New ISP, new router
Recently I had to choose another ISP for my home internet connection, and because my previous modem was a bit limited in it’s capabilities I decided it was time to invest in a Cisco 877W Integrated Services Router.
The main reason to choose for the 877W is that I used to work with Cisco appliances, so I’m familiar with IOS and like the CLI to manage the device.
After unpacking the device I connected the serial console cable which comes with the 877W to my laptop and turned on the device. The first step was to make the internal LAN work. My new internet connection comes with 8 public IP addresses, so I had to change my internal LAN from private space to public. Now the LAN part was done I could setup the WAN interface, which took quite some time to figure out how to setup correctly.
While discovering the device it appeared that the preinstalled IOS version was a really old one that goes back to 2006. I decided to load a more recent firmware image, better safe than sorry.
With the following specs I’ve created a configuration that works well for the SurfSnel ADSL product of InterNLnet:
Provider: InterNLnet (SurfSnel ADSL)
Protocol: PPPoA routed (RFC 2364)
Encapsulation: VC MUX
VPI/VCI: 0/35
Authentication: PAP
! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service sequence-numbers ! hostname router ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model clock timezone CET 1 clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00 ! dot11 syslog no ip source-route ip cef ! ! ip inspect name firewall appfw firewall ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall cuseeme ip inspect name firewall h323 ip inspect name firewall rcmd ip inspect name firewall realaudio ip inspect name firewall streamworks ip inspect name firewall vdolive ip inspect name firewall sqlnet ip inspect name firewall tftp ip inspect name firewall ftp ip inspect name firewall icmp ip inspect name firewall esmtp max-data 52428800 ip inspect name firewall fragment maximum 256 timeout 1 ip inspect name firewall netshow ip inspect name firewall rtsp ip inspect name firewall pptp ip inspect name firewall skinny ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ip domain name yourdomain.com ip name-server 217.149.196.6 ip name-server 217.149.192.6 ! appfw policy-name firewall application http strict-http action allow alarm content-type-verification unknown-type match-req-rsp action allow alarm port-misuse tunneling action allow alarm ! ! archive log config hidekeys ! ! interface ATM0 description Physical ADSL (ATM) Interface no ip address no ip proxy-arp no atm ilmi-keepalive dsl operating-mode auto dsl enable-training-log ! interface ATM0.1 point-to-point description ATM subinterface enables PPP over ATM no ip proxy-arp pvc 0/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Dot11Radio0 no ip address shutdown speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 station-role root ! interface Vlan1 ip address 145.99.xxx.xxx 255.255.255.248 ip access-group 102 in ip virtual-reassembly ! interface Dialer0 ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip mtu 1492 ip inspect firewall in ip virtual-reassembly encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer-group 1 no cdp enable ppp pap sent-username @dsl.inter.nl.net password 0 ppp ipcp dns request ppp ipcp route default ! ip forward-protocol nd ! no ip http server no ip http secure-server ! access-list 101 remark Traffic allowed to enter the router from the Internet access-list 101 permit tcp any any established access-list 101 permit icmp any any administratively-prohibited access-list 101 permit icmp any any echo access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any traceroute access-list 101 permit icmp any any unreachable access-list 101 remark DNS In and Out access-list 101 permit udp any eq domain any eq domain access-list 101 permit udp any eq domain any gt 1023 access-list 101 remark DHCP client requests access-list 101 permit udp any eq bootps any eq bootpc access-list 101 remark NTP client requests access-list 101 permit udp host 192.87.106.2 eq ntp any eq ntp access-list 101 permit udp host 192.87.36.4 eq ntp any eq ntp access-list 101 permit udp host 192.87.110.2 eq ntp any eq ntp access-list 101 deny ip any any log dialer-list 1 protocol ip permit no cdp run ! ! control-plane ! ! line con 0 login local no modem enable line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 ntp clock-period 17179591 ntp source Vlan1 ntp server 192.87.36.4 ntp server 192.87.106.2 prefer ntp server 192.87.110.2 end
The above configuration will most likely also work on the 857W! As you’ll probably notice the wireless configuration has not been setup, so later more on this story..