Previously on Hemotips
The routers can ping each other and VMs can reach the Internet. I was happy with the results. The happiness did not last for long. The maximum speed the VMs can get is 8 Mbps. The ping latency between the two routers was about 2000 milliseconds. Thus, I wore Sherlock’s hat and pipe and I looked for the suspect. I collected the pieces of evidence and linked all the dots. I was able to find main and only suspect. I pointed my finger to the suspect, and I said “Mr. serial link between the routers. You have made the network unstable and killed the Internet connectivity between the poor VMs and the Internet”. He could not say no. I had to replace my 2 2610 routers with a CISCO 1921.
And now back to the topic.
Unlike the routers that are used in the big companies, home routers do not support the same routing protocols that are used in higher-end routers. As a result, you cannot configure BGP routes between your Cisco routers and home router. The other major problem we are facing is we cannot afford an MPLS nor corporate CPEs. Also, having internet access in your home is crucial if you are practicing services that require Internet Access Like Microsoft WSUS and others.
However, It is possible to connect your home router to your home lab router by doing the following:
- Make the Internet-facing interface to accept DHCP
- Create a NAT between your home router and Home Lab router
- Create access control lists between your internal networks and the peripheral
The network topology will look like something like the following image:
Step1: NAT and ACL Introduction
Before heading to the console and getting our hands dirty, let’s talk about NAT first. Nat stands for Network Address Translation and it is used to allow hosts with private addresses to connect to the Internet without providing public addresses for each host in the network. Most of the time, the NAT is overloaded to allow multiple private IP addresses use a single Public IP address. Learn more about NAT overloading in the link here.
ACL stands for Access Control List is one of the methods routers use to control network traffic across different networks within the router. It has the ability to control the traffic down to port level. In other words, it allows blocking SSH as an example from a certain source. ACL has two different types: standard and extended. It is used in our case to allow the internal network to reach the outside of the router. Learn more about ACL in the link here.
Step 2: NAT and ACL Configuration
Before we start, Let’s list the ports and their corresponding IPs:
The port | IP Address |
GigabitEthernet0/0 | 192.168.100.40/24 |
GigabitEthernet0/1 | 192.168.10.1/24 |
In the router IOS running the following commands:
en
conf t
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
exit
interface GigabitEthernet0/1
ip nat inside
exit
ip nat inside source list 1 interface GigabitEthernet0/0 overload
access-list 1 permit 192.168.10.0 0.0.0.255
exit
Horray your home lab network is not connected to the Internet. Please note that this configuration is designed if you have a single network in your home lab. If you are using VLAN or multiple routers in your network, this configuration may not work properly. In a future post, VLAN will be discussed, and the configuration will be modified to accommodate these changes. Stay Tuned 🙂
Step 3: Turning off ip routing on L3 switches
If you are using a L3 switch, you need to turn this functionality off. Otherwise, you will not be able to communicate with the main router and perform NATing. To turning it off please use the following command:
no ip routing
Bonus: DNS configuration on the router
Even if things are configured correctly, pinging URLs from the router will fail because DNS server is not configured in the router. The following command will configure the DNS server IP router.
ip name-server 8.8.8.8