So...I have a Cisco 1720 at home, what could I do to teach me ?

DJMK4

DJMK4

DJMK4

Soldato
Joined
1 Dec 2004
Posts
23,259
Location
S.Wales
So...I have a Cisco 1720 at home, and I want to start getting to know the IOS, so far iv connected to it over a console cable, changed the password, but thats it.

On the router itself, I have 2 expansion slots, one with a 10base-T ethernet card.

I want to try some internal routing, maybe create two networks within the house (obviously the one network will be limited to the 10mbps 10baseT card.

Any other stuff I could try?

Here is my show version output

Code: 
morandarouter1>enable
Password:
morandarouter1#show version
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y7-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Wed 24-Jan-07 15:39 by ccai
Image text-base: 0x8000816C, data-base: 0x80B99150

ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
ROM: C1700 Software (C1700-Y7-M), Version 12.3(22), RELEASE SOFTWARE (fc2)

morandarouter1 uptime is 11 hours, 21 minutes
System returned to ROM by power-on
System restarted at 08:52:13 UTC Fri Jul 31 2009
System image file is "flash:y"

cisco 1720 (MPC860T) processor (revision 0x601) with 27667K/5101K bytes of memor
y.
Processor board ID JAD05350SP6 (3674387206), with hardware revision 0000
MPC860T processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

morandarouter1#


and my config thus far

Code: 
morandarouter1#show running-config
Building configuration...

Current configuration : 643 bytes
!
! No configuration change since last restart
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname morandarouter1
!
boot-start-marker
boot-end-marker
!
enable secret 5 *******************
!
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model

morandarouter1#

So....Spec me a good training task :)
 
Last edited:
paradigm said:
What interfaces do you have available besides the single eth WIC?

Is it just a single FastEth on those?
Click to expand...

Fast Ethernet built in and two expansion slots so my 10BaseT card goes in one, I could probably get access to an ADSL WIC at work but I wouldnt want it running on my line as A) Im on LLU ADSL 2+ so I would need a H-WIC which are pretty pricey, B) I wanted to see if I could do some internal router before hand. C) They are needed in work

I could possibly get another ethernet wic from work but I wanted to see if I could do anything with the one FE built in plus the one 10BaseT card I have
 
Well I'd have a play with access lists. Set yourself up two subnets, and play around with Extended ACLs restricting traffic from one to the other, or indeed one to the internet.

Assuming you don't already have knowledge of ACLs.

Also, if you have the ability to run a RADIUS server, you could configure RADIUS authentication for telnet/ssh sessions, or even a client access VPN that is RADIUS authenticated.
 
paradigm said:
Well I'd have a play with access lists. Set yourself up two subnets, and play around with Extended ACLs restricting traffic from one to the other, or indeed one to the internet.

Assuming you don't already have knowledge of ACLs.

Also, if you have the ability to run a RADIUS server, you could configure RADIUS authentication for telnet/ssh sessions, or even a client access VPN that is RADIUS authenticated.
Click to expand...

Thanks, I will check out both, but the second paragraph looks of interest :)

Being in the network support team for an ISP I would like to know more about RADIUS Authentication. So at the moment with my set-up, could I set-up a RADIUS SERVER, give myself some credentials and create a VPN account and be able to VPN in on to my network?
 
Perfectly possible yes, you'd just have to make sure you have the open ports on your WAN router (whatever that may currently be) to your 1720 so that it is the VPN endpoint from the internet.

Not sure what you plan on using as your RADIUS server, I've only ever used RADIUS authentication with Server 2003 R2 or Server 2008 R2, but the configuration is pretty straight forward for both, and likewise relatively simple for the Cisco IOS.

You can even assign IOS priv levels to different RADIUS users, I myself have the "network administration" security group in my domain set to Priv 15 on my Cisco equipment.
 
paradigm said:
Perfectly possible yes, you'd just have to make sure you have the open ports on your WAN router (whatever that may currently be) to your 1720 so that it is the VPN endpoint from the internet.

Not sure what you plan on using as your RADIUS server, I've only ever used RADIUS authentication with Server 2003 R2 or Server 2008 R2, but the configuration is pretty straight forward for both, and likewise relatively simple for the Cisco IOS.

You can even assign IOS priv levels to different RADIUS users, I myself have the "network administration" security group in my domain set to Priv 15 on my Cisco equipment.
Click to expand...

Could plonk it on my home server which is running server 2003 standard :) Aslong as its ok with this? If not then I have a spare box which has nothing on it so I could use it to build a RAIDUS server with what ever OS is neccasary
 
Cool :) I think I'll get on the case with this, it will help with work aswel as there are only a few people that can logon to the RADIUS servers etc for our customers to see if there are stale sessions, so if I can get up to scratch with this, thats another finger in a pie for me :)


Thanks :)

If you have anymore ideas fire them across :)
 
Cisco CCNA might help you.

I remember doing mine i had done no work or revision. It asked me to make some kind of diagram so i drew one with a pencil with lines and boxes and circles when infact what it meant was to write code LOL
 
Plug one of the ethernet interfaces into the LAN port on your adsl router.
Configure this port to get it's address from DHCP.
Plug the other ethernet interface into a switch.
Configure that interface to use 192.168.1.0/24 and provide dhcp to your LAN.
Configure default route to go to external ethernet port.
Configure NAT pool to translate internal addresses.
Configure ACLs to control incoming traffic (block ICMP for example).

Have fun.

:)
 
Cool, thanks all :) quite a few ideas floating about :)

Think what im going to do is write a myself a training task which holds a lot of the suggestions on here.

Im looking to start on the CCNA learning which is why have the Cisco at home, to build up my lab :)
 
Anyone got anything else I can set myself?

Want to see if I can get QoS working at home for prioriting traffic and possibly locking down certain IP's to certain speeds, if this is possible to achieve.
 
you can always get yourself Cisco Packet Tracer to have a play around with, really good tool. That way you can build up networks with multiple routes and config different routing protocols.
 
Can anyone give me any pointers on what bandwidth management features would be best to set-up on this? im not sure if its possible, but can I play around with

A) restricting bandwidth by port
B) restricting bandwidth by IP address (regardless of port)

or are neither of these possible?
 
You must log in or register to reply here.
Back
Top Bottom