cisco 837 BT Broadband

Discussion in 'Cisco' started by Toonie, Jan 19, 2005.

  1. Toonie

    Toonie Guest

    Another newbie - sorry.
    I have a Cisco 837 adsl/router and would like to use it in place of my
    bt broadband modem, I'm running XP and have a network card installed.
    BUT the cisco has no documentation and the web site is far from easy to
    follow, can anyone help me configure it and get it working?? How do I
    config router and how do I get it to connect to the web??
    Toonie, Jan 19, 2005
    #1
    1. Advertising

  2. Toonie

    RobO Guest

    Hi there!

    Is the router new as in never been used?
    Has the router come with the blue console cable?

    I think for you the easiest way to configure it would be through the
    Cisco Router WebSetup or CRWS.
    You will have to see if the CRWS software is installed on the flash of
    the router.
    To check this you will need to have the blue console cable as mentioned
    above which you should get.
    Connect the blue cable to your serial port on the PC and the other end
    to the port marked console.

    In Xp there is a program called Hyperterminal under
    "Accessories\Communications" through the start menu.

    The connection settings need to point to your serial port (COM1/COM2
    etc).
    The "Baud rate" needs to be set to 9600 very important.

    Once you have setup Hyperterminal you can connect to the router through
    this program and hit RETURN to bring the console up.
    Hopefully but not gauranteed the router will have no password set if it
    does and you dont have the password then goto Cisco's website or do a
    serach in google how to do a password recovery.

    If you are lucky and you dont have a password set you should end up
    with a prompt similar to this:-
    router#

    Type in "sh flash" which will list the contents of the flash disk.
    and hope that you see something in the lines of CRWS or webflash.

    I assume that its there so type in:-
    "show run"
    this will show you the config of the router and list the IP addresses
    associated with specific interfaces.

    The one to look out for is "interface ethernet 0"
    Hopefully it will already have an IP address associated with the
    interface.

    Now lets say the IP Address on "ethernet 0" is 10.10.10.1 with a subnet
    mask of 255.255.255.0...

    you must change the ip address on your XP box to something like
    10.10.10.2/255.255.255.0 and gateway poiting to 10.10.10.1.

    Touch wood you have everything in place so all you have to do now is
    run the internet explorer and point it to http://10.10.10.1

    If all goes well it will bring up the CRWS web interface please note
    you will need Java Runtime environment to use it.

    You will see different sections for configuration internet/firewall/NAT
    etc

    I will look out on this posting see how you get on.
    If you dont have the CRWS available to you try this link with
    instructions
    http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet09186a0080091cc5.html
    Good luck
    RobO
    RobO, Jan 19, 2005
    #2
    1. Advertising

  3. Toonie

    Dave Watson Guest

    "Toonie" <> wrote in message
    news:...
    > Another newbie - sorry.
    > I have a Cisco 837 adsl/router and would like to use it in place of my
    > bt broadband modem, I'm running XP and have a network card installed.
    > BUT the cisco has no documentation and the web site is far from easy to
    > follow, can anyone help me configure it and get it working?? How do I
    > config router and how do I get it to connect to the web??


    Hello mate,

    The config below which I posted in the thread "Health check Required Please"
    will work with BT Broadband. All you will need to do is ensure that you
    change the DNS server addresses and use the correct ppp username and
    password. Please note that I have changed my routers default IP range too.
    I agree with you when you mention that there is no documentation regarding
    assistance with configuration guidelines to PPPoA in the UK and also the
    guides that are provided when you purchase a Cisco router are only
    applicable for the technical specifications and the tcp/ip settings that you
    need to have enabled for connecting a PC to the router.

    The default setting via the CRWS tool is PPoE (rfc 1483) with the only
    option of pressing an auto detect button which does not detect PPPoA (rfc
    2364) except for the pvc settings which are 0/38.

    I feel disappointed with Cisco in some respects due to how they sell their
    CRWS tool as a feature for the non technical but the reality is that it
    does not work with the UK ADSL parameters for broadband. It does not do
    what it says on the tin and the supplier that we purchased the router from
    assured me that it would too. The supplier also maintains on their web site
    that their sales staff also have CSE credentials! The information pack also
    stated that we should have received a documentaion CD-ROM with the equipment
    but after calling the supplier they said that Cisco no longer provide such
    CD anymore. In effect, I had no documentation whatsoever for using the CLI
    and assisting me to create a UK PPPoA connection.

    On a brighter note, I eventually got connected but it took two calls to the
    supplier to get connected. The first time was to reconfigur the ATM0
    interface and the second time was to check a data transfer issue which
    turned out to be an unassigned default route. The supplier wanted £100 per
    hour for assistance but I rejected their offer due to feeling that they had
    an onligation to help after being assured by apparent CSE accredited staff
    that the CRWS tool would be the solution to my configuration requirements.

    I was told that they supply the first technical support call and/or 15 mins
    talk time over the phone free of charge. I was also told that I made an
    assumption when I though that the CRWS tool would have been able to setup
    the router for UK ADSL. I told him that your staff informed me that the
    CRWS could.

    What I'd say is use this guide as a reference but I can't be responsible if
    I screw up your current config but rest assureed the output below is wirking
    fine on my 837 K9.

    Dave

    !This is the running config of the router: XXXXXXXXXXX
    !----------------------------------------------------------------------------
    !version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname gateway
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5 $1$P39.$1KVxh7lkOSZH/DVUfb5f10
    !
    username mbglass privilege 15 secret 5 $1$6II2$bHU05QQfVt/QD5Dg1bxfl/
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    no aaa new-model
    ip subnet-zero
    no ip source-route
    ip domain name xxxxxxxxxxxxx
    ip name-server 192.168.0.1
    ip name-server 212.159.13.49
    ip dhcp excluded-address 192.168.0.1
    !
    ip dhcp pool sdm-pool1
    import all
    network 192.168.0.0 255.255.255.0
    dns-server 212.159.6.9 212.159.13.49
    default-router 192.168.0.1
    !
    !
    no ip bootp server
    ip audit notify log
    ip audit po max-events 100
    ip ssh break-string
    no ftp-server write-enable
    !
    !
    !
    no crypto isakmp enable
    !
    !
    !
    !
    interface Ethernet0
    description $FW_INSIDE$$ETH-LAN$$INTF-INFO-Ethernet 10/100$
    ip address 192.168.0.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip tcp adjust-mss 1452
    no cdp enable
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface Dialer0
    ip address negotiated
    ip mtu 1452
    ip nat outside
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname xxxxxxxxxxxx
    ppp chap password 0 xxxxxxxxx
    !
    ip nat inside source list 1 interface Dialer0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    ip http server
    ip http authentication local
    ip http secure-server
    !
    !
    access-list 1 remark INSIDE_IF=Ethernet0
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    dialer-list 1 protocol ip permit
    no cdp run
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    no modem enable
    transport preferred all
    transport output all
    line aux 0
    transport preferred all
    transport output all
    line vty 0 4
    privilege level 15
    login local
    transport preferred all
    transport input telnet ssh
    transport output all
    !
    scheduler max-task-time 5000
    !
    end
    Dave Watson, Jan 19, 2005
    #3
  4. Toonie

    Toonie Guest

    Thanks for replying, yes it is brand new, all cables were still wrapped
    and I think I have them all and I do not think it was ever used
    although it may have been preconfigured before delivery to site, the
    router was for a special project at work which didn't go ahead, all the
    packaging and documentation has been thrown away. I will try and work
    thru your instructions and will come back and let you know.
    Brian
    Toonie, Jan 19, 2005
    #4
  5. Toonie

    Toonie Guest

    Dave - thanks to you also. I will try later tonight to see if I can
    work it out with the help I have been given.
    Brian
    Toonie, Jan 19, 2005
    #5
  6. Toonie

    Toonie Guest

    RobO, I have set up hyperterminal as you say, the router seems to want
    me to input a password, I guessed at cisco & cisco, the promp then says
    " yourname# " and no matter what name I input it comes back with
    unknown command or computer name. If I type show run and show flash I
    do get some info, but CRWS does not look like it is on my router. The
    initial message seems to suggest that I can remove the credentials - is
    it worth changing at this point?
    The ip address is as you say 10.10.10.1 255.255.255.248. I can see
    several files on the router, most of these look to be CSDM ( Cisco
    Security Device Manager ) the first file is C837-K903sy6....
    Do I need to install CRWS?
    Brian
    Toonie, Jan 19, 2005
    #6
  7. Toonie

    RobO Guest

    Excellent! Progress!

    I think the best thing to do first would be to establish your own
    password for the router
    1>at the prompt where you have the hash ie yourname# type in "conf t"
    this will take you into what is called configuration mode.
    2>type "username brian privilege level 15 password your_password
    just to make sure you have full access
    3>test this by logging out and log back in again.

    The Cisco security device manager is much better than the CRWS so you
    fine there.

    Try and set your XP box IP address 10.10.10.2 and subnet mask
    255.255.255.0 with gateway pointing to the router IP 10.10.10.1

    try with your web browser the address http://10.10.10.1 and see if it
    brings up the SDM.

    I am not sure why some of the output is spitting back "unknown to you"
    but what you can do is make sure the Cisco IOS software is present on
    the flash disk.

    type show flash as before and you should see in the list of files one
    entry for
    "c837-k*************.bin

    please remember to save any changes by invoking either "wr" or "copy
    run start"
    or "write memory"

    If you need explanation of this let me know.

    Rob
    Toonie wrote:
    > RobO, I have set up hyperterminal as you say, the router seems to

    want
    > me to input a password, I guessed at cisco & cisco, the promp then

    says
    > " yourname# " and no matter what name I input it comes back with
    > unknown command or computer name. If I type show run and show flash I
    > do get some info, but CRWS does not look like it is on my router. The
    > initial message seems to suggest that I can remove the credentials -

    is
    > it worth changing at this point?
    > The ip address is as you say 10.10.10.1 255.255.255.248. I can see
    > several files on the router, most of these look to be CSDM ( Cisco
    > Security Device Manager ) the first file is C837-K903sy6....
    > Do I need to install CRWS?
    > Brian
    RobO, Jan 19, 2005
    #7
  8. Toonie

    Toonie Guest

    Rob, thanks for your patience - I will sort out XP and give it a whirl.
    Brian
    Toonie, Jan 19, 2005
    #8
  9. Toonie

    Toonie Guest

    Rob, I beginning to think that this is all too much for me. I have set
    xp to ip adress and subnet and also the gateway. Hypert, the command
    conf t works but no matter what format I use I always get the reply
    invalid input with a marker under the first l of level. I assumed I
    typed " username brian privilege level 15 password brian" all on one
    line with the leading space is this right? I fairly happy that I have
    got xp sorted because whenever I unplug either the lan cable or the
    adsl cable xp detects the change. Anyway typing 10.10.10.1 into the web
    browser does...

    Sorry I just tried again so I could type what it said, and a new window
    message box popped up with the name "level_15_access" this looks like
    what I was typing in earlier - does this mean something to you?
    Brian
    Toonie, Jan 19, 2005
    #9
  10. Toonie

    RobO Guest

    Brian,
    If the command doesnt work then try just :-
    username brian password your_pass.

    If you could post the running config from "show run" here and i can
    have a look at it for you.
    make sure you do "copy run start" then do a "show start" to make sure
    it has the new username info in and then "reload"and watch the boot
    process and leave it to boot up completely.
    Let me know we can take it from there
    RobO, Jan 19, 2005
    #10
  11. Toonie

    Toonie Guest

    RobO wrote:
    > Brian,
    > If the command doesnt work then try just :-
    > username brian password your_pass.
    >
    > If you could post the running config from "show run" here and i can
    > have a look at it for you.
    > make sure you do "copy run start" then do a "show start" to make sure
    > it has the new username info in and then "reload"and watch the boot
    > process and leave it to boot up completely.
    > Let me know we can take it from there


    Rob, don't know what time you went to bed. I was up most of the night
    getting SOMEWHERE at last with your help thanks.
    I can now talk to the router from a web browser window and I can see
    the CSDM, ( I powered everything down - and then entered username Brian
    privilege 15 password brian, seems to work, but I don't know how to
    save, other commandsdidn't seem to work, might be me tired!) there are
    menu opions which basically show the commands structure etc. I won't be
    able to copy the runing config until tonight. I still can't connect to
    the web - but I'm sure this is only yet another problem where I need
    guidance.
    Toonie, Jan 20, 2005
    #11
  12. Toonie

    RobO Guest

    Brian,yes pretty late one for me too not enough hours in the day to be
    honest.
    Well atleast you got some progress now and to be honest if you want to
    learn the way you going about it is the best, bang straight in at the
    deep end.
    >From what I gather you are now able to login to the router via SDM.


    The next step would be to setup the DSL interface and since your'e in
    the UK these settings are fairly generic in respect of the ATM
    settings.
    Now its been a while since I used SDM so please correct me if Im
    wrong...
    Do you have options in the SDM to configure the ATM/DSL settings if so
    the PVC will be 0/38.
    You should also have options to set up the username and passwords if
    not I will be happy to pass you some sample configs used on my live
    networks running the 837 and they happen to be running with BT as our
    ISP so it will work for you.
    So these commands if not available through SDM will have to be setup
    via the command line.

    Once you have found/changed them you will have to configure NAT to
    translate between the outside world and your internal network but one
    step at a time.
    We can get to that later see how you get on for the moment.
    RobO, Jan 20, 2005
    #12
  13. Toonie

    Toonie Guest

    Rob here is my show run

    Using 1999 out of 131072 bytes
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname yourname
    !
    logging queue-limit 100
    logging buffered 51200 warnings
    !
    username cisco privilege 15 password 0 cisco
    username brian privilege 15 password 0 brian
    ip subnet-zero
    ip domain name yourdomain.com
    !
    !
    ip audit notify log
    ip audit po max-events 100
    no ftp-server write-enable
    !
    !
    !
    interface Ethernet0
    description $ETH-LAN$$ETH-SW-LAUNCH$
    ip address 10.10.10.1 255.255.255.248
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    shutdown
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    ip classless
    ip http server
    ip http authentication local
    ip http secure-server
    !
    banner login ^C
    -----------------------------------------------------------------------
    Cisco Security Device Manager (CSDM) is installed on this device.
    This feature requires the one time use, initial credentials,

    of username "cisco" with password "cisco".


    Please use these credentials to login into the router if you do not
    wish
    !
    !

    WARNING: PLEASE CHANGE OR REMOVE THESE INITIAL CREDENTIALS IF YOU DO
    NOT
    PLAN TO USE CSDM. LEAVING THEM UNCHANGED MAY LEAD TO THE DEVICE BEING
    VULNERABLE TO UNAUTHORIZED ACCESS.

    You can remove these initial credentials after entering enable and
    issuing the following CLI command:

    no username cisco

    NOTE: If you remove the initial credentials, you will NOT be able to
    use CSDM until you configure a new user name.

    For more information about CSDM please follow the instructions in the
    QUICK START GUIDE for your router or at
    http://www.cisco.com/en/US/products/
    sw/secursw/ps5318/products_qanda_item09186a00801a14cc.shtml
    -----------------------------------------------------------------------
    ^C
    !
    line con 0
    login local
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    !
    end

    I can log in as Brian, but I do not think I can use sdm to configure,
    the only option are Home/SDM/Tools/Help Resources.
    SDM opens another window but never seems to actually load anything, the
    other option basically show different commands ( syntax etc). Cant see
    anything like PVC or Nat

    Show run & show start look similar, should I now be careful what info I
    post about my addresses?
    Toonie, Jan 20, 2005
    #13
  14. Toonie

    RobO Guest

    Brian,

    Do you have JRE(java runtime installed) its required by Internet
    Explorer or any browser for that matter.SDM needs it!!!

    >From what I can see you are on the right track however may I suggest

    you do a few changes:

    --1-:put in the command "service password encryption"
    this way any passwords you type in will be hashed and not readable
    to the
    human eye.
    --2-:remove "your" and "cisco" username and redo your username and a
    NEW
    password.
    --3-:dont worry to much about posting your internal IP info just
    external ones
    should be omitted its up to you.
    --4-:I notice your "ethernet 0" has a subnet mask of 255.255.255.248
    does your pc have the same SM.
    You might want to change it to something else because "248" will
    only
    leave you 6 available IPs on your internal network.
    --5-:Go into "int ATM0" and do a "no shutdown" as it says "shutdown"
    wait a while and do a "show run" and compare if any of the
    settings have
    changed.
    Well take it from there.... and ill send you configs for setting up the
    atm int
    and NAT.







    Toonie wrote:
    > Rob here is my show run
    >
    > Using 1999 out of 131072 bytes
    > !
    > version 12.2
    > no service pad
    > service timestamps debug datetime msec
    > service timestamps log datetime msec
    > no service password-encryption
    > !
    > hostname yourname
    > !
    > logging queue-limit 100
    > logging buffered 51200 warnings
    > !
    > username cisco privilege 15 password 0 cisco
    > username brian privilege 15 password 0 brian
    > ip subnet-zero
    > ip domain name yourdomain.com
    > !
    > !
    > ip audit notify log
    > ip audit po max-events 100
    > no ftp-server write-enable
    > !
    > !
    > !
    > interface Ethernet0
    > description $ETH-LAN$$ETH-SW-LAUNCH$
    > ip address 10.10.10.1 255.255.255.248
    > hold-queue 100 out
    > !
    > interface ATM0
    > no ip address
    > shutdown
    > no atm ilmi-keepalive
    > dsl operating-mode auto
    > !
    > ip classless
    > ip http server
    > ip http authentication local
    > ip http secure-server
    > !
    > banner login ^C
    >

    -----------------------------------------------------------------------
    > Cisco Security Device Manager (CSDM) is installed on this device.
    > This feature requires the one time use, initial credentials,
    >
    > of username "cisco" with password "cisco".
    >
    >
    > Please use these credentials to login into the router if you do not
    > wish
    > !
    > !
    >
    > WARNING: PLEASE CHANGE OR REMOVE THESE INITIAL CREDENTIALS IF YOU DO
    > NOT
    > PLAN TO USE CSDM. LEAVING THEM UNCHANGED MAY LEAD TO THE DEVICE BEING
    > VULNERABLE TO UNAUTHORIZED ACCESS.
    >
    > You can remove these initial credentials after entering enable and
    > issuing the following CLI command:
    >
    > no username cisco
    >
    > NOTE: If you remove the initial credentials, you will NOT be able to
    > use CSDM until you configure a new user name.
    >
    > For more information about CSDM please follow the instructions in the
    > QUICK START GUIDE for your router or at
    > http://www.cisco.com/en/US/products/
    > sw/secursw/ps5318/products_qanda_item09186a00801a14cc.shtml
    >

    -----------------------------------------------------------------------
    > ^C
    > !
    > line con 0
    > login local
    > no modem enable
    > stopbits 1
    > line aux 0
    > stopbits 1
    > line vty 0 4
    > privilege level 15
    > login local
    > transport input telnet ssh
    > !
    > scheduler max-task-time 5000
    > !
    > end
    >
    > I can log in as Brian, but I do not think I can use sdm to configure,
    > the only option are Home/SDM/Tools/Help Resources.
    > SDM opens another window but never seems to actually load anything,

    the
    > other option basically show different commands ( syntax etc). Cant

    see
    > anything like PVC or Nat
    >
    > Show run & show start look similar, should I now be careful what info

    I
    > post about my addresses?
    RobO, Jan 20, 2005
    #14
  15. Toonie

    Toonie Guest

    Rob, here we go again. I have downloaded and installed JRE. I have
    removed cisco & brian usernames. I have added new username and although
    the command "service password encryption" would work "service password"
    did work and now password shows as a series of jumbles numbers.
    ethernet subnet mask now set to "0" same as xp. ATM0 also added.

    username toonie privilege 15 password 7 13161F1707180D2F
    ip subnet-zero
    ip domain name yourdomain.com

    !
    interface Ethernet0
    description $ETH-LAN$$ETH-SW-LAUNCH$
    ip address 10.10.10.1 255.255.255.0
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface Dialer0
    ip address negotiated
    ip mtu 1452
    ip nat outside
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    !
    I also recognised that I needed to add int Dialer0 parameters and have
    added some in anticipation.
    What next?

    I wish I could buy you a pint - I need one!
    Brian
    Toonie, Jan 20, 2005
    #15
  16. Toonie

    Toonie Guest

    Rob - just spotted ethernet script wrong here is latest
    !
    interface Ethernet0
    description $ETH-LAN$$ETH-SW-LAUNCH$
    ip address 10.10.10.1 255.255.255.0
    hold-queue 100 out
    !
    Toonie, Jan 20, 2005
    #16
  17. Toonie

    RobO Guest

    Brian,
    we getting there not far now...
    you can also do a "show int e0" to see if the address is correct
    otherwise
    maybe just retype the ip address under
    "int eth0"
    no IP_ADDRESS SUBNET_MASK
    and retype it without the no.


    Below is my config for one of the 837s that runs on BT so it might give
    you a quick hand.
    Please note that i have modified where necessary and this does not
    ultimately secure the router there are more configurations necessary
    for that...
    This is just to basically be able to connect to the internet.
    set up nat, your isp settings,starting point access-list.
    *****************START_CONFIG************************
    myhostname#sh run

    service password-encryption
    hostname myhostname
    username myusername privilege 15 password mypassword
    ip subnet-zero
    ip domain name mydomainname.com

    ip name-server DNS1_IP
    ip name-server DNS2_IP


    ip inspect name CBAC tcp
    ip inspect name CBAC ftp
    ip inspect name CBAC udp timeout 30


    interface Ethernet0
    description $FW_INSIDE$
    ip address 10.10.10.1 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    no cdp enable
    hold-queue 100 out

    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    no ip mroute-cache
    atm vc-per-vp 64
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1

    dsl operating-mode auto

    interface Dialer1
    description $FW_OUTSIDE$
    ip address negotiated
    ip access-group 110 in

    ip nat outside
    ip inspect CBAC out

    encapsulation ppp
    dialer pool 1
    dialer-group 1

    ppp authentication chap pap callin
    ppp chap hostname "your_isp_username"
    ppp chap password "your isp password"
    ppp pap sent-username "your_isp_username" password "your isp password"


    ip nat inside source list 100 interface Dialer1 overload

    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1


    access-list 1 remark ----------------------telnet_http
    access-list 1 permit 10.10.10.0.0 0.0.0.255

    access-list 100 remark --------------------nat
    access-list 100 permit ip 10.10.10.0 0.0.0.255 any

    access-list 110 remark --------------------incoming
    access-list 110 deny tcp any range 0 65535 any range 0 65535
    access-list 110 deny udp any range 0 65535 any range 0 65535
    access-list 110 deny ip any any

    line con 0
    exec-timeout 0 0
    privilege level 15
    no modem enable
    transport output telnet
    stopbits 1

    line aux 0
    no exec
    transport output telnet
    stopbits 1

    line vty 0 4
    access-class 1 in
    privilege level 15
    login local
    transport input telnet
    **************END_CONFIG*****************************
    make note of where the access-lists are relevant to.

    Good luck
    RobO, Jan 21, 2005
    #17
  18. Toonie

    Toonie Guest

    RobO wrote:
    > Brian,
    > we getting there not far now...
    > you can also do a "show int e0" to see if the address is correct
    > otherwise
    > maybe just retype the ip address under
    > "int eth0"
    > no IP_ADDRESS SUBNET_MASK
    > and retype it without the no.
    >
    >
    > Below is my config for one of the 837s that runs on BT so it might

    give
    > you a quick hand.
    > Please note that i have modified where necessary and this does not
    > ultimately secure the router there are more configurations necessary
    > for that...
    > This is just to basically be able to connect to the internet.
    > set up nat, your isp settings,starting point access-list.
    > *****************START_CONFIG************************
    > myhostname#sh run
    >
    > service password-encryption
    > hostname myhostname
    > username myusername privilege 15 password mypassword
    > ip subnet-zero
    > ip domain name mydomainname.com
    >
    > ip name-server DNS1_IP
    > ip name-server DNS2_IP
    >
    >
    > ip inspect name CBAC tcp
    > ip inspect name CBAC ftp
    > ip inspect name CBAC udp timeout 30
    >
    >
    > interface Ethernet0
    > description $FW_INSIDE$
    > ip address 10.10.10.1 255.255.255.0
    > ip access-group 100 in
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > ip nat inside
    > no cdp enable
    > hold-queue 100 out
    >
    > interface ATM0
    > no ip address
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > ip route-cache flow
    > no ip mroute-cache
    > atm vc-per-vp 64
    > no atm ilmi-keepalive
    > pvc 0/38
    > encapsulation aal5mux ppp dialer
    > dialer pool-member 1
    >
    > dsl operating-mode auto
    >
    > interface Dialer1
    > description $FW_OUTSIDE$
    > ip address negotiated
    > ip access-group 110 in
    >
    > ip nat outside
    > ip inspect CBAC out
    >
    > encapsulation ppp
    > dialer pool 1
    > dialer-group 1
    >
    > ppp authentication chap pap callin
    > ppp chap hostname "your_isp_username"
    > ppp chap password "your isp password"
    > ppp pap sent-username "your_isp_username" password "your isp

    password"
    >
    >
    > ip nat inside source list 100 interface Dialer1 overload
    >
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 Dialer1
    >
    >
    > access-list 1 remark ----------------------telnet_http
    > access-list 1 permit 10.10.10.0.0 0.0.0.255
    >
    > access-list 100 remark --------------------nat
    > access-list 100 permit ip 10.10.10.0 0.0.0.255 any
    >
    > access-list 110 remark --------------------incoming
    > access-list 110 deny tcp any range 0 65535 any range 0 65535
    > access-list 110 deny udp any range 0 65535 any range 0 65535
    > access-list 110 deny ip any any
    >
    > line con 0
    > exec-timeout 0 0
    > privilege level 15
    > no modem enable
    > transport output telnet
    > stopbits 1
    >
    > line aux 0
    > no exec
    > transport output telnet
    > stopbits 1
    >
    > line vty 0 4
    > access-class 1 in
    > privilege level 15
    > login local
    > transport input telnet
    > **************END_CONFIG*****************************
    > make note of where the access-lists are relevant to.
    >
    > Good luck


    Rob, is there a way of loading this data all in one go ( after I have
    added my bits)or do I have to type each line? Also after last msg I
    went back into router via LAN and guess what, not only could I see CSD
    I could actually get it working ( JRE ) and now that I can see it
    working properly understand more of what you were saying. This will
    allow me to config router BUT it asks more questions that I don't have
    the answer too. For the moment I will stick to the manual config.
    Tonight I might rerun and post the questions I'm unsure of here if you
    don't mind.
    Thanks once more.
    Brian
    Toonie, Jan 21, 2005
    #18
  19. Toonie

    RobO Guest

    Brian, There is a way to load it all in one go through the use of a
    tftp server.
    This you should only do once your config is complete and then you can
    use the tftp server for backup purposes.

    I would suggest you go through the config I posted as it is complete in
    repsect of getting you connected.
    It is obviously better that is if you want to learn, is to type all the
    commands line by line but thats entirely up to you.

    Dont forget to set your DNS settings on your PC because you now have a
    statically assigned address on your PC so you will have to put your ISP
    DNS servers into your network cards IP settings otherwise you wont be
    able to resolve names to ip addresses.

    Post away if you aint sure.
    Rob
    RobO, Jan 21, 2005
    #19
  20. Toonie

    Toonie Guest

    Rob - I have done as you say and ther is only 2 problems 1] ip
    name-server DNS1... will not accept, I think my router ios wants 6
    digits not seven?? 2] it still will not connect?
    here is my latest config



    version 12.2
    no service pad
    no service timestamps debug uptime
    no service timestamps log uptime
    service password-encryption
    !
    hostname broadband
    !
    no logging buffered
    !
    username toonie privilege 15 password 7 13161F1707180D2F
    ip subnet-zero
    ip domain name btinternet.com
    !
    !
    ip inspect name CBAC tcp
    ip inspect name CBAC ftp
    ip inspect name CBAC udp timeout 30
    ip audit po max-events 100
    !
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    description $FW_INSIDE$
    ip address 10.10.10.1 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    no cdp enable
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    no ip mroute-cache
    atm vc-per-vp 64
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface Dialer1
    description $FW_OUTSIDE$
    ip address negotiated
    ip access-group 110 in
    ip nat outside
    ip inspect CBAC out
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
    ppp chap password 7 03550C06031D2D4D40
    ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 08701B430C0B09161C
    !
    ip nat inside source list 100 interface Dialer1 overload
    no ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    ip http authentication local
    ip http secure-server
    !
    access-list 1 remark ----------------telnet_http
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 100 remark ----------------nat
    access-list 100 permit ip 10.10.10.0 0.0.0.255 any
    access-list 100 remark ------------incoming
    access-list 110 deny tcp any range 0 65535 any range 0 65535
    access-list 110 deny udp any range 0 65535 any range 0 65535
    access-list 110 deny ip any any
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    login local
    no modem enable
    transport output telnet
    stopbits 1
    line aux 0
    no exec
    transport output telnet
    stopbits 1
    line vty 0 4
    access-class 1 in
    privilege level 15
    login local
    transport input telnet
    !
    no scheduler max-task-time
    !
    end
    can you sort me out please.
    Brian
    Toonie, Jan 21, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Confused

    Cisco 837-837 VPN

    Confused, Jul 9, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,640
    Confused
    Jul 9, 2003
  2. Suppa Lamah
    Replies:
    8
    Views:
    1,598
  3. Replies:
    4
    Views:
    4,119
  4. Replies:
    10
    Views:
    1,273
    trinak
    Mar 16, 2007
  5. skeeney

    Cisco 837 on o2 broadband

    skeeney, Jun 28, 2010, in forum: Hardware
    Replies:
    0
    Views:
    1,432
    skeeney
    Jun 28, 2010
Loading...

Share This Page