silverhairbp
IS-IT--Management
Follows is a script I wrote for setting up a 2651.
The following is the proposed scerario:
Router connected to a DSL (or possible cable modem in the future) on FastEthernet0/0, to a LAN switch for our home on FastEthernet0/1. Modem handles authentication and logon, (by my understanding) it acts as a simple gateway.
FastEthernet0/0, on the WAN, the router is a DHCP client and should import the DNS info from the downstream host.
FastEthernet0/1 is the LAN side; on the LAN, the router is a DHCP host and should provide DNS info to the clients. Router address should be 192.168.1.1, DHCP client address range should be 192.168.1.100 through 192.168.1.150.
The interface names may be wrong. It would also be nice to implement a "basic firewall" but I have no idea what commands are needed for that.
I admit that I used other scripts to write this so I'm not sure I'm even close. Also, there may be a conflict between "import all" and assigning a name server.
(Is there a GUI set-up tool available for a 2651 running IOS 12.3.36? If there is, please let me know!)
Any comments would be appreciated. Is more than this needed for the router to operate in the scenario note above?
Thanks in advance,
Bill
router>en
router#conf t
router(config)#ip dhcp pool silver1
router(dhcp-config)#network 192.168.1.0 255.255.255.0
router(dhcp-config)#default-router 192.168.1.1
router(dhcp-config)#dns-server 24.217.1.162
router)dhcp-config)#import all
router(dhcp-config)#lease 7
router(dhcp-config)#exit
router(config)#int FastEthernet0/1
router(config-if)#ip add 192.168.1.1 255.255.255.0
router(config-if)#no shut
router(config-if)#ip nat inside
router(config-if)#exit
router(config)#int FastEthernet0/0
router(config-if)#ip add dhcp
router(config-if)#ip nat outside
router(config-if)#no ip redirects
router(config-if)#no shut
router(config-if)#exit
router(config)#access-list 1 permit 192.168.1.0 0.0.0.255
router(config)#ip nat inside source list 1 int FastEthernet0/0 overload
router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99
router(config)#ip dhcp excluded-address 192.168.1.151 192.168.1.254
router(config)#ip name-server 24.217.1.162
router(config)#line vty 0 4
router(config-line)#password whatever
router(config-line)#login
router(config-line)#exit
router(config)#ip http server
router(config)#ip http secure-server
router(config)#ip http authentication local
router(config)#username [namehere] priv 15 secret [passwordhere]
router(config)#service password-encryption
router(config)#access-list 101 deny tcp any 192.168.1.0 0.0.0.255
router(config)#access-list 101 permit ip any any
router(config)#no service tcp-small-servers
router(config)#no service udp-small-servers
router(config)#no ip source-route
router(config)#ip cef
router(config)#no ip dhcp use vrf connected
router(config)#no ip bootp server
router(config)#ip name-server 24.217.1.162
router(config)#hostname 2651router
2651router (config)#line con 0
2651router (config-line)#logg sync
router(config-if)#exit
2651router (config)#end
2651router #copy run start
The following is the proposed scerario:
Router connected to a DSL (or possible cable modem in the future) on FastEthernet0/0, to a LAN switch for our home on FastEthernet0/1. Modem handles authentication and logon, (by my understanding) it acts as a simple gateway.
FastEthernet0/0, on the WAN, the router is a DHCP client and should import the DNS info from the downstream host.
FastEthernet0/1 is the LAN side; on the LAN, the router is a DHCP host and should provide DNS info to the clients. Router address should be 192.168.1.1, DHCP client address range should be 192.168.1.100 through 192.168.1.150.
The interface names may be wrong. It would also be nice to implement a "basic firewall" but I have no idea what commands are needed for that.
I admit that I used other scripts to write this so I'm not sure I'm even close. Also, there may be a conflict between "import all" and assigning a name server.
(Is there a GUI set-up tool available for a 2651 running IOS 12.3.36? If there is, please let me know!)
Any comments would be appreciated. Is more than this needed for the router to operate in the scenario note above?
Thanks in advance,
Bill
router>en
router#conf t
router(config)#ip dhcp pool silver1
router(dhcp-config)#network 192.168.1.0 255.255.255.0
router(dhcp-config)#default-router 192.168.1.1
router(dhcp-config)#dns-server 24.217.1.162
router)dhcp-config)#import all
router(dhcp-config)#lease 7
router(dhcp-config)#exit
router(config)#int FastEthernet0/1
router(config-if)#ip add 192.168.1.1 255.255.255.0
router(config-if)#no shut
router(config-if)#ip nat inside
router(config-if)#exit
router(config)#int FastEthernet0/0
router(config-if)#ip add dhcp
router(config-if)#ip nat outside
router(config-if)#no ip redirects
router(config-if)#no shut
router(config-if)#exit
router(config)#access-list 1 permit 192.168.1.0 0.0.0.255
router(config)#ip nat inside source list 1 int FastEthernet0/0 overload
router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99
router(config)#ip dhcp excluded-address 192.168.1.151 192.168.1.254
router(config)#ip name-server 24.217.1.162
router(config)#line vty 0 4
router(config-line)#password whatever
router(config-line)#login
router(config-line)#exit
router(config)#ip http server
router(config)#ip http secure-server
router(config)#ip http authentication local
router(config)#username [namehere] priv 15 secret [passwordhere]
router(config)#service password-encryption
router(config)#access-list 101 deny tcp any 192.168.1.0 0.0.0.255
router(config)#access-list 101 permit ip any any
router(config)#no service tcp-small-servers
router(config)#no service udp-small-servers
router(config)#no ip source-route
router(config)#ip cef
router(config)#no ip dhcp use vrf connected
router(config)#no ip bootp server
router(config)#ip name-server 24.217.1.162
router(config)#hostname 2651router
2651router (config)#line con 0
2651router (config-line)#logg sync
router(config-if)#exit
2651router (config)#end
2651router #copy run start