Cisco Configuration help

Mattitude · 26 Feb 2010 at 20:55

Yamahahahahaha said:
You don't need to clone the MAC of the O2 box.

You need to use IRB with RFC1483 on the WAN interface. There's no username / password.
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a008071a5d0.shtml

The whole thing is a tad fiddly but it does work.

i shall have one last try tomorrow. I will draw up a diagram for you guys and give you all my configs too.

GhostlyPea · 27 Feb 2010 at 09:47

I run an 877w, here's my current one if it's any help to you. I'm on BT at the moment. I need to tidy it up and there's no ACLs as I'm on a dynamic IP at the moment. I'll be prepping it soon to terminate remote VPNs too but here we go in the meant time, hope it's some help

Building configuration...

Current configuration : 6140 bytes
!
version 12.4
service pad cmns
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Balrog
!
boot-start-marker
boot-end-marker
!
enable secret 5 <password>
enable password 7 <password>
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.1 10.0.1.100
ip dhcp excluded-address 10.0.2.1 10.0.2.5
!
ip dhcp pool WIRED
network 10.0.1.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.1.1
!
ip dhcp pool WIFI
network 10.0.2.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.2.1
!
!
no ip domain lookup
ip domain name <internal domain>
!
!
crypto pki trustpoint TP-self-signed-3668155612
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3668155612
revocation-check none
rsakeypair TP-self-signed-3668155612
!
!
crypto pki certificate chain TP-self-signed-3668155612
certificate self-signed 01
<certificate key>

quit
username <username> privilege 15 user-maxlinks 1 password 7 <password>
username <username> password 7 <password>
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
ip nat outside
ip nat enable
ip virtual-reassembly
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 100
duplex full
speed 100
!
interface FastEthernet1
switchport access vlan 100
duplex full
speed 100
!
interface FastEthernet2
switchport access vlan 100
duplex full
speed 100
!
interface FastEthernet3
switchport access vlan 100
duplex full
speed 100
!
interface Dot11Radio0
no ip address
!
broadcast-key vlan 200 change 45
!
!
encryption vlan 200 mode ciphers tkip
!
ssid Balrog
vlan 200
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 <WPA key>
!
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
!
interface Dot11Radio0.200
description Cisco 877w Balrog Home Network
encapsulation dot1Q 200
ip nat inside
ip virtual-reassembly
no cdp enable
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 spanning-disabled
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
description $ES_LAN$
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan200
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 200
bridge-group 200 spanning-disabled
!
interface Dialer0
ip address negotiated
ip access-group SECURE-IN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname <username>
ppp chap password 7 <password>
ppp pap sent-username <username >password 7 <password>
!
interface BVI200
ip address 10.0.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http secure-server
ip nat inside source list NAT-IN-OUT interface Dialer0 overload
!
ip access-list standard NAT-IN-OUT
remark Allowing outbound LAN connections
permit 10.0.1.0 0.0.0.255
permit 10.0.2.0 0.0.0.255
!
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 200 route ip
banner incoming ^C
**********************************************
* NO UNAUTHORISED ACCESS *
* INTRUDERS WILL BE SHOT *
* SURVIVORS WILL BE SHOT AGAIN *
**********************************************^C
banner login ^C
**********************************************
* NO UNAUTHORISED ACCESS *
* INTRUDERS WILL BE SHOT *
* SURVIVORS WILL BE SHOT AGAIN *
**********************************************^C
banner motd ^C
**********************************************
* WELCOME TO BALROG *
**********************************************^C
!
line con 0
password 7 <password>
login local
no modem enable
line aux 0
line vty 0 4
logging synchronous
login local
terminal-type SSH
transport input ssh
transport output ssh
!
scheduler max-task-time 5000
end

- Pea0n

Mattitude · 27 Feb 2010 at 11:55

Because i have a 2620xm i only have one fast ethernet port on my cisco router this is connected to my cisco switch. I want to connect my o2 router somehow on the network. The only way possible is to connect it to my cisco switch which has vlans but say i stick it in the default vlan 1 for now. What do i need to configure on the switch/router to get this working?

the o2 routers default gateway is 192.168.1.254 so i need to connect that network to the other networks 192.168.0.1, 192.168.1.1 (might change as originally this was not with the o2) and 192.168.2.1.

The o2 router is basic from what i can see i cant set rip or statics. i do have a spare sky netgear router kicking about though which i think does but is there a way to get the o2 working first

hostname Router
!
!
ip subnet-zero
!
!
!
ip dhcp pool Home
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
ip dhcp pool Office
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
ip dhcp pool Apple
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.0.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.1.1 255.255.255.0
!
ip classless
no ip http server
!
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end

$c8t@ · 27 Feb 2010 at 18:24

iaind said:
O2 is a complete PITA to get working on Cisco routers - I gave up in the end!

interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2+

interface ATM0.1 point-to-point
description ***OUTSIDE_INTERFACE***
ip address A.B.C.D 255.255.248.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
atm route-bridged ip
pvc 0/101

The bits in bold should be all you need for O2

You dont even need to Clone the MAC

Obviously Routing / NAT / ZPF / DHCP / ACLs will need setting up but that should be enough for the "public" interface. Hope this helps

scater1983