As I’ve done the “getting started” with an ASA 5505, seeing as the CCNA security not only covers the ASA units but also securing routers, I thought I’d best do a quick getting start tutorial for the Cisco 1841. (seeing as I have a number of these routers in my home lab).
What I’m going to cover in this tutorial are much the same as the ASA:
- Setup Cisco 1841 with outside access (internet access)
- Setup Cisco 1841 as a DHCP server for your inside network
- Setup Cisco 1841 with access to the SDM
Right then, lets being…..
For this example, Ethernet 0/0 will be used as the outside connection (192.168.5.69), ethernet 0/1 will be our inside LAN connection (192.168.10.0/24).
Once again I’ll be using teraterm to configure the device via the serial connection.
Let’s skip past the usual alerts for a new device (e.g the automatic setup wizard), and lets run some of the usual housekeeping commands
Now let’s configure up both the WAN and LAN interfaces on the router like so:
Finally let’s put in a default route to route all traffic out to our ISP router (192.168.5.254). Try to ping 8.8.8.8 (don’t worry if the first times out as its ARP’ing remember), but to be sure try to ping again and you should get no time outs
Now we have some outside access, let’s continue with setting up the 1841 to act as a DHCP for our inside LAN (as currently our clients will be sitting with APIPA addresses – 169.254…..)
As you will see it’s slightly different to the ASA (in terms of commands) but it’s all there, you just need to find it. If in doubt ? mark it (as you will see in the below output I used the ? to find out the various options I can use when configuring the scope). Then finally at the bottom you will see I’ve excluded the first 9 addresses.
Next come’s our good old friend NAT, so let’s configure both interfaces with NAT inside and NAT outside.
I’ve now created a VERY simple access-list as you can see it just allows everything
Finally I’ve entered in our NAT statement to say anything sourced from ACL 100 is permitted and the outside interface (Ethernet 0/0) is the port where the PAT will take place.
Now if you open up a webpage you should see plenty of NAT translations and you should have the ability to browse the internet, magic!
Now we’ve got the basic access, I’m going to move on to configuring access to the SDM. If you’ve never used SDM it’s the original GUI. Think of it as the first version of ASDM (as you see with the ASA firewall). It’s basic yet you can still do a lot via the GUI, I prefer not to use this at all, and stick to command line but once again each too their own.
So let’s get started and configure a username/password/privilege level.
Once done, let now enable the HTTP secure server, and select the authentication used for HTTPS connections
And that’s it!
Browse to https://192.168.10.254, login using your username and password.
wait for the SDM to load and then that’s it, you’ve now got GUI access to your Router.
You’re now good to go!
No comments:
Post a Comment