Cisco 2620 config - lines for DNS and HTTP

We're getting a new full T1 next week and I'm getting ready to change the config.  Is there anything that needs to be changed when going from a burstable t1 to a full?  

Also, is it necessary to have the dns servers in the config?  I noticed that our Win2k servers have their forwarders configed to use a different dns ip's than the ones in the router config.

ip name-server  <--
ip name-server  <--- are these even necessary?

Last, what's the point of this?
ip http server
ip http port 8000

I already have nat translations set up for the web server.  Do I still need the http lines above?

Thanks in advance!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi zenportafino,
Not sure about the T1 question.

The name server lines in the configuration are just for the benefit of the router. With them present it means when you are logged into it you can telnet onto another device by specifying its name instead of remembering the IP address. It is not necessary.

The 'ip http' lines are for the built in web server used for configuration. If you don't use it I recomend that you disable it using 'no ip http server'.
I would remove these, certainly if there are no access control lists preventing the web gui being accessed from inappropriate addresses. The webserver is one of the most common ways of exploiting a cisco box
>Last, what's the point of this?
>ip http server
>ip http port 8000
This enabled the router's own internal web server to run, and you can access the router's web interface by using the non-standard port of 8000

>Is there anything that needs to be changed when going from a burstable t1 to a full?  
Probably. Are you changing providers? Are you getting new IP addresses? You might have to change the channel assignments on the CSU/DSU. Need more details from you.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

About the burstable t1 to full t1 question...

I've only seen burstable t1's as full t1's with a special billing arrangement.  In this case there would be no difference between a burstable and full.

I agree with the comments above, get rid of the http service on the router.

zenportafinoAuthor Commented:
Thanks guys.  Yes this is a whole new ISP with new IP's and DNS servers.  Last issue...  I sucessfully configured a 2500 to hold a pool of addresses on the serial int - thanks in great part to lrmoore - I noticed that our 2620 doesn't have a pool specified in the config that I can see.  We're being assigned a block from to

Is it necessary to specify a pool on the 2620 or is the set up to use all of those public IP's any different? (I just want to make sure that when I nat an outside to inside address that the outside address is in fact available to the public)

Specifying DNS servers on the router lets you use hostnames when talking to the router.  It's a convenience; there's no requirement that the router use the same DNS servers as anything else in the network, although this is normally a reasonable idea.

The http server is an alternate management interface to the router.  Routers don't make great web servers, and every so often a serious bug will be found in Cisco's web server code.  Turn it off!

zenportafinoAuthor Commented:
This is kind of weird and I have not seen this before.  I got the serial address(WAN) and my public ip's are issued to me in a separate block.  I was told by the isp that the block of addresses does not have to be assigned to any interface. Just use them for nat translations.


Our Serial0 <-- assigned to S0

Block of public IP's - - /25 <-- not assigned to an int - use for nat?

My guess is that the 63.x.x.x network is an entry in their routers.  What was odd is that I asked why they do this and was told that they can monitor what IP's we use and what we use them for.  Not so sure I like that.
Personally the way they have done it is the way I prefer it done. It means you allocate one of the IP's to the ethernet interface of the router and you can have your firewall performing the Network Address Translation.

If you get multiple IP's on the serial interface you have to do NAT on the router which is not as advanced as most firewall so you have problems with some protocols such as FTP and have to implement workarounds which means it is not as secure.
zenportafinoAuthor Commented:
So would I assign any of the 63.x.x.x IP's to E0 or does (LAN Gateway) get assigned to the E0?
I would assign to E0 and then connect the router to a firewall.
Give the firewall and configure it to do NAT.
You can now configure the firewall with static NAT translations for any of the spare 63.x.x.x addresses to particular machines.

Do you have a firewall already?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.