable IP
connectivity on the point-to-point WAN interfaces without actually assigning an
IP address to them.
Perform this task to
configure the IP Unnumbered Interfaces feature on a point-to-point WAN
interface.
IP Unnumbered Feature
The IP Unnumbered Interfaces feature enables IP processing on a
point-to-point WAN interface without assigning it an explicit IP address. The
IP unnumbered point-to-point WAN interface uses the IP address of another
interface to enable IP connectivity, which conserves network addresses.
|
Note |
The following restrictions apply to the IP Unnumbered Interfaces
|
SUMMARY STEPS
-
enable
-
configure
terminal
-
interface
type
number
-
no
shutdown
-
ip
address
ip-address
mask
-
interface
type
number
-
no
shutdown
-
ip
unnumbered
type
number
-
end
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
Example: |
Enters global configuration mode. |
|
Step 3 |
Example: |
Specifies an interface and enters interface configuration mode. |
|
Step 4 |
Example: |
Enables the interface. |
|
Step 5 |
Example: |
Configures the IP address on the interface. |
|
Step 6 |
Example: |
Specifies a point-to-point WAN interface and enters interface |
|
Step 7 |
Example: |
Enables the point-to-point WAN interface. |
|
Step 8 |
Example: |
Enables the IP unnumbered feature on the point-to-point WAN In this example the point-to-point WAN interface uses IP address |
|
Step 9 |
Example: |
Exits the current configuration mode and returns to privileged |
Troubleshooting Tips
The following commands can help troubleshoot IP addressing:
-
show
ip
interface
—Displays the IP parameters for the interface. -
show
ip
route
connected
—Displays the IP networks the networking device is connected to.
Using IP addresses with 31-Bit Prefixes on Point-to-Point WAN Interfaces to Limit Number of IP Addresses Required
You can reduce the number of IP subnets used by networking devices to establish IP connectivity to point-to-point WANs that
they are connected to by using IP Addresses with 31-bit Prefixes as defined in RFC 3021.
Perform this task to configure an IP address with a 31-bit prefix on a point-to-point WAN interface.
RFC 3021
Prior to RFC 3021,
Using 31-bit Prefixes on IPv4 Point-to-Point Links , many network administrators assigned IP address with a 30-bit subnet mask (255.255.255.252) to point-to-point interfaces
to conserve IP address space. Although this practice does conserve IP address space compared to assigning IP addresses with
shorter subnet masks such as 255.255.255.240, IP addresses with a 30-bit subnet mask still require four addresses per link:
two host addresses (one for each host interface on the link), one all-zeros network address, and one all-ones broadcast network
address.
The table below shows an example of the four IP addresses that are created when a 30-bit (otherwise known as 255.255.255.252
or /30) subnet mask is applied to the IP address 192.168.100.4. The bits that are used to specify the host IP addresses in
bold.
|
Address |
Description |
Binary |
|---|---|---|
|
192.168.100.4/30 |
All-zeros IP address |
11000000.10101000.01100100.00000100 |
|
192.168.100.5/30 |
First host addresses |
11000000.10101000.01100100.00000101 |
|
192.168.100.6/30 |
Second host address |
11000000.10101000.01100100.00000110 |
|
192.168.100.7/30 |
All-ones broadcast address |
11000000.10101000.01100100.00000111 |
Point-to-point links only have two endpoints (hosts) and do not require broadcast support because any packet that is transmitted
by one host is always received by the other host. Therefore the all-ones broadcast IP address is not required for a point-to-point
interface.
The simplest way to explain RFC 3021 is to say that the use of a 31-bit prefix (created by applying a 31-bit subnet mask
to an IP address) allows the all-zeros and all-ones IP addresses to be assigned as host addresses on point-to-point networks.
Prior to RFC 3021 the longest prefix in common use on point-to-point links was 30-bits, which meant that the all-zeros and
all-ones IP addresses were wasted.
The table below shows an example of the two IP addresses that are created when a 31-bit (otherwise known as 255.255.255.254
or /31) subnet mask is applied to the IP address 192.168.100.4. The bit that is used to specify the host IP addresses in bold
|
Address |
Description |
Binary |
|---|---|---|
|
192.168.100.4/31 |
First host address |
11000000.10101000.01100100.00000100 |
|
192.168.100.5/31 |
Second host address |
11000000.10101000.01100100.00000101 |
The complete text for RFC 3021 is available at
http://www.ietf.org/rfc/rfc3021.txt .
Before you begin
You must have classless IP addressing configured on your networking device before you configure an IP address with a 31-bit
prefix on a point-to-point interface. Classless IP addressing is enabled by default in many versions of Cisco IOS software.
If you are not certain that your networking device has IP classless addressing configured, enter the
ip
classless command in global configuration mode to enable it.
|
Note |
This task can only be performed on point-to-point (nonmultiaccess) WAN interfaces. |
SUMMARY STEPS
-
enable
-
configure
terminal
-
ip
classless
-
interface
type
number
-
no
shutdown
-
ip
address
ip-address
mask
-
end
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
Example: |
Enables privileged EXEC mode.
|
||
|
Step 2 |
Example: |
Enters global configuration mode. |
||
|
Step 3 |
Example: |
(Optional) Enables IP classless (CIDR).
|
||
|
Step 4 |
Example: |
Specifies a point-to-point WAN interface and enters interface configuration mode. |
||
|
Step 5 |
Example: |
Enables the interface. |
||
|
Step 6 |
Example: |
Configures the 31bit prefix IP address on the point-to-point WAN interface. |
||
|
Step 7 |
Example: |
Exits the current configuration mode and returns to privileged EXEC mode. |
Troubleshooting Tips
The following commands can help troubleshoot IP addressing:
-
show
ip
interface
—Displays the IP parameters for the interface. -
show
ip
route
connected
—Displays the IP networks the networking device is connected to.
Configuration Examples for IP Addresses
Example Establishing IP Connectivity to a Network by Assigning an IP Address to an Interface
The following example configures an IP address on three interfaces:
!
interface FastEthernet0/0
no shutdown
ip address 172.16.16.1 255.255.240.0
!
interface FastEthernet0/1
no shutdown
ip address 172.16.32.1 255.255.240.0
!
interface FastEthernet0/2
no shutdown
ip address 172.16.48.1 255.255.240.0
!
Example Increasing the Number of IP Hosts that are Supported on a Network by Using Secondary IP Addresses
The following example configures secondary IP addresses on three interfaces:
!
interface FastEthernet0/0
no shutdown
ip address 172.16.16.1 255.255.240.0
ip address 172.16.32.1 255.255.240.0 secondary
!
!
interface FastEthernet0/1
no shutdown
ip address 172.17.16.1 255.255.240.0
ip address 172.17.32.1 255.255.240.0 secondary
!
!
interface FastEthernet0/2
no shutdown
ip address 172.18.16.1 255.255.240.0
ip address 172.18.32.1 255.255.240.0 secondary
!
Example Using IP Unnumbered
Interfaces on Point-to-Point WAN Interfaces to Limit Number of IP Addresses
Required
The following
example configures the unnumbered IP feature on three interfaces:
!
interface FastEthernet0/0
no shutdown
ip address 172.16.16.1 255.255.240.0
!
interface serial0/0
no shutdown
ip unnumbered fastethernet0/0
!
interface serial0/1
no shutdown
ip unnumbered fastethernet0/0
!
interface serial0/2
no shutdown
ip unnumbered fastethernet0/0
!
Example Using IP addresses
with 31-Bit Prefixes on Point-to-Point WAN Interfaces to Limit Number of IP
Addresses Required
The following
example configures 31-bit prefixes on two interfaces:
!
ip classless
!
interface serial0/0
no shutdown
ip address 192.168.100.2 255.255.255.254
!
!
interface serial0/1
no shutdown
ip address 192.168.100.4 255.255.255.254
Example Maximizing the Number of Available IP Subnets by Allowing the Use of IP Subnet Zero
The following example enables subnet zero:
!
interface FastEthernet0/0
no shutdown
ip address 172.16.16.1 255.255.240.0
!
ip subnet-zero
!
Where to Go Next
If your network has two or more routers and you have not already configured a routing protocol, consult the
Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4T, for information on configuring routing protocols.
Additional References
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
Cisco IOS Master Commands List, All Releases |
|
IP addressing commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples |
Cisco IOS IP Addressing Services Command Reference |
|
Fundamental principles of IP addressing and IP routing |
IP Routing Primer ISBN 1578701082 |
Standards
|
Standard |
Title |
|---|---|
|
No new or modified standards are supported, and support for existing standards has not been modified |
— |
MIBs
|
MIB |
MIBs Link |
|---|---|
|
No new or modified MIBs are supported, and support for existing MIBs has not been modified |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found http://www.cisco.com/go/mibs |
RFCs
|
RFC6 |
Title |
|---|---|
|
RFC 791 |
Internet Protocol http://www.ietf.org/rfc/rfc0791.txt |
|
RFC 1338 |
Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy |
|
RFC 1466 |
Guidelines for Management of IP Address Space |
|
RFC 1716 |
Towards Requirements for IP Routers |
|
RFC 1918 |
Address Allocation for Private Internets |
|
RFC 3330 |
Special-Use IP Addresses |
the IETF RFC site at http://www.ietf.org/rfc.html for a full list of RFCs.
Technical Assistance
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use |
http://www.cisco.com/cisco/web/support/index.htmll |
Feature Information for IP Addresses
The following table provides release information about the feature or features described in this module. This table lists
only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Classless Inter-Domain Routing |
10.0 |
CIDR is a new way of looking at IP addresses that eliminates the concept of classes (class A, class B, and so on). For example, The following command was introduced or modified: |
|
IP Subnet Zero |
10.0 |
In order to conserve IP address space IP Subnet Zero allows the use of the all-zeros subnet as an IP address on an interface, The following command was introduced or modified: |
|
IP Unnumbered Interfaces |
10.0 |
In order to conserve IP address space, IP unnumbered interfaces use the IP address of another interface to enable IP connectivity. The following command was introduced or modified: |
|
Using 31-bit Prefixes on IP Point-to-Point Links |
12.0(14)S 12.2(4)T |
In order to conserve IP address space on the Internet, a 31-bit prefix length allows the use of only two IP addresses on |
Базовая настройка маршрутизатора для CCNA и ICND. Назначение IP-адресов на интерфейсы маршрутизатора.
Предположим, что после деления сети 192.168.0.0/24 на 3 подсети A, B и C (по 100, 50, 2 хоста соответственно) мы получили такие подсети: A — 192.168.0.0/25, B — 192.168.0.128/26, C — 192.168.0.192/30.
Первый адрес подсети A надо назначить на интерфейс маршрутизатора fastethernet 0/0.
Первый адрес подсети B надо назначить на интерфейс маршрутизатора fastethernet 0/1.
Первый адрес подсети C надо назначить на интерфейс маршрутизатора serial 0/0/0. Причем на один конец кабеля (DCE) для интерфейса serial необходимо назначить clock rate (задать время для синхронизации сигнала), а для другого (DTE) этого делать не надо.
// Так я буду обозначать комментарии.
-
Устанавливаем консольное соединение через гипертерминал со следующими настройками:
- Скорость: 9600; Биты данных: 8; Четность: Нет; Стоповые биты: 1; Управление потоком: Нет;
- Router>enable//Входим в привилегированный режим.
- Router#
- Router#erase startup-config//Очищаем маршрутизатор от предыдущих настроек.
- Router#reload//Перезагружаем маршрутизатор.
- Would you like to enter the initial configuration dialog? [yes/no]: no//После перезагрузки маршрутизатора IOS спросит, надо ли настраивать маршрутизатор в режиме диалога. Откажитесь.
- Router>enable//Снова входим в привилегированный режим.
- Router#
- Router#configure terminal//входим в режим глобальной конфигурации
- Router(config)#hostname R1//даём имя маршрутизатору, в данном случае R1
- R1(config)#no ip domain-lookup//выключаем поиск DNS
- R1(config)#enable secret class//включаем пароль на вход привилегированного режима
- R1(config)#banner motd #//Настраиваем сообщение дня (message of the day). Между знаками «#» пишем сообщение.
!!!ACCESS DENIED!!!
# - R1(config)#line console 0//Входим в режим настройки консоли.
- R1(config-line)#password cisco//Назначаем пароль на вход.
- R1(config-line)#login//Включаем запрос пароля перед входом в консоль.
- R1(config-line)#exit
- R1(config)#line vty 0 4//Входим в режим настройки телнета.
- R1(config-line)#password cisco//Назначаем пароль на вход.
- R1(config-line)#login//Включаем запрос пароля перед входом с помощью телнета.
- R1(config-line)#end
- R1#show running-config//Проверяем введенные данные.
- R1#copy running-config startup-config//Сохраняем произведенную настройку в энерго-независимую память. Сейвы помогают не только геймерам
Были случаи когда ПакетТрейсер вис и приходилось всё делать заново. - R1#configure terminal//снова заходим в режим глобальной конфигурации
- R1(config)#interface fastethernet 0/0//заходим в режим конфигурации интерфейса
- R1(config-if)#ip address 192.168.0.1 255.255.255.128//назначаем IP-адрес интерфейсу и маску 255.255.255.128 (эта маска является расшифровкой префикса /25)
- R1(config-if)#des Subnet A//краткое описание интерфейса
- R1(config-if)#no shutdown//включаем интерфейс
- R1(config)#interface fastethernet 0/1//заходим в режим конфигурации интерфейса
- R1(config-if)#ip address 192.168.0.129 255.255.255.192//назначаем IP-адрес интерфейсу и маску 255.255.255.128 (эта маска является расшифровкой префикса /25)
- R1(config-if)#des Subnet B//краткое описание интерфейса
- R1(config-if)#no shutdown//включаем интерфейс
- R1(config)#interface serial 0/0/0//заходим в режим конфигурации интерфейса
- R1(config-if)#ip address 192.168.0.193 255.255.255.252//назначаем IP-адрес интерфейсу и маску 255.255.255.128 (эта маска является расшифровкой префикса /25)
- R1(config-if)#des Link to R2//краткое описание интерфейса
- R1(config-if)#clock rate 64000//задаем время сигнала для синхронизации со вторым роутером. На втором роутере этого делать не надо!
- R1(config-if)#no shutdown//включаем интерфейс
- R1(config-line)#end//выходим в привилегированный режим EXEC Mode
- R1#show running-config//Проверяем введенные данные.
- R1#copy running-config startup-config//Сохраняем произведенную настройку в энерго-независимую память.
Скачать выполненное задание настройки роутера
Предлагаю скачать файл с выполненным заданием для программы эмулятора PacketTracer, открыть его и посмотреть на реализацию (пароль на консольный вход — cisco, на привилегированный режим — class).
Заметьте, что компьютер PC1 может нормально пинговать компьютер PC2, но не может пинговать PC3. Это происходит из-за не настроенной маршрутизации. А настроим мы её в следующей шпаргалке 
Настройка роутера копированием конфигурации
-
Для автоматической базовой настройки (всё, что выше) маршрутизатора выполните следующие действия:
- 1. Скопируйте текст ниже в буфер обмена: выделите всё, кликните правой кнопкой по выделенному и выберите «Копировать».
- 2. При необходимости очистите роутер от всех настроек и перезагрузите его.
- 3. Войдите в режим глобальной конфигурации и вызовите меню Гипер Терминала «Правка», а в нём «Передать главному компьютеру».
- 4. Обязательно проверьте настройки с помощью команды
show running-config - 5. При необходимости включите интерфейсы командой no shutdown из режима каждого интерфейса
The interface is the port at which the router connects to a given network. It acts as an entry or exit point for data that is to be transmitted through the router. Every interface must be labeled or assigned an IP address, which should be unique among all the IP addresses in the network.
In Cisco Packet Tracer, to understand the process of assigning IP addresses, we will be using routers. This is because a router has many interfaces to connect to different networks and also after configuring a router by any routing protocol(RIP, static routing, etc.), we can observe how an interface and an IP address work in a router.
Steps to configure an IP address for an interface of a router in Cisco Packet Tracer:
Step 1: Open Cisco Packet Tracer and select the following devices:
S.NO |
Device |
Quantity |
|---|---|---|
1. |
PC | 4 |
2. |
Router | 2 |
IPv4 Addressing Table:
S.NO |
Device |
IPv4 Address |
Subnet Mask |
Default Gateway |
|---|---|---|---|---|
1. |
PC0 | 192.168.10.1 | 255.255.255.0 | 192.168.10.2 |
2. |
PC1 | 192.168.20.1 | 255.255.255.0 | 192.168.20.2 |
3. |
PC2 | 192.168.30.1 | 255.255.255.0 | 192.168.30.2 |
4. |
PC3 | 192.168.40.1 | 255.255.255.0 | 192.168.40.2 |
- Create the following topology and label the configuration as shown in the figure:
- Also, assign the respective IP addresses and default gateways to all 4 PCs.
Step 2: In Cisco Packet Tracer, assigning IP addresses to an interface of a router can either be done through the command line or the GUI mode. Both of them are discussed as follows:
Through command line mode:
- Firstly, enter the command line by clicking on any router and then selecting the CLI tab.
- Enter config mode by typing the following commands in the command line:
en config t
- Now we can assign IP addresses to their respective interfaces. To do this, firstly we need to enter into the interface we want to assign the IP address. This is done by typing the keyword interface followed by the label of the interface.
Interface [label of the interface]:
For example:
interface fa0/0
- After entering the interface, type the command IP address followed by the IP address you want to assign and also followed by the subnet mask of the IP address assigned.
IP address [IP address to be assigned] [subnet mask of the IP address]
For example:
IP address 192.168.20.2 255.255.255.0
- After assigning the IP address type, the command no shutdown to activate the port. Initially, all the ports of the router are switched off, so we need to manually activate them. You would also note that the color of the triangles representing the ports of the router changes to green and also start pointing upward.
For example:
no shutdown
- At last, exit the interface by typing the following command:
exit
- Repeat the above steps for all the interfaces of the router, and then for all interfaces of other routers as well.
Following is the image of the command line of the router after configuring all interfaces:
For a better understanding of the process, you may refer to the following simulation:
Through GUI mode:
- Click on any router and select the Config tab from the above tabs.
- Now find the interface to which you want to assign the IP address, from the tabs available on the left side of the window.
For example:
- After selecting the interface, fill in the IP address and the subnet mask in the fields named IPv4 Address and Subnet Mask.
For example:
- Activate the port by checking the checkbox labeled as On for the Port Status option.
For example:
The interface of the router has been assigned an IP address.
- Repeat the above steps for all the interfaces of the router, and then for all interfaces of other routers as well.
Simulation Result:
Last Updated :
21 Jul, 2022
Like Article
Save Article
Configuring routers is a routine operation for network administrators. Enterprise-grade routers are very different from consumer-grade routers, though. Consumer-grade routers come mostly configured out of the box. Likewise, consumer-grade ISP services typically configure home ‘routers’ with a dynamic IP address.
In contrast, business-grade ISP services assign static IP addresses. Before an enterprise-grade router can be installed in a network, it needs to have an IP address assigned to it first. So, we will walk through how to configure an IP address on a Cisco router today.
Configuring a Cisco router with an IP address is not a complicated process. There are typically four steps involved:
-
Verify the current interface configuration of the router
-
Choose the interface that you want to assign an IP address to
-
Assign the IP address
-
Enable the interface on the Cisco router
We will walk through each of those steps, explain how to complete them, and why they are essential.
An Overview of How to Configure IP Addresses on Cisco Devices [VIDEO]
In this video, Jeremy Cioara covers assigning IP addresses and enabling interfaces on Cisco routers. Unlike switches, which are essentially plug and play, routers require a bit of configuration before they can do what they were designed to. You’ll see a straightforward, four-step process to enabling interfaces that will equip you to do this yourself.
How to Display Interfaces on a Cisco Device
Before you assign an IP address to a Cisco router, you need to know the current configuration of that device. Typically, Cisco routers have all their interfaces shut down out of the box. Therefore, we need to verify the state of those interfaces before proceeding, especially if this router is being re-used.
The rest of the instructions through this article will assume that you are connected to the Cisco router.
To show the interfaces in a Cisco router, use the ‘show IP interface brief’ command in the console window. For example, this command will output the following information:
-
Each interface and interface name
-
The IP address for that interface
-
Whether each interface is up or down on the Layer 1 level (status column)
-
Whether each interface is up or down on the Layer 2 level (protocol column)
The Status and Protocol columns will have one of three messages:
-
Down
-
Administratively Down
-
Up
Each message has a clear indication of the status of its associated interface. The ‘Up’ message is self-explanatory. That means that the associated interface is working correctly. The ‘Administratively Down’ message indicates that the interface is disabled by configuration. Otherwise, the network admin purposefully disabled that interface for some reason. Finally, the ‘Down’ message means the associated interface isn’t working for other reasons (like unplugging the network cable from the network port).
Out of the box, Cisco routers have the ‘Administratively Down’ configuration for each interface. This is different from Cisco Switches. Cisco Switches come pre-configured out of the box. They can be safe to implement into an existing network almost right away. On the other hand, an unconfigured router can make a network inoperable.
That’s because an improperly configured router can send data from the network into a black hole. Routers are the pieces of equipment that push data to and from networks or network segments. If a router isn’t correctly configured, it won’t know where to send that information to. Hence, that data is sent to purgatory. It is simply dropped from the network.
So, you need to verify the status of the interfaces on a Cisco router before you configure an IP address for it. We need to configure as much of the router as possible before connecting it to a network, so this is an excellent first step.
What is the Difference Between Status and Protocol on a Cisco Router?
When you use the ‘show IP interface brief’ command in the console when connected to a Cisco router, the router will dump information about each interface on the router to the console display. That information will include the link-state labeled as ‘Status’ and ‘Protocol.’
Many new network admins may not understand the difference between both states. After all, aren’t they both the same?
The ‘Status’ and ‘Protocol’ states represent different layers of the OSI networking model, though. The ‘Status’ column represents Layer one, or the physical connection layer. The ‘Protocol’ column represents Layer 2 of the OSI model. The physical layer explains whether a cable is physically connected or if the physical hardware for that interface is working correctly. The protocol layer explains whether that interface is receiving signals that it can understand and recognize.
Understanding the difference between Layer 1 and Layer 2 and their operational status is essential for configuring Cisco routers and diagnosing issues with them down the road.
How to Choose an Interface to Assign an IP Address on a Cisco Device
When we configure an IP address for a new Cisco router, we need to verify the current state of the interfaces of that router. After we confirm the state of those interfaces, we need to select an interface in the console before configuring an IP address. This process is easy.
Running the ‘show IP interface brief’ command in the console of a Cisco router will list each interface and the designation for those interfaces. Pay attention to those interfaces. Also, make sure to match the interface in the console with the physical interface on the Cisco router. That way, you don’t plug the ethernet cable into the wrong port.
To select an interface in the console, first enter the global configuration mode in the router. Then, use the ‘configure terminal’ command in the console to enter configuration mode.
After switching to the configuration mode in the router, use the ‘interface’ command followed by the interface itself to select that interface. You can also add a question mark after the ‘interface’ command instead of the interface designation for additional help.
Interface g0/0
In the example above, we used interface g0/0. That means we selected the first interface that is a gigabit ethernet port on our router. The interfaces in your Cisco router may be labeled differently depending on the device you are configuring.
How to Assign an IP Address to a Cisco Router
Before we can assign an IP address to a Cisco router, we need to complete a couple of steps. First, we need to run the ‘show IP interface brief’ command. This will list each interface in the router as well as their status. Then, we need to enter global configuration mode with the ‘configure terminal’ command and select an interface using the ‘interface’ command in the console of that router. The ‘interface’ command must be followed by the interface designation. Once we have our interface selected, we can assign an IP address to it.
Assigning an IP address to an interface in a Cisco router is as simple as using the ‘IP address’ command. That command must be followed by the IP address for that interface port as well as its subnet.
Ip address 192.168.1.1 255.255.255.0
Entering that command will not produce any confirmation messages unless there was an error. In this case, no news is good news.
After assigning the IP address to an interface in a Cisco router, run the ‘show IP interface brief’ command again. When that command displays information about each interface in the router, you should see the IP address assigned to your chosen interface under the IP address column. If you do not, try repeating the process.
That’s it! It’s that simple to assign an IP address to a Cisco router.
How to Find the IP Address to Assign to a Cisco Router
Many new network admins may not understand where to find the IP address to assign to a new Cisco router. Those admins may have received that information from a senior network administrator or through documentation, but if those resources aren’t available, where would you find the IP address to assign to a Cisco router?
Often, that information comes from the ISP (Internet Service Provider). Businesses will typically choose to have a static IP address assigned to them from their ISP.
This is done for stability reasons. In a dynamic environment, the external IP address of a network can be changed by the ISP. If your business hosts something like a VPN, though, that could be an issue. Static IP addresses keep network configurations static for things like VPNs or DNS entries.
This is in stark contrast to the typical consumer-grade ISP connection. In these cases, the ISP will always use DHCP to assign a network address to consumer customers. But, of course, a business can use DHCP addresses, too. This is more common with small and medium-sized companies that may not need to host services that depend on a static IP address.
Cisco routers can be configured to use DHCP instead of being assigned a static IP address, too. To do that, add ‘dhcp’ instead of the IP address and subnet mask to the ‘IP address’ command in the console in a Cisco router.
Ip address DHCP
How to Enable an Interface on a Cisco Router
After configuring an IP address for a Cisco router, you will most likely need to enable the interface to be active. Cisco routers come with all the interfaces on them shut down out of the box. This is for important network safety reasons. So, the interface you just configured needs to be enabled.
First, we can verify a Cisco router’s status and configuration using the ‘show run’ command from the configuration console for a Cisco device. That command will display all the current information for that device and its interfaces. More than likely, the information displayed from that command will be too much to fit on your screen. Use the space button to jump through the configuration information.
Look for the configuration information for the interface you need to enable. This should show that the interface is currently administratively down.
Once the status of that interface has been verified, we need to enable it. First, we need to select that interface. Use the ‘interface’ command in the console followed by the interface name.
E.g., interface GigabitEthernet0/0
In our example, the name of the interface we are working with is GigabitEthernet0/0. Of course, the name of the interface you are working with may be different.
Now that the interface is selected, use the ‘no shutdown’ command to enable that interface. If all goes well, you should see three messages. The first message shows that the interface is down. The next two messages should state that the ‘Status’ and ‘Protocol’ are now up. You should also see lights blinking next to the physical interface port that you just configured on the router.
Remember that the status and protocol states in a Cisco router represent different layers of the OSI network model. The status state represents layer 1, while the protocol state represents layer 2. This is why the console shows two different status prompts after running the ‘no shutdown’ command.
Wrapping Up
We covered a lot of information in this article! Consider this guide a rough tutorial on assigning an IP address to a Cisco router. Still, we did not cover other important topics like what a subnet is or how to secure a router. If you would like to learn more, consider our CCNA training.
Though assigning an IP address to a Cisco router is easy, it is also very routine. Furthermore, this is a function that you will perform a lot as a network admin. So, let’s go over how to assign an IP address to a Cisco router with a short and sweet tl;dr instruction set.
-
Verify the interface status with the ‘show IP interface brief’ command.
-
After verifying all interfaces are down, enter global configuration mode with the ‘configure terminal’ command.’
-
Select the interface you want to configure with the ‘interface’ command followed by the interface name.
-
Assign an IP address to that interface with the ‘ip address’ command followed by the IP address and the subnet mask for that interface.
-
Run the ‘show IP interface brief’ command again to verify the IP address has been assigned to the network interface.
-
Run the ‘no shutdown’ command to enable that interface.
That’s it! Keep these instructions handy until they become second nature. Businesses use static IP addresses for all sorts of things, but above all else, they use static IP addresses to keep networks from breaking or requiring additional maintenance. Understanding how to assign an IP address to a Cisco router is vital for any network admin.
Read the article BASIC CONFIGURATION OF THE CISCO ROUTER. ACCESS TO THE INTERNET in 
English
Рассмотрим схему подключения офиса к сети Интернет с помощью маршрутизатора Cisco. Для примера возьмем модель Cisco 881. Команды для настройки других маршрутизаторов (1841, 2800, 3825…) будут аналогичными Различия могут быть в настройке интерфейсов, вернее в их названиях и нумерации.
В схеме присутствуют:
- канал в Интернет со статическим адресом
- несколько компьютеров в локальной сети офиса
- маршрутизатор
- коммутатор, который используется для организации локальной сети офиса
Задача: обеспечить доступ компьютеров локальной сети в Интернет.
Шаг 0. Очистка конфигурации
Первое, с чего стоит начать настройку нового маршрутизатора – полностью очистить стартовую конфигурацию устройства. (Выполнять только на новом или тестовом оборудовании!) Для этого нужно подключиться с помощью специального кабеля к консольному порту маршрутизатора, зайти в командную строку и выполнить следующее:
Войти в привилегированный режим(#), возможно потребуется ввести логин/пароль.
router> enable
Удалить стартовую конфигурацию
router# write erase
/подтверждение/
Перезагрузить маршрутизатор
router# reload
/подтверждение/
После выполнения маршрутизатор должен перезагрузиться в течение 3ех минут, а при старте вывести запрос о начале базовой настройки. Следует отказаться.
Would you like to enter the basic configuration dialog (yes/no): no
В текущей конфигурации маршрутизатора будут только технологические строки по умолчанию, и можно приступать к основной настройке.
Шаг 1. Имя устройства
Задание имени маршрутизатора для удобства последующего администрирования выполняется командой hostname «название устройства»
router#conf t
router (config)#hostname R-DELTACONFIG
R-DELTACONFIG(config)#
Шаг 2. Настройка интерфейсов
Необходимо настроить 2 интерфейса: внешний и внутренний.
Через внешний интерфейс будет осуществляться связь с Интернет. На нем будут те ip адрес и маска сети, которые предоставил Интернет провайдер.
Внутренний интерфейс будет настроен для локальной сети 192.168.0.0 /24
Предположим, что оператор связи предоставил нам следующие адреса:
- Сеть 200.150.100.0
- Маска подсети 255.255.255.252 или /30
- Шлюз по умолчанию 200.150.100.1
Настроим внешний интерфейс: зададим ip адрес и сетевую маску, и включим его командой no shut
R-DELTACONFIG#conf t
R-DELTACONFIG (config)#
interface Fa 4
ip address 200.150.100.2 255.255.255.252
no shutdown
После этого соединяем этот интерфейс маршрутизатора с портом оборудования провайдера при помощи прямого патч корда и далее проверяем его доступность командой ping.
Сначала собственный интерфейс
R-DELTACONFIG#ping 200.150.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.150.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Затем соседний адрес — шлюз провайдера
R-DELTACONFIG#ping 200.150.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.150.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/10 ms
Убедившись в доступности шлюза Провайдера, переходим к настройке внутреннего интерфейса.
В локальной сети будет использоваться следующая адресация
- Сеть 192.168.0.0
- Маска подсети 255.255.255.0
- Внутренний адрес маршрутизатора, который выполняет роль шлюза в Интернет для всех хостов в сети, 192.168.0.1
- Диапазон внутренних адресов сети (пользователи, принтеры, серверы и.т.д.) советую начинать с адреса 192.168.0.5
- Максимально возможный доступный для использования адрес в этой сети будет 192.168.0.254
- Адреса с 192.168.0.2 до 192.168.0.4 оставим про запас для непредвиденных технологических нужд
Для настройки внутреннего интерфейса локальной сети следует зайти в режим конфигурирования виртуального интерфейса Vlan 1, задать на нем ip адрес и соотнести ему один из физических интерфейсов маршрутизатора (Fa 0).
R-DELTACONFIG#conf t
interface Vlan 1
Ip address 192.168.0.1 255.255.255.0
no shutdown
Выбираем физический интерфейс маршрутизатора и соотносим его с виртуальным Vlan
interface Fa 0
switchport access vlan 1
no shutdown
Для наглядности:
ip address => interface Vlan X => interface Fastethernet Y
Ip адрес присваивается виртуальному интерфейсу Vlan X, а он привязывается к физическому интерфейсу Fastethernet Y.
Интерфейс маршрутизатора Fa 0 нужно соединить с коммутатором, где располагаются рабочие станции локальной сети или напрямую с рабочей станцией администратора. После этого проверить доступность этого интерфейса маршрутизатора с помощью ping из командной строки.
Шаг 3 Настройка удаленного доступа к маршрутизатору
Получить доступ к консоли маршрутизатора можно не только с помощью консольного кабеля, но и удаленно с помощью протоколов Telnet(данные передаются в открытом виде) или SSH(защищенное соединение).
Рассмотрим настройку безопасного подключения.
Включаем протокол SSH 2 версии и задаем произвольное имя домена
R-DELTACONFIG (config)#
ip ssh ver 2
ip domain-name xxx.ru
Генерируем ключи rsa, необходимые для подключения. При запросе указываем 1024.
crypto key generate rsa
How many bits in the modulus [512]: 1024
Задаем имя пользователя с правами администратора и его пароль (*****)
username admin privilege 15 secret 0 *****
Включаем авторизацию через локальную базу устройства (тот пользователь, которого создали строчкой выше)
line vty 0 4
login local
Задаем пароль на привилегированный режим
enable secret 0 *****
После этого при помощи специальной программы, поддерживающей протокол SSH можно зайти в командную строку маршрутизатора удаленно с любой из рабочих станций локальной сети. При авторизации следует ввести логин и пароль, которые были задан. Подробнее про доступ на устройство по протоколу SSH написано в этой статье.
Шаг 4. Шлюз по умолчанию
Для маршрутизации пакетов в сеть Интернет на устройстве необходимо указать шлюз по умолчанию(default gateway).
R-DELTACONFIG (config)#
ip route 0.0.0.0 0.0.0.0 200.150.100.1
После этого можно проверить не только доступность оборудования провайдера, но и полностью канала в Интернет. Для этого необходимо запустить ping до любого адреса во внешней сети в цифровой форме(DNS для локальной сети лучше настраивать после настройки маршрутизатора). Для примера возьмем адрес лидера на рынке ping – www.yandex.ru (93.158.134.3)
R-DELTACONFIG#ping 93.158.134.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 93.158.134.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/10 ms
Важно!
Обратите внимание, что на данный момент ping внешних адресов работает только(!) будучи запущенным из консоли управления маршрутизатором. Рабочие станции локальной сети все еще не имеют доступа в Интернет.
Шаг 5 Настройка трансляции адресов (NAT)
Для доступа в Интернет из локальной сети необходимо динамически транслировать все внутренние адреса в определенный внешний ip адрес. В нашем случае, так как провайдер предоставляет только один внешний адрес 200.150.100.2 (определяется маской подсети /30 в условиях примера), то все адреса локальной сети должны транслироваться в него.
Указываем список внутренних адресов, которые будем транслировать во внешний адрес.
R-DELTACONFIG (config)#
ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.0.255
Указываем внутренний интерфейс для процедуры трансляции
Interface Vlan 1
ip nat inside
Указываем внешний интерфейс для процедуры трансляции
Interface Fa 4
ip nat outside
Создаем правило трансляции (NAT)
ip nat inside source list ACL_NAT interface fa4
В результате должен появиться доступ с любой рабочей станции локальной сети в Интернет при условии, что шлюзом по умолчанию указан внутренний ip адрес маршрутизатора (192.168.0.1). Проверить можно с помощью команды ping до адреса в Интернет из командной строки. Желательно, чтобы проверяемый адрес был в цифровом виде, чтобы исключить потенциальные проблемы с DNS именами.
Важно!
В указанном примере меняется собственный адрес источника. Если в процессе работы необходимо транслировать адрес назначения — пускать траффик на вымышленный адрес, чтобы попасть на некий настоящий, то прочитайте статью ip nat outside.
Важно!
Не стоит оставлять полный доступ в Интернет со всех адресов локальной сети. Советую после проверки работоспособности соединения для безопасности ограничить доступ в Интернет и разрешить его только с конкретных адресов — например с прокси сервера и рабочих станций администратора и/или директора. О том как это сделать можно прочитать в статье «немного об access lists«.
Важно!
Не забудьте сохранить конфигурацию на всех устройствах командой write или copy run start. Иначе после перезагрузки все изменения будут потеряны.
R-DELTACONFIG#write
Building configuration...
[OK]