Here is how to set up a Cisco 2811 as an edge router, I tested this on my Cisco 2811, however, this should work on other Cisco router products. This document covers WAN, LAN, and DHCP with a basic NAT setup including a very simple ACL.
Let us assume that ADSL/Cable modem is connected to fa 0/0 as a WAN port.
Then we are going to use fa 0/1 as the LAN port.
Before we start, you will need to connect to your Cisco router using the serial cable and open your favorite Terminal software.
In this tutorial we will accomplish the following:
Name your router
Set up logging messages so they don’t interrupt us while we are typing a command.
Set up DHCP for LAN
Set up NAT so we don’t propagate our LAN addresses to the world.
Set up DNS servers for DHCP
After powering up the router and when the boot process is complete. You will see the prompt asking you to do automatic configuration. At this point, I recommend choosing no.
At the next prompt type en to enter the Privileged mode.
In this mode, you can see much information about the router and the network.
Before we go any further we need to do some basic switch/router configuration by typing conf t (this stands for configuring terminal).
First, change the hostname by typing the command:
hostname EdgeRouter then <enter>
Second, I like to make sure that router messages do not interrupt my typing. This is done by changing logging settings for console 0.
console line 0 <enter> logging synchronous exit
The router name is set, and logging messages are not getting in my way.
This is a good time to save the base configuration using wr command.
By doing so we ensured that current changes are saved in the startup configuration.
To verify this type show start <enter>
You will see your “startup-configuration” with changes to the hostname and logging.
DHCP Setup
What is DHCP?
DHCP stands for Dynamic Host Configuration Protocol.
This allows easy connection of devices to the network.
A DHCP server provides the following:
- IP address
- subnet mask
- default gateway
- DNS servers.
Before we start setting up DHCP let’s ensure that our LAN is connected to Fa 0/1 and our WAN (ADSL or Cable modem) is connected to Fa 0/0.
Enter configuration mode by typing conf t <enter>
First setup WAN interface
int fa 0/0 <enter>
no shut <enter>
ip address dhcp
end <enter>
In plain English:
- Select Interface 0/0
- no shut command turns the port on (no shutdown),
- add ip address to the port using DHCP. If your provider does not support DHCP you can always manually setup IP address by issuing the following command:
ip address aaa.bbb.ccc.ddd nnn.nnn.nnn.nnn where abcd is your network address and nnnn is network mask.
Setup LAN interface:
int fa 0/1 <enter>
no shut <enter>
ip address 10.10.0.1 255.255.255.0<enter>
end <enter>
That will set up interface fa 0/1 with IP address 10.10.0.1 and netmask of 255.255.255.0 if you need more than 254 addresses available change the network mask.
This is a good time to verify the changes.
There are 2 ways to do this:
1.) This is the long way to do it:
- exit to Privileged mode by typing exit
- type show ip int bri (show ip interfaces brief)
- then enter config mode by typing config t
2.) or just type do sh ip int bri (word do will tell the router to execute the command in privileged mode)
Save the work by typing do wr.
Setup DHCP server for LAN
ip dhcp pool local ( you can name your pool as you like, I am naming this one local)
network 10.10.0.0 255.255.255.0 default router 10.10.0.1 (my interface fa 0/1)
dns-server aaa.bbb.ccc.ddd YYY.YYY.YYY.YYY (abcd is primary and YYY is secondary DNS server)
ip dhcp excluded-address 10.10.0.1 10.10.0.10 (I am reserving the first 10 addresses for equipment)
end
Setup NAT
Before we start here is the definition of NAT:
Network Address Translation (NAT) is a service that enables private IP networks to use the Internet and cloud. NAT translates private IP addresses in an internal network to a public IP address before packets are sent to an external network.
The DHCP server is ready.
We can test this by attaching a computer to port fa0/1
Next, we need to configure NAT access-list 1 permit 10.10.0.0 0.0.0.255 ( this is an inverse net mask from DHCP) IP nat inside source 1 interface fa0/0.
This will bring NVI0IP
Basics about Access Lists
Cisco access lists are used to filter traffic based on source and destination IP addresses, protocol type, and port numbers.
There are two types of access lists on Cisco devices:
- Standard Access Control Lists (SACLs)
- Extended Access Control Lists (EACLs)
SACLs can be used to match packets by the source IP address field in the packet header.
EACLs can be used to match packets by source and destination IP addresses, protocol type, and port numbers.
If you are interested in backups and firmware updates, you can check out my article about Cisco Aironet 1242 factory reset and firmware update. The process is very similar.
here is the step by step how to do all of this:
en conf t hostname EdgeRouter console line 0 logging synchronous exit #### At this point we have accomplished the following: Named our router Set up logging messages. This should be your basic setup for all Cisco routers or switches. At this point, you can add a user, password, and encryption. But we will not do that for this lab. Now we will setup Fast Ethernet ports Port 0/0 will be used as a WAN port (this port is connected to your Internet device) Port 0/1 will be used as a LAN port int fa0/0 no shut ip address dhcp If your Internet device does not support DHCP you can setup ip address manually using the following command ip address XXX.XXX.XXX.XXX 255.255.255.0 (or whatever is your netmask) end interface fa0/1 ip address 10.10.0.1 255.255.255.0 no shut end do sh ip int brief (always check your work) Now we setup the DHCP server ip dhcp excluded-address 10.10.0.1 10.10.0.10 (we are going to reserve the first 10 addresses for our equipment) ip dhcp pool local ( you can name your pool as you like) network 10.10.0.0 255.255.255.0 default router 10.10.0.1 dns-server aaa.aaa.aaa.aaa bbb.bbb.bbb.bbb (aaa is the primary bbb is the secondary dns server of your choice) end ######## DHCP server is ready. We can test this by attaching a computer to port fa0/1 ## Now we need to configure NAT access-list 1 permit 10.10.0.0 0.0.0.255 ( this is an inverse net mask from DHCP) ip nat inside source 1 interface fa0/0 # This will bring NVI0 interface fa0/1 ip nat inside end interface fa0/0 ip nat outside end ### and now we need to add a default route to the internet ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX Your internet device's IP exit Lets test: ping google.com .!!!! The first ping usually fails. Since our edge router works now, the only thing left is to save the config. wr
You must be logged in to post a comment.