Ciao a tutti.
Mi sono trovato a configurare un router cisco 851 per un'azienda a cui faccio consulenza. Premetto che non sono un esperto per cui ci ho smanettato un po finche esausto ci ho rinunciato.
L'azienda ha un collegamento in fibra con il provider ascotlc
che ci ha assegnato un ip fisso X.X.X.X con maschera 255.255.255.0 e un ip gateway Y.Y.Y.Y
Internamente abbiamo una LAN con subnet 192.168.2.0 255.255.255.0 e alla VLAN del cisco ho assegnato l'ip 192.168.2.250
Io ho collegato il cavo proveniente di ascotlc alla porta WAN del cisco e alla porta FastEthernet0 ho collegato un HUB dove si collegano tutti i PC.
La connessione a internet funziona e utilizzando uno "stupido" router dlink tutta la rete funziona correttamente e i tutti i PC possono accedere ad internet.
Con il cisco 851 invece non c'è verso di farli uscire su internet.
In più se utilizzo SDM per configurare il firewall mi da sempre errore (anche se utilizzo la procedura con lo wizard )
Tra un secondo posto la configurazione.
Vi prego di aiutarmi
Suggerimenti configurazione router cisco 851 (Niubbo inside)
Moderatore: Federico.Lagni
-
rastapunx
- n00b
- Messaggi: 4
- Iscritto il: lun 31 ago , 2009 1:45 pm
Questa è la versione del router:
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T9, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 29-Apr-09 08:48 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
BonottoRouter uptime is 14 hours, 5 minutes
System returned to ROM by reload
System image file is "flash:c850-advsecurityk9-mz.124-15.T9.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 851 (MPC8272) processor (revision 0x300) with 59392K/6144K bytes of memory.
Processor board ID FCZ132661E6
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
20480K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T9, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 29-Apr-09 08:48 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
BonottoRouter uptime is 14 hours, 5 minutes
System returned to ROM by reload
System image file is "flash:c850-advsecurityk9-mz.124-15.T9.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 851 (MPC8272) processor (revision 0x300) with 59392K/6144K bytes of memory.
Processor board ID FCZ132661E6
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
20480K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102
-
rastapunx
- n00b
- Messaggi: 4
- Iscritto il: lun 31 ago , 2009 1:45 pm
E questa è la configurazione:
X.X.X.X è l'ip statico fornitoci da ascotlc mentre i ? sostituiscono le password e i dns
Building configuration...
Current configuration : 6078 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 ?????????????????????.
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2502004170
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2502004170
revocation-check none
rsakeypair TP-self-signed-2502004170
!
!
crypto pki certificate chain TP-self-signed-2502004170
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353032 30303431 3730301E 170D3032 30333032 31393538
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35303230
30343137 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C646 E57FD9DB 5357CFA9 AE3165C6 DA4DBBE9 59B7E2F0 85EA9629 34BA3869
D3A4BADC D3F32011 B61474C2 DF12292C 8F7EF738 B8F4F4D3 7C222823 D3CCD792
5676B194 FF238DD6 4EC0F842 9AAAE2BA BCE9C8C1 6E1AD085 F11889C5 2616D1A6
839F4D9C EC1F206D 58A36C16 5C8083B6 0892AF2E A7368232 F081A183 FEF643DB
20450203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A426F6E 6F74746F 526F7574 65722E6C 73626F6E 6F74746F
2E697430 1F060355 1D230418 30168014 09C9C32A 7BD82127 8B956160 BDF85BE1
2F58945C 301D0603 551D0E04 16041409 C9C32A7B D821278B 956160BD F85BE12F
58945C30 0D06092A 864886F7 0D010104 05000381 81003ED4 FC8220E1 E458F8D4
2D0C61C4 EF7DDA94 1FA88680 F9E52776 BD6D6560 7A15567F AABFE406 3C22BC5F
39AFFA05 C27F4134 040124ED 25D9DBAA DD85F58F 5E4E45A6 D324A896 E9981445
E4B79FD9 B244E54E A2611B26 1768E7D6 E05D16BC BC27E199 3C89E99A 7F1F0B55
29B08547 483D9A9B CCE8BAE9 5927EAE3 6C4B4CA9 4C39
quit
dot11 syslog
!
!
ip cef
ip name-server ?.?.?.?
ip name-server ?.?.?.?
!
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
!
!
username aaaaa privilege 15 secret 5 ??????
username bbbbb privilege 15 view root secret 5 ??????
!
!
archive
log config
hidekeys
!
!
zone security LAN
zone security INTERNET
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address X.X.X.X 255.255.255.0
ip virtual-reassembly
zone-member security INTERNET
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
ip address 192.168.2.250 255.255.255.0
ip virtual-reassembly
zone-member security LAN
!
router rip
version 2
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended SDM_AH
remark SDM_ACL Category=0
permit ahp any any
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
logging 192.168.2.250
logging X.X.X.X
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit any log
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
end
X.X.X.X è l'ip statico fornitoci da ascotlc mentre i ? sostituiscono le password e i dns
Building configuration...
Current configuration : 6078 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 ?????????????????????.
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2502004170
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2502004170
revocation-check none
rsakeypair TP-self-signed-2502004170
!
!
crypto pki certificate chain TP-self-signed-2502004170
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353032 30303431 3730301E 170D3032 30333032 31393538
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35303230
30343137 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C646 E57FD9DB 5357CFA9 AE3165C6 DA4DBBE9 59B7E2F0 85EA9629 34BA3869
D3A4BADC D3F32011 B61474C2 DF12292C 8F7EF738 B8F4F4D3 7C222823 D3CCD792
5676B194 FF238DD6 4EC0F842 9AAAE2BA BCE9C8C1 6E1AD085 F11889C5 2616D1A6
839F4D9C EC1F206D 58A36C16 5C8083B6 0892AF2E A7368232 F081A183 FEF643DB
20450203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A426F6E 6F74746F 526F7574 65722E6C 73626F6E 6F74746F
2E697430 1F060355 1D230418 30168014 09C9C32A 7BD82127 8B956160 BDF85BE1
2F58945C 301D0603 551D0E04 16041409 C9C32A7B D821278B 956160BD F85BE12F
58945C30 0D06092A 864886F7 0D010104 05000381 81003ED4 FC8220E1 E458F8D4
2D0C61C4 EF7DDA94 1FA88680 F9E52776 BD6D6560 7A15567F AABFE406 3C22BC5F
39AFFA05 C27F4134 040124ED 25D9DBAA DD85F58F 5E4E45A6 D324A896 E9981445
E4B79FD9 B244E54E A2611B26 1768E7D6 E05D16BC BC27E199 3C89E99A 7F1F0B55
29B08547 483D9A9B CCE8BAE9 5927EAE3 6C4B4CA9 4C39
quit
dot11 syslog
!
!
ip cef
ip name-server ?.?.?.?
ip name-server ?.?.?.?
!
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
!
!
username aaaaa privilege 15 secret 5 ??????
username bbbbb privilege 15 view root secret 5 ??????
!
!
archive
log config
hidekeys
!
!
zone security LAN
zone security INTERNET
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address X.X.X.X 255.255.255.0
ip virtual-reassembly
zone-member security INTERNET
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
ip address 192.168.2.250 255.255.255.0
ip virtual-reassembly
zone-member security LAN
!
router rip
version 2
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended SDM_AH
remark SDM_ACL Category=0
permit ahp any any
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
logging 192.168.2.250
logging X.X.X.X
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit any log
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
end
-
CiscoBGP
- Cisco power user
- Messaggi: 90
- Iscritto il: ven 26 dic , 2008 3:02 pm
- Località: Reggio Emilia
Ciao
Mi spieghi come utilizzi la fibra?
Inoltre applichi un protocollo di Routing il Rip annunciando la tua Subnet verso quale apparato?
I Cisco 851 e 871 dovrebbero configurarsi con VPDN e clonando l'interfaccia logica Dialer con se ti viene rilasciato un IP Dinamico
Altrimenti niente Dialer e IP Fisso sulla FE
Mi spieghi come utilizzi la fibra?
Inoltre applichi un protocollo di Routing il Rip annunciando la tua Subnet verso quale apparato?
I Cisco 851 e 871 dovrebbero configurarsi con VPDN e clonando l'interfaccia logica Dialer con se ti viene rilasciato un IP Dinamico
Altrimenti niente Dialer e IP Fisso sulla FE
