KEMBAR78
How To 1841 | PDF | Internet Standards | Computer Networking
Scribd
Upload
26 views5 pages

How To 1841

How to 1841

Uploaded by

Ngwarai Chingaira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views5 pages

How To 1841

How to 1841

Uploaded by

Ngwarai Chingaira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

How to: Configuring a Cisco 1841 router from scratch

I originally found this article on the Internet when I was googling for configuration examples.
It's the config I used and works great, however there were various typing mistakes which the
original author left in, and I have removed. Links to the original article have been included
below.

14 Steps total
Step 1: Console
You'll need a Cisco console cable to break out the RS232 lines in to a DB9, and of course a
computer with a serial port. Once you have those, use PuTTY or a similar terminal program
set at 9600 baud, 8 data bits, No parity and 1 stop bit. Hit the [ENTER] key a few times and
you should be presented with the System Configuration Dialog screen.

From here onwards I will be pasting in the original authors comments, with only the typing
mistakes corrected.

Step 2: Let’s skip past the usual alerts for a new device
(e.g the automatic setup wizard), and lets run some of the
usual housekeeping commands.
For this example, Ethernet 0/0 will be used as the outside connection (192.168.5.69), ethernet
0/1 will be our inside LAN connection (192.168.10.0/24).

Once again I’ll be using teraterm to configure the device via the serial connection.

Let’s skip past the usual alerts for a new device (e.g the automatic setup wizard), and lets run
some of the usual housekeeping commands.

--- System Configuration Dialog --- Would you like to enter the initial configuration dialog?
[yes/no]: n Would you like to terminate autoinstall? [yes]: y

Press RETURN to get started! Router#conf t Enter configuration commands, one per line.
End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#no logging console
Router(config)#hostname MICHAEL1841 MICHAEL1841(config)#enable secret 0 michael
MICHAEL1841(config)#service password-encryption MICHAEL1841(config)#exit
MICHAEL1841#wri Building configuration... [OK]

Step 3: Now let’s configure up both the WAN and LAN


interfaces on the router like so:
MICHAEL1841#conf t Enter configuration commands, one per line. End with CNTL/Z.
MICHAEL1841(config)#interface fas0/0 MICHAEL1841(config-if)#description
WAN_LINK MICHAEL1841(config-if)#ip address 192.168.5.69 255.255.255.0
MICHAEL1841(config-if)#no shut MICHAEL1841(config-if)#exit
MICHAEL1841(config)#interface fas0/1 MICHAEL1841(config-if)#description
INSIDE_LAN MICHAEL1841(config-if)#ip address 192.168.10.254 255.255.255.0
MICHAEL1841(config-if)#no shut MICHAEL1841(config-if)#exit
MICHAEL1841(config)#exit MICHAEL1841#wri Building configuration... [OK]

Step 4: Finally let’s put in a default route to route all


traffic out to our ISP router (192.168.5.254). Try to ping
8.8.8.8 (don’t worry if the first times out as its ARP’ing
remember), but to be sure try to ping again and you
should get no time outs.
MICHAEL1841#conf t Enter configuration commands, one per line. End with CNTL/Z.
MICHAEL1841(config)#ip route 0.0.0.0 0.0.0.0 192.168.5.254 MICHAEL1841(config)#exit
MICHAEL1841#ping 8.8.8.8 Type escape sequence to abort. Sending 5. 100-byte ICMP
Echos to 8.8.8.8. timeout is 2 seconds:

Success rate is 80 percent (4/5). round-trip min/avg/max = 24/26/28 ms


MICHAEL1841#ping 8.8.8.8 Type escape sequence to abort. Sending 5. 100-byte ICMP
Echos to 8.8.8.8. timeout is 2 seconds: Success rate is 100% (5/5). round-trip min/avg/max =
24/25/28 ms

Step 5: Now we have some outside access, let’s continue


with setting up the 1841 to act as a DHCP for our inside
LAN (as currently our clients will be sitting with APIPA
addresses – 169.254…..) As you will see it’s slightly
different to the ASA (in terms of commands) but it’s all
there, you just need to find it. If in doubt ? mark it (as you
will see in the below output I used the ? to find out the
various options I can use when configuring the scope).
Then finally at the bottom you will see I’ve excluded the
first 9 addresses.
MICHAEL1841#conf t Enter configuration commands, one per line. End with CNTL/Z.
MICHAEL1841(config)#ip dhcp pool MICHAELDHCP MICHAEL1841(dhcp-config)#?
DHCP pool configuration commands: accounting Send Accounting Start/Stop messages
bootfile Boot file name class Specify a DHCP class client-identifier Client identifier client-
name Client name default-router Default routers dns-server DNS servers domain-name
Domain name exit Exit from DHCP pool configuration mode hardware-address Client
hardware address host Client IP address and mask import Programatically importing DHCP
option parameters lease Address lease time netbios-name-server NetBIOS (WINS) name
servers netbios-node-type NetBIOS node type network Network number and mask next-
server Next server in boot process no Negate a command or set its defaults option Raw
DHCP options origin Configure the origin of the pool relay Function as a DHCP relay

MICHAEL1841(dhcp-config)#network 192.168.10.0 255.255.255.0 MICHAEL1841(dhcp-


config)#default-router 192.168.10.254 MICHAEL1841 (dhcp-config)#dns-server 8.8.8.8
MICHAEL1841 (dhcp-config)#exit MICHAEL1841(config)#ip dhcp excluded-address
192.168.10.1 192.168.10.9 MICHAEL1841(config)#exit MICHAEL1841#wri Building
configuration...

Step 6: Example output of ipconfig from a connected PC

Expand

Open a command prompt on a PC that's connected to the router, and type ipconfig /all Scroll
back up to the section labelled Local Ethernet Adaptor and check that the settings resemble
the screen shot below (unless you have changed any for your specific configuration of
course)

Step 7: Next come’s our good old friend NAT, so let’s


configure both interfaces with NAT inside and NAT
outside.
MICHAEL1841#conf t Enter configuration commands,one per line. End with CNTL/Z.
MICHAEL1841(config)#inter fas0/0 MICHAEL1841(config-if)#ip nat outside
MICHAEL1841(config-if)#exit MICHAEL1841(config)#inter fas0/1
MICHAEL1841(config-if)#ip nat inside MICHAEL1841(config-if)#exit

Step 8: I’ve now created a VERY simple access-list as you


can see it just allows everything.
MICHAEL1841(config)#access list 100 permit ip any any
Step 9: Finally I’ve entered in our NAT statement to say
anything sourced from ACL 100 is permitted and the
outside interface (Ethernet 0/0) is the port where the PAT
will take place.
MICHAEL1841(config)#ip nat inside source list 100 interface fastEthernet 0/0

Step 10: Now if you open up a webpage you should see


plenty of NAT translations and you should have the ability
to browse the internet, magic!

Expand

See attached screen shot.

Step 11: Now we’ve got the basic access, I’m going to move
on to configuring access to the SDM. If you’ve never used
SDM it’s the original GUI. Think of it as the first version
of ASDM (as you see with the ASA firewall). It’s basic yet
you can still do a lot via the GUI, I prefer not to use this at
all, and stick to command line but once again each too
their own. So let’s get started and configure a
username/password/privilege level.
MICHAEL1841#conf t Enter configuration commands, one per line. End with CNTL/Z.
MICHAEL1841(config)#username michael privilege 15 password michael
MICHAEL1841(config)#

Step 12: Once done, let now enable the HTTP secure
server, and select the authentication used for HTTPS
connections
MICHAEL1841(config)#ip http server MICHAEL1841(config)#ip http secure-server %
Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
MICHAEL1841(config)#ip http authentication local MICHAEL1841(config)#exit
MICHAEL1841#wri Building configuration... [OK]

*******************************************************

You need to change the config register.

The routers were left in password recovery mode of 0x2142. Changing it to the proper
0x2102 fixed this mess. I hope this will save others who come across this problem.

Do this: en conf t config-register 0x2102

You might also like