New to Cisco

[marlonn]

Hello Everybody...

Hope you somebody can help me on this. Have to set-up a network on our new POP(point of presence). Have a Cisco 2511 to use and utilize all its async ports for dial-up connection, also have about 20 workstations to connected to my LAN for internet sharing.

Problem:
1. How to configure 2511 for NAT use? I was only given 24 sets of public IP.
2. How to configure 2511 for dial-up connection?

Hope to hear from you guys....
Thanks in Advance.

 

[SkyHawkTech]

Well.. something like this should get you started..

regards,

~Rick

!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Cisco2511
!
enable password testing
username forest password for321
!
ip source-route
ip name-server 24.94.195.33
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip access-group 104 in
no keepalive
!
interface Serial 0
no shutdown
description connected to Internet
ip address 64.64.64.1 255.255.255.0
ip nat outside
ip access-group 105 in
encapsulation ppp
!
! Committed Access Rate (CAR)
!
rate-limit output access-group 100 8000 8000 8000 conform-action set-prec-continue 4 exceed-action drop
!
!
interface Async 1
no shutdown
description connected to Dial-inPCs(modem)
ip unnumbered Ethernet 0
ip tcp header-compression passive
encapsulation ppp
async mode dedicated
group-range 1 1
ppp authentication chap
no cdp enable
peer default ip address pool Cisco2511-Group-1
!
interface Async 2
no shutdown
description connected to Dial-inPCs(modem)_1
ip unnumbered Ethernet 0
ip tcp header-compression passive
encapsulation ppp
async mode dedicated
group-range 2 2
ppp authentication chap
no cdp enable
peer default ip address pool Cisco2511-Group-2
!
interface Async 3
no shutdown
description connected to Dial-inPCs(modem)_2
ip unnumbered Ethernet 0
ip tcp header-compression passive
encapsulation ppp
async mode dedicated
group-range 3 3
ppp authentication chap
no cdp enable
peer default ip address pool Cisco2511-Group-3
!
interface Async 4
no description
no ip address
shutdown
!
interface Async 5
no description
no ip address
shutdown
!
interface Async 6
no description
no ip address
shutdown
!
interface Async 7
no description
no ip address
shutdown
!
interface Async 8
no description
no ip address
shutdown
!
interface Async 9
no description
no ip address
shutdown
!
interface Async 10
no description
no ip address
shutdown
!
interface Async 11
no description
no ip address
shutdown
!
interface Async 12
no description
no ip address
shutdown
!
interface Async 13
no description
no ip address
shutdown
!
interface Async 14
no description
no ip address
shutdown
!
interface Async 15
no description
no ip address
shutdown
!
interface Async 16
no description
no ip address
shutdown
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 192.168.1.0 0.0.0.255
!
! Access Control List 100
!
no access-list 100
access-list 100 permit tcp any any range ftp-data ftp
!
! Access Control List 101
!
no access-list 101
access-list 101 permit udp any eq rip any eq rip
access-list 101 deny ip any host 192.168.1.2
access-list 101 deny ip any host 192.168.1.3
access-list 101 deny ip any host 192.168.1.4
access-list 101 deny ip any 192.168.1.0 0.0.0.255
access-list 101 permit udp any any eq domain
access-list 101 permit tcp any any range ftp-data ftp
access-list 101 permit tcp any any eq www
access-list 101 permit icmp any any
access-list 101 permit tcp any any eq smtp
!
! Access Control List 102
!
no access-list 102
access-list 102 permit udp any eq rip any eq rip
access-list 102 deny ip any host 192.168.1.2
access-list 102 deny ip any host 192.168.1.3
access-list 102 deny ip any host 192.168.1.4
access-list 102 deny ip any 192.168.1.0 0.0.0.255
access-list 102 permit udp any any eq domain
access-list 102 permit tcp any any range ftp-data ftp
access-list 102 permit tcp any any eq www
access-list 102 permit icmp any any
access-list 102 permit tcp any any eq smtp
!
! Access Control List 103
!
no access-list 103
access-list 103 permit udp any eq rip any eq rip
access-list 103 permit tcp any host 192.168.1.2 eq 3389
access-list 103 deny ip any host 192.168.1.2
access-list 103 deny ip any host 192.168.1.3
access-list 103 deny ip any host 192.168.1.4
access-list 103 deny ip any 192.168.1.0 0.0.0.255
access-list 103 permit udp any any eq domain
access-list 103 permit tcp any any range ftp-data ftp
access-list 103 permit tcp any any eq www
access-list 103 permit icmp any any
access-list 103 permit tcp any any eq smtp
!
! Access Control List 104
!
no access-list 104
access-list 104 permit udp any eq rip any eq rip
access-list 104 permit tcp any any established
access-list 104 permit udp host 192.168.1.2 any eq domain
access-list 104 deny ip host 192.168.1.2 any
access-list 104 permit tcp host 192.168.1.3 any eq www
access-list 104 deny ip host 192.168.1.3 any
access-list 104 permit tcp host 192.168.1.4 any range ftp-data ftp
access-list 104 deny ip host 192.168.1.4 any
access-list 104 permit tcp any any range ftp-data ftp
access-list 104 permit tcp any any eq www
access-list 104 permit icmp any any
access-list 104 permit tcp any any eq smtp
access-list 104 permit tcp any any eq telnet
access-list 104 permit udp any any eq domain
!
! Access Control List 105
!
no access-list 105
access-list 105 deny tcp host 64.64.64.30 range ftp-data ftp any
access-list 105 deny tcp host 64.64.64.20 eq

http://www any

access-list 105 deny udp host 64.64.64.10 eq domain any
access-list 105 permit tcp any any established
access-list 105 permit udp any host 64.64.64.10 eq domain
!
! Static NAT
!
ip nat inside source static tcp 192.168.1.4 20 64.64.64.30 20 extendable
ip nat inside source static tcp 192.168.1.3 80 64.64.64.20 80 extendable
ip nat inside source static udp 192.168.1.2 53 64.64.64.10 53 extendable
ip nat inside source static tcp 192.168.1.2 3389 64.64.64.10 3389 extendable
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat pool Cisco2511-natpool-0 64.64.64.1 64.64.64.254 netmask 255.255.255.0
ip nat inside source list 1 pool Cisco2511-natpool-0 overload
!
! DHCP Server
!
service dhcp
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 24.94.195.33
!
router rip
version 2
network 192.168.1.0
passive-interface Serial 0
no auto-summary
!
!
ip local pool Cisco2511-Group-1 192.168.1.100 192.168.1.100
ip local pool Cisco2511-Group-2 192.168.1.101 192.168.1.101
ip local pool Cisco2511-Group-3 192.168.1.102 192.168.1.102
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
no ip http server
snmp-server community notreallypublic RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password test
login
!
line vty 0 4
password test
login
!
line 1
exec
autoselect ppp
autoselect during-login
login
modem InOut
transport input all
stopbits 1
speed 38400
flowcontrol hardware
!
line 2
exec
autoselect ppp
autoselect during-login
login
modem InOut
transport input all
stopbits 1
speed 38400
flowcontrol hardware
!
line 3
exec
autoselect ppp
autoselect during-login
login
modem InOut
transport input all
stopbits 1
speed 38400
flowcontrol hardware
!
end

 

[marlonn]

Thanks SkyHawkTech,

One more thing...how can i authenticate my users log-in in my dial-up connection? We don't have Radius or Taccas+ server.

 

[SkyHawkTech]

...About the 17th line down...

username forest password for321

also.. this is just an example.. many change would need to be made for it to work correctly in your setup.

surf google.com or login to cisco.com and read the doc's that come with your router... once you set it up ensure that you have an ACL list / firewall established to keep unwanted visitors off your lan..

g'luck

~Rick