How to secure a Cisco 2821 router for home use

Quick question, I just received my Cisco 2821 router. My plan is to use it as part of my home network. Seems like a great way to get hands on experience and further my Cisco studies. I'm going from cable modem to the router and able to pull a dhcp address from my ISP. I'm going to use the second gigabit port to run to my 2950 Catalyst switch. From there, I'll have my laptop and a wireless access point plugged in. Hopefully, I can get my wireless phones/laptops/tablets to pull an ip address from my router. Going to setup the router as a DHCP server also. I'm going to setup NAT too and hopefully everything runs smooth.

My question is just how secure will this be? My wireless router/access point has a firewall and my clients all have their firewalls turned on, but I'm not sure how this changes when using a router like this one. I'm familiar with setting up ACLs, but not sure if I need to or how to secure this router. I want to set the router up for VPN access also, so I am concerned with privacy.

The router did come with an IDS-Sensor module. I've only glossed over IDS topics with CCNA studies so not sure how to use the module or incorporate it into my home network.

Thanks for any input, or suggestions.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

ChooseLife

pamccabe wrote: »

Seems like a great way to get hands on experience and further my Cisco studies.

I usually advise keeping "home production" and "home lab" environments separate - that way one can mess with the home lab without worrying about breaking something important (e.g. bringing the network or Internet connection down while another family member really needs that access).

Regardless of the above, to address your main question, this should get you started:

Cisco Guide to Harden Cisco IOS Devices
NSA Router Security Configuration Guide

pamccabe

Thanks for the links! I like the iACLs of the first link. I'll put these to use. The second one is large and I'll have to go through it slowly.

Also, I was going to just setup a home lab like you mentioned, but there were guys in a Cisco IRC channel that I frequent that recommended I use integrate it. That way if things go down I have to fix it. Makes sense, however, I see your view point on it too. As it is, I have to schedule time with my family to setup some downtime when I can bring the wireless network down. Makes for good times.

Anyway, I want to see if I can get it running as part of my home production type of lab. Thanks again.

pamccabe

Incase anyone is curious, I found CCP. Installed that and had a headache getting that to work. For whatever reason, it wouldn't accept my https settings on my router. I followed the manual word for word. Anyway, once i switched from an https secure server to just an ip http server, I was able to connect with CCP. At any rate, there is a firewall wizard found in the GUI. I might try that for the time being and probably look at CCNA:Security next.