Base Configuration of the 837
Here is the basic configuration of the Cisco 837 router-ADSL Modem, as configured for Verizon Online DSL. The configuration uses IRB to talk to the ISP, and does not require authentication.
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 ****************
!
username Router password 7 ****************
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool CLIENT
import all
network 192.168.1.0 255.255.255.240
default-router 192.168.1.1
lease 0 2
!
!
ip name-server ###.###.###.###
ip name-server ###.###.###.###
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
no crypto isakmp enable
!
!
bridge irb
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.240
ip access-group fwOutbound out
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/35
encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface BVI1
description --- Bridging Interface ---
ip address dhcp
ip access-group fwInbound in
ip nat outside
ip inspect myfw out
!
ip nat inside source list NATClients interface BVI1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 BVI1
ip route 0.0.0.0 0.0.0.0 Null0 255
ip http server
no ip http secure-server
!
!
ip access-list standard NATClients
permit 192.168.1.0 0.0.0.255
!
ip access-list extended fwInbound
permit tcp any any eq telnet
permit icmp any any administratively-prohibited
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any unreachable
permit udp any eq bootps any eq bootpc
permit udp any eq bootps any eq bootps
permit udp any eq domain any
permit esp any any
permit udp any any eq isakmp
permit udp any any eq 10000
permit tcp any any eq 1723
permit tcp any any eq 139
permit udp any any eq netbios-ns
permit udp any any eq netbios-dgm
permit gre any any
deny ip any any log-input
ip access-list extended fwOutbound
deny tcp any any eq telnet log-input
permit ip any any
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CGet Out Now.^C
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 1 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 ****************
!
username Router password 7 ****************
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool CLIENT
import all
network 192.168.1.0 255.255.255.240
default-router 192.168.1.1
lease 0 2
!
!
ip name-server ###.###.###.###
ip name-server ###.###.###.###
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
no crypto isakmp enable
!
!
bridge irb
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.240
ip access-group fwOutbound out
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/35
encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface BVI1
description --- Bridging Interface ---
ip address dhcp
ip access-group fwInbound in
ip nat outside
ip inspect myfw out
!
ip nat inside source list NATClients interface BVI1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 BVI1
ip route 0.0.0.0 0.0.0.0 Null0 255
ip http server
no ip http secure-server
!
!
ip access-list standard NATClients
permit 192.168.1.0 0.0.0.255
!
ip access-list extended fwInbound
permit tcp any any eq telnet
permit icmp any any administratively-prohibited
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any unreachable
permit udp any eq bootps any eq bootpc
permit udp any eq bootps any eq bootps
permit udp any eq domain any
permit esp any any
permit udp any any eq isakmp
permit udp any any eq 10000
permit tcp any any eq 1723
permit tcp any any eq 139
permit udp any any eq netbios-ns
permit udp any any eq netbios-dgm
permit gre any any
deny ip any any log-input
ip access-list extended fwOutbound
deny tcp any any eq telnet log-input
permit ip any any
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CGet Out Now.^C
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 1 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end
Posts: 3
Reply #3 on : Fri June 26, 2009, 07:57:13
Posts: 3
Reply #2 on : Sun June 07, 2009, 13:05:52
Posts: 3
Reply #1 on : Thu May 28, 2009, 07:11:15