Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Router Config

Posted on 2013-05-21
25
Medium Priority
?
737 Views
Last Modified: 2013-05-24
Can somone provide a sample Cisco Router 1721 Config. We need to run a test with the ISP, so they are asking us to use a spare router to run the test. They provided us with some test IPs as well.

I successfully gained access to the device via serial connection, so I can upload the config if necessary.

We also have a config from our production Cisco router 1900 series, but that config is way too long and complex.
0
Comment
Question by:pzozulka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 5
  • 4
  • +2
25 Comments
 
LVL 11

Expert Comment

by:naderz
ID: 39186622
What do you need to test with the ISP? Just connectivity? If yes, what kind of ISP connection will you be testing?
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39187138
Basically, you would need to configure an IP address on your router interface facing ISP if you need to test the connection
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188132
Correct, they are just asking to test the 10Mb Ethernet over Copper connection that they recently installed, at the new building. We will be moving htere in a month. I would take our existing production router to the new location, but I can't have any downtime.

Anyways, I don't have a sample cisco config, and am looking for one. When I get one, I'll just change the IP address that the ISP has provided.

That's why I'm looking for a sample config.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 18

Expert Comment

by:fgasimzade
ID: 39188182
Can you post what you have now and the ip address of the ISP (your default gateway)
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188240
Here's something I pulled...

cisco-i02#show run
Building configuration...

Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
 ip address 64.200.214.234 255.255.255.128
 no ip proxy-arp
 shutdown
 speed auto
 no cdp enable
!
interface Serial0
 ip address 64.200.213.146 255.255.255.252
 ip access-group NOSPOOF in
 shutdown
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
ip access-list extended NOSPOOF
 deny   53 any any
 deny   55 any any
 deny   77 any any
 deny   pim any any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 255.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 7.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 64.200.214.0 0.0.0.255 any
 permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
 exec-timeout 5 0
 logging synchronous
 login local
line aux 0
 exec-timeout 0 1
 no exec
 flowcontrol hardware
line vty 0 4
 access-class 99 in
 exec-timeout 5 0
 password 7 075E724F49050A5D41
 logging synchronous
 login local
 transport input telnet
!
sntp server 207.46.130.100
end

Open in new window

0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39188279
Is it your current router or the new one?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188301
this is a test cisco router 1721, that I will be taking to the new location to test with ISP.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39188334
Everything is pretty much confifured, you just need to enable interfaces with no shutdown command
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188353
I have never worked with Cisco routers before, so this config looks a little confusing to me. For instance, I don't see a place to provide the default gateway address.

Normally on Windows you setup the IP, Netmask, and Gateway. Here it appears that each interface only has a IP and Netmask.
0
 
LVL 18

Assisted Solution

by:fgasimzade
fgasimzade earned 100 total points
ID: 39188367
Your default gateway is configured in the following line
ip route 0.0.0.0 0.0.0.0 Serial0

It means that for any subnet with any mask go through Serial0
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188441
But how will it know the specific gateway IP address to use on the Serial0 network?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39188468
Not sure which is the serial connection (Serial0), but Cisco 1721 has 2 ports of interest to me. The LAN port is labeled 10/100 Ethernet. The WAN port is labeled T1/DSU/CSU.

Sorry I forgot to post the test IPs provided by the ISP.

Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150

INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252

With the above mentioend IPs, is the below config correct?
cisco-i02#show run
Building configuration...

Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
 ip address 64.140.194.145 255.255.255.248
 no ip proxy-arp
 no shutdown
 speed auto
 no cdp enable
!
interface Serial0
 ip address 64.199.225.30 255.255.255.252
 ip access-group NOSPOOF in
 no shutdown
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.199.225.29
no ip http server
!
!
ip access-list extended NOSPOOF
 deny   53 any any
 deny   55 any any
 deny   77 any any
 deny   pim any any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 255.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 7.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 64.140.194.145 0.0.0.7 any
 permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
 exec-timeout 5 0
 logging synchronous
 login local
line aux 0
 exec-timeout 0 1
 no exec
 flowcontrol hardware
line vty 0 4
 access-class 99 in
 exec-timeout 5 0
 password 7 075E724F49050A5D41
 logging synchronous
 login local
 transport input telnet
!
sntp server 207.46.130.100
end

Open in new window

0
 
LVL 1

Assisted Solution

by:TXSolution79
TXSolution79 earned 100 total points
ID: 39188641
Building configuration...

Current configuration : 920 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
enable secret 5
enable password
!
ip subnet-zero
!
!
no ip domain lookup
ip dhcp excluded-address 10.0.0.1 10.0.0.15
!
ip dhcp pool R1LAN
   network 10.0.0.0 255.0.0.0
   default-router 10.0.0.1
   dns-server 8.8.8.8
   lease 0 1
!
!
!
!
!
interface BRI0
 no ip address
 no ip mroute-cache
 shutdown
!
interface Ethernet0
 ip address dhcp client-id Ethernet0
 ip nat outside
 no ip mroute-cache
 half-duplex
!
interface FastEthernet0
 ip address 10.0.0.1 255.0.0.0
 ip nat inside
 no ip mroute-cache
 speed auto
!
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip http server
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
line con 0
 exec-timeout 3 0
line aux 0
line vty 0 4
 password
 login
!
no scheduler allocate
end
0
 
LVL 11

Expert Comment

by:naderz
ID: 39188652
Yes, what you have should work.

Interface Serial 0/0 is the WAN port is labeled T1/DSU/CSU.

I believe you have a typo on your interface FastEthernet 0 for the IP address it should be:
ip address 63.140.194.145 255.255.255.248

Other than that you should be good.
0
 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 1600 total points
ID: 39189143
Just FYI..  When  an ISP link is via Serial, there's only 2 ends of the link, so sometimes you do an ip-unnumbered connection, and that's why you dont need an IP address when pointing at the serial0 port in your sample config.  

Since you're going to test the ISP's Ethernet connection at the new location, you will need an IP address as you thought...  Your router will need to connect to the ISP via an ethernet port, and since you mentioned that your router only has ONE ethernet connection, you might be VERY limited as to what you can do to test..

What you should do, is find a cheap router with two ethernet connections on it...  Otherwise, you can use the router you have, but since you wont have a second ethernet connection to connect to your switch or PC, you'll have to do your testing just by pinging from the router console, instead of surfing the web from an attached PC.

Probably, given your situation, I'd go out and get a Cisco 2621 or similar router off of ebay. The 2621 has two 10/100 ports, and you will be able to do what you're talking about..  That router will go for $50-$75 shipped these days on ebay.  Alternatively, if you're good with Linux or Windows, you could get a PC with two NICs to act as a router, or if you dont care about the routing aspect of it, and just want to test the Internet connection, get a cheap router meant for home from your local office supply or computer store..  Something like a Linksys or DLink should go for under $40 or so, and at least you can configure the WAN address in it to then hook up a computer to the NAT side and test the connection and speed.  This wont test that they're routing the LAN subnet to you, but it will test the connection to the ISP.

Does that make sense?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39189197
172pilotSteve:

Why can't I just use the router I already have (Cisco 1721) to connect the WAN cable to the T1 port, and use another cable to connect my laptop to the 10/100 Ethernet port, and use the above mentioned config.

On the laptop (Windows), I'll configure the IP to 63.140.194.146, gateway will be the Cisco Router (63.140.194.145), and Subnet Mask 255.255.255.248...same as the above config in post id: 39188468. Post Link
0
 
LVL 11

Expert Comment

by:naderz
ID: 39189339
pzozulka: for testing your configuration would work.
0
 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 1600 total points
ID: 39189522
You said the ISP is delivering your Internet connection as "10Mb Ethernet over Copper" to quote your words..  That is NOT a T1 connection, and the T1 port will NOT connect to that ISP connection.  

You will need an Ethernet connection to connect to that ISP connection..
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39189543
Thanks for catching that. I did not know that the 10Mb connection (which will be handed over RJ45) will not connect to the T1 port (also RJ45).

Is there anyway to still use the Cisco 1721 router's 10/100 Ethernet port to connect to the 10Mb cable? I could then connect my laptop via the console port, and test pinging to the outside world. Is this possible?

P.S. The current router that we use for this 10Mb connection is a Cisco 1941. We will be moving and using this router at the new location as well, so it won't be a problem in the future. My only problem is for the testing phase.
0
 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 1600 total points
ID: 39189581
Right..  So, that's why I was saying that if you use that router, you can definitely configure the ONE Ethernet connection to connect to the WAN, and then you can just test using pings from the router console, or you can try to find something with two Ethernet interfaces..

If you want to get tricky, and have a switch that will do VLANs, you COULD configure a switch port to be a trunk, and then configure two other switch ports to be the "inside" and "outside' interfaces for the router, and that way you could really test the routing  (google "router on a stick") but if you aren't already comfortable with the concept of VLANs it might be a bit complicated..   BUT, I do have a config I could send if you're interested in that..  I use a 1760 at home to route between VLANs in my lab, and do this exact thing, since my 1760 also has only one Ethernet, but again, you'll need a switch that supports VLANs..  Let me know if that interests you and I'll send a simplified version of my config for router and switch..
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39191236
Wow, your second option sounds very interesting, but I think I'm going to go with the first option of just pinging via the console port.

" This wont test that they're routing the LAN subnet to you, but it will test the connection to the ISP." to quote your words -- since the ISP is giving us test IP addresses to test with, I don't think its important to test if they are routing the LAN because on the day of the company move, they will transfer our REAL circuit over to the new building. Having said that, whether I test LAN routing on the test circuit or not won't make a difference on the day of the move...

Right?
0
 
LVL 8

Author Comment

by:pzozulka
ID: 39192575
Also, would the below config work, if I connect the WAN cable into the 10/100 ETHERNET port?

Lan IP Information
Public LAN Network: 63.140.194.144/29
Subnet Mask: 255.255.255.248
Usable Public IP's: 63.140.194.145 - 63.140.194.150

INET WAN IP Information:
WAN Default Gateway: 64.199.225.29
Customer WAN IP: 64.199.225.30
Subnet Mask: 255.255.255.252

Current configuration : 1988 bytes
!
! Last configuration change at 15:57:39 PDT Fri May 28 2010
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-i02
!
enable secret 5 $1$iCu4#nUxRVIPNK7%tA75Gy9gyd.
!
username testusr password 7 09454F08090D181705051C
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip name-server 66.155.200.200
ip name-server 207.59.200.200
ip name-server 66.251.200.200
no ip dhcp conflict logging
!
no ip bootp server
!
!
!
!
interface FastEthernet0
 ip address 64.199.225.30 255.255.255.252
 no ip proxy-arp
 no shutdown
 speed auto
 no cdp enable
!
interface Serial0
 ip address 63.140.194.145 255.255.255.248
 ip access-group NOSPOOF in
 shutdown
 no fair-queue
 service-module t1 timeslots 1-24
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.199.225.29
no ip http server
!
!
ip access-list extended NOSPOOF
 deny   53 any any
 deny   55 any any
 deny   77 any any
 deny   pim any any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 255.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 7.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 permit ip any any
!
logging facility local6
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
 exec-timeout 5 0
 logging synchronous
 login local
line aux 0
 exec-timeout 0 1
 no exec
 flowcontrol hardware
line vty 0 4
 access-class 99 in
 exec-timeout 5 0
 password 7 075E724F49050A5D41
 logging synchronous
 login local
 transport input telnet
!
sntp server 207.46.130.100
end

Open in new window

0
 
LVL 10

Accepted Solution

by:
172pilotSteve earned 1600 total points
ID: 39193188
That looks good to me..  You don't need to bother with putting in the access list stuff, but if you're just copy/pasting into the router, that should do..  Your first ping should be to the default gateway, and if that works, then ping around, and it should work..   And, yes - If they're going to give you your current config into the new site on move day, then I agree.. no reason to bother testing the subnet they're routing now.  The pings from console should work fine..

Do you know how to put the config in?  Once you log in, then "enable", you type "Config T" to put it into config mode, and then pasting the config should do it..  You'll have to exit out of config mode to do the pings  (Type exit, or Ctrl Z)..  To save the config, use "WR" (short for write) while in config mode, otherwise when you reboot the router, the config will revert back, which is also good to know in case you have problems with your config..  Until you WR, you can always boot it to get it to go back to the start.

The other thing you could do is "write erase" to clear the startup config, and then reboot the router, which will start by walking you through a config script to install a basic config.  You'll answer questions (what IP, gateway, etc..) to get the router configured well enough to do the pings..

Good luck - Let me know if you need help.
0
 
LVL 11

Assisted Solution

by:naderz
naderz earned 200 total points
ID: 39194549
For just testing and verifying the 10Mbps connection a simpler way would be to use a PC or laptop with its interface configured with the IP given to you by the ISP. This way you can ping, test Internet connectivity, etc.

No need for a router.
0
 
LVL 8

Author Closing Comment

by:pzozulka
ID: 39194637
Excellent, top-notch, expert suggestions.

Thank you.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Considering cloud tradeoffs and determining the right mix for your organization.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

662 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question