Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clone mac addres on Cisco 1710 and script help

Status
Not open for further replies.
Houbie

Houbie

IS-IT--Management
Oct 16, 2003
10
0
0
NL
Hi,

I have a cisco 1710 router that I want to use at home for my internet connection.
I have a cable connection to the internet.
My ISP nows my mac address so I have to clone that into my cisco 1710. Does anybody know how to do this?
Can anybody give me some tips how to configure my router to use it in my lan with NAT, DHCP and internet.

This is my first Cisco router to configure.

Thanks,

Hans
 
Sort by date Sort by votes
Hi George,

I put in the next script.

enable
config t
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp pool Internal-DHCP
import all
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
interface f0
ip address 192.168.100.1 255.255.255.0
ip nat inside
no shutdown
interface e0
ip address dhcp
no shutdown
ip nat outside
mac-address 0010.4BBB.7965
ip nat inside source list NATACL interface e0 overload
ip access-list extended NATACL
permit ip 192.168.100.0 0.0.0.255 any
exit
exit
wr mem

and I get the following output with an error:

Cisco1710(dhcp-config)#network 192.168.100.0 255.255.255.0
Cisco1710(dhcp-config)#default-router 192.168.100.1
Cisco1710(dhcp-config)#interface f0
Cisco1710(config-if)#ip address 192.168.100.1 255.255.255.0
Cisco1710(config-if)#ip nat inside
Cisco1710(config-if)#no shutdown
Cisco1710(config-if)#interface e0
Cisco1710(config-if)#ip address dhcp
Cisco1710(config-if)#no shutdown
Cisco1710(config-if)#ip nat outside
Cisco1710(config-if)#mac-address 0010.4BBB.7965
Cisco1710(config-if)#ip nat inside source list NATACL interface e0 overload
Cisco1710(config-if)#ip nat inside source list NATACL interface e0 overload
Cisco1710(config)#ip access-list extended NATACL
Cisco1710(config-ext-nacl)#permit ip 192.168.100.0 0.0.0.255 any
Cisco1710(config-ext-nacl)#exit
Cisco1710(config)#exit
Cisco1710#
00:03:53: %IP-4-CLASS: Bad IP address and mask 0.0.0.0/0 in class_resolve()wr mem
Building configuration...

00:03:54: %SYS-5-CONFIG_I: Configured from console by console[OK]
Cisco1710#

and from time to time I get the following error:

00:04:24: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?

I use the following settings for Hyperterminal:

Baudrate: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow Control: hardware

Thanks in advance for your help.

Hans
 
Upvote 0 Downvote
1.permit ip 192.168.100.0 0.0.0.255 any
exit
exit
wr mem

Solution: access-list 2 permit 192.168.100.0 0.0.0.255 any

You must specify a standard/extended list. Standard doesn't filter on protocol/port.
and I get the following output with an error:

2.
and from time to time I get the following error:

00:04:24: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
Solutionand from time to time I get the following error:

00:04:24: %PQUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?

Solution: Do you have a transceiver on the ethernet interface - it seems to be malfunction.
 
Upvote 0 Downvote
To George Ou:

My ISP has a setup script that run on all new cable modem installation. This script is configured for PC and my modem is attached to a router, is there a work around?
 
Upvote 0 Downvote
Tried it.
This is the next error:

Cisco1710(config)#ip access-list extended NATACL
Cisco1710(config-ext-nacl)#access-list 2 permit 192.168.100.0 0.0.0.255 any
^
% Invalid input detected at '^' marker.

Cisco1710(config-ext-nacl)#exit
Cisco1710(config)#exit

The marker points to the 'a' of access
 
Upvote 0 Downvote
First of all, I'm not sure what IOS version you're running.

I'm using 12.2 11(T9) with the image c1700-k9sy7-mz.122-11.T9.bin. If you do a "dir" from the "#" prompt, it will show you the bin file you're running.

Second, If you use standard ACL, you don't use the "ip access-list extended NATACL" command. Additionally, since the NATACL ACL does not exist, you must point to "2" instead of "NATACL" from the "IP NAT" command. But I'm telling you don't go changing this. You're better off upgrading your IOS to the same version as me and then using the exact same configuration as me. I'm telling you it works. I have it running on a 1751, which is a slightly upgraded model from your 1710. They probably both run the exact same image.

As for your Ethernet1 problems, you might want to set it to half duplex. That is what I had to do on my equipment to get it to work.

George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage
 
Upvote 0 Downvote
I have a question for you about your original comments. You say your ISP knows your MAC address. If this is broadband cable you speak of - the only MAC address your ISP is concerned about is that of your cable modem. Certainly you arent trying to clone that specific MAC address into your 1710 router.

That leads me to believe that your ISP only allows you to have one CPE device. How do cable companies track that single CPE device? MAC address. The cable modem will not allow any device to pass traffic unless it is coming from that one specific CPE MAC address. There are three easy work arounds...

1. Call up your ISP, and tell them you want to pay a monthly fee for additional CPE devices. Usually they charge you $5.00 per month extra to have this luxary.

2. Every time you want to change devices to go out to the internet - plug the new device in and power cycle your modem. Every time your modem reboots, it downloads a new config file from the local QTFTP server...and reports the CURRENT CPE MAC address to the RADIUS serverices as well. The process of rebooting the cable modem over and over can get annoying, but it is sufficient if you only have like 2 PCs that you use one at a time.

3. Plug a router directly into the cable modem, and use NAT/PAT. The ISP will only see the MAC address of the router's ethernet interface, and pretty much anything behind it will be virtually "invisible".

As you can see there should be absolutely no need for cloning of anything, regardless of how many CPEs the ISP allows you to have. Perhaps you are either trying to do something that I overlooked, or your ISP is very strange. Just out of curiosity, may I ask what service provider you are using?

 
Upvote 0 Downvote
That's a pretty elaborate message you got there :), but unfortunately your assumption is incorrect [sad]. The ISP doesn't lock you down by the cable modem MAC address, they lock down the first device you successfully plug into the cable modem.

So if you plug in a computer to test the connection, that MAC address is recorded by the ISP and from that point on you are forced to use that computer you first plugged in. The way around this is to take the mac address of that original computer and clone it to your router device that is plugged directly into the modem. The command "mac-address ffff.ffff.ffff" where ffff.ffff.ffff is the mac address of the original computer in hex notation.

I don't personally have this problem, but many of my users in the field do. As an example, a cable ISP in New Jersy does this very thing. I couldn't get the Cisco 1751 router to work until I cloned the mac address of the computer that was functioning with the cable modem. Once this was done, all of the clients behind this FWIOS router was fully functional accessing the Internet. I also configured the same device to terminate an IPSEC connection to headquarters, but I left that part of the configuration out since it is not in the scope of the original question.


George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage
 
Upvote 0 Downvote
Very interesting GeorgeOU. Ive spent almost three years in a DOCSIS environment providing broadband cable internet services to residential customers - and I have never heard of that before. Most CMTS products out there dont even have that feature available to begin with. Why do it anyway? Seems to be way to inconvenient in my opinion, for both the provider and customer. Why would an ISP even care what CPE device is connected to the modem? Very odd.

I know as a fact that the major companies out there like Adelphia, Cox, Time Warner, WOW, etc do not have that type of policy. Just out of pure curiosity, would you be able to provide the names of any of these cable companies that deploy this tactic?
 
Upvote 0 Downvote
GeorgeOU is right.
When I change my network adapter I'am disconected from internet. I have to call my ISP to let them unblock my account. Then I have to put the correct MAC address in my network adapter to be able to connect to the internet again.


Rg

Hans
 
Upvote 0 Downvote
Hi GeorgeOU,

I have the following software version in my router:
c1700-k8sy7-mz.122-4.YA2.bin

Rg,

Hans
 
Upvote 0 Downvote
Actually, I take that back. I DO recall a similiar scenario I had back in like 1998 when I was actually a customer for AT&T (they owned "RoadRunner" at that time).

I wasnt around when it was actually installed, and I only had one computer - but I do remember giving them a phone call to let them know I was changing NIC cards on my PC because the old one went bad. My mistake. Then again, that was a VERY long time ago in the realm of information technology. Hard to believe cable companies still do that. How barbaric.


Good luck Houbie...
 
Upvote 0 Downvote
Houbie,

You need to go to Cisco's CCO site and download 12.2.11t9. I'm not sure if the IP feature set alone is enough or includes enhanced ACLs. You might want to get the Firewall enabled IOS like the one I suggested.

If this is not possible, I'll come up with a modified configuration for you that uses standard ACLs. Note that Enchanced ACLs are much easier to manage.


George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage
 
Upvote 0 Downvote
I will ask someone to download it for me.
I can't access that site.

Thanks,

Hans
 
Upvote 0 Downvote
Ok, the router is working.
I can connect to the internet via the cisco 1710.
Now the following problem rises.
I want to use Cisco VPN client to build a tunnel to our company. This is not working.
When I try to connect it says in the status bar:
"Initializing the IPSec link......"

What could be the problem?
Someone told me that the router does not know where to send the answer from the PIX from our company. And that I have to put in static routes for the ports that the VPN client uses. Is this true? And if Yes, how can I do this?

Thanks,

Hans
 
Upvote 0 Downvote
First of all, you never mentioned anything about a PIX in your initial post which is why I recommended a Firewall feature set enabled configuration on the 1710. The configuration I gave you is designed to handle NAT, DHCP, and Firewall duties. It is also quite possible to configure the 1710 to handle IPSEC from other routers or end users, but that would require an IPSEC capable image.

The configuration I gave you is designed to be a stand alone 1710 between your internal LAN and the Internet. If you go putting a PIX firewall in to this mix, it changes the entire architecture and makes it much more complex. With the PIX in the MIX, you would probably be handling DHCP, NAT, and Firewall from the PIX and not the 1710 and you would not be able to use a DHCP ISP account.

Note that Cisco's router IOS with FW feature set is much more flexible than a PIX.




George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage
 
Upvote 0 Downvote
Ooops, I misunderstood your question. Are you using the 1710 to terminate the IPSEC tunnel back to HQ or are you using an software IPSEC VPN client behind the 1710? Either option would work, but the software VPN client and the VPN gateway would need to support NAT-T (NAT Traversal).



George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage
 
Upvote 0 Downvote
Hi GeorgeOU,

I have the 1710 at home and the PIX is on HQ.
I need to build a vpn tunnel between the 1710 and the pix.

rg

Hans
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
191
Jared R
Jared R
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
205
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
176
madwok
madwok
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
182
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
226
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top