@lan72 ha scritto:Salve a tutti, tenevo a farvi sapere che sono molto riconoscente nei confronti di questo forum perchè ho trovato persone capaci e allo stesso molto disponibili, considerando che i cisco per chi partiva da 0 come me sono praticamente impossibili, qui ho avuto la possibilità in poco tempo di imparare quanto basta per poterne configurare uno.
ps. un ringraziamento particolare va a Wizard..
Volevo contribuire allegando la mia configurazione per Cisco 857W funzionante al 100% con:
Alice 20 Mega (casa ip dinamico)
Dhcp Server
DynDns
Wifi con Wpa2
Filtro MAC WiFi
Firewall
Ntp Update
il range del hdcp è dal 192.168.0.1 al 192.168.0.220
l'indirizzo del router è 192.168.0.221
per semplificare il tutto, ho predisposto dei campi caratterizzati da parentesi quadra dove allinterno deve essere inserito il valore desiderato
Codice: Seleziona tutto
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname [NOME-ROUTER]
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 [SECRET-PASSWORD]
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
dot11 association mac-list 700
dot11 syslog
dot11 vlan-name WiFi vlan 1
!
dot11 ssid [NOME-SSID]
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 [PASSWORD-WIFI-MASSIMO-63-CARATTERI]
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.221 192.168.0.254
!
ip dhcp pool Pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.221
dns-server [1-DNS-X-CLIENT] [2-DNS-x-CLIENT]
lease infinite
!
!
ip cef
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name cisco.com
ip name-server [1-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip name-server [2-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip ddns update method dyndns1
HTTP
add http://[NOMEUTENTE]:[PASSWORD]@members.dyndns.org/nic/update?system=dyndns&ho
stname=<h>&myip=<a>
remove http://[NOMEUTENTE]:[PASSWORD]@members.dyndns.org/nic/update?system=dyndns
&hostname=<h>&myip=<a>
!
!
username [NOME-UTENTE-ACCESSO-ROUTER] privilege 15 secret 5 [PASSWORD]
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid [NOME-SSID-WIFI]
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
world-mode dot11d country IT both
l2-filter bridge-group-acl
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Dialer0
ip ddns update hostname [HOST-DYNDNS].gotdns.com
ip ddns update dyndns1
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username [UTENTE]@alice.it password 7 [PASSWORD]
!
interface BVI1
ip address 192.168.0.221 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 remark Traffico abilitato ad entrare nel router da internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp host [1-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit udp host [2-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit tcp host 63.208.196.96 eq www any log
access-list 101 permit udp host 207.46.232.42 eq ntp any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet
access-list 102 permit ip any host 192.168.0.221
access-list 102 deny ip any host 192.168.0.255
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
access-list 700 permit [MAC-ADDRESS-WIFI-ABILITATI] (Esempio 0015.1181.a949 0000.0000.0000)
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 207.46.197.32
sntp server 192.43.244.18
end
Spero di aver fatto cosa gradita...
Saluti
Agostino
=========================================================
Salve, sono un neofita nel campo ho scritto papale papale dopo aver digitato config t, router(config)#, ma la config sul mio Cisco887MW non ne vuole sapere, alcuni comandi non li prende, esempio router(config)#interface ethernet 0 mi da errore, anche il comando dot11, la versione ios e 15.0 "Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.0(1)M7, RELEASE SOFTWARE (fc2)
Nome firmware Ios = c880data-universalk9-mz.150-1.M7.bin
Technical Support:
http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Fri 05-Aug-11 02:01 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
yourname uptime is 8 minutes
System returned to ROM by power-on
System restarted at 15:43:09 UTC Fri Apr 18 2014
System image file is "flash:c880data-universalk9-mz.150-1.M7.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 887M (MPC8300) processor (revision 1.0) with 708608K/77824K bytes of memory.
Processor board ID FGL1543204S
4 FastEthernet interfaces
1 Gigabit Ethernet interface
1 ISDN Basic Rate interface
1 ATM interface
1 terminal line
1 Virtual Private Network (VPN) Module
1 cisco Embedded AP (s)
256K bytes of non-volatile configuration memory.
126000K bytes of ATA CompactFlash (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO887MW-GN-E-K9 FGE1543204A
----------------------------------------------------------------------------------
Se vi può essere utile allego una precedente config fatta da un amico, che venuto a casa lo ha configurato, devo dire funzionava alla grande anche se non aveva configurato il Wireless, su una porta ethernet ho messo un router con Wireless incorporato...funzionava. Il giorno dopo ha fatto una erase config, lo hanno chiamato al telefono ed è partito per Londra. Adesso sono rimasto senza Config
Se qualche anima pia può aiutarmi anche a pagamento ne sarei felice, sto cercando di riscriverla ma evidentemente erro in quache comando, se qualcuno con un po di pazienza una errata corrige.... Grazie anticipatamente
QUESTA E' LA CONFIG TROVATA IN GIRO SU QUESTO FORUM:
Router(config)#hostname Cisco887
Cisco887(config)#enable password admin
Cisco887(config)#password admin
Router(config)#exit
!
ACCESSO TRAMITE CONSOL
Cisco887M(config)#line console 0
Cisco887M(config-line)#password admin
Cisco887M(config-line)#login Cisco887
Cisco887(config)#enable secret admin2 Dove admin2 è la password di Amministratore. Importante che la password non vada persa.
!
Cisco887(config)#username admin privilege 15 password 0 admin <impostiamo username e la passwd per accedere al router da terminale o da http>
!
Router(config)#clock timezone MET 1
Router(config)#clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
Router(config)crypto pki trustpoint TP-self-signed-470017061
Router(config) enrollment selfsigned
Router(config) subject-name cn=IOS-Self-Signed-Certificate-470017061
Router(config) revocation-check none
Router(config) rsakeypair TP-self-signed-470017061
!
Router(config)Router(config)crypto pki certificate chain TP-self-signed-470017061
Router(config)certificate self-signed 01
Cisco887#
!
CONFIGURAZIONE INTERFACCIA
Cisco887(config)# (Configurare l’interfaccia ethernet)
Cisco887(config)#interface ethernet 0
Cisco887(config-if)#ip address 192.168.111.1 255.255.255.0 (Rendete operativa l’interfaccia 192... con sotto maschera 255 ecc.)
Cisco887(config-if)#no shutdown
Cisco887(config-if)#exit (per ritornare al prompt)
Cisco887(config)#
Cisco887(config)#ip nat translation max-entries 5000
Cisco887(config)#ip nat translation timeout 420
Cisco887(config)#ip nat translation tcp-timeout 120
Cisco887(config)#ip nat translation pptp-timeout 420
Cisco887(config)#ip nat translation finrst-timeout 300
Cisco887(config)#ip nat translation syn-timeout 120
Cisco887(config)#ip nat translation udp-timeout 120
Cisco887(config)#ip nat translation dns-timeout 300
Cisco887(config)#ip nat translation icmp-timeout 120
Cisco887(config)#service dhcp
Cisco887(config)#no ip dhcp conflict logging
Cisco887(config)#ip dhcp pool DHCP_RETE_INTERNA
Cisco887(dhcp-config)#network 192.168.111.0 255.255.255.0
Cisco887(dhcp-config)#default-router 192.168.111.1
Cisco887(dhcp-config)#dns-server 8.8.8.8 8.8.4.4
Cisco887(dhcp-config)#lease infinite
Cisco887(dhcp-config)#exit
Cisco887(config)#ip dhcp excluded-address 192.168.111.10 192.168.111.25 Esempio Cisco887(config)#service dhcp
Cisco887(config)#END
!
CONFIGURAZIONE DEL DIALER necessario eseguire la configurazione per Internet (Dialer + ATM).
Cisco887(config)#interface dialer 0
Cisco887(config-if)#ip address negotiated
Cisco887(config-if)#ip nat outside
Cisco887(config-if)#encapsulation ppp
Cisco887(config-if)#dialer pool 1
Cisco887(config-if)#exit
Cisco887#
!
CONFIGURAZIONE INTERFACCIA ATM
Cisco887(config)#no ip unreachables
Cisco887(config)#interface ATM 0
Cisco887(config-if)#description DSL Interface
Cisco887(config-if)#no ip address
Cisco887(config-if)#no ip redirects
Cisco887(config-if)#no ip unreachables
Cisco887(config-if)#no ip proxy-arp
Cisco887(config-if)#ip flow ingress
Cisco887(config-if)#no atm ilmi-keepalive
Cisco887(config-if)#pvc 8/35
Cisco887(config-atm-vc)#encapsulation aal5mux ppp dialer
Cisco887(config-atm-vc)#dialer pool-member 1
Cisco887(config-atm-vc)#no shutdown
Cisco887(config-atm-vc)#exit
!
Cisco887#conf t
Cisco887(config)#
Cisco887(config)#ip tcp synwait-time 10
Cisco887(config)#interface Null0
Cisco887(config)#interface Dialer0
Cisco887(config)#Description Connessione ad INTERNET (Alice 20 Mega)
Cisco887(config-if)#mtu 1492
Cisco887(config-if)#ip ddns update hostname camel.dyndns.org
Cisco887(config-if)#ip ddns update dyndns
Cisco887(config-if)#ip address negotiated
Cisco887(config-if)# ip nbar protocol-discovery
Cisco887(config-if)#ip flow ingress
Cisco887(config-if)#ip nat outside
Cisco887(config-if)#ip virtual-reassembly
Cisco887(config-if)#encapsulation ppp
Cisco887(config-if)#ip tcp adjust-mss 1248
Cisco887(config-if)#dialer pool 1
Cisco887(config-if)#dialer-group 1
Cisco887(config-if)#ipv6 address FE80::1 link-local
Cisco887(config-if)#ipv6 route 2000::/3 Dialer0
Cisco887(config-if)#ipv6 route ::/0 Dialer0
Cisco887(config-if)#ipv6 address autoconfig
Cisco887(config-if)#ipv6 enable
Cisco887(config-if)#ppp authentication chap callin
Cisco887(config-if)#ppp chap hostname aliceadsl
Cisco887(config-if)#ppp chap password 0 aliceadsl
Cisco887(config-if)#ppp pap sent-username aliceadsl password 0 aliceadsl
Cisco887(config-if)#no cdp enable
!
CONFIGURAZIONE NAT
Cisco887(config)#ip nat inside source static tcp 192.168.111.15 12000 interface Dialer0 12000
Cisco887(config)#ip nat inside source list 1 interface dialer 0 overload (Per impostare l’IP route dell’interfaccia di dialer come default Gateway)
Cisco887(config)#ip route 0.0.0.0 0.0.0.0 dialer 0 (Definisce ACCESS LIST)
Cisco887(config)#access-list 1 permit 192.168.111.0 0.0.0.255
Cisco887(config)#ip nat inside source static tcp 192.168.111.15 12000 interface Dialer0 12000
Cisco887(config)#ip nat inside source static udp 192.168.111.15 12000 interface Dialer0 12000
Cisco887(config)#ip nat inside source static tcp 192.168.111.10 4662 interface Dialer0 4662 eMule
Cisco887(config)#ip nat inside source static udp 192.168.111.10 4662 interface Dialer0 4662 eMule
Cisco887(config)#end
Cisco887#wr
Cisco887#copy run start
!
Cisco887(config)#interface ethernet 0
Cisco887(config-if)#
Cisco887(config-if)#ip nat inside
Cisco887(config-if)#no shutdown
Cisco887(config-if)#exit
Cisco887#
!
CONFIGURAZIONE DEI CODICI DI ACCESSO AL SERVIZIO Del Servizio ADSL
Cisco887(config)#int dialer 0
Cisco887(config-if)#ppp authentication chap callin
Cisco887(config-if)#ppp chap hostname aliceadsl
Cisco887(config-if)#ppp chap password aliceadsl
Cisco887(config-if)#ppp pap sent-username aliceadsl password aliceadsl
Cisco887(config-if)#exit
Cisco887#
Cisco887#conf t
Cisco887(config)#ip dns server
Cisco887(config)#ip name-server 4.2.2.6
Cisco887(config)#ip name-server 4.2.2.5
!
Cisco887(config)#ip inspect name SDM_LOW dns
Cisco887(config)#ip inspect name SDM_LOW ftp
Cisco887(config)#ip inspect name SDM_LOW h323
Cisco887(config)#ip inspect name SDM_LOW https
Cisco887(config)#ip inspect name SDM_LOW icmp
Cisco887(config)#ip inspect name SDM_LOW imap
Cisco887(config)#ip inspect name SDM_LOW pop3
Cisco887(config)#ip inspect name SDM_LOW netshow
Cisco887(config)#ip inspect name SDM_LOW rcmd
Cisco887(config)#ip inspect name SDM_LOW realaudio
Cisco887(config)#ip inspect name SDM_LOW rtsp
Cisco887(config)#ip inspect name SDM_LOW esmtp
Cisco887(config)#ip inspect name SDM_LOW sqlnet
Cisco887(config)#ip inspect name SDM_LOW streamworks
Cisco887(config)#ip inspect name SDM_LOW tftp
Cisco887(config)#ip inspect name SDM_LOW tcp router-traffic
Cisco887(config)#ip inspect name SDM_LOW udp router-traffic
Cisco887(config)#ip inspect name SDM_LOW vdolive
!
Cisco887(config)#access-list 101 permit tcp host 204.13.248.112 eq www any log
Cisco887(config)#ip ddns update camel.dyndns.org
Cisco887(config)#ip ddns update dyndns
Cisco887(config)#ip ddns update method dyndns
Cisco887(DDNS-update-method)#HTTP
Cisco887(DDNS-HTTP)#
http://camel:12031952 @ blc.it @ members.dyndns.org/nic/update ? system=dyndns&hostname=camel.dyndns.org&myip=<a>)
DESCRIZIONE: Digitare fino alla @ per inserire la chiocciola ctrl-v e inserire il carattere( @ ) per inserire il ? ctrl-v e inserire il carattere ( ? )
Cisco887(DDNS-HTTP)#interval maximum 28 0 0 0
Cisco887(DDNS-update-method)#interface dialer0
!
Cisco887(config)#no cdp enable
Cisco887(config)#ip forward-protocol nd
Cisco887(config)#no ip http server
Cisco887(config)#ip http access-class 23
Cisco887(config)#ip http authentication local
Cisco887(config)#no ip http secure-server
Cisco887(config)#ip http access-class 23ip http timeout-policy idle 60 life 86400 requests 10000
!
IMPOSTAZIONE PASSWORD DI AMMINISTRATORE
Cisco887(config)#enable secret admin
!
IMPOSTAZIONE PASSWORD DI TELNET
Cisco887(config)#
Cisco887(config)#line vty 0 4
Cisco887(config-line)#password admin
Cisco887(config-line)#exit
Cisco887(config)#exit
Cisco887#
!
Secure access
SSH and HTTPS
!
Cisco887(config)# ip http secure-server
Cisco887(config)# ip http authentication local
Cisco887(config)# line vty 0 15
Cisco887(config)# login local
Cisco887(config-line)# transport input ssh
Cisco887(config-line)# transport output ssh
!
Nonsecure access
Telnet and HTTP
!
Cisco887(config)# ip http server
Cisco887(config)# ip http authentication local
Cisco887(config)# line vty 0 15
Cisco887(config)# login local
Cisco887(config-line)# transport input telnet
Cisco887(config-line)# transport output telnet
User privilege level
!
end
Grazie.