cisco for your home router..

Darthn3ss

just curious here, has anyone setup a cisco router as their home router? care to share the config?

i've got a 2651 here so i'd like to try and tackle that.

scheistermeister

I will as soon as mine shows up in the mail

GT-Rob

I have a 2611 as my home router, which goes into a 2950 switch (for the various computers, PS3, etc).


Config is nothing special. WAN interface is set to ip add dhcp. DHCP pool running on the inside, along with PAT (NAT with port overload) for computers to get out.

The only other thing you might have to do is configure a PPP connection if you are on DSL that requires it.

tiersten

1841 doing NAT and SSL-VPN/EasyVPN.

nice343

1760 for my callmanager express which goes into a 3550 connected to 4 ip phones and 4 computers. Plus have set it up as an easy VPN server which allows me sometimes to make free phone calls on my laptop with cisco Ip communicator any where in the world to my ip phones for free!

mikej412

The configuration would depend on your specific network and requirements and your internet connections -- but most people who want to do this before they know what they are doing usually forget about security -- so here's the link the Creating a Customized Firewall section in the Cisco IOS Security Configuration Guide, Release 12.4.

Darthn3ss

ok guys i may attempt this today. What i need to know is if its possible to change/clone a mac address on the cisco router so i don't have to call my ISP to get this to work. google isn't bringing up much.

srg

Darthn3ss wrote:

ok guys i may attempt this today. What i need to know is if its possible to change/clone a mac address on the cisco router so i don't have to call my ISP to get this to work. google isn't bringing up much.

According to this; http://articles.techrepublic.com.com/5100-10878_11-6125413.html you can. I've never tried it myself though.

kpjungle

Im a heretic in using a Juniper SSG 5 myself

mgeorge

Cisco 2811 with HWIC-1ADSL

I use it to bridge into my firewall & call manager express/voice gateway

Yeah I know, a waste of money But I like it

Darthn3ss

agreed..

i might try and set this up tonight if i can remeber how to do all the NAT stuff.

elegua

Hi,

I'm using a 1841 with dual wic-1adsl cards, i have MLPPP configured on it.

agreed.. 

i might try and set this up tonight if i can remeber how to do all the NAT stuff.

If you need help, just let us know.

jbaello

I will be using 2620 and 2950 as my home network appliance as soon I start studying...

Netwurk

jbaello wrote:

I will be using 2620 and 2950 as my home network appliance as soon I start studying...

Those come with one fast ethernet interface - you'll need two to connect your home network to your ISP.

However, you can add a fast ethernet module to upgrade

Darthn3ss

Netwurk wrote:

jbaello wrote:

I will be using 2620 and 2950 as my home network appliance as soon I start studying...

Those come with one fast ethernet interface - you'll need two to connect your home network to your ISP.

However, you can add a fast ethernet module to upgrade

would he be able to get away with a router on a stick type config?

networker050184

Darthn3ss wrote:

would he be able to get away with a router on a stick type config?

You would need one ethernet port to plug into your modem (unless you are using a wic card for dsl) and another for your LAN.

mikej412

Darthn3ss wrote:

would he be able to get away with a router on a stick type config?

Yes. They would need a switch that supports VLANs and the knowledge to configure it properly. The port the DSL modem was plugged into would only share a VLAN with a subinterface from the router (via it's trunk configuration to the switch). They may also need to switch from a straight through cable from the DSL Modem to a crossover cable to use with the switch.

Darthn3ss

having some DNS issues. i can ping from a host on my network to a host outside with my isp but i'm not sure how to go about obtaining a DNS address (that should come from DHCP but i'm not sure how to pass that to the clients)

i can't ping outside DNS names from the router itself either -

i have a feeling no ip domain-lookup may be part of my problem its a habit.

config:

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname homeRtr
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
 --More--
ip dhcp excluded-address 10.5.5.1 10.5.5.75
ip dhcp excluded-address 10.5.5.100 10.5.5.255
!
ip dhcp pool 10.5.5.0/24
   network 10.5.5.0 255.255.255.0
   default-router 10.5.5.1
!
ip dhcp pool home
!
!
no ip bootp server
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Connection to Linksys Cable Modem - To Internet
 mac-address 0012.17cb.1eb3
 ip address dhcp
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Connection to Cisco 2950A - Home LAN
 ip address 10.5.5.1 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
!
!
ip http server
no ip http secure-server
ip nat inside source list 15 interface FastEthernet0/0 overload
!
access-list 15 permit 10.5.5.0 0.0.0.255
no cdp run
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 password 7 xxxxxxxxxxxxxxxxxxxxxxx
 login
line aux 0
line vty 0 4
 password 7 xxxxxxxxxxxxxxxxxxxxx
 login
 transport preferred ssh
 transport input ssh
 transport output ssh
!
!
end

also - havn't gotten around to security yet but thats next

GT-Rob

yes you will need to set it to ip domain lookup if you want the router to be able to ping external sites.



To give hosts the DNS address via DHCP, add this to your DHCP pool config:

dns-server 4.2.2.2 (or whatever DNS you want to use).



As for security, just a simple inspection (firewall) is usually enough. There is a lot of options you can get into on these, depending on the image you have. Reflexive access lists are cool.

Darthn3ss

i belive this is running 12.4 advanced security.

also, i can't assign a dns server to my LAN through DHCP because i don't know what it is - this should be something FA0/0 is getting from comcast via DHCP

shednik

Darthn3ss wrote:

i belive this is running 12.4 advanced security.

also, i can't assign a dns server to my LAN through DHCP because i don't know what it is - this should be something FA0/0 is getting from comcast via DHCP

You were probably running off of your ISPs DNS servers which you may have to call them for, in lieu of that I suggest www.opendns.com. Good free dns service and they are patched for the current vulnerability we actually switched to it for a period of time for that reason.

nice343

add an

import all

command to the DHCP pool to force the ISP router to send over DNS info

shednik

That would work as well just be sure you want to use the ISPs DNS right now

Darthn3ss

lol

got SDM installed on my 2651. SDM makes it almost scary easy.

gojericho0

Cisco 871W

Darthn3ss

and then, somehow i managed to get it to break again.

Kaminsky

Good info... If I can do this in the home, I'm ready for the CCNA. Awsome benchmark.

Darthn3ss

I'm still having some trouble and i'm not sure why. I've done this sort of thing before

will try this again and post up a config.

elegua

Hi Darthn3ss,

Why don't you use a PC to run DHCP ??, the 2651 is a old router and very slow so, using extra services on it will not be a good idea, just add few ACLs and a Firewall and you are ready to go, if you need help just ask.

Hope this help.

Darthn3ss

elegua wrote:

Hi Darthn3ss,

Why don't you use a PC to run DHCP ??, the 2651 is a old router and very slow so, using extra services on it will not be a good idea, just add few ACLs and a Firewall and you are ready to go, if you need help just ask.

Hope this help.

lol its a old router? Are you thinking of a 25** series? If it runs 12.4, i'd say it'll do what i need it to do.

also, DHCP isn't my problem. The problem is that i haven't figured out how to get my hosts to get out onto the internet.

tiersten

Darthn3ss wrote:

elegua wrote:

Hi Darthn3ss,

Why don't you use a PC to run DHCP ??, the 2651 is a old router and very slow so, using extra services on it will not be a good idea, just add few ACLs and a Firewall and you are ready to go, if you need help just ask.

Hope this help.

lol its a old router? Are you thinking of a 25** series? If it runs 12.4, i'd say it'll do what i need it to do.

2651 isn't exactly new. It was replaced by the XM version which has been retired itself. It won't run 12.4 anyway. The only 2600 series router that can officially run 12.4 is the 2691.

The Cisco performance spec sheet for the 2651 has it at a maximum of 37KPPS and 18.94Mbps when using CEF and nothing else enabled like IPS or ACLs. If your connection to the Internet is less than that then you're okay.