Good Afternoon Everyone,
I thought I would put together a How To on how to set up a basic Cisco router configuration. The following configuration will set up a Cisco Router on the 10.42.1.0/24 network internally and set up NAT/PAT to the DHCP enabled external interface. Also at the end I go through the steps to configure the router to be managed by Cisco Configuration Professional (CCP).
Cisco 1841 Integrated Services Router (IOS 15)
Powering on the Router:
First step is first, lets plug in the console cable and plug in the power to the router. Just like in the How To: Cisco Switch Basic Config post, lets wipe the device to get rid of any previous configurations and then configure the router’s name and create an admin account.
Power on the Router LabRouter>enable LabRouter#write erase LabRouter#reload ~~~~~Router Reboot~~~~~~ Whould you like to launch the initial configuration wizard? (y/n) press n to skip the wizard Router>enable Router#conf t Router(config)#hostname TDSRouter TDSRouter(config)#Username admin privilege 15 secret P@ssword TDSRouter(config)#
My personal habits is to place the ISP connection on port 0 of the firewall/Router. On Firewall/Router products that do not have a predetermined WAN or LAN port(s), you can plug the in the internal and external connections into any port you’d like. For this demostration I used FastEthernet 0/0 as the outside interface and FastEthernet 0/1 as the inside interface.
TDSRouter(config)# interface fastethernet 0/0 TDSRouter(config-if)#ip address DHCP TDSRouter(config-if)#description "Link to ISP" TDSRouter(config-if)#no shutdown TDSRouter(config-if)#exit TDSRouter(config)# interface fastethernet 0/1 TDSRouter(config-if)#ip address 10.42.1.1 255.255.255.0 TDSRouter(config-if)# description "LAB LAN" TDSRouter(config-if)#no shutdown TDSRouter(config-if)#exit
There is a couple of details I want to point out at this stage. If you have a static IP address from your ISP then on the outside interface you would assign the static IP Address instead of DHCP. Also some cable internet ISP’s use require that you use PPPoE for their DHCP based internet connections on Cisco devices. After I finished the CCNA I used this Cisco 1841 router as my home router with Charter’s residential internet service The only way I could get the internet connection to work was configuring it for PPPoE. If your home ISP is Charter or provider that requires PPPoE for Cisco devices, you have 2 options. The first option is to follow this white paper from Cisco. In the white paper it specifies everything you need to configure to manually set up a PPPoE internet connection. Option 2, is to go through this entire document and configure the router for SDM/CCP. Then use SDM/CCP to configure the outside interface for PPPoE. In the SDM/CCP to configure PPPoE is one checkbox and is a lot simpler and a lot quicker then option 1.
Now that we have our interfaces defined and enabled let’s configure DHCP. We can save the debate over where DHCP should be placed on a network(network device vs Windows/Linux server) for another time and assume you want to keep DHCP on the Router. Here is the process.
TDSRouter(config)#ip dhcp excluded-address 10.42.1.2 10.42.1.99 TDSRouter(config)#ip dhcp excluded-address 10.42.1.201 10.42.1.254 TDSRouter(config)#ip dhcp pool LabPool TDSRouter(dhcp-config)#default-router 10.42.1.1 TDSRouter(dhcp-config)#DNS-Server 22.214.171.124 126.96.36.199 TDSRouter(dhcp-config)#network 10.42.1.0 255.255.255.0
In the commands above we first excluded the IP Address we didn’t want the router to hand out. Because we assigned FastEthernet 0/1 the IP address 10.42.1.1/24 we didn’t have to excluded in DHCP because the Router sees that it’s already using that IP Address. After that we created a new DHCP Pool named LabPool. If you want to name your pool something else go ahead, just keep in mind that the DHCP Pool names are case sensitive. Next we configured the internal interface has the default gateway for this pool. Then we assigned Google’s DNS Server (188.8.131.52) and Comcast’s DNS Servers(184.108.40.206) as the DNS servers for the pool. If you have your own preferred DNS Server(s) or an internal DNS Server(s) go ahead and swap them into the pool. Lastly, we assigned the DHCP Pool to the 10.42.1.0/24 network. This is the bare minimum configuration to allow a host on the internal network to dynamically get an IP Address and get to the internet. To see other configurable options type TDSRouter(DHCP-config)# ?.
The IANA is running out of public IPv4 Addresses, we need to use NAT/PAT. NAT is network address translation and PAT is Port address translation. If you guys want an in depth explanation of NAT/PAT just request it in the comments and I’ll do it. But for the short answer is most companies only have a small number of public IP Addresses and they need to share those public IP Addresses with all of their internet capable devices. The way we do that is with NAT/PAT, and here is how to configure NAT/PAT on the router.
1. Go To The Internal Interface: TDSRouter(config)#interface fastethernet 0/1 TDSRouter(config-if)#ip nat inside TDSRouter(config-if)#exit 2. Go To The Outside Interface: TDSRouter(config)#interface fastethernet 0/0 TDSRouter(config-if)#ip nat outside TDSRouter(config-if)#exit 3. Create an access list to specify what network(s) are allowed to be NATed. (See explanation about the wildcard mask in the permit command) TDSRouter(config)#ip access-list standard LabLanNAT TDSRouter(config-std-nacl)#permit 10.42.1.0 0.0.0.255 TDSRouter(config-std-nacl)#exit 4. Enable NAT/PAT With The LabLanNAT Access List TDSRouter(config)#ip nat inside source list LabLanNAT interface fastethernet0/0 overload
In steps 1 and 2 all we’re doing is designating which interfaces are going to be internal and external. Step 3 is the tricky part, access lists use what Cisco calls wildcard masks. In the command “permit 10.42.1.0 0.0.0.255” the zeros mean match and the 255 means any. So when the router receives a request for host to go out to the internet it’s check IP address to see if it’s allowed. If a host with the IP Address 10.42.1.56 wanted to go to the internet the router would see that 10.42.1 in the IP Address matches the access rule and it would be NATed and allowed to go to the internet. If the IP Address was 192.168.0.56 then the router would not NAT the internet request because 192.168.0.X is different from 10.42.1.X.
Configure Router for CCP:
Cisco provides a GUI to manage there routers. On IOS 12 it’s called Router and Security Device Manager (SDM) and on IOS 15 it’s Cisco Configuration Professional (CCP). The configuration for either program on either IOS platforms is the same though. In the configuration steps below will set up the router to use secure communication between your laptop and router when using CCP or SDM with a bonus of configuring logging synchronous for SSH communication.
TDSRouter(config)#ip http secure-server TDSRouter(config)#ip ssh version 2 TDSRouter(config)#ip http authentication local TDSRouter(config)#line vty 0 15 TDSRouter(config-line)#logging sychronous TDSRouter(config-line)#transport input ssh TDSRouter(config-line)#login local TDSRouter(config)#exit
In the command block above we’re enabling HTTPS and SSH version 2. Then specifying that the router checks to local user account database for HTTPS communications. After that we configured SSH communications and specified logging synchronous and local authentication as well.
Save it up:
Now that internet and SDM/CCP is working lets save the configuration
TDSRouter#write memory ~~~~OR~~~~~ TDSRouter(config)#do write memory ~~~~OR~~~~~ TDSRouter#copy running-config startup-config ~~~~OR~~~~~ TDSRouter(config)# do copy running-config startup-config
And that is how you set up a Cisco Router for a basic configuration. I’m debating which How To to do next, Router on a Stick or Layer 3 routing. if you have a preference let me know in the comments below. Or if you want to see something else let me know in the comments as well.