?
Solved

New Cisco 1720 w/T1-WIC

Posted on 2003-03-14
7
Medium Priority
?
239 Views
Last Modified: 2010-04-17
I have just been handed a Cisco 1720 router with a T1 WIC interface in S0 and instrusted to install this ASAP... Just like those higher-ups who know NOTHING. I have scheduled a programmer for Tuesday morning which works for me, but that is not good enough for him. So I have an issue which I would like to propose to give away many points for a basic router config that works today and then I will get specific on Tuesday, unless someone cares to really get fancy here... Either way, I need help!

The specs are simple...

Router Public IP : 56.17.56.94
Router Public Subnet : 255.255.255.0
Router Default IP GW : 56.17.56.1

Useable Public IP range : 56.16.99.49 - .62
Useable Public Subnet : 255.255.255.240

Router Private IP : 56.16.99.49
Router Private Subnet : 255.255.255.240
Useable Private IP range : 56.16.99.50 - .62

Router DLCI : 16

Primary DNS : 56.16.215.254
Secondary DNS : 56.17.91.254

I do not have to NAT any addresses under the basic configuration but will NAT eventually and NAT'ing would be required to secure the larger point value as described below. Be creative but secure. There will be 5 hosts tied to this T1 and they will be as follows:

HostName  Function     Ports
LS-00     Mail Server 25, 110
LS-01     WWW         80, 443
LS-02     WWW         80, 443
LS-03     WWW         80, 443
LS-04     WWW         80, 443

If you have questions, please ask them. I would like to have this up by around 1PM CST if possible. This is when my provider is turning up the circuit.

200 points for basic config, just to get running or 500 points if you go all out and provide a config using ACL's and NAT and static port mappings through the router.

Thank you, in advance, so very much for your time and effort...
Gregory Miller
a.k.a. Technodweeb
0
Comment
Question by:Gregory Miller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 11

Author Comment

by:Gregory Miller
ID: 8136094
I will increase the points or post a special point delivery for the difference between the 200 and 500 point awards. I could also split the prize 200/300 between two folks if required. Thanks again...
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1600 total points
ID: 8137152
Assuming that you assign ip addresses to your servers:

56.16.99.50  LS-00     Mail Server 25, 110
56.16.99.51  LS-01     WWW         80, 443
56.16.99.52  LS-02     WWW         80, 443
56.16.99.53  LS-03     WWW         80, 443
56.16.99.54  LS-04     WWW         80, 443



!
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname BDRRTR
!
clock timezone CST -6
clock summer-time CDT recurring
!
logging rate-limit console 10 except errors
logging buffered 4096
aaa new-model
aaa authentication login default local
enable secret <password>
!
username <username1> password <password1>
username <username2> password <password2>
username <username3> password <password3>
ip subnet-zero
!
!
no ip finger
!
!
!
!
interface FastEthernet0
 ip address 56.16.99.49 255.255.255.240
 duplex auto
 speed auto
!
interface Serial0
 description frame-relay interface to Internet
 encapsulation frame-relay IETF
 ip address 56.17.56.94 255.255.255.0
 ip access-group outside_in in
 frame-relay interface-dlci 16
!
no router rip
!
ip classless
ip route 0.0.0.0 0.0.0.0 56.17.56.1
no ip http server
!

ip access-list extended outside_in
 permit tcp any any established
 permit udp any eq domain any
 permit udp host 140.142.16.34 eq ntp host 56.17.56.94 eq ntp
 permit tcp any host 56.16.99.50 eq 25
 permit tcp any host 56.16.99.50 eq 110
 permit tcp any host 56.16.99.51 eq 80
 permit tcp any host 56.16.99.51 eq 443
 permit tcp any host 56.16.99.52 eq 80
 permit tcp any host 56.16.99.52 eq 443
 permit tcp any host 56.16.99.53 eq 80
 permit tcp any host 56.16.99.53 eq 443
 permit tcp any host 56.16.99.54 eq 80
 permit tcp any host 56.16.99.54 eq 443
 deny   udp any any eq netbios-ns
 deny   udp any any eq netbios-dgm
 deny   tcp any any eq 1433
 deny   udp any any eq 1434
 deny   tcp any host 65.208.22.35 eq www
 deny   tcp any host 65.208.22.35 eq 139
 deny   ip 210.0.0.0 0.255.255.255 any
 deny   ip 211.0.0.0 0.255.255.255 any
 deny   ip 61.0.0.0 0.255.255.255 any
 permit icmp any any echo-reply
 permit icmp any any echo
 permit icmp any any ttl-exceeded
 permit icmp any any packet-too-big
 permit icmp any any unreachable
 deny   udp any any eq 3052
 deny   ip any any log
!
no snmp-server community public RO
no snmp-server community private RW
banner motd C

           **************************************************************
           *  WARNING: This is a company computer system with access    *
           *  restricted to those with proper authorization. Authorized *
           *  parties are restricted to those functions which have been *
           *  assigned to perform work related duties.  Any unauthorized*
           *  access attempt will be investigated and prosecuted to the *
           *  full extent of the law.                                   *
           *  --------------------------------------------------------  *
           *   If you are not an authorized user, disconnect now.       *
           **************************************************************

!
line con 0
 transport input none
line aux 0
line vty 0 4
!
ntp server 140.142.16.34 prefer
end


Copy this script entirely into clipboard

Open console connection to router:
router>enable
router#config t
router(config)# <paste to host>
BDRRTR#
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8137154
DNS hosts go into your client configurations, not in the router.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 13

Expert Comment

by:Dr-IP
ID: 8141463
Although you don’t need name servers configured for a router for it to work, it can be handy for diagnostics. If someone says they can’t get to Yahoo pinging www.yahoo.com, on the router is a lot easier than to have to find the address first so you can ping it, 216.109.125.72 in this case.  

ip name-server 56.16.215.254
ip name-server 56.17.91.254
0
 
LVL 11

Author Comment

by:Gregory Miller
ID: 8142486
I am increasing the point to 400 and awarding them for the detailed info from lrmoore. it is not the 500 but it is not 200 either. I was not given a critical piece of info about the circuit which made the lrmoore configuration mostly effective but not effective enough to route traffic on the T1. The circuit is a point-to-point which evidently requires some additional confiuration. Since I finally figured this piece out myself and am using the remaining config from lrmoore, I felt this most fair. If you disagree let me know...

For the benefit of the site here and those who may be interested, here is the additional pieces that were required to bring up the circuit and actually route traffic.

interface Serial0
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay IETF
 no ip mroute-cache
 service-module t1 remote-alarm-enable
 frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
 
 ip address 56.17.56.94 255.255.255.0
 no ip directed-broadcast
 bandwidth 1536
 frame-relay interface-dlci 16 IETF protocol ip 56.17.56.1


A few exceptions to all of the above configurations which are not IOS commands for C1700 v12.0(3)T - fc1
Those are:
   logging rate-limit console 10 except errors
   duplex auto
   speed auto
   ntp server 140.142.16.34 prefer
   no ip mroute-cache

These only work if snmp is defined and enabled
   no snmp-server community public RO
   no snmp-server community private RW

Thank you very much for the quick response. Although I did not get it running by the time line I had set for myself, I did get it running last night around 9PM CST.

Thanks to all...
-greg
0
 
LVL 11

Author Comment

by:Gregory Miller
ID: 8142489
Great job... comments are found in seperate message.
-greg
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8142675
Thanks. I actually started out with a sub-interface config, but I rarely see a point-to-point with a class C subnet mask. Generally the subnet is a /30 - 255.255.255.252 on point to points, so I took my best swag at it.

Glad you're working!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question