Cable Modem - Cisco Router Setup 1

[Microbyte]

This came up as one of the BCRAN exam question.
But, more than that, I want to hook it up myself.
I have a cable modem currently hooked up by D-Link (consumer $50 version) router. I want to replace that with genuine cisco router and switch.
I recently bought Cisco 2900 series switch and 2500 series router. Want to hook up few of my PCs using NAT and all those nifty commands that goes with it.

My question is, what do I need to make this connection happen?
In terms of IP data, I would need my globally unique IP address and subnetmask and default gateway given by my cable modem service provider right?
Also, where the other end of RJ45 connection from the cable modem needs to hook-up?
Thanks in advance.


Microbyte

 

[Microbyte]

that is some crazy access-list you have.
the main difference between yours and mine is applied access-list. The fact that your configuration is PAT which it needs that overload statement with applied acess-list. But I do not need em' because it's 1-to-1 translation, right? but do i still need an access-list? right now, I'm in a stage where I just want PC1 to access the internet. I mean, as long as I do not create an access-list every path is implicit permit isn't it?

Microbyte

 

[wybnormal]

Well... the router is the last effort at blocking traffic that might make it through the firewall. The 211 ip addresses are known spamming or hacking which I've had troubles with so I block the range. Since the 192.168 is on the inside, there should not be ANY 192.168 coming in the from the outside such as a spoofed packet so that is blocked. Same goes for 172. and 127. There should not be an broadcast packets arriving hence the block on the 255.x.x.x and the 0.0.0.0 packets are also blocked. I dont use multicast so 224 is blocked. No ICMP is allowed to be sent in. What you dont see is the route list that takes specific IP ranges and dumps them to NULL. This takes the load off the CPU that the access list can generate. I'm always playing on this router testing and trying different things like this.

Here are the stats for the last couple of months:
deny ip 211.0.0.0 0.255.255.255 any log (726 matches)
deny ip 210.0.0.0 0.255.255.255 any log (291 matches)
deny ip 10.0.0.0 0.255.255.255 any log (15 matches)
deny ip 172.0.0.0 0.255.255.255 any log (3 matches)

These are packets that sneak past the firewall and get blocked by the ACL.

THere are several good papers on router security that go into great detail about configuring the ACLs.

MikeS

Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu

 

[sugz]

if you have a dual aui 2500 ans ios 12.2 you can set one to get its ip dynamically, in int mode do a ip ?, you will see it, then refer to the master command reference for more info