Archive for the ‘Router’ Category
Wednesday, November 12th, 2008 |
This config to make inbound traffic to a web server in local network behind NAT.
Req:
- Private IP Address plan (eg. 192.168.1.0/24)
- Public IP Address plan (eg.100.1.2.3/30)
- Web Server (port 80) IP Address (eg.192.168.1.10)
- Standard NAT Config work properly
All incoming web traffic from the Internet that comes to 100.1.2.3 will be forwarded to 192.168.1.10
hostname CiscoNAT
!
enable secret 5 KjhKJGkj$57JHkkl98KJH
!
ip subnet zero
!
interface FastEthernet0/0
description LAN Interface
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0
description WAN Interface
ip address 100.1.2.3 255.255.255.248
ip nat outside
ip access-group 101 in
!
ip nat inside source static 192.168.1.10 80 interface Serial0
!
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit tcp any any eq 80
!
line con0
line vty 0 4
login
password cisco
!
end
Popularity: 14%
Posted in Firewall, Router | No Comments »
Friday, August 29th, 2008 |
Below is Cisco QoS sample config.
In this sample config I created two class-map of traffic. Data and voice.
Router_A
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
resource policy
!
ip subnet-zero
ip cef
!
class-map match-all data
match ip precedence 3
class-map match-all voice
match ip precedence 5
!
policy-map serial
class voice
bandwidth percent 32
set ip precedence 5
class data
bandwidth percent 63
set ip precedence 3
class class-default
fair-queue
random-detect
!
interface FastEthernet0/0
description “LAN A”
ip address 192.168.1.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/2/0
description “WAN Link to B”
ip address 10.1.1.1 255.255.255.252
service-policy output serial
!
ip classless
ip route 192.168.2.0 255.255.255.0 10.1.1.2
!
line con 0
line vty 0 4
password hidden
login
!
end
Popularity: 34%
Posted in Router | No Comments »
Thursday, January 31st, 2008 |
Restore or Install new flash from TFTP server to Cisco Router. In this restore process existing IOS will erased completely before install the new IOS image file. Make sure you have a backup.
Requirement:
- PC with TFTP Server that have IOS (IP Address 192.168.1.1 and IOS image file d1600.bin).
- Network connection to Cisco Router.
- Make sure your new IOS is match for your Cisco Router version.
Router>
Router>enable
Password:
Router#
Router#copy tftp flash
Address or name of remote host []? 192.168.1.1
Source filename []? d1600.bin
Destination filename [d1600.bin]?
Accessing tftp://192.168.1.21/d1600.bin…
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device… eeeeeeeeeeeeeeee …erased
Erase of flash: complete
Loading d1600.bin from 192.168.1.1 (via Ethernet0): !!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 3289170/6578176 bytes]
Verifying checksum… OK (0xB6BD)
3289170 bytes copied in 89.272 secs (36956 bytes/sec)
Router#
Finish
Popularity: 90%
Posted in Router | No Comments »
Thursday, January 31st, 2008 |
Backup Cisco IOS to TFTP server and you can restore it later when your IOS damage.
Requirement:
- PC with TFTP Server (IP Address 192.168.1.1)
- Network connection to Cisco Router
Router>
Router>enable
Password:
Router#copy flash tftp
Source filename []? d2600.bin
Address or name of remote host []? 192.168.1.1
Destination filename [d2600.bin]? backup_d2600.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3289170 bytes copied in 47.668 secs (69982 bytes/sec)
Router#
Finish
Popularity: 79%
Posted in Router | No Comments »
Wednesday, January 9th, 2008 |
We will create a WAN connection over ISDN multilink dialup.
An ISDN have two channel 128kbps. We will dial a channel first and then dial last one once bandwidth usage reach 128kbs. In this sample config isdn type is basic-net3, call your telco company to make sure your isdn type. Idle-timeout is 60sec.
Requirement
- Cisco router with ISDN BRI interface
- ISDN line each site
- ISDN NT1
Hostname RouterA
!
enable secret ciscopass
!
username isdnpppuser password 7 isdnppppass
ip subnet-zero
!
isdn switch-type basic-net3
!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
no shutdown
!
interface BRI0
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
dialer idle-timeout 60
dialer map ip 10.1.1.2 name isdnpppuser 123456789 <= remote isdn number
dialer load-threshold 128 either
dialer-group 1
isdn switch-type basic-net3
random-detect
ppp authentication chap
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit any any
!
dialer-list 1 protocol ip list 101
!
line con 0
exec-timeout 0 0
!
end
===
Hostname RouterB
!
enable secret ciscopass
!
username isdnpppuser password 7 isdnppppass
ip subnet-zero
!
isdn switch-type basic-net3
!
interface FastEthernet0
ip address 192.168.2.254 255.255.255.0
no shutdown
!
interface BRI0
ip address 10.1.1.2 255.255.255.252
encapsulation ppp
dialer idle-timeout 60
dialer map ip 10.1.1.1 name isdnpppuser 987654321 <= remote isdn number
dialer load-threshold 128 either
dialer-group 1
isdn switch-type basic-net3
random-detect
ppp authentication chap
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit any any
!
dialer-list 1 protocol ip list 101
!
line con 0
exec-timeout 0 0
!
end
Popularity: 68%
Posted in Router | No Comments »
Tuesday, January 1st, 2008 |
We will create VPN tunnel for connection from SiteA to SIteB over internet connection.
Requirement:
- Internet connection each sites.
- 2 Cisco router with 1 LAN interface (Ethernet) and 1 WAN interface (Serial).
- IOS with IPSec.
- IP address plan each site network, eg. SIteA 192.168.1.0/24 and SiteB 192.168.2.0/24
- Public IP each site that assigned by your ISP, eg. SiteA 10.10.10.1 and SiteB 11.11.11.1
SITE A
hostname RouterA
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 11.11.11.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 11.11.11.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 10.10.10.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
===
SITE B
hostname RouterB
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 10.10.10.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 10.10.10.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN_1
ip address 192.168.2.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 11.11.11.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
Popularity: 94%
Posted in Router | No Comments »
Tuesday, January 1st, 2008 |
You can connect to internet securely behind NATed router as firewall.
Requirement:
- Cisco Router with 1 LAN Interface (Ethernet) and 1 WAN Interface (Serial).
- Internet connection.
hostname InternetRouter
!
enable password 123
!
no ip name-server
!
interface Ethernet 0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial 0
description connected to Internet
ip address 123.123.123.1 255.255.255.252
ip nat outside
!
no access-list 1
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Serial 0 overload
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
Popularity: 48%
Posted in Router | No Comments »
Sunday, December 30th, 2007 |
Requirement:
- Windows Hyper Terminal connection to console port.
Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers
- Use the power switch in order to turn off the router, and then turn the router back on.
- Press Break or Ctrl-Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
- boot#set ios-conf = 142
- boot#boot
The router reboots, but ignores the saved configuration.
Type no after each setup question.
- Router>enable
Once the Router# prompt appears, you are in enable mode.
- Router#copy startup-config running-config
- hostname#configure terminal
- hostname(config)#enable secret your_new_password_here
Issue the no shutdown command on every interface that you use.
- hostname(config)#config-register 0×2102
- hostname(config)#end
- hostname#copy running-config startup-config
- hostname#reload
Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers.
Cisco 801, 802, 803, 804, 805, 811, and 813 Series Routers.
Cisco 1700, 1800, 2600, 2800, 3600, 3700, 3800 Series Routers.
Cisco 7100, 7200, 7500, 12000 Series Router.
- Use the power switch in order to turn off the router, and then turn the router back on.
- Press Break or Ctrl-Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
- rommon 1>confreg 0×2142
This step bypasses the startup configuration where the passwords are stored.
- rommon 2>reset
Type no after each setup question.
- Router>enable
You are in enable mode and should see the Router# prompt.
- Router#copy startup-config running-config
- Router#configure terminal
- hostname(config)#enable secret your_new_password_here
Issue the no shutdown command on every interface that you use.
- hostname(config)#config-register 0×2102
- hostname(config)#end
- hostname#copy running-config startup-config
- hostname#reload
Cisco 2000, 2500, 3000, 4000, AccessPro, 7000(RP), AGS+, IGS, STS-10X AS
- Use the power switch in order to turn off the router, and then turn the router back on.
- Press Break or Ctrl-Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
- >o/r 0×2142
Press Enter at Prompt.
The router reboots, but ignores the saved configuration.
Type no after each setup question.
- Router>enable
Once the Router# prompt appears, you are in enable mode.
- Router#copy startup-config running-config
- Router#configure terminal
- hostname(config)#enable secret your_new_password_here
Issue the no shutdown command on every interface that you use.
- hostname(config)#config-register 0×2102
- hostname(config)#Ctrl-Z
- hostname#copy running-config startup-config
- hostname#reload
Popularity: 55%
Posted in Router | No Comments »
Sunday, December 30th, 2007 |
This connection use an analog modem over PSTN line as WAN link. A connection will created automatically when one of site need a communication to remote site. And disconnect automatically once meet idle times. This connection will reapeat every times communication inter site needed. Each site can initiate/create dialup connection.
Requirement:
- Cisco router with serial interface (support async mode).
- Analog modem (RS232 interface).
- Serial cable (DB60 to RS232).
- PSTN line.
ROUTER A
hostname Router-A
!
enable password cisco
!
username ciscouser1 password ciscopass
!
chat-script dial “” “atdtT” TIMEOUT 60 CONNECT c
!
interface Ethernet 0
ip address 10.0.33.250 255.255.255.0
!
interface Serial 0 <= plug modem here
physical-layer async
ip address 10.0.253.30 255.255.255.252
encapsulation ppp
async dynamic address
async dynamic routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer wait-for-carrier-time 200
dialer map ip 10.0.253.29 name ciscouser1 modem-script dial +10218560620 <= remote number
dialer-group 1
peer default ip address 10.0.253.29
ppp authentication chap pap
!
router eigrp 1
network 10.0.0.0
!
no ip classless
ip route 10.0.2.0 255.255.255.0 10.0.253.29 150
access-list 103 deny eigrp any host 255.255.255.255
access-list 103 permit ip any any
dialer-list 1 protocol ip list 103
!
line con 0
line 2
exec-timeout 0 0
modem InOut
modem autoconfigure discovery
speed 115200
flowcontrol hardware
!
line vty 0 4
password cisco
login
!
end
===
ROUTER B
hostname Router-B
!
enable password cisco
!
username ciscouser2 password ciscopass
chat-script dial “” “atdtT” TIMEOUT 60 CONNECT c
!
interface Ethernet 0
ip address 10.0.2.251 255.255.255.0
!
interface Serial 0 <= plug modem here
physical-layer async
ip address 10.0.253.29 255.255.255.252
encapsulation ppp
async dynamic address
async dynamic routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer wait-for-carrier-time 200
dialer map ip 10.0.253.30 name ciscouser1 modem-script dial +10218195240 <= remote number
dialer-group 1
peer default ip address 10.0.253.30
ppp authentication chap pap
!
router eigrp 1
network 10.0.0.0
!
no ip classless
ip route 10.0.33.0 255.255.255.0 10.0.253.30 150
access-list 103 deny eigrp any host 255.255.255.255
access-list 103 permit ip any any
dialer-list 1 protocol ip list 103
!
line con 0
line 2
exec-timeout 0 0
modem InOut
modem autoconfigure discovery
speed 115200
flowcontrol hardware
!
line vty 0 4
password cisco
login
!
end
Popularity: 44%
Posted in Router | No Comments »
Saturday, December 29th, 2007 |
Requirement:
- Cisco router IP CEF support
- Dual WAN connection
- You understand cisco basic configuration (Go to Beginer Section)
ROUTER-A
hostname Router-A
!
enable password cisco
!
ip cef
!
interface Ethernet 0
ip address 10.10.1.1 255.255.255.0
!
interface Serial0
ip address 10.10.253.1 255.255.255.252
ip load-sharing per-packet
!
interface Serial1
ip address 10.10.253.5 255.255.255.252
ip load-sharing per-packet
!
no ip classless
no ip route-cache
ip route 10.10.2.0 255.255.255.0 Serial0
ip route 10.10.2.0 255.255.255.0 Serial1
!
line con 0
!
line vty 0 4
password cisco
login
!
end
===
ROUTER-B
hostname Router-B
!
enable password cisco
!
ip cef
!
interface Ethernet 0
ip address 10.10.2.1 255.255.255.0
!
interface Serial0
ip address 10.10.253.2 255.255.255.252
ip load-sharing per-packet
!
interface Serial1
ip address 10.10.253.6 255.255.255.252
ip load-sharing per-packet
!
no ip classless
no ip route-cache
ip route 10.10.1.0 255.255.255.0 Serial0
ip route 10.10.1.0 255.255.255.0 Serial1
!
line con 0
!
line vty 0 4
password cisco
login
!
end
Popularity: 43%
Posted in Router | 2 Comments »
