Cisco - anyone Know them ?

[WLeg]

Can anyone help me with a Cisco 1721 router problem ?

I need to connect one to a BT broadband service, so the ADSL interface needs DHCP, and the internal one to be on a 192.168.x.x address, if anyone has a template config file (I understand the basics of Cisco IOS 12.1) they could send me or point me in the right direction PLEASE !!

 

[scotth_uk]

I have exactly what you are after, but it is at home right now - can this wait until 5pm? I used to use a 1720 with WIC-1ADSL card at home! Also has some security improvements setup up as per the O'Reilly's guide to securing IOS routers.

 

[WLeg]

that would be great - thanks !

 

[scotth_uk]

!
! No configuration change since last restart
!
version 12.3
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname border
!
logging buffered 64000 debugging
logging console critical
logging monitor informational
enable secret 5 [BLAH]
!
username [BLAH] privilege 15 password 7 [BLAH]
clock timezone GMT 0
aaa new-model
!
!
aaa authentication login default local
aaa session-id common
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
ip domain name [BLAH]
ip dhcp excluded-address 10.0.0.10
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.10
!
ip dhcp pool home
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 158.43.240.4
!
ip dhcp pool wireless
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 158.43.240.4
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface ATM0
no ip address
no ip proxy-arp
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
no ip proxy-arp
ip nat inside
half-duplex
no cdp enable
!
interface FastEthernet0
ip address 10.0.0.1 255.255.255.0
ip nat inside
speed auto
no cdp enable
!
interface Dialer0
ip address negotiated
ip access-group Protect_In in
ip access-group Protect_Out out
ip nat outside
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname [BLAH]
ppp chap password 7 [BLAH]
!
ip nat translation timeout 900
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.0.4 500 interface Dialer0 500
ip nat inside source static esp 192.168.0.4 interface Dialer0
ip nat inside source static tcp 10.0.0.10 4661 [BLAH] 4661 extendable
ip nat inside source static tcp 10.0.0.10 4662 [BLAH] 4662 extendable
ip nat inside source static udp 10.0.0.10 4665 [BLAH] 4665 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
!
ip access-list extended Protect_In
deny ip 0.0.0.0 1.255.255.255 any log
deny ip 2.0.0.0 0.255.255.255 any log
deny ip 5.0.0.0 0.255.255.255 any log
deny ip 7.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 23.0.0.0 0.255.255.255 any log
deny ip 27.0.0.0 0.255.255.255 any log
deny ip 31.0.0.0 0.255.255.255 any log
deny ip 36.0.0.0 1.255.255.255 any log
deny ip 39.0.0.0 0.255.255.255 any log
deny ip 41.0.0.0 0.255.255.255 any log
deny ip 42.0.0.0 0.255.255.255 any log
deny ip 49.0.0.0 0.255.255.255 any log
deny ip 50.0.0.0 0.255.255.255 any log
deny ip 58.0.0.0 1.255.255.255 any log
deny ip 60.0.0.0 0.255.255.255 any log
deny ip 70.0.0.0 1.255.255.255 any log
deny ip 72.0.0.0 7.255.255.255 any log
deny ip 82.0.0.0 1.255.255.255 any log
deny ip 84.0.0.0 3.255.255.255 any log
deny ip 96.0.0.0 31.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 169.254.0.0 0.0.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 197.0.0.0 0.255.255.255 any log
deny ip 198.18.0.0 0.1.255.255 any log
deny ip 201.0.0.0 0.255.255.255 any log
deny ip 222.0.0.0 1.255.255.255 any log
deny ip 224.0.0.0 31.255.255.255 any log
deny ip host 4.46.196.71 any log
deny tcp any any eq 27665
deny tcp any any eq 65000
deny tcp any any eq sunrpc
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny udp any any eq netbios-ss log
deny icmp any any log
deny udp any any eq snmp log
deny udp any any eq snmptrap log
deny udp any any eq syslog log
deny udp any any eq 666 log
deny tcp any any eq 666 log
deny tcp any any eq telnet log
deny tcp any any eq exec log
deny tcp any any eq 22 log
deny tcp any any eq 3389 log
deny tcp any any eq 5500 log
deny tcp any any eq 5800 log
deny tcp any any eq 5900 log
deny tcp any any eq 445 log
deny udp any any eq 445 log
deny tcp any any eq 0 log
deny ip host 81.86.137.193 any log
permit tcp any any eq ftp log
permit tcp any any eq www log
permit ip any any
ip access-list extended Protect_Out
deny ip any 0.0.0.0 1.255.255.255 log
deny ip any 2.0.0.0 0.255.255.255 log
deny ip any 5.0.0.0 0.255.255.255 log
deny ip any 7.0.0.0 0.255.255.255 log
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 23.0.0.0 0.255.255.255 log
deny ip any 27.0.0.0 0.255.255.255 log
deny ip any 31.0.0.0 0.255.255.255 log
deny ip any 36.0.0.0 1.255.255.255 log
deny ip any 39.0.0.0 0.255.255.255 log
deny ip any 41.0.0.0 0.255.255.255 log
deny ip any 42.0.0.0 0.255.255.255 log
deny ip any 49.0.0.0 0.255.255.255 log
deny ip any 50.0.0.0 0.255.255.255 log
deny ip any 58.0.0.0 1.255.255.255 log
deny ip any 60.0.0.0 0.255.255.255 log
deny ip any 70.0.0.0 1.255.255.255 log
deny ip any 72.0.0.0 7.255.255.255 log
deny ip any 82.0.0.0 1.255.255.255 log
deny ip any 84.0.0.0 3.255.255.255 log
deny ip any 96.0.0.0 31.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 197.0.0.0 0.255.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny ip any 201.0.0.0 0.255.255.255 log
deny ip any 222.0.0.0 1.255.255.255 log
deny ip any 224.0.0.0 31.255.255.255 log
deny icmp any any echo-reply log
permit ip any any
logging history size 250
logging trap debugging
logging source-interface Loopback0
logging 10.0.0.10
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run
!
snmp-server community breitling RO
snmp-server enable traps tty
radius-server authorization permit missing Service-Type
banner exec 
REMEMBER!!!
This system is solely for the use of authorised users for official purposes.
You have no expectation of privacy in its use and to ensure that the system
is functioning properly, individuals using this computer system are subject
to having all of their activities monitored and recorded by system
personnel. Use of this system evidences and express consent to such
monitoring and agreement that is such monitoring reveals evidence of
possible abuse or criminal activity, system personnel may provide the
results of such monitoring to the appropriate officials.

banner login 
WARNING!!!
This system is solely for the use of authorised users for official purposes.
You have no expectation of privacy in its use and to ensure that the system
is functioning properly, individuals using this computer system are subject
to having all of their activities monitored and recorded by system
personnel. Use of this system evidences an express consent to such
monitoring and agreement that if such monitoring reveals evidence of
possible abuse or criminal activity, system personnel may provide the
results of such monitoring to the appropriate officials.

privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
exec-timeout 5 0
password 7 [BLAH]
line aux 0
exec-timeout 0 1
no exec
line vty 0 4
exec-timeout 5 0
password 7 [BLAH]
transport input telnet
line vty 5 15
exec-timeout 5 0
transport input ssh
!
ntp clock-period 17180138
ntp source Dialer0
ntp server 158.43.128.33
ntp server 158.43.128.66
ntp server 158.43.192.66
!
end

 

[scotth_uk]

Proably more than you need and some redundant commands, but it should give you the general idea. If you want me to knock you up an actual simple config - let me know.

 

[scotth_uk]

This should get you close. ACLs are just to stop traffic to/from invalid subnets!

!
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname [insert host name here]
!
logging buffered 64000 debugging
logging console critical
logging monitor informational
enable secret [insert secret password here]
!
clock timezone GMT 0
!
!
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
!
ip dhcp pool home
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 158.43.240.4
!
no ip bootp server
no ftp-server write-enable
!
interface ATM0
no ip address
no ip proxy-arp
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
no ip proxy-arp
speed auto
no cdp enable
!
interface Dialer0
ip address negotiated
ip access-group Protect_In in
ip access-group Protect_Out out
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname [insert pipex username here]
ppp chap password [insert pipex password here]
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
!
ip access-list extended Protect_In
deny ip 0.0.0.0 1.255.255.255 any log
deny ip 2.0.0.0 0.255.255.255 any log
deny ip 5.0.0.0 0.255.255.255 any log
deny ip 7.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 23.0.0.0 0.255.255.255 any log
deny ip 27.0.0.0 0.255.255.255 any log
deny ip 31.0.0.0 0.255.255.255 any log
deny ip 36.0.0.0 1.255.255.255 any log
deny ip 39.0.0.0 0.255.255.255 any log
deny ip 41.0.0.0 0.255.255.255 any log
deny ip 42.0.0.0 0.255.255.255 any log
deny ip 49.0.0.0 0.255.255.255 any log
deny ip 50.0.0.0 0.255.255.255 any log
deny ip 58.0.0.0 1.255.255.255 any log
deny ip 60.0.0.0 0.255.255.255 any log
deny ip 70.0.0.0 1.255.255.255 any log
deny ip 72.0.0.0 7.255.255.255 any log
deny ip 82.0.0.0 1.255.255.255 any log
deny ip 84.0.0.0 3.255.255.255 any log
deny ip 96.0.0.0 31.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 169.254.0.0 0.0.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 197.0.0.0 0.255.255.255 any log
deny ip 198.18.0.0 0.1.255.255 any log
deny ip 201.0.0.0 0.255.255.255 any log
deny ip 222.0.0.0 1.255.255.255 any log
deny ip 224.0.0.0 31.255.255.255 any log
permit ip any any
!
ip access-list extended Protect_Out
deny ip any 0.0.0.0 1.255.255.255 log
deny ip any 2.0.0.0 0.255.255.255 log
deny ip any 5.0.0.0 0.255.255.255 log
deny ip any 7.0.0.0 0.255.255.255 log
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 23.0.0.0 0.255.255.255 log
deny ip any 27.0.0.0 0.255.255.255 log
deny ip any 31.0.0.0 0.255.255.255 log
deny ip any 36.0.0.0 1.255.255.255 log
deny ip any 39.0.0.0 0.255.255.255 log
deny ip any 41.0.0.0 0.255.255.255 log
deny ip any 42.0.0.0 0.255.255.255 log
deny ip any 49.0.0.0 0.255.255.255 log
deny ip any 50.0.0.0 0.255.255.255 log
deny ip any 58.0.0.0 1.255.255.255 log
deny ip any 60.0.0.0 0.255.255.255 log
deny ip any 70.0.0.0 1.255.255.255 log
deny ip any 72.0.0.0 7.255.255.255 log
deny ip any 82.0.0.0 1.255.255.255 log
deny ip any 84.0.0.0 3.255.255.255 log
deny ip any 96.0.0.0 31.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 197.0.0.0 0.255.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny ip any 201.0.0.0 0.255.255.255 log
deny ip any 222.0.0.0 1.255.255.255 log
deny ip any 224.0.0.0 31.255.255.255 log
permit ip any any
!
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run
!
banner exec 
REMEMBER!!!
This system is solely for the use of authorised users for official purposes.
You have no expectation of privacy in its use and to ensure that the system
is functioning properly, individuals using this computer system are subject
to having all of their activities monitored and recorded by system
personnel. Use of this system evidences and express consent to such
monitoring and agreement that is such monitoring reveals evidence of
possible abuse or criminal activity, system personnel may provide the
results of such monitoring to the appropriate officials.

banner login 
WARNING!!!
This system is solely for the use of authorised users for official purposes.
You have no expectation of privacy in its use and to ensure that the system
is functioning properly, individuals using this computer system are subject
to having all of their activities monitored and recorded by system
personnel. Use of this system evidences an express consent to such
monitoring and agreement that if such monitoring reveals evidence of
possible abuse or criminal activity, system personnel may provide the
results of such monitoring to the appropriate officials.

!
line con 0
exec-timeout 5 0
password [insert password here]
line aux 0
exec-timeout 0 1
no exec
line vty 0 4
exec-timeout 5 0
password [insert password here]
transport input telnet
!
ntp source Dialer0
ntp server 158.43.128.33
ntp server 158.43.128.66
ntp server 158.43.192.66
!
end

 

[WLeg]

you are a very very very nice man !!!!

Only one little (I hope) problem....

Mar 1 00:00:05.295: %PQUICC-1-UNKNOWN_WIC: PQUICC(0), WIC card has an unknown
ID of 0x2E
*Mar 1 00:00:07.175: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*Mar 1 00:00:08.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to down
*Mar 1 00:00:08.211: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:00:10.439: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(1a), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.

It seems like it doesn't want to recognise my ADSL WIC-1 - any ideas (is there a way of changing the WIC ID from 0x2E) ?

 

[scotth_uk]

The WIC needs to be a WIC-1ADSL. Is that the case? The device also needs to be loaded with the appropriate ADSL aware IOS. Is that the case?

See if you can get me a copy of a "show tech" so that I can check the hardware. Happy to 'find' you a copy of the right IOS if the device has enough memory...

 

[WLeg]

The WIC needs to be a WIC-1ADSL. Is that the case? The device also needs to be loaded with the appropriate ADSL aware IOS. Is that the case?

Not sure how to check this one...... !!!

I've PM'd you an idea though....

 

[scotth_uk]

And a good idea it was, although I am not sure where we are going to get the 2 donkeys and a llama from. ;-) And buying that much vaseline and rubber gloves is bound to raise eyelids at ASDA.

Hahhahahah.

 

[WLeg]

And a good idea it was, although I am not sure where we are going to get the 2 donkeys and a llama from. ;-) And buying that much vaseline and rubber gloves is bound to raise eyelids at ASDA.

Hahhahahah.

Costco - No worries !!