Cisco Lab behind FIOS router
thehourman
Member Posts: 723
in Off-Topic
I currently have:
1x 2511 (Access server)
1x 2620XM with WIC-1T
2x 2620 with WIC-1T
1x 2620 with NM-8A/S (Frame-relay)
2x 2950EI 12-ports
1x 2950 24-ports
1x 3550-POE 24-ports
GNS3 box (Ubuntu 10.04 x64)
I am trying to setup an SSH to my routers, so that I can practice my lab while at work or away from home.
Unfortunately, I have no idea how to do this. My FIOS router is ActionTec MI424WR Rev.C.
I am sure there is a way how to accomplished this. Can you guys please help me to configure this setup.
Thanks
1x 2511 (Access server)
1x 2620XM with WIC-1T
2x 2620 with WIC-1T
1x 2620 with NM-8A/S (Frame-relay)
2x 2950EI 12-ports
1x 2950 24-ports
1x 3550-POE 24-ports
GNS3 box (Ubuntu 10.04 x64)
I am trying to setup an SSH to my routers, so that I can practice my lab while at work or away from home.
Unfortunately, I have no idea how to do this. My FIOS router is ActionTec MI424WR Rev.C.
I am sure there is a way how to accomplished this. Can you guys please help me to configure this setup.
Thanks
Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold
Comments
-
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□This should be relatively easy. All routers/switches you have there is not really an issue here. It's the ActionTec router you need to configure. I have Fios too. Just set up port forwarding for SSH, but you should proceed with caution since anyone can now get in your network. You might want to set up banner and enable secret for extra security.
EDIT: I see you have an access server, so I'm not sure exactly how to set that up, but I'm pretty sure it's the ActionTec router you have to take a look at. -
thehourman Member Posts: 723My Access server does not have an ethernet or fastethernet port. I think it may requires me to get a serial to fastethernet adapter.
I am thinking the setup would look like this:
(Internet)
(ActionTec)
(Access server)---Octal cable---(Cisco Lab)
The configuration will be done on ActionTec and Access server, am I right?Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□thehourman wrote: »My Access server does not have an ethernet or fastethernet port. I think it may requires me to get a serial to fastethernet adapter.
I am thinking the setup would look like this:
(Internet)
(ActionTec)
(Access server)---Octal cable---(Cisco Lab)
The configuration will be done on ActionTec and Access server, am I right?
As for the ActionTec, yes but for the Access server, I am not sure. I can't help you with that. Wait for other to chime in. I wish I have an access server, so I can help you with that. -
thehourman Member Posts: 723hiddenknight821 wrote: »As for the ActionTec, yes but for the Access server, I am not sure. I can't help you with that. Wait for other to chime in. I wish I have an access server, so I can help you with that.
I thinking like that screenshot I took. The IP address is the address of the access server, the source port is any and the destination port number is 22.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□thehourman wrote: »How am I going to configure my ActionTec (never really mess with it)?
I thinking like that screenshot I took. The IP address is the address of the access server, the source port is any and the destination port number is 22.
If you can't figure it out, then you can always use the DMZ as the last resort, since it basically open all 65,535 ports in both directions. If this still doesn't work, then it must be the access server configuration. -
thehourman Member Posts: 723I have not tested it yet because I don't have an ethernet transceiver for my 2511.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□thehourman wrote: »I have not tested it yet because I don't have an ethernet transceiver for my 2511.
Just did a quick search on the access/terminal server you are using, and I must say it's interesting to learn this.
You are right. You would need some sort of adapter, which I believe is the AUI transceiver. You can get it for incredibly cheap price. -
odysseyelite Member Posts: 504 ■■■■■□□□□□I was just working on setting mine up...not with much success.
The access server can get connected by IP using the AUI transceiver.
You can but can't run SSH on the 2511. Despite what other people say, there is a 12.3 IOS that has SSHv1 available. It was terrible in speed when I turned on RSA keys and sometimes would freeze.
You can use telnet, but you are sending over clear text. Since its a lab, its not that big of a deal.
Setup port forwarding for telnet to your access switch and then you can use your lab across the network.
I've also setup port forwarding to my desktop, then I just remote desktop in and use my lab.Currently reading: Start with Why: How Great Leaders Inspire Everyone to Take Action -
nerdydad Member Posts: 261When I was using a 2511, I just used remote desktop into a machine with console access, as I didn't have AUI tranciever. I have since upgraded to an opengear console server. Even though the opengear supports ssh, it's just a lab, telnet works fine.
-
Forsaken_GA Member Posts: 4,024There's no need to telnet directly to the 2511. He's got an ubuntu box for GNS3, so just get an AUI, put the 2511 on the ethernet LAN, setup SSH on the Ubuntu box, and have the FIOS router port forward to the Ubuntu box. Then you can telnet from the Ubuntu box to the access server.
You don't need to log directly into the access server either, just set it up for reverse telnet, and then you can telnet from the Ubuntu box to the proper ports on the 2511 (2001-2016) and you'll be directly on the routers console. -
thehourman Member Posts: 723Forsaken_GA wrote: »There's no need to telnet directly to the 2511. He's got an ubuntu box for GNS3, so just get an AUI, put the 2511 on the ethernet LAN, setup SSH on the Ubuntu box, and have the FIOS router port forward to the Ubuntu box. Then you can telnet from the Ubuntu box to the access server.
You don't need to log directly into the access server either, just set it up for reverse telnet, and then you can telnet from the Ubuntu box to the proper ports on the 2511 (2001-2016) and you'll be directly on the routers console.
I did a port forwarding on my Actiontec and the settings is the screenshot at post #5.
I used my 2620XM as my temporary router to test if I can ssh to it.Interface fastethernet 0/0 ip address 172.16.200.25 no shutdown ! line vty 0 1 login local transport input ssh telnet logging synchronous exit ! ip domain-name test.com crypto key generate rsa general-keys modulus 1024 ip ssh version 2 ip ssh authentication-retries 3 ip ssh time-out 120 ! username R1 privilege 15 secret cisco
I was using my DroidX app Connectbot, but I could not establish a connection.
I used R1 as my login name and my public address.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
JDMurray Admin Posts: 13,083 AdminYou have two other choices with your FiOS router:
- Put it into bridge mode and use your own router. I did this with my Actiontec so I could use a Linksys WAP as my Internet router/firewall. You can find instructions for putting an Actiontec into bridge mode on Google and on my DSL Extreme ISP review on dslreports.com
- Call Verizon and have them swap-out the MOCA coax cable from your ONT for a CAT5 Ethernet cable. Use your own router to completely eliminate the Actiontec from your network. You only need the MOCA coax for FiOS TV. For phone and Internet service, the CAT5 works fine. This is what I eventually did.
-
thehourman Member Posts: 723I made my Actiontec as a bridge before; however, I lost my VOD and guide on my STBs.
I also asked Verizon about changing the MOCA coax, they said that I have to pay some fees or something like that. Did Verizon charge you when you requested this?
Correct me if I am wrong, but all they have to do is enable the CAT5 port, right?Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
JDMurray Admin Posts: 13,083 AdminYou know, I don't remember checking my Verizon bill to see if they charged me for replacing the cable, nor do I remember being told there was a charge.
I do remember that the Verizon tech (subcontractor, actually) wouldn't take away my old Actiontec router (or give me a mailing box to send it back).
The tech told me the ONT can only have the MOCA port or the CAT5 port active at one time. Besides activating the Ethernet port in the ONT, he had to feed a new CAT5 cable through my garage wall from the ONT to my CPE. The CAT5 port is not customer-accessible when the ONT is closed an locked. -
Forsaken_GA Member Posts: 4,024thehourman wrote: »I knew someone would say that. I am a Linux noob, and don't know how to setup that.
I'm not trying to be overly harsh here, but if you're going to be running Linux to emulate another OS to further your studies, it's time to stop using that excuse and go learn. Getting SSH up and running is a basic function, and a network engineer who isn't willing to go learn things in order to get what he needs done is going to have a very short career. -
thehourman Member Posts: 723I have thought of that, that's why I bought this ebook (Ubuntu Beginner's Guide 2nd Edition)Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
exampasser Member Posts: 718 ■■■□□□□□□□SSH server is installed and set to run by default on many distros, you just need to setup port forwarding on the router. I'd also recommend key based authentication for extra security (Setup the SSH server to use keys for authentication)
Forsaken GA's guide may also be of use to you, particularly the part on port forwarding:
http://www.techexams.net/forums/off-topic/67117-circumventing-network-security-via-ssh-tunneling.html -
thehourman Member Posts: 723I will bookmark that thanks.
Also, I finally got it working both ssh and telnet. Now, I need to get a ethernet transceiver for my 2511.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold