Configuring a Cisco Router to support a LAN on DSL 4


One of the things that I accomplished in the past month was to convert my network from a “modem to consumer router to computers” to a “modem to Cisco Enterprise Router to Cisco Enterprise Switch to computers (with the consumer router proving wireless access).  And on top of that, I enabled IPv6 on the entire network with my /64 network from Hurricane Electric.  Both feats took some effort to accomplish, although I owe a great deal of thanks to the people at DSL Reports Cisco Hardware Forums.

To make someone else’s life a little easier, I’m posting my completed (sanitized to remove passwords and actual IP Addresses) configuration file for the router up here.  As for the switch, I simply configured one vlan (vlan 1) with an IP Address from my excluded IP’s and configured security on it.  If the text has a * or () then it’s a comment.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname whatrouteriscalled
!
boot-start-marker
boot-end-marker
!
enable secret 5 removed-password
!
no aaa new-model
ip subnet-zero
ip cef
ip dhcp excluded-address eth0 ipv4 address
ip dhcp excluded-address switch vlan management ipv4 address
ip dhcp excluded-address server ipv4 address
ip dhcp excluded-address wireless router ipv4 address
ip dhcp excluded-address optional ipv4 (needed for a desktop
ip dhcp excluded-address second wireless router ipv4 address (open wireless)
!
ip dhcp pool internal-network
   network ipv4network (.0) 255.255.255.0
   default-router eth0 ipv4 address
   dns-server 208.67.222.222 208.67.220.220 (OpenDNS Public IPv4 addresses)
!
vpdn enable
!
vpdn-group 1
request-dialin
  protocol pppoe
!
ipv6 unicast-routing *enables IPv6 and allows for routing
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address client-side ipv6 address/64
ipv6 enable
tunnel source Dialer1
tunnel destination server side ipv4 address for he.net
tunnel mode ipv6ip
!
interface Ethernet0
description My LAN Interface
ip address eth0 ipv4 address 255.255.255.0
ip nat inside
no ip mroute-cache
ipv6 address ipv6 network address/64 eui-64 *(ends in ::)
ipv6 enable
no cdp enable
!
interface Ethernet1
description Physical ADSL Interface (Facing the ISP)
no ip address
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Dialer1
description Logical ADSL Interface
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username provided by ISP
ppp chap password 7 encrypted password provided by ISP
ppp pap sent-username username provided by ISP password 7 encrypted password from ISP
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp server ipv4 address 4125 interface Dialer1 4125
ip nat inside source static tcp server ipv4 address 443 interface Dialer1 443
ip nat inside source static tcp server ipv4 address 80 interface Dialer1 80
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
access-list 10 permit ipv4 network (.0) 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Tunnel0
!
!
line con 0
exec-timeout 120 0
password 7 password (encrypted)
login
stopbits 1
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 password (encrypted)
no login
length 0
!
scheduler max-task-time 5000
end

Some notes…  The ! are ignored by the router, so you don’t need to put them in.  If you want to create comments for what things are doing, you’ll precede them with the ! (and the router will throw them out when it’s configuring).

It was recommended that I (and you) use service password-encryption which will automatically encrypt any passwords (minimizing the need for removing them).  If you use this, and it puts a “7” before the password, you still need to remove it (as the encryption is weak) but if it has a “5” before it (like the enable secret does) it’s stronger.  Personally, I’ll remove them all from the config anyhow.

This should be considered a starting point for you, as everyone’s situation is different.  And this should be a starting point, if you’re interested in learning (for your CCNA or CCNP or just for the sheer joy of it) about Cisco configurations.

Have a great daySmile
Patrick.


Leave a Reply to Swift Computers Cancel reply

Your email address will not be published. Required fields are marked *

4 thoughts on “Configuring a Cisco Router to support a LAN on DSL