Request for assistance in configuring routers

pjaroch
pjaroch Posts: 8  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security

Good morning

I have a request for help in configuring our routers.

We received from Orange a CTS HES-3112-CL-DR device for MetroEthernet service, it is the edge device connecting us to the fiber optic internet.

It has a client address of 83.x.x.230, its gateway is 83.x.x.229 /30

We got the public addresses on another subnet, on the CTS device which is:

212.x.x.176 - 212.x.x.183 /29

176 stands for network and 183 for broadcast, so we've got available: 212.x.x.177 - 212.x.x.182

One RJ45 connector comes out of the device, so we had to figure out how to do it, so what we came up with looks like this:


We start from CTS device and connect to the switch with RJ45 cable. Then we go to first router USG310, then to the hosts. And we come from switch to USG60 and to the hosts as well.

USG310 has to have one of the addresses, e.g. 212.x.x.177

USG60 has to have another one, e.g. 212.x.x.178

And now the question - how to do it? How could be the best option? We are looking forward for your help. We didn't have a chance to make it through like that before - so please tell us what would be the easiest and the most practical solution for that connection.

Thank you in advance.

All Replies

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    212.x.x.176 - 212.x.x.183 /29

    176 stands for network and 183 for broadcast, so we've got available: 212.x.x.177 - 212.x.x.182

    But what is the default gateway IP address of this IP block ?

  • pjaroch
    pjaroch Posts: 8  Freshman Member
    First Anniversary Friend Collector First Comment

    As Orange said - we guess that the default gateway IP address is 212.X.X.176

    We heard that we should probably make a routing from the client IP address (83...) to public available IP addresses, for example - 212.X.X.177 or another 178... up to 182

    But we might be wrong. If it's not clear enough we will be able to call Orange hotline and ask them how to make it correctly. Then we will come back here to ask for details (they are using Cisco so it could be a little bit different than they say)

    Tell us what do you think about it, thanks

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Orange should tell you which 212.X.X.X IP is the default gateway of this IP block.

    And if they can provide the example configuration of Cisco router is also help to know how to map the settings on USG.


    Then based on the topology, comes other questions of the requirement:

    1. Do you need the hosts behind USG310 & USG60 can access each other
    2. What's the IP address subnets you plan for hosts behind USG310 & USG60


  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    edited August 2019

    Hello all.

    I may be wrong, but when I did something similar in my previous work, one ip from range 212.x.x.177 - 212.x.x.182 must be set on Orange a CTS HES-3112-CL-DR, and after that it will gw for all range.

    Edit: yes, it is wright. I rechecked.

    So HES-3112-CL-DR must have 2 public ips, main on wan port and 1 from 212.x.x.177 - 212.x.x.182 range on lan port.

    After that you set on each ZW one other ip from range and set gw HES-3112-CL-DR ip.

    After that all must work properly without additional routes.

    If you need access between ZWs, you must configure firewall rule to access traffic from ZW ip and add policy route from lan1 to lan 2 with ip of other ZW as gw.

  • pjaroch
    pjaroch Posts: 8  Freshman Member
    First Anniversary Friend Collector First Comment

    Hello,

    Orange said that we have 2 IP classes.

    83... is a direct connection address

    212... is a public LAN address (? - i dont understand that) which we can use to connect to the hosts

    They said that we have to use 212.x.x.177 as a default gateway for the hosts and then we can give the hosts addresses between 178 - 182.

    1st interface should have /30 mask, 2nd interface /29

    They also said that we should make a default route 0.0.0.0 for 83.x.x.229 and then as another class use default gateway on 212.x.x.177 and set the hosts addresses from 178 to 182.

    I don't fully understand how it works - what if I would completly don't know anything about network stuff - I would never set that by myself...

    Do you have any idea about how to make it correct?

    Thanks

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2019

    Hi @pjaroch

    From your description “public lan”, it looks like you need another router for routing subnet 212.x.x.177 - 212.x.x.182 to Internet.

    The topology should be like that,

    HES-3112-CL-DR----------(external interface)-Router-(Internal interface)------(Wan interface)-USG-310

    Router:

    External interface IP      : 83.x.x.230/30

    External interface Gateway IP: 83.x.x.229 (or default route 0.0.0.0/0.0.0.0 to 83.x.x.229) 

    Internal interface IP      : 212.x.x.177

    This router run as routing mode

    USG-310:

    Wan interface IP      : One of IP between 212.x.x.178 to 212.x.x.182/29

    Wan Interface Gateway IP : 212.x.x.177

    Lan Interface        : subnet 192.168.1.x/24 for Lan host.

    USG run as NAT mode

  • pjaroch
    pjaroch Posts: 8  Freshman Member
    First Anniversary Friend Collector First Comment

    Hello @Zyxel_Cooldia

    Did you take another USG60 into consideration as well?

    So... Do we need another Router to route the device address (83...) to our USGs?

    Let me show you the drawing with my thoughts.

    Will it work with another USG60 router instead of switch?

    We need to have a public address on USG60 for WWW and another public address for USG310 and our servers and applications.

    And could you please tell me which menu and where should I put those addresses? And how to set it up? Where should I make it?

    Thank you


  • pjaroch
    pjaroch Posts: 8  Freshman Member
    First Anniversary Friend Collector First Comment

    Hello,

    Had you got some time to analyse our problem?

    We would love to fix it as soon as it's possible, because the connection service is active but we are not available to make it by ourselves.

    Thank you in advance

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @pjaroch

    USG60 also can run as routing mode. Just disable default SNAT on default wan trunk.

    The detailed configuration as below, feel free to post your question if your encounter any issue. 😀

    1) Disable SNAT on “CONFIGURATION > Network > Interface > Trunk”.

    The USG60 run as NAT mode by default. You need to disable it in this scenario.

    2) Assign IP on USG60 Wan interface. Go to “CONFIGURATION > Network > Interface > Ethernet > Wan 1”.

    3) Assign IP on USG60 Lan interface. Go to “CONFIGURATION > Network > Interface > Ethernet > Lan 1”.


  • pjaroch
    pjaroch Posts: 8  Freshman Member
    First Anniversary Friend Collector First Comment

    @Zyxel_Cooldia Thank you so much! That helps alot for now. I will come back with more informations and question if we face any errors or troubles.

    Have a nice day!

Security Highlight