Beruflich Dokumente
Kultur Dokumente
0
CLI template for Cisco 851W/871W standard IOS August 30, 2006
Command Purpose
service password-encryption Enable password encryption
hostname [Router-Name] Configure your router's name
enable secret [Some-Password] Set the enable secret
enable password [Some-Other-Password] Set the password
Basic configuration
ppp authentication pap callin Use password authentication protocol (clear text)
ppp pap sent-username [DSL-Username] password [DSL-Password] User sign-on for DSL accounts
ppp ipcp dns request Get DNS server info from DSL provider
ppp ipcp address accept
access-list 1 permit [Network1-ID] [Reverse-mask-1] Allow VLAN1 inside of Access List 1 (Used for NAT)
access-list 1 permit [Network20-ID] [Reverse-mask-20] Allow VLAN20 inside of Access List 1 (Used for NAT)
dialer-list 1 protocol ip list 1 Assign access-list 1 to dialer-list 1 with IP protocol access
ip nat inside source list 1 interface Dialer1 overload Tell all internal NAT IP addresses to map to Dialer1 IP
ip access-list extended Guest-ACL Create the Guest-ACL access list. Used to restrict guests.
deny ip any [Network1-ID] [Reverse-mask-1] Prevent guests from accessing VLAN1
permit ip any any Let guests access everything else
interface FastEthernet4 Enter the WAN port configuration
pppoe enable Enable PPPoE for DSL dialup
pppoe-client dial-pool-number 1 Set PPPoE to use Dialer1
no cdp enable Turn off CDP (Cisco Discovery Protocol) on WAN interface
ip route 0.0.0.0 0.0.0.0 Dialer1 Set the default gateway to point to ISP via Dialer1
interface FastEthernet0 Enter port 0
Switch config
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source Set bridge parameters
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.20 Create a virtual radio for VLAN20
description Guest wireless LAN - routed WLAN Description saying this is a routed non-bridged interface
encapsulation dot1Q 20 Assign 802.1q VLAN tag of 20 to this virtual radio
ip address [Gateway-20] [Subnet-mask-20] Assign IP address and subnet mask for this bridge interface
ip access-group Guest-ACL in Enforce Guest-ACL access list in the in-bound direction
ip nat inside Define this as an internal network for NAT
interface Vlan1 Create VLAN (Virtual Local Area Network) interface 1
description Internal Network Set the description of this VLAN as "Internal Network"
VLANs
ip address [Gateway-1] [Subnet-mask-1] Assign IP address and subnet mask for this bridge interface
ip nat inside Define this as an internal network for NAT
ip virtual-reassembly
bridge 1 route ip Enable IP routing on Bridge 1
int f0 Enter FastEthernet interface 0 configuration
no shut Turn on port
Enable interfaces
permit udp any eq bootps any eq bootpc Allow DHCP to come in from your ISP so your router can get PPPoE IP
permit icmp any any echo
permit icmp any any echo-reply Allow ping and trace route to work
permit icmp any any traceroute
permit gre any any Allow PPTP clients to work from within the network
permit esp any any Allow IPSEC to work
int dialer1 Go into Dialer 1 interface
ip inspect MYFW out Inspect outbound traffic on MYFW
ip access-group Internet-inbound-ACL in Restrict inbound traffic to the ACL called "Internet-inbound-ACL"