Cisco 2620 Router Config 1

[JillofAllTrades]

Router configuration is a weak area for me.
Sprint did my initial router configuration and I have only had to make two changes myself since then, which have miraculously worked.

I need someone to help me understand the configuration I currently have and to advise me on how to change it to add some functionality, namely incorporating my second ISP for load-balancing/fault-tolerance.

I am even willing to *pay* someone to help me with this.


Thanks in advance,

Christine

 

[chipk]

Just post your router model, IOS version (show version) and your current config (show running-config) (minus passwords - even encrypted ones - and minus public IP addresses). I'm sure someone will be able to answer your questions.

 

[JillofAllTrades]

cisco>enable
Password:
cisco#sh config
Using 1920 out of 29688 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco
!
!
ip subnet-zero
ip name-server 10.0.0.13
!
!
!
!
interface FastEthernet0/0
ip address XX.XXX.XXX.XXX 255.255.255.128
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
speed auto
full-duplex
!
interface Serial0/0
bandwidth 1536
ip address XXX.XX.X.XX 255.255.255.252
no ip redirects
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
no fair-queue
!
interface Serial0/1
description frame relay link to Brunswick
bandwidth 384
ip address 192.168.254.1 255.255.255.252
no ip directed-broadcast
encapsulation frame-relay
no ip route-cache
no ip mroute-cache
ip policy route-map 2Internet
no fair-queue
frame-relay interface-dlci 30
frame-relay lmi-type ansi
!
interface Ethernet1/0
ip address XX.XX.XX.XX 255.255.255.248
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
!
router eigrp 100
redistribute static
passive-interface FastEthernet0/0
passive-interface Serial0/0
passive-interface Ethernet1/0
network 10.0.0.0
network 192.168.254.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
ip http port 12337
!
access-list 100 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip any host 209.131.213.101
access-list 101 permit ip host 209.131.213.101 any
access-list 102 permit ip host 10.0.0.2 any
access-list 102 permit ip any host 10.0.0.2
access-list 102 permit ip host 10.0.0.3 any
access-list 102 permit ip any host 10.0.0.3
route-map 2Internet permit 10
match ip address 100
set ip next-hop 10.0.0.3
!
snmp-server engineID local 0000000902000002FDB68680
snmp-server community public RO
!
line con 0
password XXXXXXXXXXXXX
transport input none
line aux 0
line vty 0 4
password XXXXXXXXX
login
!
end
*********************************************************
cisco#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:12 by phanguye
Image text-base: 0x80008088, data-base: 0x807AAF70

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

cisco uptime is 1 week, 2 days, 12 hours, 37 minutes
System returned to ROM by power-on
System image file is "flash:c2600-i-mz.120-7.T"

cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K bytes of memory
.
Processor board ID JAD0432052C (3578804881)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102
**********************************************************
I will post some specific questions in a new post.

Christine

 

[JillofAllTrades]

First, the frame relay is gone - we sold the company.
This was the interface Serial 0/1 and the network 192.168.254.0.
How can I get rid of that?

Second, in the access-list, I have no idea who or what 209.131.213.101 is, so shouldn't I get rid of that?

Third, I have a DSL connection with a static IP address through a separate ISP as a backup connection. How do I tie this in as a failover, and ideally, utilize it all the time to increase my total bandwidth as well?

The Cisco 2620 has a connector going into a T1 board on the wall. It also has a larger connector (serial interface?) going into a Kentrox ADC. The Kentrox has ethernet connections to our phone server and to another T1 board on the wall for our long distance T1, which is a separate thing altogether.

I hope I don't sound like too much of an idiot here.
I really want to understand what I am doing, not just "type these commands". That doesn't help in the long run.

Thanks much,



Christine

 

[JillofAllTrades]

Oh, also, when I make changes, I know they only effect the running-config, right? How do I make the changes permanent?

Christine

 

[chipk]

This was the interface Serial 0/1 and the network 192.168.254.0.
How can I get rid of that?

As long as you have something in the Ser0/1 slot, it will show up in the config. To remove anything, you just type the command in the config preceded by a "no". But I would pretty much just do:

interface ser0/1
no description
no ip address
shutdown

Second, in the access-list, I have no idea who or what 209.131.213.101 is, so shouldn't I get rid of that?

Hard to tell what those are for, but they're not applied to any interfaces. If they were, you would see a commnad like this under your interfaces:

ip access-group 102 in

Third, I have a DSL connection with a static IP address through a separate ISP as a backup connection. How do I tie this in as a failover, and ideally, utilize it all the time to increase my total bandwidth as well?

Well, first, you'll need an open ethernet port. Is one of those (fa0/0 or eth1/0) open?

Oh, also, when I make changes, I know they only effect the running-config, right? How do I make the changes permanent?

You need to issue one of the following commands:

write memory or copy running-config startup-config

write memory is supposed to be getting phased out by Cisco, but who knows when that's happening. Both commands accomplish the same thing for you.

And just one other question for you. Are you using any snmp monitoring software like SolarWinds or other third party stuff? I doubt it because you don't appear to be using syslog, but, the reason I ask is it is not good security (even for read only) to have snmp community set to the default, which is public. This means anyone could access and read the config on your router via snmp, and if they can do that, they can decrypt level 7 passwords and then even be able to telnet to your router. Even if this isn't likely to happen with anybody at your company, it's still best to make that something other than the default.

 

[JillofAllTrades]

Ser0/1 - Got it.
Write memory - Got it.

Well, first, you'll need an open ethernet port. Is one of those (fa0/0 or eth1/0) open?

Yes, Ethernet 1/0 is actually open

And just one other question for you. Are you using any snmp monitoring software like SolarWinds or other third party stuff?

Yes - I was using MRTG but I could change the community and change it in the MRTG settings as well. How do I change that?

Christine

 

[JillofAllTrades]

OK I figured out the SNMP community change. That's done.

Christine

 

[chipk]

The load balancing/redundancy is a little beyond me. If your two connections were through the same ISP, then you could coordinate with them to set up MLPP (Multi-link Point to Point), which I use for a couple of my WAN connections. Your set up is a bit more complicated than that, though, since you have 2 ISPs. I did find an article that describes what you seem to be trying to do:

http://www.broadbandreports.com/faq/cisco/50.5 Load Balance 2 ISP with Cisco

I could actually be overcomplicating things, though. Maybe someone else will be able to offer some suggestions for how else you can accomplish your redundancy/fault tolerance.