schweeeeeat: Just got my NM-1E for my cisco 2610 and am successfully updating the flash to 12.3 (13)

[Goosemaster]

Being this, the first cisco device in my house (let's not kid ourselves linksys doesn't count), I am all giddy and am practically bouncing off the walls


I had bought my 2610 a while back but only had one ethernet interface so it was practically useless


Now that I have two ethernet interfaces I can configure it as my gateway router


Oh how much fun I will have with the QoS


This + my soekris 4801(m0n0wall 1.2) will kick so much ass


My network (pre-carnage:evil: )


EDIT:


Basically, it looks like the only similar router that SDM will work with is the 2610XM which I am not familar with. I tried to install the software and it told me my router was not compatible

Anyone got any ideas?

I realize that the old guys here, those hardened from the heat of battle with the CLI, will yelll at me for this, but is there any other software (free) that will allow me to interface with the router in a cool way? I remember in my CCNA class that they had software that would allow you to draw a network, sort of like Visio, but then physically interface with the routers. I don't beleive it was cisco works though.

In addition, my IOS version supports IPS and I was interested in seeing what the best resource for learning the commands might be (on cisco's site or whatever). I would like to update the defs and such and would like to be made aware of techniques/practices

I am also toying with the idea of making this a transparent firewall, sicne 12.3 supports it


Please, if you have any ideas for what I can pull off with this thign let me know

 

[melthemoose]

CNA

 

[Goosemaster]

Originally posted by: melthemoose
CNA

dude....


DUDE!!!!!!


SO AWESOME


I am also having issues with cisco configmaker but hopefully I'll get that to work too

 

[Goosemaster]

I just tried the cisco network assitant and it said my 2610 was unsupported.

It says it supports 2600 multiservice routers, so are those different than the 2610?



So far Configmaker seems to be getting me somewhere (and it looks to be what be used to use in the CCNA classes I took) so hopefully it'll do

 

[melthemoose]

sorry...the 2610 (non-XM's) were discontinued before this application was released (sorry, I was in a rush)...

Configmaker should work fine as that has been around forever...

 

[petey117]

if you took CCNA classes, this should be a breeze for you through the CLI
what config issues are you having with the CLI - maybe i can help?

 

[Goosemaster]

Originally posted by: petey117
if you took CCNA classes, this should be a breeze for you through the CLI
what config issues are you having with the CLI - maybe i can help?

nothing really...jsut lazy


I'm setting this as the gateway router, so I have to set the access lists accordingly to allow all in and out for now

 

[petey117]

yeah, access lists are a pain by hand, but if you are running a firewall, you should be able to just allow any any
you are being lazy, but you are putting so much work into it

 

[Goosemaster]

Originally posted by: petey117
yeah, access lists are a pain by hand, but if you are running a firewall, you should be able to just allow any any
you are being lazy, but you are putting so much work into it

I just want to get all out it that I can

Basically, I jsut had to reset the damn config yet again because I FUBAR'd it again....stupid DHCP


feel like chatting? maybe you can give me some refresher tips

I used to be so good at this


aim: el goosemaster
gtalk: wheaties@gmail.com
msn: ogoogle@comcast.net

 

[skyking]

I just want to get all out it that I can

Then quit whining and do it with the CLI!!

 

[Goosemaster]

Originally posted by: skyking

I just want to get all out it that I can

Then quit whining and do it with the CLI!!

I am but am having problem with routing


Think you could help me?

 

[cmetz]

Goosemaster, go to lulu.com and search for "Basham" - grab the free stuff.

If you want to use web or GUI tools to configure a router, use Linksys. Enterprise routers and carrier routers you configure with the CLI, and you're just going to have to learn it. It's not hard. But you need to have an open mind about it and stop looking for ways to avoid learning the CLI. Just decide to do it, and take the plunge. There are plenty of good books on the subject, and you've got a good box for learning the Cisco CLI on. Taking the time and learning it will be worthwhile.

 

[petey117]

post your config, (sensitive info removed) or PM it to me
then tell me what you are trying to accomplish

 

[Goosemaster]

Originally posted by: cmetz
Goosemaster, go to lulu.com and search for "Basham" - grab the free stuff.

If you want to use web or GUI tools to configure a router, use Linksys. Enterprise routers and carrier routers you configure with the CLI, and you're just going to have to learn it. It's not hard. But you need to have an open mind about it and stop looking for ways to avoid learning the CLI. Just decide to do it, and take the plunge. There are plenty of good books on the subject, and you've got a good box for learning the Cisco CLI on. Taking the time and learning it will be worthwhile.

I understand exactly waht you mean. I jsut got excited when I found out about yet another thing that I could do with my router and got carried away. Hell, I gave up on ConfigMaker because it is SO much easier to use the CLI

 

[Goosemaster]

Fisrt, I realize the private addresses are incorrect and need to be fixed


Right now, the router can ping the internet and can resolve DNS, but for some reason it pauses for a second after using DNS...about 2 seconds later it starts to ping.


Unfortuantely, the LAN end does not work.
I tried plugging in a PC directly into the LAN (eth0/0) wit ha crossover, and while I can ping back and forth between the router and the computer, that is all...no traffic can go beyond the router. As you will see, my network is comprised of a soekris router as the original gateway.

Here is the original config

Basically, I want to place the cisco infront of the cisco while creating a small /3o network that must be traversed. Unfortuantely, even a direct computer doesn't work, so the soekris doesn't either

Basically, the WAN is set to DHCP on the cisco, and the LAN has a /30 subnet.



my config

sh runping 172.100.100.2
Building configuration...

Current configuration : 1409 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxxxxxxx
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 68.84.73.242
ip name-server 68.84.71.226
--More--  ip dhcp excluded-address 172.100.100.1
!
ip dhcp pool pool1
network 172.100.100.0 255.255.255.252
domain-name home.com
default-router 172.100.100.1
dns-server 68.87.73.242 68.84.71.226
lease 7
!
ip audit po max-events 100
!
interface Ethernet0/0
description connected to EthernetLAN
ip address 172.100.100.1 255.255.255.252
ip nat inside
no ip route-cache cef
no ip route-cache
half-duplex
no cdp enable
!
interface Ethernet1/0
ip address dhcp
ip nat outside
half-duplex
no cdp enable
!
router rip
version 2
network 172.100.0.0
--More--   no auto-summary
!
ip nat inside source list 102 interface Ethernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 69.243.32.1
!
!
access-list 102 permit ip 172.100.100.0 0.0.0.255 any
no cdp run
!
snmp-server community public RO
!

line con 0
exec-timeout 120 0
password cisco
login
stopbits 1
--More--  line aux 0
line vty 0 4
exec-timeout 30 0
password cisco
login local
length 0
!
scheduler max-task-time 5000
!
end

 

[petey117]

hmmm
a couple points:
1) you can turn off CEF, you don't need it, and aren;t using it
2) I am not sure the need to run rip, or any other routing protocol on your internal network
3) your ethernet 0/0 is running a 252 subnet, you should change it to 255.255.255.0, else you will only have 1 addressable IP (not sure of your current infrastructure...)
4) your nat statement should read:
ip nat inside source list 102 interface Ethernet1/0 overload

let me look it over again, and see what else i come up with

 

[Goosemaster]

Originally posted by: petey117
hmmm
a couple points:
1) you can turn off CEF, you don't need it, and aren;t using it
2) I am not sure the need to run rip, or any other routing protocol on your internal network
3) your ethernet 0/0 is running a 252 subnet, you should change it to 255.255.255.0, else you will only have 1 addressable IP (not sure of your current infrastructure...)
4) your nat statement should read:
ip nat inside source list 102 interface Ethernet1/0 overload

let me look it over again, and see what else i come up with

cool

 

[petey117]

oh yeah, change your access list to ip nat inside source list 1
and make the list
access-list 1 permit 172.100.100.0 0.0.0.255

access list 1-10 are basic lists, and are used for nat and the like
lists 100+ are extended lists, and allow you to specify protocol, source networks, etc. - not needed for NAT

 

[Goosemaster]

Originally posted by: petey117
oh yeah, change your access list to ip nat inside source list 1
and make the list
access-list 1 permit 172.100.100.0 0.0.0.255

access list 1-10 are basic lists, and are used for nat and the like
lists 100+ are extended lists, and allow you to specify protocol, source networks, etc. - not needed for NAT

I will require PAT

edited configuration without your new comments...

Building configuration...

Current configuration : 1335 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$iMcQ$UFmLmMI3Tg.TkpNJ4C8o//
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 68.84.73.242
ip name-server 68.84.71.226
--More--  ip dhcp excluded-address 172.100.100.1
!
ip dhcp pool pool1
network 172.30.1.0 255.255.255.252
domain-name home.com
default-router 172.30.1.1
dns-server 68.87.73.242 68.84.71.226
lease 7
!
ip audit po max-events 100
!

!
!
!
interface Ethernet0/0
description connected to EthernetLAN
ip address 172.30.1.1 255.255.255.252
ip nat inside
no ip route-cache cef
no ip route-cache
half-duplex
no cdp enable
!
interface Ethernet1/0
ip address dhcp
ip nat outside
half-duplex
no cdp enable
!
ip nat inside source list 102 interface Ethernet1/0 overload
ip http server
no ip http secure-server
--More--  ip classless
ip route 0.0.0.0 0.0.0.0 69.243.32.1
!
!
access-list 102 permit ip 172.30.1.0 0.0.0.255 any
no cdp run
!
snmp-server community public RO
!
!
!
!
!
line con 0
exec-timeout 120 0
password cisco
login
stopbits 1
line aux 0
line vty 0 4
exec-timeout 30 0
password cisco
login local
length 0
!
scheduler max-task-time 5000
!
end

Router#

 

[petey117]

you forgot to change your subnet on the 172 network to a class 'c'
255.255.255.0

 

[Goosemaster]

Originally posted by: petey117
you forgot to change your subnet on the 172 network to a class 'c'
255.255.255.0

Because of my setup I only want two ips

.1 for the cisco interface and .2 for the soekris?


that shouldn't be an issue right? I was always told to save ips in my classes. I know it is useless, but when I come back and see the /30 or .252 I will know exactly what I am looking at

 

[Goosemaster]

one sec..going offline to test it....probably won't work but jsut in case

 

[petey117]

ok, that is correct then.
but then why use DHCP?
seems like you could just statically assign both

not sure why you even need the router between your connection and the monowall

a little more info about what you will be using the router to do would be good

 

[Goosemaster]

OMFG....I am posting behind the CISCO


I am using DHCP so I don't have to retype the dns/router stuff

I am using the router for better QoS and it's IPS capabilities..oh, and IPsec....

m0n0wall is nice, but it looks like this will take care of a lot of issues I've have with m0n0walls QoS. At FULL load it cannot adaquately keep my VoIP Traffic problem-free

 

[skyking]