Home Router NOT LAB

Hey all - I just recently resolved a week long problem with Verizon to have my FIOS service restored. To make a very very long story short - once the service was restored my PPPoE connection was switched to a DHCP connection.

The problem is my SmoothWall router looks like the intial config during install asks what type of "outside" connection you have (ie. PPP, PPPoE, DHCP, etc) and I don't feel like reading how to change this setting on the router (I configured that guy over 2 yrs ago)

So - I decided that this is the perfect time to actually pull out one of my lab routers and actually put it to good use in my home network. So I would like to ask for suggestions on any tips that I should be aware of. I'll be using a 2621 and this will also double as my firewall (at least until I get my hands on a PIX or ASA).

The image I think I'm settling on is c2600-ik9o3s3-mz.12.3-24a - which is the IP Plus IDS/FW/IPSec. My security background is very shaky - so my biggest worries of course are my ACLs and the firewall side. My labs I've never worried about security ... yet :P

Thanks guys

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

networker050184

Configuring the IOS firewall should be pretty simple especially if you aren't trying to access any inside devices from the outside. You might have to tweak it a bit, but should be a good learning experience. PPPoE is a pretty straight forward configuration as well. Here are some links you could check out.

Cisco IOS security configuration guide 12.3

configure PPPoE client on 2600

Netwurk

Sound like you've got the right IOS (IP Plus)

I use my old 2514 to connect to Verizon. Here's the relevant parts of my config:

vpdn enable

vpdn-group 1
request-dialin
protocol pppoe

interface Ethernet0
description inside network
ip address 10.x.x.x 255.255.255.0
ip nat inside

interface Ethernet1
description DSL Interface
no ip address
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable

interface Dialer1
description DSL Dialer
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp pap sent-username username password 0 12345

ip nat inside source list 10 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1

Been using this config for over two years without a problem. This type of config should work if the connection is PPPOE

Will be glad to answer any questions. Good luck!

bmauro

networker - 100% right on the learning expireince - and I'm looking forward to it! Tonight I'll first upgrade the IOS and start the basic config - and I'll ease into it - finding what isn't working and then fixing it.

Thanks for the security config guide - looks like an awesome referrence.

Netwurk - thanks for the config. The big problem is that my connection USE to be PPPoE - now its straight DHCP. Makes the config that much easier

networker050184

Oh yeah I have all the IOS config guides book marked. They are great references for study and on the job (or home) stuff.

Paul Boz

Personally I'd rather have the provider's equipment (a modem, for example) as the terminating equipment, and interface my router with that.

The reason?

"Honey the internet's not working!"

"unplug it from the cisco and put it in the linksys until I get home"

bmauro

Paul - 100% agree with the 'KISS' method - but I'm hoping **finger's crossed** that the 2600 will be more dependable than the D-Link router provided by Verizon and reboots won't be required.

My PPPoE connection was rock solid - and I can't think of many instances at all where I had to reboot to "fix" the connection - who knows - with the link now changing strictly to a DHCP setup that might change the reliability of the connection. So I might keep that suggestion handy if things go south with the new configuration.

And anyways - if the wife gives me a call about the internet being down I'll tell her to read a book :P

ITdude

bmauro wrote:

And anyways - if the wife gives me a call about the internet being down I'll tell her to read a book :P

It looks like you can look forward to the take out line at McDonalds with that philosophy!

bmauro

Isn't that the truth!!!!!

mgeorge

I've never had an outage using the HWIC-1ADSL in a 2811 although I've had SEVERAL
using the telco's cheep @$$ westell's. When the internet is out I just tell whoever to unplug
the green cable and plug it back in on the silver silver box ^_^ works everytime

mgeorge

Hey!! Just for the record;

ip tcp adjust-mss 1452

Goes on the internal Ethernet interface not the Dialer. When you dont have this on the internal
interface, the router will drop the traffic that is over 1492 attempting to traverse the Dialer1
Interface. This will explain why some connections cannot be made or timeout, some drop during
transit, etc.. However did figure out though if your desktops are using any a MTU lower then
1492 the computer will work fine.. if the computers use the default 1500, it will timeout on alot
of stuff.

Also if you use a version on the Cisco router earlier then 12.3(15) you have to disable
TCP windowing on Vista, or upgrade the ios to a 12.3(15) or later release IP Plus for PPPoE
dialer.

read here for more info;
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080743212.shtml

Hope this points ya in the right direction