pzozulka
asked on
Cisco Router Config
Can somone provide a sample Cisco Router 1721 Config. We need to run a test with the ISP, so they are asking us to use a spare router to run the test. They provided us with some test IPs as well.
I successfully gained access to the device via serial connection, so I can upload the config if necessary.
We also have a config from our production Cisco router 1900 series, but that config is way too long and complex.
I successfully gained access to the device via serial connection, so I can upload the config if necessary.
We also have a config from our production Cisco router 1900 series, but that config is way too long and complex.
naderz
What do you need to test with the ISP? Just connectivity? If yes, what kind of ISP connection will you be testing?
Basically, you would need to configure an IP address on your router interface facing ISP if you need to test the connection
ASKER
Correct, they are just asking to test the 10Mb Ethernet over Copper connection that they recently installed, at the new building. We will be moving htere in a month. I would take our existing production router to the new location, but I can't have any downtime.
Anyways, I don't have a sample cisco config, and am looking for one. When I get one, I'll just change the IP address that the ISP has provided.
That's why I'm looking for a sample config.
Anyways, I don't have a sample cisco config, and am looking for one. When I get one, I'll just change the IP address that the ISP has provided.
That's why I'm looking for a sample config.
Can you post what you have now and the ip address of the ISP (your default gateway)
ASKER
Here's something I pulled...
cisco-i02#show run
Building configuration...
Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
ip address 64.200.214.234 255.255.255.128
no ip proxy-arp
shutdown
speed auto
no cdp enable
!
interface Serial0
ip address 64.200.213.146 255.255.255.252
ip access-group NOSPOOF in
shutdown
no fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
ip access-list extended NOSPOOF
deny 53 any any
deny 55 any any
deny 77 any any
deny pim any any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 7.255.255.255 any
deny ip host 0.0.0.0 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 64.200.214.0 0.0.0.255 any
permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
exec-timeout 5 0
logging synchronous
login local
line aux 0
exec-timeout 0 1
no exec
flowcontrol hardware
line vty 0 4
access-class 99 in
exec-timeout 5 0
password 7 075E724F49050A5D41
logging synchronous
login local
transport input telnet
!
sntp server 207.46.130.100
end
Is it your current router or the new one?
ASKER
this is a test cisco router 1721, that I will be taking to the new location to test with ISP.
Everything is pretty much confifured, you just need to enable interfaces with no shutdown command
ASKER
I have never worked with Cisco routers before, so this config looks a little confusing to me. For instance, I don't see a place to provide the default gateway address.
Normally on Windows you setup the IP, Netmask, and Gateway. Here it appears that each interface only has a IP and Netmask.
Normally on Windows you setup the IP, Netmask, and Gateway. Here it appears that each interface only has a IP and Netmask.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
But how will it know the specific gateway IP address to use on the Serial0 network?
ASKER
Not sure which is the serial connection (Serial0), but Cisco 1721 has 2 ports of interest to me. The LAN port is labeled 10/100 Ethernet. The WAN port is labeled T1/DSU/CSU.
Sorry I forgot to post the test IPs provided by the ISP.
Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150
INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252
With the above mentioend IPs, is the below config correct?
Sorry I forgot to post the test IPs provided by the ISP.
Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150
INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252
With the above mentioend IPs, is the below config correct?
cisco-i02#show run
Building configuration...
Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
ip address 64.140.194.145 255.255.255.248
no ip proxy-arp
no shutdown
speed auto
no cdp enable
!
interface Serial0
ip address 64.199.225.30 255.255.255.252
ip access-group NOSPOOF in
no shutdown
no fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.199.225.29
no ip http server
!
!
ip access-list extended NOSPOOF
deny 53 any any
deny 55 any any
deny 77 any any
deny pim any any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 7.255.255.255 any
deny ip host 0.0.0.0 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 64.140.194.145 0.0.0.7 any
permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
exec-timeout 5 0
logging synchronous
login local
line aux 0
exec-timeout 0 1
no exec
flowcontrol hardware
line vty 0 4
access-class 99 in
exec-timeout 5 0
password 7 075E724F49050A5D41
logging synchronous
login local
transport input telnet
!
sntp server 207.46.130.100
endSOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, what you have should work.
Interface Serial 0/0 is the WAN port is labeled T1/DSU/CSU.
I believe you have a typo on your interface FastEthernet 0 for the IP address it should be:
ip address 63.140.194.145 255.255.255.248
Other than that you should be good.
Interface Serial 0/0 is the WAN port is labeled T1/DSU/CSU.
I believe you have a typo on your interface FastEthernet 0 for the IP address it should be:
ip address 63.140.194.145 255.255.255.248
Other than that you should be good.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
172pilotSteve:
Why can't I just use the router I already have (Cisco 1721) to connect the WAN cable to the T1 port, and use another cable to connect my laptop to the 10/100 Ethernet port, and use the above mentioned config.
On the laptop (Windows), I'll configure the IP to 63.140.194.146, gateway will be the Cisco Router (63.140.194.145), and Subnet Mask 255.255.255.248...same as the above config in post id: 39188468. Post Link
Why can't I just use the router I already have (Cisco 1721) to connect the WAN cable to the T1 port, and use another cable to connect my laptop to the 10/100 Ethernet port, and use the above mentioned config.
On the laptop (Windows), I'll configure the IP to 63.140.194.146, gateway will be the Cisco Router (63.140.194.145), and Subnet Mask 255.255.255.248...same as the above config in post id: 39188468. Post Link
pzozulka: for testing your configuration would work.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for catching that. I did not know that the 10Mb connection (which will be handed over RJ45) will not connect to the T1 port (also RJ45).
Is there anyway to still use the Cisco 1721 router's 10/100 Ethernet port to connect to the 10Mb cable? I could then connect my laptop via the console port, and test pinging to the outside world. Is this possible?
P.S. The current router that we use for this 10Mb connection is a Cisco 1941. We will be moving and using this router at the new location as well, so it won't be a problem in the future. My only problem is for the testing phase.
Is there anyway to still use the Cisco 1721 router's 10/100 Ethernet port to connect to the 10Mb cable? I could then connect my laptop via the console port, and test pinging to the outside world. Is this possible?
P.S. The current router that we use for this 10Mb connection is a Cisco 1941. We will be moving and using this router at the new location as well, so it won't be a problem in the future. My only problem is for the testing phase.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wow, your second option sounds very interesting, but I think I'm going to go with the first option of just pinging via the console port.
" This wont test that they're routing the LAN subnet to you, but it will test the connection to the ISP." to quote your words -- since the ISP is giving us test IP addresses to test with, I don't think its important to test if they are routing the LAN because on the day of the company move, they will transfer our REAL circuit over to the new building. Having said that, whether I test LAN routing on the test circuit or not won't make a difference on the day of the move...
Right?
" This wont test that they're routing the LAN subnet to you, but it will test the connection to the ISP." to quote your words -- since the ISP is giving us test IP addresses to test with, I don't think its important to test if they are routing the LAN because on the day of the company move, they will transfer our REAL circuit over to the new building. Having said that, whether I test LAN routing on the test circuit or not won't make a difference on the day of the move...
Right?
ASKER
Also, would the below config work, if I connect the WAN cable into the 10/100 ETHERNET port?
Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150
INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252
Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150
INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252
Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
ip address 64.199.225.30 255.255.255.252
no ip proxy-arp
no shutdown
speed auto
no cdp enable
!
interface Serial0
ip address 63.140.194.145 255.255.255.248
ip access-group NOSPOOF in
shutdown
no fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.199.225.29
no ip http server
!
!
ip access-list extended NOSPOOF
deny 53 any any
deny 55 any any
deny 77 any any
deny pim any any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 7.255.255.255 any
deny ip host 0.0.0.0 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
exec-timeout 5 0
logging synchronous
login local
line aux 0
exec-timeout 0 1
no exec
flowcontrol hardware
line vty 0 4
access-class 99 in
exec-timeout 5 0
password 7 075E724F49050A5D41
logging synchronous
login local
transport input telnet
!
sntp server 207.46.130.100
endASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent, top-notch, expert suggestions.
Thank you.
Thank you.