| Router Setup, Please HELP Hello Guys,
I am new to Cisco Routers and the small comany (very small comany) that I work for just decided to buy new networking equipment.
They have purchased the following:
1 Cisco router 1841
1 Cisco Catalyst 2950 Switch
we have 6 Pc's that we need up and running by Teu (in 2 days basicly) I've searched the internet of basic setup for those two items. All we need for right now that the Computers can go out to the internet and recive emails. I would think that this would be a basic setup. From the ISP I got the static IP, MASK, GATEWAY, and DNS Info.
Is there anything out there that will guide me through the steps of setting up the Router and switch. I know very litle about cisco equipment such as setting up passwords hostnames and getting to the certian int's on the router/switch.
Please if anyone has something out there it would be highly appriciated
I'm begging for your help
Thank you in advance
Tom |
|
|
|
| Forum FAQ is a good place to start.
»Cisco Forum FAQ |
|
| I looked there last night for 3 hours I couldnt find anything that I can use, found some thigs but still unclear where to start and in what order to do it. |
|
| reply to krock22
You're going to have to start detailing further what exactly you're wanting the
setup to do krock22.
- is the connection via a dedicated line like T1 / E1 or is it xDSL / cable?
- Any internal servers that are supposed to be accessible from the outside?
- is the router / switch supposed to be remotely accessible / managable?
- is NAT needed?
- What is the company's Security / Acceptable Use Policy?
- Is any sort of QoS needed?
- Any plans to expand further and add things like VOIP, VPN, IDS, wireless, etc
to the setup?
The 1841 / 2950 will do what you want and do it very well, and I'm not trying to
scare you off from your company's purchase but to set them up and maintain
them is NOTHING like your DLINK / Linksys (Small Business) / Belkin / et al where
you plug it in, run a web GUI and click through a few wizards. Cisco SDM / CCP
is about as close to a GUI tool as you'll get but that's a whole seperate
discussion in itself.
Command line IOS is very powerful and very flexible, but you really need to know
what you want it to do and how to do it. If you don't have the time / resources
to learn yourself, contract it out.
Regards |
|
| Hello There thanks for the reply
Id rether go with Static than DHCP, because it might be easier on me with Static
We do have 10MB Cable Connection
From what the ISP told me the info is as follows:
IP: 192.168.1.4
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
We dont have certian servers that we need to access to the outside all we need to be able is to get out and surf the web. access our reglular email (hotmail) (yahoo). Really for right now we need this going by teusday and I only have 2 days to get this working.
Now I know a litle but not enough and because the new office is scheduled to open in 2 days there is no one who can go out and do this.. we allready tried. Later on we might set it up for a access point at some point.
I came up with a configuration but I am not sure if this is correct:
Is this how I should do it?
R>en
R# conf t
R (config)# hostname MyCompany
MyCompany (config)# enable secret Ohnlkwe123
MyCompany (config)# enable password ohnemuhe125
MyCompany (config)# line con 0
MyCompany (config-line)# password ohnemuhe122
MyCompany (config-line)# login
MyCompany (config-line)# line vty 0 4
MyCompany (config-line)# password ohnemuhe122
MyCompany (config-line)# login
MyCompany (config-line)# exit
MyCompany (config)# int fa0/0
MyCompany (config-if)# ip address 192.168.1.4 255.255.255.0
MyCompany (config-if)# ip nat outside
MyCompany (config-if)# ip nat pool no-overload 192.168.1.4 192.168.1.15 prefix 24
MyCompany (config-if)# no shutdown
MyCompany (config-if)# end
MyCompany# show running-config
MyCompany# copy running-config startup-config
MyCompany# confirm startup-config
MyCompany# reload
MyCompany# type yes to save changes and hit enter, router should reoot and ask you for enable password
Does this seem right?
The switch will be connected to interface Fa0/1
What Ip address do I need to assign to that int fa0/1? How do I find out what the ip address is?
Another question is do I have to set the router rip command if so do I use version 2 and how do I find out what network I am on.
I understand that on the switch I have to set up each individual PC up with Ip address and mask that should not be a problem.
I really appriciate your help
Thank you |
|
1 edit | reply to krock22
Just to check, this ISP has given you an external cable model with an RJ-45 jack in the back
for you to plug your router into, right?
The config you have so far looks good but one thing I'm trying to wrap my head around is why
your ISP is telling you to address your WAN interface with a 192.168.x.x address. Don't know
of may operators that still hand out private IP addressese these days.
If you have a DLink / Linksys box, plug it into the cable and test that out. I'm also trying
to figure out your NAT statements as well, but one thing at a time here.
Ideally, the config you'd be using for the 1841 is as follows:
quote:
! this specifies the DHCP pool for your LAN clients
!
ip dhcp pool LAN_DHCP_POOL
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
import-all
! this specifies the interface to get an IP address and default route from the cable ISP
!
int fa0/0
description "Cable ISP Connection"
ip address dhcp
ip nat outside
no shut
! configures the 2nd FE interface for a LAN connection and hardcodes it to 100FULL operation
!
int fa0/1
description "LAN Connection"
ip address 192.168.0.1 255.255.255.0
speed 100
duplex full
ip nat inside
no shut
! configures PAT
!
ip nat inside source list 1 interface fastethernet0/0 overload
! specifies the addresses to allow to PAT
!
ip access-list 1 permit 192.168.0.0 0.0.0.255
I've still got alot of questions on how you want to do your setup, but like I said,
one step at a time...
quote:
What Ip address do I need to assign to that int fa0/1? How do I find out what the ip address is?
Depends on how your FE0/0 interface will be addressed in the end. If they are using
192.168.x.x addresses, then you'll have to use a different addressing scheme for your
LAN config, likely the 172.16.x.x or the 10.x.x.x ranges.
Also get reading the FAQ's Basic Cisco Commands and Descriptions section.
"show ?" will be your friend starting as of now 
quote:
Another question is do I have to set the router rip command if so do I use version 2 and how do I find out what network I am on.
Again, depends on how the cable ISP's network operates. Truth to tell, if this is
regular consumer-level cable, you won't really need to run a routing protocol.
quote:
I understand that on the switch I have to set up each individual PC up with Ip address and mask that should not be a problem.
See the config above, just adapt that based on how things turn out.
Regards |
|
| Hello HELLFIRE
It has almost been a month that you took the time to write out the config for me and I wasnt able to get to the website because I got relocated to a diffrent job site and needed time to setle.
Now that I have some time I would like to thank you for your time, I have not tried that config yet because I did provide you with the worong information as far as IP address and all that. The cable provider at this site has a dynamic ip address.
I did some reading about rotuers and got the basics done but have not tried anything in production (affraid to mess up)
Can I take this config and just replace the bad IP's from the ISP provider with the correct ones?
Once again thank you for all your time. |
|
| reply to krock22
@krock83
what I gave you is a basic template to configure two interfaces and set them up with
NAT, and setup a DHCP pool for LAN connectivity which should be enough to start you
off, and yes you can adapt it to however you need it to work.
Test it out and let us know how it goes.
Regards |
|
| Thanks I will configure that this weekend. I was wondering how can I block websites such as facebook and myspace and adult websites. I need to make sure that no one cam access those websites.
Also if i wanted to install a wireless Linksys router i would have to plug it into the switch right? No configuration needed.
Thanks |
|
nosx
join:2004-12-27
00000
kudos:5 | If you want an access point (you can use a linksys router as one, you just need to remember to disable DHCP and any other services on it) you would just plug it into a switch back in the network somewhere. For larger wireless deployments investigate WLCs.
For content filtering such as pr0n and social internetworking sites, you will want a service like websense or ironport. Both of those operate via WCCP (the router redirects web traffic to the filtering appliance, and the filtering appliance proxies the web traffic unbeknownst to the end user) and provide decent enough protection. |
|
| So is this like a seperate program that needs to be loaded on to the router of how does that work? I thought I could put in the IP address into the router to deny deny
Litle confused now |
|
nosx
join:2004-12-27
00000
kudos:5 | No, its a separate piece of software that runs on a server or appliances, the router talks to it over the network. |
|
| Ok so once I set the router up I also have to set up a server for it or can it be any comuter on the network? |
|
| @ HELLFIRE
So last night I thought lets try to configure that router and see what happens
ISP IP: 75.132.47.1xx (dynamic)
Subnet Mask: 255.255.192.0
Default gateway: 75.132.0.1
here is what I got
Press RETURN to get started.
User Access Verification
Password:
1841>en
Password:
1841#conf t
Enter configuration commands, one per line. End with CNTL/Z.
1841(config)#ip dhcp pool LAN_DHCP_POOL
1841(dhcp-config)#network 75.132.0.0 255.255.192.0 ------- is this correct? -------
1841(dhcp-config)#default-router 75.132.47.1XX --------- Im not so sure if I need to put the actual IP address on this line or just make one up. ------
1841(dhcp-config)#import-all
^
% Invalid input detected at '^' marker.
1841(dhcp-config)#import all
1841(dhcp-config)#int fa0/0
1841(config-if)#description Cable ISP Connection
1841(config-if)#ip address dhcp
1841(config-if)#ip nat outside
1841(config-if)#no shut
1841(config-if)#int fa0/1
1841(config-if)#description LAN connection
1841(config-if)#ip address 192.168.0.1 255.255.255.0 -------- Should this address be whatever IP I want? -------
1841(config-if)#speed 100
1841(config-if)#duplex full
1841(config-if)#ip nat outside
1841(config-if)#no shut
1841(config-if)#
1841(config-if)#
1841(config-if)#exit
1841(config)#ip nat inside source list 1 interface fastethernet0/0 overload
1841(config)#ip access-list 1 permit 192.168.0.0 0.0.0.255
^
% Invalid input detected at '^' marker.
The last command is not working for me the marker '^' is under *1* after access-list, im not sure why, Am I in the wrong mode maybe? And also is that the correct access-list 192.168.0.0 0.0.0.255
Another question is once I plug the work stations to the switch do I have to manually assign private address to each workstation (192.168.1.5 etc) or will it automaticly assign IP addresses to the computers?
Im sorry about all these questions
Thank you |
|
| 1) Since you currently do not have Webesense or Ironport you can still configure the router to do some basic web filtering for you. You will need to Configure IP inspect, DNS & add a urlfilter list for the intended sites
!
ip name-server 4.2.2.2
ip inspect name FW_CBAC dns
ip inspect name FW_CBAC http
ip inspect name FW_CBAC https
ip inspect name FW_CBAC tcp
ip inspect name FW_CBAC udp
ip urlfilter allow-mode on
ip urlfilter exclusive-domain deny www.facebook.com
ip urlfilter exclusive-domain deny www.myspace.com
!
!
int fa0/0
ip inspect FW_CBAC out
!
2) Use the DHCP configuration previously given to you by HELLFIRE. This should allow your PCs to 'automatically' pickup an IP address from the pool in question.
3) The last statement should be
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
Note no 'IP' at the begining of the statement |
|
| Thank you on the filtering answer. So from my understanding I have to configure my router the same way you have it on the screen shot
2) I still have questions about the Ip addressing on HELLFIRE's config, if you look at the config I posted I have some comments in bold that I'm not quite sure about
3) I feel stupid I should have tried the command without the "IP" on the begginig... Thank you for explaining |
|
| reply to krock22
@krock83
quote:
1841(config)#ip dhcp pool LAN_DHCP_POOL
1841(dhcp-config)#network 75.132.0.0 255.255.192.0 ------- needs to be 10.x.x.x, 172.16.x.x, or 192.168.x.x, this is a PRIVATE IP address range for your LAN, it has nothing to do with the interface going to your ISP
1841(dhcp-config)#default-router 75.132.47.1XX ----------- needs to match whatever address you set fa0/1 to as it's the default gateway for your LAN hosts
(SNIP)
1841(config-if)#description LAN connection
1841(config-if)#ip address 192.168.0.1 255.255.255.0 ----- needs match the address you set for the default-router above
I chose the 192.168.x.x range simply because it's convenient for LAN addressing.
There's multiple ways to do URL blocking, and deepblackmag and ladino have suggested
a few options, it really depends on your budget and how comfortable you feel with
IOS commands.
Regards |
|
1 edit | @HELLFIRE
SO the config I wrote down bellow should work for me tonight?
1841(config)#ip dhcp pool LAN_DHCP_POOL
1841(dhcp-config)#network 192.168.1.0 0.0.0.255
1841(dhcp-config)#default-router 192.168.1.254
1841(dhcp-config)#import all
1841(dhcp-config)#int fa0/0
1841(config-if)#description Cable ISP Connection
1841(config-if)#ip address dhcp
1841(config-if)#ip nat outside
1841(config-if)#no shut
1841(config-if)#int fa0/1
1841(config-if)#description LAN connection
1841(config-if)#ip address 192.168.1.254 255.255.255.0
1841(config-if)#speed 100
1841(config-if)#duplex full
1841(config-if)#ip nat outside
1841(config-if)#no shut
1841(config-if)#
1841(config-if)#
1841(config-if)#exit
1841(config)#ip nat inside source list 1 interface fastethernet0/0 overload
1841(config)#access-list 1 permit 192.168.0.0 0.0.0.255
1847(config)#exit
1841#wr
No let me understand this right.. I dont do anything with the IP addresses that are given to me by my ISP? What would happen if I wanted to connect from home via telnet into the router would I be able to do that? If so what IP address would I be using? I noticed that there is no IP assigned to Fa0/0... does fa0/0 have the same ip address as the one that got provided to me by my ISP (75.132.47.1xx)
Thanks |
|
| Do you have a static or dynamic IP address?
If static then add this to the fa0/0
If dynamic then the current 'ip address dhcp' is fine
Otherwise telnet to 75.132.47.1xx when you need remote access |
|
| said by ladino:Otherwise telnet to 75.132.47.1xx when you need remote access Bad advise. Never telnet to a publicly routed IP Address. SSH should be configured on the router and only that should be used for connection to the device from a publicly routed IP.
--
"There are two American flags flying on the property I reside on. Anyone who tries to take them down will be rendered inoperative." -Lindy |
|
