Cisco Homelab: Core LAN, DHCP, and NAT Configuration
After securing the WAN and external connectivity, the next crucial step in any homelab router build is establishing the internal network. This post outlines the exact Cisco IOS commands required to provision a custom LAN subnet, local DNS resolution, DHCP, and Network Address Translation (NAT) so internal clients can reach the internet.
1. Network Architecture Overview
For this setup, we are defining a specific subnet and local domain structure to maintain tight control over the internal network.
| Parameter | Configuration Value |
|---|---|
| LAN Subnet | 10.24.103.0/27 (Subnet Mask: 255.255.255.224) |
| Router IP (Gateway) | 10.24.103.1 |
| Local Domain | 0x5ha157.local |
| Usable IPs | 30 Hosts (10.24.103.1 - 10.24.103.30) |
2. DNS and Domain Setup
First, we set the global domain name for the router and specify our upstream DNS servers so the router itself can resolve external hostnames.
enable
configure terminal
! Set the local domain name
ip domain-name 0x5ha157.local
! Configure upstream DNS servers
ip name-server 9.9.9.9
ip name-server 1.1.1.13. LAN Interface Configuration
Next, we configure the physical LAN interface (assuming FastEthernet0/1 for this example) with the first usable IP address in our /27 subnet. We also tag it as the NAT "inside" interface.
interface FastEthernet0/1
description Internal LAN
ip address 10.24.103.1 255.255.255.224
ip nat inside
no shutdown
exit4. DHCP Pool Provisioning
To automate IP assignments for devices joining the network, we configure a DHCP pool matching our subnet parameters.
! Exclude the router's IP from being handed out
ip dhcp excluded-address 10.24.103.1
! Create the DHCP Pool
ip dhcp pool LAN_POOL
network 10.24.103.0 255.255.255.224
default-router 10.24.103.1
dns-server 9.9.9.9 10.24.103.1
domain-name 0x5ha157.local
lease 7
exit5. Configuring NAT (Network Address Translation)
To allow our internal 10.24.103.0/27 clients to access the internet, we must translate their private IPs to the router's public WAN IP. This requires an Access Control List (ACL) to define which traffic is allowed to be translated, and a NAT overload (Port Address Translation) rule.
Note: The wildcard mask for a /27 subnet is 0.0.0.31. Also, assume Dialer1 or FastEthernet0/0 is your external WAN interface.
! 1. Define the WAN interface as the NAT outside port
interface Dialer1
ip nat outside
exit
! 2. Create an Access List targeting our LAN subnet
access-list 1 permit 10.24.103.0 0.0.0.31
! 3. Apply the NAT Overload rule tying the ACL to the WAN interface
ip nat inside source list 1 interface Dialer1 overload
! Save the configuration
end
write memory6. Verification Commands
Once the configuration is applied, use these operational commands to ensure everything is functioning correctly:
show ip dhcp binding- View active DHCP leases.show ip nat translations- Watch active internal-to-external NAT sessions.show ip nat statistics- View overall NAT performance and hit counts.