Friday, May 21, 2010

Home Router Config Example:


Whenever I get to teach a CCNA class I try to encourage students to buy a Cisco dual ethernet router off ebay and configure it for use at home.  So while I'm on the train today I'm going going to type one up.

This configuration will provide the following services. PAT, NAT, DHCP server/client, DNS services.

 Lets start with the assumption that this is a fresh unconfigured router.  Notes will be followed by --> !note!<--.  Pieces you pick on your own will be in "< >" .  Example: < your text here > .  This configuration is based upon IOS 12.3 or higher









router# config t
router(config)#  !(everything starts from here)
hostname bobs_homerouter
no ip domain-lookup

enable secret < your password >
aaa new-model
username < your login username >password < your password>

ip dhcp exclude address 192.168.10.1 192.168.10.20
 !addresses in this range are reserve for static ip!

ip dhcp pool home
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.1
 dns-server 192.168.10.1
!makes this router your dns server!

no ip source-route
no ip gratuitous-arps

login block-for 5 attempts 9 within 9
 !limits failed logins!

interface ethernet 0
!Or whatever your first ethernet port is.  This will connect to your home!
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 fair-queue

interface ethernet 1
 !your second ethernet port.  This will connect to the internet!
 ip address dhcp
 ip nat outside
 no cdp enable
 fair-queue

ip route 0.0.0.0 0.0.0.0 dhcp
no ip http server
!because you are learning command line!

ip dns server
ip dns spoofing
 !if your IOS does not support this command change the dhcp scope above to include a public dns server like
! 8.8.8.8 or 4.2.2.4!

ip nat inside source list 101 interface ethernet1 overload
!ip nat inside source static tcp 192.168.10.5 80 interface ethernet1 80
!the previous commmand will map tcp port 80 coming from the internet to a server with
!the ip address of 192.168.10.5.

access-list 101 permit ip any any

access-list 102 permit ip 192.168.10.0 0.0.0.255 any
!access-list for telnet!

line con 0
 privilege level 15
 no login
! I don't configure passwords on my home router.  Not really any need at home!
 history size 256


line vty 0 4
 login local
 access-class 102 in
! telnet is used here because we limit access from your home network.!


!**Please let me know if you have problems with this configuration**!
!**http://twomissingtoes.blogspot.com**!
at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

The Network