Cisco 800 series router configuration guide


Just a short note readers, those who are struggling with Cisco 800 series below sites, config break down and tools would be life saver for you.

Configuration Examples and TechNotes

Cisco Config Generator

Free Network Config Generator  —-this tools for copy from existing Cisco router to new one. Also little break down for you as follows.

A sample PPoA configuration of an ADSL Cisco Router:

hostname Cisco877GC
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$Yu4E$WbHmuYLq9lyf/k52fzRwS1
enable password cisco
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1904177344
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1904177344
revocation-check none
rsakeypair TP-self-signed-1904177344
!
crypto pki certificate chain TP-self-signed-1904177344
certificate self-signed 01
  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  8864DF2D 43527611 127F1285 6084F469 D69A5A53 24319C8A E6
        quit
dot11 syslog
ip cef
!
ip domain name xx.wa.gov.au
ip name-server 139.130.x.x
ip name-server 203.50.x.x
!
multilink bundle-name authenticated
!
username admin privilege 15 secret 5 $1$F1JN$VrNqTI4MdyLVU0wRJjoQn0
!
archive
log config
  hidekeys
!
interface ATM0
description $ES_WAN$
no ip address
ip route-cache flow
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/35
  tx-ring-limit 3
  encapsulation aal5mux ppp dialer    (Note: Change aal5mux if you are using PPoE)
  dialer pool-member 1
  max-reserved-bandwidth 90
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
!
interface Dialer0
bandwidth 1024
ip address 120.151.xx.xx 255.255.255.0     (Note: if you don’t have static IP just type ip address negotiated)
ip access-group InternetInbound in
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
no ip mroute-cache
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname
username@direct.telstra.net
ppp chap password 0 yourpassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.3 22 interface Dialer0 22
ip nat inside source static tcp 10.10.10.3 80 interface Dialer0 80
ip nat outside source static tcp 120.151.xx.xx 22 10.10.10.3 22 extendable
!
access-list 1 permit 10.10.10.10
access-list 1 permit 10.10.10.3
access-list 1 permit 10.10.10.5
access-list 100 remark CCP_ACL Category=2
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 permit tcp any any eq www
access-list 101 permit ip host 10.10.10.3 any
snmp-server community public RO
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
password CiscoGC
login
transport input telnet ssh
!
scheduler max-task-time 5000

To Enable DHCP Type Following in privilege mode:

ip subnet-zero
no ip source-route
ip domain-name local
ip dhcp excluded-address 10.10.10.1 10.10.10.20
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool dhcppool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
update arp
exit

To Enable Site to Site VPN (AES+SHA)

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp key 12345678 address 203.17.90.x no-xauth   (203.17.90.x remote router IP address, 12345678 is pre-shared key)
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
!
crypto map cm-cryptomap 110 ipsec-isakmp
set peer 203.17.90.1
set transform-set tr-aes-sha
match address 110

access-list 110 remark Site to Site VPN
access-list 110 permit ip 10.10.10.0 0.0.0.255 10.10.9.0 0.0.0.255

access-list 102 permit ip any host 10.10.10.1

access-list 102 permit ip 10.10.10.0 0.0.0.255 10.10.9.0 0.0.0.255

ip access-group 102 in (Note: add this in interface vlan1)

Note: Both routers need similar configuration.

To Enable Remote Management:

line vty 0 4
access-class 2 in

password 12345678

login

transport input telnet ssh

access-list 2 permit host 192.168.100.1

To add PPoE Dialler in Cisco Router:

interface ATM0
dsl operating-mode auto
exit
!
interface ATM0.1 point-to-point
pvc 8/35
  pppoe-client dial-pool-number 1
!
exit
!
interface Dialer0
ip address negotiated
ip inspect firewall out
ip mtu 1492
ip access-group 101 in
no ip redirects
no ip unreachables
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username
user@direct.telstra.net password 7 yourpassword
ppp ipcp dns request
ppp ipcp route default
no cdp enable
exit
!
ip nat inside source list 1 interface Dialer0 overload

ShareAdd to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
Gallery | This entry was posted in Windows Server and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s