Saturday, December 30, 2006

Configure Cisco DSL Routers

I have just finished configuring my Cisco 1720 router with ADSL wic module installed. I'll show you step by step how to do that:

connect your router with the console cable
say 'no' for initial configuration

configure terminal mode
# conf term

change the enable secret password
# enable secret

change the hostname
# hostname adslrouter

assign IP address to the ethernet adapter (private IP address), use NAT
# int fastethernet 0
# ip address 192.168.0.254 255.255.255.0
# ip nat inside
# no shut
# exit

configure ATM interface
# int atm0
# no ip address
# no atm ilmi-keepalive
# dsl operating-mode auto
# no shut
# exit

configure ATM sub-interface
# int atm0.1 point-to-point

! find the PVC from your ISP
# pvc 8/35
# encapsulation aal5mux ppp dialer
# dialer pool-member 1
# exit
# exit

configure dialer interface
# int dialer 1

! if you get IP address from your ISP's DHCP, otherwise assign static address
# ip address negotiated

! access list for inbound traffic
# ip access-group 110 in

# ip nat outside
# encapsulation ppp
# dialer pool 1

! ppp authentication usernamen and password from your ISP
# ppp authentication chap callin
# ppp chap hostname <username@domain.com>
# ppp chap password
# exit

! NAT for internal clients
# ip nat inside source route-map NAT interface Dialer1 overload

! Port fowarding to internal Firewall
# ip nat inside source static tcp 192.168.0.10 22 interface Dialer1 22

# ip classless

! static route to dialer interface
# ip route 0.0.0.0 0.0.0.0 Dialer1

! access list for inbound connection to Dialer 1
# access-list 110 remark Inboud traffic to internal firewall
# access-list 110 remark Allow access to HTTPS from everywhere
# access-list 110 permit tcp any any eq 443
# access-list 110 remark Allow access to SSH only from X
# access-list 110 permit tcp host a.b.c.d any eq 22

! DNS is UDP that is not connection oriented, thus this is needed
# access-list 110 remark Allow DNS inbound
# access-list 110 permit ip host a.b.c.d any

! If you have SMTP server
# access-list 110 permit tcp any any eq smtp

! allow all established connection
# access-list 110 permit tcp any any established
# access-list 110 permit icmp any any

! deny all
# access-list 110 deny ip any any

! access list for route-map, being used by the ip nat
# access-list 150 remark NAT Traffic from Inside
# access-list 150 permit ip 192.168.0.0 0.0.0.255 any

# dialer-list 1 protocol ip permit

# route-map NAT permit 10
# match ip address 150

save it
# wr mem

1 comment:

Michael said...

Thanks very much your ADSL setup for the 1720 worked a treat.
i had my 2621 doing the ADSL. the diffrence i saw in yours is the ATM sub interface.
PS
i am starting the study again for BSCI i was ready then the exam was stopped at x-mass i just got the new BSCI eamx book from cisco today>

thanks
Michael