Solved

Cisco Router Config

Posted on 2013-05-21
25
666 Views
Last Modified: 2013-05-24
Can somone provide a sample Cisco Router 1721 Config. We need to run a test with the ISP, so they are asking us to use a spare router to run the test. They provided us with some test IPs as well.

I successfully gained access to the device via serial connection, so I can upload the config if necessary.

We also have a config from our production Cisco router 1900 series, but that config is way too long and complex.
0
Comment
Question by:pzozulka
  • 11
  • 5
  • 4
  • +2
25 Comments
 
LVL 11

Expert Comment

by:naderz
ID: 39186622
What do you need to test with the ISP? Just connectivity? If yes, what kind of ISP connection will you be testing?
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39187138
Basically, you would need to configure an IP address on your router interface facing ISP if you need to test the connection
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188132
Correct, they are just asking to test the 10Mb Ethernet over Copper connection that they recently installed, at the new building. We will be moving htere in a month. I would take our existing production router to the new location, but I can't have any downtime.

Anyways, I don't have a sample cisco config, and am looking for one. When I get one, I'll just change the IP address that the ISP has provided.

That's why I'm looking for a sample config.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39188182
Can you post what you have now and the ip address of the ISP (your default gateway)
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188240
Here's something I pulled...

cisco-i02#show run
Building configuration...

Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
 ip address 64.200.214.234 255.255.255.128
 no ip proxy-arp
 shutdown
 speed auto
 no cdp enable
!
interface Serial0
 ip address 64.200.213.146 255.255.255.252
 ip access-group NOSPOOF in
 shutdown
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
ip access-list extended NOSPOOF
 deny   53 any any
 deny   55 any any
 deny   77 any any
 deny   pim any any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 255.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 7.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 64.200.214.0 0.0.0.255 any
 permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
 exec-timeout 5 0
 logging synchronous
 login local
line aux 0
 exec-timeout 0 1
 no exec
 flowcontrol hardware
line vty 0 4
 access-class 99 in
 exec-timeout 5 0
 password 7 075E724F49050A5D41
 logging synchronous
 login local
 transport input telnet
!
sntp server 207.46.130.100
end

Open in new window

0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39188279
Is it your current router or the new one?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188301
this is a test cisco router 1721, that I will be taking to the new location to test with ISP.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39188334
Everything is pretty much confifured, you just need to enable interfaces with no shutdown command
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188353
I have never worked with Cisco routers before, so this config looks a little confusing to me. For instance, I don't see a place to provide the default gateway address.

Normally on Windows you setup the IP, Netmask, and Gateway. Here it appears that each interface only has a IP and Netmask.
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 25 total points
ID: 39188367
Your default gateway is configured in the following line
ip route 0.0.0.0 0.0.0.0 Serial0

It means that for any subnet with any mask go through Serial0
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188441
But how will it know the specific gateway IP address to use on the Serial0 network?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188468
Not sure which is the serial connection (Serial0), but Cisco 1721 has 2 ports of interest to me. The LAN port is labeled 10/100 Ethernet. The WAN port is labeled T1/DSU/CSU.

Sorry I forgot to post the test IPs provided by the ISP.

Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150

INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252

With the above mentioend IPs, is the below config correct?
cisco-i02#show run
Building configuration...

Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
 ip address 64.140.194.145 255.255.255.248
 no ip proxy-arp
 no shutdown
 speed auto
 no cdp enable
!
interface Serial0
 ip address 64.199.225.30 255.255.255.252
 ip access-group NOSPOOF in
 no shutdown
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.199.225.29
no ip http server
!
!
ip access-list extended NOSPOOF
 deny   53 any any
 deny   55 any any
 deny   77 any any
 deny   pim any any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 255.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 7.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 64.140.194.145 0.0.0.7 any
 permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
 exec-timeout 5 0
 logging synchronous
 login local
line aux 0
 exec-timeout 0 1
 no exec
 flowcontrol hardware
line vty 0 4
 access-class 99 in
 exec-timeout 5 0
 password 7 075E724F49050A5D41
 logging synchronous
 login local
 transport input telnet
!
sntp server 207.46.130.100
end

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Assisted Solution

by:TXSolution79
TXSolution79 earned 25 total points
ID: 39188641
Building configuration...

Current configuration : 920 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
enable secret 5
enable password
!
ip subnet-zero
!
!
no ip domain lookup
ip dhcp excluded-address 10.0.0.1 10.0.0.15
!
ip dhcp pool R1LAN
   network 10.0.0.0 255.0.0.0
   default-router 10.0.0.1
   dns-server 8.8.8.8
   lease 0 1
!
!
!
!
!
interface BRI0
 no ip address
 no ip mroute-cache
 shutdown
!
interface Ethernet0
 ip address dhcp client-id Ethernet0
 ip nat outside
 no ip mroute-cache
 half-duplex
!
interface FastEthernet0
 ip address 10.0.0.1 255.0.0.0
 ip nat inside
 no ip mroute-cache
 speed auto
!
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip http server
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
line con 0
 exec-timeout 3 0
line aux 0
line vty 0 4
 password
 login
!
no scheduler allocate
end
0
 
LVL 11

Expert Comment

by:naderz
ID: 39188652
Yes, what you have should work.

Interface Serial 0/0 is the WAN port is labeled T1/DSU/CSU.

I believe you have a typo on your interface FastEthernet 0 for the IP address it should be:
ip address 63.140.194.145 255.255.255.248

Other than that you should be good.
0
 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 400 total points
ID: 39189143
Just FYI..  When  an ISP link is via Serial, there's only 2 ends of the link, so sometimes you do an ip-unnumbered connection, and that's why you dont need an IP address when pointing at the serial0 port in your sample config.  

Since you're going to test the ISP's Ethernet connection at the new location, you will need an IP address as you thought...  Your router will need to connect to the ISP via an ethernet port, and since you mentioned that your router only has ONE ethernet connection, you might be VERY limited as to what you can do to test..

What you should do, is find a cheap router with two ethernet connections on it...  Otherwise, you can use the router you have, but since you wont have a second ethernet connection to connect to your switch or PC, you'll have to do your testing just by pinging from the router console, instead of surfing the web from an attached PC.

Probably, given your situation, I'd go out and get a Cisco 2621 or similar router off of ebay. The 2621 has two 10/100 ports, and you will be able to do what you're talking about..  That router will go for $50-$75 shipped these days on ebay.  Alternatively, if you're good with Linux or Windows, you could get a PC with two NICs to act as a router, or if you dont care about the routing aspect of it, and just want to test the Internet connection, get a cheap router meant for home from your local office supply or computer store..  Something like a Linksys or DLink should go for under $40 or so, and at least you can configure the WAN address in it to then hook up a computer to the NAT side and test the connection and speed.  This wont test that they're routing the LAN subnet to you, but it will test the connection to the ISP.

Does that make sense?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39189197
172pilotSteve:

Why can't I just use the router I already have (Cisco 1721) to connect the WAN cable to the T1 port, and use another cable to connect my laptop to the 10/100 Ethernet port, and use the above mentioned config.

On the laptop (Windows), I'll configure the IP to 63.140.194.146, gateway will be the Cisco Router (63.140.194.145), and Subnet Mask 255.255.255.248...same as the above config in post id: 39188468. Post Link
0
 
LVL 11

Expert Comment

by:naderz
ID: 39189339
pzozulka: for testing your configuration would work.
0
 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 400 total points
ID: 39189522
You said the ISP is delivering your Internet connection as "10Mb Ethernet over Copper" to quote your words..  That is NOT a T1 connection, and the T1 port will NOT connect to that ISP connection.  

You will need an Ethernet connection to connect to that ISP connection..
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39189543
Thanks for catching that. I did not know that the 10Mb connection (which will be handed over RJ45) will not connect to the T1 port (also RJ45).

Is there anyway to still use the Cisco 1721 router's 10/100 Ethernet port to connect to the 10Mb cable? I could then connect my laptop via the console port, and test pinging to the outside world. Is this possible?

P.S. The current router that we use for this 10Mb connection is a Cisco 1941. We will be moving and using this router at the new location as well, so it won't be a problem in the future. My only problem is for the testing phase.
0
 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 400 total points
ID: 39189581
Right..  So, that's why I was saying that if you use that router, you can definitely configure the ONE Ethernet connection to connect to the WAN, and then you can just test using pings from the router console, or you can try to find something with two Ethernet interfaces..

If you want to get tricky, and have a switch that will do VLANs, you COULD configure a switch port to be a trunk, and then configure two other switch ports to be the "inside" and "outside' interfaces for the router, and that way you could really test the routing  (google "router on a stick") but if you aren't already comfortable with the concept of VLANs it might be a bit complicated..   BUT, I do have a config I could send if you're interested in that..  I use a 1760 at home to route between VLANs in my lab, and do this exact thing, since my 1760 also has only one Ethernet, but again, you'll need a switch that supports VLANs..  Let me know if that interests you and I'll send a simplified version of my config for router and switch..
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39191236
Wow, your second option sounds very interesting, but I think I'm going to go with the first option of just pinging via the console port.

" This wont test that they're routing the LAN subnet to you, but it will test the connection to the ISP." to quote your words -- since the ISP is giving us test IP addresses to test with, I don't think its important to test if they are routing the LAN because on the day of the company move, they will transfer our REAL circuit over to the new building. Having said that, whether I test LAN routing on the test circuit or not won't make a difference on the day of the move...

Right?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39192575
Also, would the below config work, if I connect the WAN cable into the 10/100 ETHERNET port?

Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150

INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252

Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
 ip address 64.199.225.30 255.255.255.252
 no ip proxy-arp
 no shutdown
 speed auto
 no cdp enable
!
interface Serial0
 ip address 63.140.194.145 255.255.255.248
 ip access-group NOSPOOF in
 shutdown
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.199.225.29
no ip http server
!
!
ip access-list extended NOSPOOF
 deny   53 any any
 deny   55 any any
 deny   77 any any
 deny   pim any any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 255.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 7.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
 exec-timeout 5 0
 logging synchronous
 login local
line aux 0
 exec-timeout 0 1
 no exec
 flowcontrol hardware
line vty 0 4
 access-class 99 in
 exec-timeout 5 0
 password 7 075E724F49050A5D41
 logging synchronous
 login local
 transport input telnet
!
sntp server 207.46.130.100
end

Open in new window

0
 
LVL 10

Accepted Solution

by:
172pilotSteve earned 400 total points
ID: 39193188
That looks good to me..  You don't need to bother with putting in the access list stuff, but if you're just copy/pasting into the router, that should do..  Your first ping should be to the default gateway, and if that works, then ping around, and it should work..   And, yes - If they're going to give you your current config into the new site on move day, then I agree.. no reason to bother testing the subnet they're routing now.  The pings from console should work fine..

Do you know how to put the config in?  Once you log in, then "enable", you type "Config T" to put it into config mode, and then pasting the config should do it..  You'll have to exit out of config mode to do the pings  (Type exit, or Ctrl Z)..  To save the config, use "WR" (short for write) while in config mode, otherwise when you reboot the router, the config will revert back, which is also good to know in case you have problems with your config..  Until you WR, you can always boot it to get it to go back to the start.

The other thing you could do is "write erase" to clear the startup config, and then reboot the router, which will start by walking you through a config script to install a basic config.  You'll answer questions (what IP, gateway, etc..) to get the router configured well enough to do the pings..

Good luck - Let me know if you need help.
0
 
LVL 11

Assisted Solution

by:naderz
naderz earned 50 total points
ID: 39194549
For just testing and verifying the 10Mbps connection a simpler way would be to use a PC or laptop with its interface configured with the IP given to you by the ISP. This way you can ping, test Internet connectivity, etc.

No need for a router.
0
 
LVL 8

Author Closing Comment

by:pzozulka
ID: 39194637
Excellent, top-notch, expert suggestions.

Thank you.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now