help for internet config on a 2811 router 1

[sukadelic]

Recently I had a task to configure a internet connection on a 2811 router, but i'm a newbie so not sure i did it correctly.

First of all, my router has only 2 Fast ethernet ports. Also, what's the purpose of backend IPs. Here is the config below (ip has been modified):

ISP config: Router Interface: CAR1.NWR1 PC105
Switch Port: MCD101.NWR1 :interface 1/0/18
Vlan: 141
Front-End IPs: 4.1.1.0/30 (Level3 side: 4.1.1.2, Customer side: 4.1.1.1)
Back-End IPs: 8.8.8.0/24 (Useables: 8.8.8.1 - 8.8.8.254)

My router config:

Current configuration : 1338 bytes
!
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname 120B_Internet
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$kEJE$bMaRvgVqPbrrJpdiBYarE1
!
no aaa new-model
!
resource policy
!
clock timezone est -5
clock summer-time EDT recurring
!
!
ip cef
!
!
no ip domain lookup
ip accounting-threshold 1000
!
!
voice-card 0
no dspfarm

interface FastEthernet0/0
description Link to ISP - Level3
ip address 4.1.1.2 255.255.255.252
ip accounting output-packets
duplex full
speed 100
!
interface FastEthernet0/1
no ip address
duplex full
speed auto
!
interface FastEthernet0/1.1
description Management VLAN 1 - Native Vlan
encapsulation dot1Q 1 native
ip address 8.8.8.1 255.255.255.0
no snmp trap link-status
!
!
!
ip http server
no ip http secure-server
!
logging synchronous
login
line aux 0
password 7 1316021F0609167372
login
line vty 0 4
password 7 04481E0B02245E1750
login
transport input none
line vty 5 1180
login
transport input none
!
scheduler allocate 20000 1000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end


i didn't create any acl and NAT yet. Please correct my config if it's wrong.

thank you very much!!

 

[burtsbees]

Hmmm...it used to be that way---whenever you would

Edge#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Edge(config)#line vty 0 4
Edge(config-line)#password bam
Edge(config-line)#login
Edge(config-line)#exi
Edge(config)#line con 0
Edge(config-line)#password bam
Edge(config-line)#login
Edge(config-line)#exi
Edge(config)#enable secret bam

you would get an error stating that the console and line passwords cannot be the same as the enable secret password. Guess they changed it. If you have the chance on an older router, try it.

I wouldn't go so far as to say that you were dead wrong and that you shouldn't pretend to know what you're talking about---you thought what you thought, no biggie---you have a desire to learn, which is one thing that gets people very far.

Burt

 

[brianinms]

Burt in my 14 years of working on Cisco equipment I have never experienced the password issue you mention.

 

[burtsbees]

I'll dig up the document...

Burt

 

[burtsbees]

Okay---it was with the enable password and enable secret...

Bottom-2620#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 12.2(10r)1, RELEASE SOFTWARE (fc1)

Bottom-2620 uptime is 3 minutes
System returned to ROM by power-on
System image file is "flash:c2600-is-mz.120-7.T.bin"

cisco 2620 (MPC860) processor (revision 0x00) with 26624K/6144K bytes of memory.
Processor board ID JAD07040FMH (3904408445)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Bottom-2620#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Bottom-2620(config)#enable password bam
Bottom-2620(config)#enable secret bam
The enable secret you have chosen is the same as your enable password.
This is not recommended. Re-enter the enable secret.

Bottom-2620(config)#

That really does not make a difference, I know, since the router will use the level 5 (MD5) enable secret over the level 7 enable password...but the point is simply for argument's sake.

If you REALLY wanted to lock the router down, do this...

router(config)#no service password-recovery

That is a "hidden" command (will NOT show up with "?"), and you had better make DARN sure you know all the passwords to get to priv exec! There is no way out of this one if you lose your password, aside from replacing the NVRAM chip and starting over!

Burt!