Solved

T1 installation

Posted on 2009-04-02
6
318 Views
Last Modified: 2013-12-27
I am setting up a T1 and was provided with a diagram with the information. I was wondering if anyone had a config that I could use as an example. It includes S0/0, FA0/0, and modem interface. I am unsure how to setup the modem part. Also I am unsure as to why my FA0/0 interface would get a 12.x.x.x network for local LAN instead of a normal 192.x.x.x network.
SCAN0017.JPG
0
Comment
Question by:occs07
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24051226
Here is a basic configuration.

You don't need to use the public range on the fa0/0 interface.  You can use a private range and use the public range for NAT.

To connect the modem to the router, use the specified cable and connect to the console port on the router.  No configuration is necessary on the router.

enable secret <password>

interface FastEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat inside

interface Serial0/0/0
 ip address 12.90.91.10 255.255.255.252
 encapsulation ppp
 ip nat outside

ip nat pool nat-pool 12.236.150.201 12.236.150.201 netmask 255.255.255.248
ip nat inside source list nat pool nat-pool overload
!
ip access-list standard nat
 permit 192.168.10.0 0.0.0.255

ip access-list standard 1
 permit 192.168.10.0 0.0.0.255

line vty 0 15
password <password>
login
access-class 1 in    <--restrict telnet to inside network
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24051235
Sorry, forgot default route:

ip route 0.0.0.0 0.0.0.0 12.90.91.9
0
 

Author Comment

by:occs07
ID: 24057016
another question: if I wanted to block everything and only allow HTTP and HTTPS what would I have as my access-list? My thoughts are this:

access-list 100 deny any any
access-list 100 permit any any eq www
access-list 100 permit any any eq https
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24058699
If outbound, do this to allow DNS (required) and HTTP/HTTPS.

ip access-list ext 150
permit udp any any eq 53
permit tcp any any eq 80
permit tcp any any eq 443
deny ip any any

int fa0/0
ip access-group 150 in
0
 

Author Comment

by:occs07
ID: 24059500
I am trying to block people from accessing anything but HTTP/HTTPS, i.e. I only want them to be able to use the internet on the network. So wouldnt I need this inbound and outbound? If so how?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24059732
The access-list I posted blocks everything but HTTP/HTTPS (DNS) outbound meaning anyone sitting on the fa0/0 LAN can only connect to the Internet using HTTP/HTTPS.  Is that what you want?  Nobody on the Internet can connect to anything on your LAN as it stands because you have no inbound NAT configured.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best adsl router for small MS network 6 84
BGP Local Preference 5 80
SMPS issue 1 72
pfsense upgrade from 2.2.6 to 2.3.3 28 89
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question