Please help me set up a Cisco 877W router for a simple network with DHCP, NAT and ADSL2

Hi all,

Please help - I know networking and what I want to achieve but I'm a bit lost with the Cisco IOS commands.

I have a Cisco 877W router with 4 FastEthernet interfaces, 1 ATM interface and 1 802.11 Radio. I want to set it up for a small network and am trying to construct a configuration below. I was using Google to try and flesh it out but I think I need help and guidance from actual experts!

If it helps, output from show ver says Cisco IOS software, C870 software (C870-ADVSECURITYK9-M), version 12.4(4)T7, release software (fc1)
ROM: System bootstrap, version 12.3(8r)YI4, release software

Here's what I have so far, which hopefully outlines clearly enough what I am wanting to do. The bits in angle brackets are placeholders (eg the secret password).
!
! Set router hostname
!
hostname Shazam

!
! Set usernames and passwords
!
username david privilege 15 secret 0 <PASSWORD>
enable secret <SECRETPASSWORD>

!
! Configure SSH and telnet access
!
line vty 0 4
privilege level 15
login local
transport input telnet ssh

!
! Local logging
!
logging buffered 51200 warning

!
! Set date and time
!



!
! Set router IP address to 192.168.1.1 on FastEthernet0 port
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 no shut
 ip nat inside


!
! Forwarding any unknown DNS requests to Google
!
ip dns server
ip name-server 8.8.8.8
ip name-server 8.8.4.4

!
! Set up DHCP
! DHCP pool covers 192.168.1.100 - .199
! Set gateway and DNS server to be the router, ie 192.168.1.1
!
service dhcp
ip routing
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.255
ip dhcp pool <DHCPPOOLNAME>
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 dns-server 192.168.1.1
 lease 7

!
! DHCP reservations
!
! Assign IP address 192.168.1.105 to MAC address 00-21-5D-2F-58-04

!
! Configure ADSL2 connection details
!
interface atm
dsl operating-mode adsl2+


!
! Set up NAT rules
!
! Forward port 35394 to 192.168.1.105


!
! Set up WiFi
!
! SSID visible, WPA2 security, Pre-shared key

Open in new window

LVL 4
davidmwilliamsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brain2000Commented:
I'll take a shot.  I don't have an 877 to verify, but this should be close.  You'll need all the DSL information from your ISP.  Also, you'll want an access-list to secure the incoming traffic before you make it live to everyone.

ip dhcp pool SERVER
 host 192.168.1.105
 hardware-address 0021.5d2f.5804 ieee802
!
bridge irb
!
Interface FastEthernet0
 no ip address
 no ip nat inside
!
Interface FastEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
Interface FastEthernet1.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
Interface FastEthernet2.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
Interface FastEthernet3.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
Interface ATM0
  no ip address
  no atm ilmi-keepalive
  dsl operating-mode adsl2+
!
Interface ATM0.1 point-to-point
  pvc 8/37  <find out from your ISP what the PVC/PVI is>
  encapsulation aal5mux ppp dialer <again, ISP specific>
  dialer pool-member 1
!
Interface Dialer1
 description DSL
 ip address negotiated
 no ip redirects
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname <DSL USERNAME>
 ppp chap password <DSL PASSWORD>
!
Interface Dot11Radio0
 no ip address
 broadcast-key vlan 1 change 60
 encryption vlan 1 mode ciphers tkip
 ssid <SSID NAME>
 vlan 1
 authentication open
 guest-mode
 authentication key-management wpa
 wpa-psk ascii 0 <WPA SHARED KEY>
 station-role root
!
Interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
interface Vlan1
 no ip address
 bridge-group 1
!
Interface BVI1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
bridge 1 protocol ieee
bridge 1 route ip
!
access-list 101 permit 192.168.1.0 0.0.0.255
!
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.105 35394 interface Dialer1 35394
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brain2000Commented:
Here's the security (this is a sample, tailor it)

ip access-list extended INBOUND
 remark --EXPLICIT DENIES--
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 permit tcp any any established
 remark --PORTS ALLOWED--
 permit tcp any any eq www
 permit tcp any any eq 443
 permit tcp any any eq 35394
 permit icmp any any
 remark --DENY ALL ELSE--
 deny   ip any any

Interface Dialer1
 ip access-group INBOUND in


Also, if you want to allow UDP back in:

ip inspect name ALLOW_UDP udp

Interface BVI1
 ip inspect ALLOW_UDP in
0
davidmwilliamsAuthor Commented:
Thank you, much appreciated! I will test as quickly as I can!

Thanks !
0
davidmwilliamsAuthor Commented:
You are absolutely wonderful; I was fearful the question I asked was just too long but your help was masterful! It works! My Cisco router is online and working - yippee! :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Broadband

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.