minimum router configuration 1

[bsheikh]

Hi Guys , i am just new in networking field. my scenario is .

Cisco router : 2800
internet source (3 cable modems ).at this stage IP is dynamic.

workstations : 10

i need to setup a network using this router as being internet source.
my questions are

1 what is the minimum configuration required to run this network.


2 - what must be the minimum ACL i supposed to apply.

please advice accordingly

regards,
bilal

 

[trashbin18]

Hey i am kinda new to networking as well. I am guessing you will need basic security on it such as password protection probably SSH if you want remote configuration and if you do not want remote admin from the internet probably disable on that interface. Disable CDP. I do not much about ACL, still learning. If you are new to configuring network security, like me, there is a feature
Router#auto secure

that will walk you through the process. Wish i could help out more i am sure someone will post behind me.

 

[silverhairb]

setup" will also walk you through a basic router set-up.

[the other] Bill

 

[wastedyouth614]

the auto config does help but its basically pointless. you need to do a complete lockdown and set up EIGRP. When you set up an access list you basically need to set it up as follows.....(access-list 101 tcp x.x.x.0 0.0.0.255 any eq telnet) replace the x's with your ip.

 

[silverhairb]

If you're using a 2800, just do a basic config from the router set-up, add:

router# ip http server
router# wr

and do the rest of the config using SDM.

The trick is getting a single router to work with 3 cable modems.

[the other] Bill

 

[wastedyouth614]

its actually better if you use copy run start instead of wr because your configs will be embedded into the start up configuration file

"Most people spend their whole lives wondering if they made a difference, Marines don't have that problem" -President Ronald Reagan

 

[eurobadger]

Wastedyouth614

'wr' is short for 'write memory', which is exactly the same process as 'copy run start'.

I prefer the copy command, because there is the possibility that you could accidentally type an extra character after wr. If you type 'wr e' that is short for 'write erase' which deletes your startup configuration, just like 'erase startup'.

I believe that is why Cisco have deprecated the 'write' commands, so that there is no ambiguity. The new commands appearsed way back in version 11.

So 'write memory' becomes 'copy run start', 'write terminal' is replaced by 'show run', and 'write erase' is replaced by 'erase start'.

EB

 

[burtsbees]

Also, that acl you suggested will allow ONLY telnet. Telnet is bad across the WAN also. If the user wants to allow telnet or ssh into the vty, they would use a standard acl and put the access-class on the vty line itself.

Burt

 

[bsheikh]

i am able to put the router on .
what would be the basic ACL to

1 - allow my internel network to access internet .
2 - my http server is on 192.168.0.20 i need to put it live. so external users can access to my web server.

regards,

 

[burtsbees]

router>en
router#conf t
router(config)#ip nat inside source static tcp 192.168.0.20 80 int fa0/0 80
router(config)#access-list 101 permit ip 192.168.0.0 0.0.0.255 any
router(config)#ip nat inside source list 101 int fa0/0 over
router(config)#int fa0/1
router(config-if)#ip add 192.168.0.1 255.255.255.0
router(config-if)#no shut
router(config-if)#ip nat inside
router(config-if)#int fa0/0
router(config-if)#ip add dhcp
router(config-if)#ip nat out
router(config-if)#exit
router(config)#username bla priv 15 secret blabla
router(config)#access-list 10 permit host 192.168.x.x (your pc)
router(config)#line con 0
router(config-line)#login local
router(config-line)#logg sync
router(config-line)#exi
router(config-line)#ip access-class 10 in
router(config)#line vty 0 4
router(config-line)#login local
router(config-line)#exit
router(config)#access-list 10 permit host 192.168.x.x (your pc)
router(config)#ip route 0.0.0.0 0.0.0.0 fa0/0

Now you never told us the exact model (you said 2800), so fa0/0 is the outside and fa0/1 is the inside. Your pc in access-list 10 is the ip address of the pc you plan to manage the router from. I'm in a hurry, so if I missed anything, sorry...

Burt

 

[bsheikh]

i am using 2811. 2 gigabit ports 4 fast eth ports.

my giga 0/0 is connected with Cable modem.
giga 0/1 is connected with internal switch.
regards,
bilal

 

[burtsbees]

Then replace int fa0/0 and fa0/1 with int gi0/0 and gi0/1.

Burt