Routers

47K

Solutions

30K

Contributors

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Share tech news, updates, or what's on your mind.

Sign up to Post

Internet of Ransomware Things
Recently, my home WiFi router started to fail. I was hesitant to replace it but had no choice. Verizon replaced it for a small fee (it was an upgrade). I then discovered just how connected my relatively unconnected home really is.
1
LVL 14

Expert Comment

by:Brandon Lyon
Don't forget you can always change the new router's default settings so that it has the same name and password as the old access point.

This is one of the reasons I prefer zigbee solutions. The hub is the only part that needs access to the network and it's probably wired instead of wireless.
1
LVL 33

Author Comment

by:Thomas Zucker-Scharff
Probably would have been easier!
0
Ensure you’re charging the right price for your IT
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

RT-N16
There are articles on this topic, but I have decided to summarise everything in one, according to the tools we have in 2019 for the job. Provided you have the means mentioned, the task should take you up to 5 hours or less to get running again. It required however around 5 days for me to get there.
2
LVL 21

Expert Comment

by:Lucas Bishop
Wow, this is a really interesting article. I'd always written off hard bricked hardware as scrap bin material.
1
LVL 3

Author Comment

by:Anton Shostak
I agree, that everyone would have done so, Lucas. But if you are a techie and deal with hardware, known to be "unbrickable", the process becomes a challenge and promises a great feeling, once you can accomplish something like this. In addition, JTAG method works with virtually any hardware, that has flash memory, so can save also priceless devices.

Andrew, indeed once the process is written out like here, it will not take long. But piecing this all together and researching, as well as trying all possible recovery methods is what takes time. However I am not a professional in soldering, neither had I an oscilloscope to know what signal levels I have to receive in the end.
0
Starting with Windows 2012 change for network interfaces (adding, replacing, ...) requires to uninstall and reinstall RRAS to apply those changes - purging the current RRAS setup. The following script shows how to add new interfaces without having to reinstall RRAS.
1
Cradlepoint and Cisco - DMVPN with Certificate Based Authentication (Also, IOS CA, OSPF, and VRRP) -
I had to tackle a challenge to use Cradlepoint routers to provide backup WAN connectivity for my remote sites. This is how I did it.
0
Assume that as a role of System Administrator in SMB (or a startup group), you are requested to (re)design the IT infrastructure of the company. In this article, I will describe the steps of design, configure and operate the IT devices in a small business environment. (<50 users).
0
When you have a Wi-Fi, you might want to isolate the untrusted network from your network, since Wi-Fi is more vulnerable to attacks, as is a guest network. You will still be able to manage guest/Wi-Fi from your network. This is possible to do with an Edge router
0
In short, I will be giving a guide on how to install UNMS on a virtual machine in hyper-v and change the default port for security (you don’t need to have a server, since Windows 10 supports hyper-v)
0
Recover a Password on Cisco Devices
Have a Cisco router that you forgot the password or maybe you bought a used router that is locked with a password? This article will guide you through the steps on how to recover the password on your Cisco gear.
0
In the hope of saving someone else's sanity...

About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consistently (that is, more than ten per cent of the time).

One minute everything would work fine; the next minute all (outbound) traffic would get dropped. After eight weeks of pulling my hair out (while talking to Cisco) it seems I had hit a 'documented' (but very well hidden bug) that means you cannot load balance on IOS 15 when using a dialer interface and NAT.

The long and short of it is that IOS gets confused and sends the packets to the wrong outbound interface it has just done the IP translation for. This means the ISP will (in the UK, at least) see the packet coming from what it sees as a spoofed IP address and will drop it.

Chances of getting load balancing to work with PPPoE: None (well almost none). Chances of seeing the bug fixed: Zero (apparently).

Incidentally, we were convinced to try a work around, involving buying another(!) Cisco router with load balancing on one and the EHWIC cards in the other (using PBR to route the traffic correctly). This works (kind of), but, due to PBR, maxes out at half the bandwidth of our two connections, which kind of defeats the point of having two lines.

Given it took Cisco eight weeks to find this bug in their own documentation (which happens to be hidden …
0
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance.

A concise guide to the settings required on both devices
1
PMI ACP® Project Management
LVL 13
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
0
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
7
LVL 19

Expert Comment

by:Kyle Santos
Good job.
0
LVL 7

Author Comment

by:Teksquisite
Thank you Kyle :)
0
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
1
Mikrotik OSPF Network
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
0
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
12

Expert Comment

by:bozo1701
Reducing the quality of the picture is not really a solution. The hard line seems the only viable option today for HD video streaming. Cheers
0
LVL 19

Author Comment

by:Kyle Santos
Reducing the quality of the picture is not really a solution. The hard line seems the only viable option today for HD video streaming. Cheers
Agreed.  But for folks like me who are in a canyon, on tower relayed internet, its been helpful and I don't notice a drastic difference in quality. :)
0
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outgoing interface.

For this test we are going to use the simple network setup shown in the diagram below:
Network-Diagram.pngStatic Route using outgoing interface.
Let's configure R1 as follows:
R1(config)#int FastEthernet0/0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
R1(config)#end
R1#wr
Building configuration...

*Mar  1 00:15:23.571: %SYS-5-CONFIG_I: Configured from console by console[OK]
R1#

Open in new window

We then try to send a couple of pings from R1 and look at the ARP table:

R1#ping 2.2.2.2 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.!!
Success rate is 66 percent (2/3), round-trip min/avg/max = 68/74/80 ms
R1#ping 3.3.3.3 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
.!!
Success rate is 66 percent (2/3), round-trip min/avg/max = 68/68/68 ms
R1#ping 4.4.4.4 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
.!!
Success rate is 66 percent (2/3), round-trip min/avg/max = 72/82/92 ms
R1#ping 5.5.5.5 re 3

Type escape sequence to abort.
Sending 3, 

Open in new window

4
LVL 22

Expert Comment

by:Jody Lemoine
There is actually a third method that combines the two.

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 1.1.1.2

This has all of the same benefits as routing to the next-hop address, but ensures that the traffic doesn't use another interface regardless of the routing table's data for the next hop. It also has other applications, such as statically leaking routes between VRF instances.

Good write-up.
0

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done using a browser like Internet Explorer, Google Chrome or Firefox using an HTTP or HTTPs connection. For security purposes, it's important to consider the possibilities:

  • Access from the LAN side is likely safer than from the WAN (internet) side but may still need to be secured.
  • Access from the WAN (internet) side is "public" and needs to be secure.

There are at least two kinds of "security" that are possible:


1) It's important to select  a combination of Username and Password for logging into the controls. In this case, both the Username AND the Password might be viewed as "passwords" as they both have to be entered correctly. There are plenty of good articles written about how to select passwords.


2) Unless one is willing to risk that their public login communications won't be intercepted then the communications need to be encrypted. This is where HTTPS comes in. It's fair to say that the WAN side communications, if actually public, must be encrypted. Similarly, internal LAN communications might also have the same requirement - but often not. There is almost no penalty for using HTTPS - so why not?  [Well, there’s an issue regarding security certificates when using HTTPS and that’s described in a later section here.]


If you’re at all like me and any number of others, you’ll find the built-in Help for the RV042 GUI Firewall page to be a bit cryptic and confusing. So I undertook to map out the setting functions and interactions to understand the Management access aspects better. This involves the Firewall, Remote Management, Port and HTTPS settings.

RV042-Firewall-Annotated.jpg

Here are the results that we get by entering all the combinations of Enable/Disable and some Port numbers:


RV042 Firewall Truth Table (firmware 1.3.12.19-tm)

1=Enabled   0=Disabled   Grayed out means unavailable   RM=Remote Management (WAN)  

RV042-Firewall-WAN-Truth-Table.jpgRV042-Firewall-LAN-Truth-Table.jpg*Remote Management (RM) via HTTP Port 80 is allowed by default if the firewall is Disabled - so it shows Enabled and is grayed out.

**Port setting is only possible if the Firewall is Enabled. Otherwise the setting shows but is grayed out. The setting does nothing if the Firewall is Disabled.

***Port 99 was an aribitrary choice and some testing was done using Port 101 to confirm. It could be anything suitable.

****Explicit means addressing in the browser like this: http://192.168.1.1:443


Conclusions:

  • Enabling / Disabling HTTPS affects Remote Management and other things.
  • Without HTTPS enabled, Remote Management will work via HTTP although it can work with HTTPS via port 443.
  • Remote and Local Management will work via HTTP if a port other than 80 or 443 is entered and used by the client (e.g. 99). So, communications can be encrypted if HTTPS isn't enabled but can also be unencrypted.
  • If HTTPS is enabled, Remote Management will only work via HTTPS.
  • Setting a port number for Remote Management makes that port available on both the WAN and the LAN but doesn't disable Port 443 or, if allowed, Port 80.
  • If the Firewall, Remote Management and HTTPS are all enabled and a port other than 80 or 443 is entered,
  • that port works on HTTPS on the WAN and on HTTP on the LAN.  Port 443 is always HTTPS.

 

Guidance:

At this point, we boil down the results to create some common settings:


First, you need to decide whether you will allow Remote Management on the WAN – i.e. presumably over the Internet. If not, then you will Disable Remote Management. The Firewall page will look like this. DON'T FORGET TO SELECT SAVE at the bottom of the page!


(If you do this using a Remote Management connection on the WAN, you will lose your connection if not immediately then shortly thereafter depending on what you do).

RV042-Firewall-Disable-RM.jpgHowever, if you do want to provide management access on the WAN side of the router then you would Enable Remote Management and Enable HTTPS.

RV042-Firewall.jpg

How to change the Remote Management Port number:

It took me a while to figure this out and I'm writing the instructions here for ready reference ..

Imagine that the Firewall is Disabled, Remote Management is Enabled and the port number is 443 (or some other) and you want to switch it to port 80.  You might want to do this if the router is being used inside a private network and not as a direct internet interface.
You can only change Enable/Disable Remote Management when the Firewall is Enabled.

You can only change the Remote Management port number when Remote Management is Enabled.

- Enable the Firewall.

- Enable Remote Management.

- Enter the desired port number.

- Save the configuration.  Then if you like:

- Disable Remote Management (optional)

- Disable the Firewall

- Save the configuration again.

Now the Remote Management port number will be changed and, if not Enabled, ready to be Enabled.


That’s all there is to it for the WAN side.


For the LAN side, there is really nothing to be done other than choosing how to access from the browser. The LAN side will allow management access via either HTTP or HTTPS. In order to use HTTPS, you have to use an addressing form from the examples below to do that.


Some Notes about Browsers:

The address provided to a browser is usually the sole determinant whether HTTP or HTTPS is going to be used. The router determines whether HTTP or HTTPS will be allowed. So, a browser may use an address (using here the default RV042 LAN IP address of 192.168.1.1):

http://192.168.1.1 for HTTP where the browser will use Port 80 by default.
http://192.168.1.1:80 for HTTP
https://192.168.1.1for HTTPS where the browser will use Port 443 by default.
https://192.168.1.1:443 for HTTPS
http://192.168.1.1:nnn for HTTP on the LAN where nnn is the Port number entered in the Firewall
https://192.168.1.1:nnn for HTTPS on the WAN

In effect, entering a port number in the Firewall simply opens another port for access to router Management.


Certificate Errors:

When using HTTPS, there’s an unfortunate outcome with the RV042. For some reason, the security certificate isn’t recognized as valid. I know of no solution for this. This is unfortunate because it would potentially allow for an undetectable man-in-the-middle attack. While this may not be a great concern when accessing the router Management over your LAN, it could be a concern if accessing the router over the internet on the WAN interface – even using HTTPS.

 

Internet Explorer certificate errors:

HTTPS-There-is-a-problem-with-this-websi

If you’ve set up the router then presumably you expect to see this. The choice is to choose “Continue to this website”.

 

Google Chrome certificate errors:

 HTTPS-Your-connection-is-not-private.jpg

If you’ve set up the router then presumably you expect to see this.  The choice is to choose “Advanced” which will bring up this page:

 HTTPS-Go-back-to-safety-Chrome.jpgAnd, here you need to choose “Proceed to [the router IP address] (unsafe)”

 

Firefox Certificate Errors will require you to save the router IP address as an exception in order to be able to access it via HTTPS. You will need to select “I Understand the Risks” and will get:

 HTTPS-This-connection-is-untrusted-FirefThen select “Add Exception” and get:

HTTPS-Exception-Firefox3.jpgThe location should be the router IP address and you will need to “Confirm Security Exception”. Then the Firefox rendition of the router login will appear.


RV042 Built-In Help for the Firewall page:
 Firewall General (A copy of the RV042 Help)

From the Firewall Tab, you can configure the Router to deny or allow specific internal users from accessing the Internet. You can also configure the Router to deny or allow specific Internet users from accessing the internal servers.


You can set up different packet filters for different users that are located on internal (LAN) side or external (WAN) side based on their IP addresses or their network Port number.


Firewall

The default is enabled. If users disable the Firewall function, SPI, DoS, Block WAN Request will be disabled, Remote Management will be enabled and Access Rules and Content Filter will be  disabled.


Stateful Packet Inspection (SPI>

The Router's Firewall uses Stateful Packet Inspection to maintain connection information that passes through the firewall. It will inspect all packets based on the established connection, prior to passing the packets for processing through a higher protocol layer


Denial of Service (DoS)

Protect internal networks from Internet attacks, such as SYN Flooding, Smurf, LAND, Ping of Death, IP Spoofing and reassembly attacks.


Block WAN Request

This feature is designed to prevent attacks through the Internet. When it is enabled, the Router will drop both the unaccepted TCP request and ICMP packets from the WAN side. The hacker will not find the Router by pinging the WAN IP address. If DMZ is enabled, this function will be disabled.


Remote Management

This Router supports remote management. If you want to manage this Router through the WAN connection, you have to 'Enable' this option. User can enter the port number for remote management.


HTTPS (HyperText Transfer Protocol Secure)

HTTPS is a secured http session. Users can enable HTTPS for secured management. HTTPS encrypts the communications among connected clients and servers to provide data confidentiality. The default is disabled.

(Note: If you will use the Linksys Quick VPN Client Software for allowing VPN Clients to connect to the RV042, please enable the HTTPS.)


Multicast Pass Through

IP Multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate computers.


Restrict WEB Features

RV042 supports the following filtering for web protocol. Block:


Java: Java is a programming language for websites. Some web sites contain small programs, and it may be dangerous to run an unknown program on your machine. You can check the Java box to "filter the Java Applets for security reason, but you may take the risk of not having access to Internet sites which created using this programming language if Java is blocked."


Cookies: A cookie is data stored on your PC and used by Internet sites when you interact with them. Cookies are usually used to track visitors, and store information about their personal preferences. "You can check the Cookies box to block Cookies in order to maintain a higher level of anonymity on the Web."


Active X: Active X is a programming language for websites. Some web sites contain small programs, and it may be dangerous to run an unknown program on your machine.                           

You can check  the Active X box to filter the Active X for security reason, but you may take the risk of not having access to Internet sites which created using this programming language if Active X is blocked.


Access to HTTP Proxy Servers: Use of Proxy Servers may compromise the Router’s security. You can check the box to enable proxy filtering, and it will disable access to any proxy servers.


Don’t block Java/ActiveX/Cookies to Trusted Domain: If the box is checked, users can enter the  web sites or IP address in Trusted Domain field, and the Router will not check the Java/ActiveX/Cookies in the Trusted Domain(s).


Click the Save Settings button when you finish the settings, or click the Cancel Changes button to undo your changes.


..............................

As always, edits, corrections, comments and questions are welcome and encouraged!

1

Expert Comment

by:Zhen Fury
The Certificate error will always be there because you need to buy an SSL Certificate for your Public webpage to be recognized publicly. For Lan you can provide a local cert though this is not really an issue.
0
LVL 28

Author Comment

by:Fred Marshall
McKnife:

I added a paragraph that describes how to change the displayed port number for Remote Management.
It's not easy to figure out so that the result sticks!

Thank you!
0
Imagine you have a shopping list of items you need to get at the grocery store. You have two options:
A. Take one trip to the grocery store and get everything you need for the week, or
B. Take multiple trips, buying an item at a time, to achieve the same feat.
Obviously, unless you are purposefully trying to get out of the house you’d choose “A”. But why do we so often times choose “B” when it comes to our data transmission performance? The key metric here is efficiency.How many trips do you want to take?

MTU…says you need to buy Milk in 1 Gallon containers rather than by the ounce!

MTU is an acronym that stands for the Maximum Transmission Unit, which is the single largest physical packet size, measured in bytes, a network can transmit. If messages are larger than the specified MTU they are broken up into separate, smaller packets also known as packet fragmentation or “fragmented”, which slows the overall transmission speeds because instead of making one trip to the grocery store you are now making multiple trips to achieve the same feat. In other words, the maximum length of a data unit a protocol can send in one trip, without fragmentation occurring is dictated by the MTU value defined.

Do I Really need to Manually Correct the MTU Value?

The correct MTU value will help you select the correct shopping cart size in order to be the most efficient in your grocery shopping so that you don’t have to take multiple trips. Shouldn’t I just leave…
21

Expert Comment

by:Jason Shaw
Would changing the MTU on on-side of VPN tunnel cause any issues with VPN ?
0
LVL 32

Author Comment

by:Blue Street Tech
Hi Jason, I assume you are only changing it on one side of a VPN tunnel. If I am correct, then it would only benefit one side of the connection. So if that connection is having the issues then it may remedy the problem, however for greater efficacy I'd do both ends (they most likely will not have the same MTU).
0
Problem Description:  

Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s.
We were in need for public IP’s to publish our web resources at the branch office
Also Home ADSL connection ISP leases the DHCP IP address to the customers and this will IP can change on frequent basis  and sometimes you will find it difficult  for port forwarding
 
Anyway so after the upgrade we were given pre-configured Cisco Router by ISP. Unfortunately, the LAN subnet configured on the router was conflicting with our IP Addressing Schema. Therefore, it was important to change the subnet on the router.

When I access to the router through the console and issue sh running-config command but the resulting configuration was virtually blank.
Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode

R1# sh run config
Current configuration : 3743 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
end 

Open in new window


Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode
Show privilege:  This command displays the current privilege. Here's an example:

R1# show privilege
Current privilege level is 2

Open in new window


With this privilege only the configure commands that are permitted are actually displayed.

Solution
0
LVL 4

Author Comment

by:TECHNO.IT
Thank you very much.
0
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable.

BACKGROUND

SonicOS separates Service Objects into three different views or groupings: “All Services”, “Custom Services” & “Default Services”. Within each view there are two sections called “Service Groups” & “Services”. Service Groups are simply just Services grouped together for related purposes. Default Services are a list of system-created, commonly used, services that you can utilize to create many different networking policies and rules. They are not only created for convenience but they also play a key role in how default Access Rules function, which I’ll discuss later. For all intents and purposes Default Services Objects and Default Services are synonymous here and I’ll be focusing this discussion on the “Ping” Service Group within Default Services. Ping is just an example, but this bug occurs when renaming any Default Service Object.
Image showing Default Services.Some customers of SonicWALL security appliances will rename Default Services under the Service Groups section like Ping and rename it to “Ping Group” or “Group: Ping”, etc. to denote that it is in fact a group, which actually includes both Ping 0 (ICMP - reply) and Ping 8 (ICMP - request) rather than a single Service Object, e.g. Ping 8 (ICMP - request).

When …
3
LVL 32

Author Comment

by:Blue Street Tech
New update: SonicWALL just got back to me and is handling this based on the amount of affected user reports. It missed the 5.9 release but is schedule to be included for the subsequent release.
0
LVL 2

Expert Comment

by:Peter Wilson
Very helpful. Thank you!
1
So, I decided to flash my router with DD-WRT to get more control over its configuration.  The primary goal was to create an access point where DHCP addresses were only given out from the wireless interface and to isolate wireless clients from everything else on the LAN apart from the internet.

So I headed over to www.dd-wrt.com, searched the firmware database for the latest version for my router.  Carried out the upgrade and all is well, connect to the web interface and ready to start configuring.  I fished out a relevant article to assist:  

http://www.dd-wrt.com/wiki/index.php/Separate_LAN_and_WLAN

Carried out all the steps, and going well, I can get a wireless DHCP address... But wait, no internet access.  

I could get to the internet before I put the WLAN on its own bridge.  Hmmm, lots of talk of iptable settings for the firewall script on the forums.  After spending 5 hours, trying and retrying different settings I can across someone saying that the firmware suggested in the firmware database for your router isn't necessarily the latest or best.  I did a bit more digging and I found what seems to be the latest version on their own website:

ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2012/10-12-12-r20119-testing/linksys_wrt160nl/wrt160nl-firmware.bin

Upgraded my router to this version, carried out the same configuration I started out 5 hours earlier and BANG, all working as originally intended and as designed.  

I'm not getting those…
2
We've been using the Cisco/Linksys RV042 for years as:
- an internet Gateway
- a site-to-site VPN device
- a leased line site-to-site subnet-to-subnet interface
(And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's a caveat.)

In the first case, the WAN interface connects to or toward the internet connection or the "outside world".

In the VPN case, the WAN interface connects to or toward the internet connection or the "outside world".

In the site-to-site case we started in the same fashion with the WAN interface connecting to the "outside world" connection and the LAN ports, as usual, on the LAN in each instance.  
It turns out this was a mistake as soon as we needed to do more than connect subnets.  Like this:

Router A ... LAN 192.168.1.0/24 IP 192.168.1.101 ... WAN 192.168.200.201/24 ... Gateway 192.168.200.201

Router B ... LAN 192.168.2.0/24 IP 192.168.2.102 ... WAN 192.168.200.202/24 ... Gateway 192.168.200.202

Router C ... LAN 192.168.3.0/24 IP 192.168.3.103 ... WAN 192.168.200.203/24 ... Gateway 192.168.200.203


As you probably know, there is little written about the internal architecture of the RV0xx routers.  So much is left to guesswork and/or doing some lab characterization.  This article is a combination of doing both while not being an exhaustive treatment of lab characterization tests ... which I'd still like to do.

Question:
"What if I want to connect subnet to subnet AND have the internet access …
1

Expert Comment

by:Linda Claudine
Thought I might get some expert up to date advice so spent 15 agonizing minutes signing up for trial.  By the time I had done that (had to go thru the form part twice just because I wanted to read the policies before clicking start trial.  By then, the article I was reading was long gone. And oddly, the same search that brought it up when not member returned no results after signing up. As for addressing VPN settings on at&t junk router/modem (manual - NO ONE CAN FIND ONE). I could continue on tips - but there was nothing slightly applicable beyond stuff any fairly knowledgable user would know - and many security settings are controversial depending on what article you read. It's now working - but we will see when I update my iPhone tonight. Oh boy!
0
LVL 28

Author Comment

by:Fred Marshall
?? Perhaps you meant to post this somewhere else??
0
Hello ,

This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router .

The following demonstrates a traceoptions configuration on a Juniper router which has ospf enabled on it and we will be tracing for ospf .

First this is to go into a mode to make this happen Below is the command from the start of the router .

login: lab
Password:

--- JUNOS 9.6R2.11 built 2009-10-06 20:56:00 UTC
lab> configure 
Entering configuration mode
Users currently editing the configuration:
  lab terminal d0 (pid 1359) on since 2011-06-11 00:48:19 IST, idle 12:27:15
      [edit]
  lab terminal p2 (pid 1510) on since 2011-06-11 14:40:34 IST, idle 05:10:52
      [edit]

[edit]
lab# 

Open in new window


Now that you have done this we will go ahead and configure the protocol

[edit]
lab# set protocols ospf area 0 interface all 

[edit]
lab# commit 
commit complete

[edit]
lab# 

Open in new window


how would you enable traceoptions ? well traceoptions are protocol specific and not device specific . In the sense you would have traceoptions for ospf , rip , and protocols not for the entire router itself

let us enable traceoptions for ospf

[edit]
lab# edit protocols ospf 

[edit protocols ospf]
lab# set traceoptions file testtrace 

[edit protocols ospf]
lab# set traceoptions flag all 

[edit protocols ospf]
lab# commit 
commit complete

[edit protocols ospf]
lab# 

Open in new window


Now , how would you monitor it ... simple


Open in new window

0
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are instances when you cannot SSH/telnet to the external/WAN interface of the router but you can SSH/telnet from inside.

The problem is with Network Address Translation (NAT) and related Access Control List (ACL); your configutration needs to expressly permit such external access.

Consider this partial configuration:
interface fastethernet 0/0
 description WAN Interface
 ip address 172.16.1.1 255.255.255.0
 ip nat outside

interface fastethernet 0/1
 description LAN Interface
 ip address 10.10.10.1 255.255.255.0
 ip nat inside

ip access-list extended NAT-LIST
 permit ip any any

ip nat inside source list NAT-THIS interface fastethernet 0/0 overload

Open in new window

The partial configuration above will be sufficient to allow Internet access from PCs connected to the router's LAN.  It will also allow for network administrators to SSH or Telnet to routers from the LAN.  However, one will NOT be able to SSH/telnet to the router from the outside, over the Internet.

The problem (assuming that you want that capability) lies within Access Control List.
ip access-list extended NAT-LIST
permit ip any any

Open in new window

The permit any any line above translates all requests from the LAN as well as from the Internet to FastEthernet 0/0 IP Address, which in turn will break SSH/Telnet access to the router.

So, the question is:  How do you resolve this?  It is rather a simple fix.  All you need to do is replace the line...
     permit ip any any
...with...
     permit ip 10.10.10.0 0.0.0.255 any

When completed, your Access Control List should look like this:
ip access-list extended NAT-LIST
 permit ip 10.10.10.0 0.0.0.255 any

Open in new window

2
LVL 2

Expert Comment

by:nw-support
Yes I fully understand it - it is a good explanation.
The reply above was only a reaction to the comment from rsaettel.
0
LVL 3

Author Comment

by:Paresh Patel
Understood.  Thanks.
0
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridging can also be very useful in smaller environments to help save on wasting IPs.  The implementation I will be using for the example is this:  A single T1 comes into a router.  This router needs to hand off directly to a set of Redundant Firewalls without a switch between them.  We need to make sure both firewalls can plug into the router and use the same IP address for their next hop.  The commands used here are all entered from a Cisco 2811 running IOS version 12.3(8)T5.  Bridging is available in many other IOS versions and from what I have personally seen the commands have not changed.  So with all of that out of the way let's get into the router.

First connect to the router via the console.  We will be changing IP addresses and disabling interfaces which will cause your telnet sessions to disconnect.

After you connected you will need to be in "enable" mode so that you can make changes to the router.

Next we enter config mode, configure terminal

Now you should be sitting at a prompt similar to the one below:

Router01(config)#

There are three commands that we will enter to ensure that bridging is enabled.

Router01(config)#bridge irb
Router01(config)#bridge 1 protocol ieee
Router01(config)#bridge 1 route ip
11
LVL 2

Expert Comment

by:jozatan
Thank you for the brief post and the excellent explanation. Sometimes things are just very simple, only we don't know that.
0

Expert Comment

by:jimmycher
Outstanding summation.
0

Routers

47K

Solutions

30K

Contributors

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.