Cisco 837 configurations - Static IP
Help! I just need a working configuration now!
Copy the following out, replacing the bits in red with your own information. Click here if you want to see the explanations.
You should make sure that you SSH v2 switched on (ie have your done the generation stage already). If not, you can do this by doing the following from the command line:
conf term
ip domain-name your domain name
crypto key generate rsa usage-keys modulus 2048
This is the full working configuration (minus bits that are pertinent to my own connection):
version 12.3
no parser cache
no service pad
service tcp-keepalives-in
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
hostname name-of-your-device
!
boot-start-marker
boot system flash:c837-k9o3sy6-mz.123-11.T10.bin
boot-end-marker
!
logging userinfo
logging buffered 32000 informational
logging console informational
logging monitor informational
enable secret 5 password for your device
!
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
aaa new-model
!
!
aaa authentication login default local
aaa authentication login admin local
aaa session-id common
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
!
!
ip tcp synwait-time 10
no ip domain lookup
ip domain name your domain name
ip name-server IP address of your ISP DNS server
ip name-server Second IP address of your ISP DNS server
no ip bootp server
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 tcp
ip ips po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 1
ip ssh version 2
login block-for 60 attempts 3 within 30
login on-failure log
login on-success log
no ftp-server write-enable
!
!
username username to connect to the router password 7 password to connect to the router
!
!
no crypto isakmp enable
no crypto isakmp ccm
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
ip address Your static IP address Your netmask
no ip proxy-arp
no ip mroute-cache
ntp broadcast
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
ip access-group 10 out
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
ip unnumbered Ethernet0
ip access-group 101 in
ip access-group 102 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ISP provided ADSL username
ppp chap password 7 ISP provided ADSL password
ppp pap sent-username ISP provided ADSL username password 7 ISP provided ADSL password
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
!
!
!
access-list 101 permit any any
dialer-list 1 protocol ip permit
!
no cdp run
!
!
control-plane
!
banner motd ^C
This is machine name. Unauthorised access to this
machine is strictly prohibited. Please disconnect now unless
you have received prior authorisation for use. The systems
administrator is your name on Your phone number.
^C
!
line con 0
password 7 console password
login authentication admin
no modem enable
stopbits 1
line aux 0
line vty 0 4
exec-timeout 5 0
login authentication admin
transport input ssh
!
scheduler max-task-time 5000
ntp logging
ntp clock-period 17180042
ntp source Dialer0
ntp peer 193.0.0.228
ntp peer 130.88.200.98
ntp peer 158.152.1.76 prefer
end
I'll look here at each line of the configuration and explain why it's there and what it does.
version 12.3
This defines which version the configuration was taken from. So we know that the configuration was built under IOS 12.3.
no parser cache
The parser cache aims to make devices run more quickly by remembering what to do when given certain commands. If you're running a large configuration file, then it might make sense to use this - where large configurations have perhaps hundreds of circuits (ie not this case).
no service pad
PAD stands for Packet Assembler/Disassembler, and is pretty much only seen in x.25 networks. The PAD stores data until a device has the capability/resources to process it, and also sits between a DCE/DTE device to assemble/disassemble packets.
service tcp-keepalives-in
This generates keepalive packets on incoming network connections, ensuring that the connection is always up.
service timestamps debug datetime localtime
This says that any debugging messages should be given the localtime timestamp. Localtime is that timestamp relative to the local time zone.
service timestamps log datetime localtime
This does the same thing as above, but instead shows that it needs to be applied to system logging (aka syslog) messages.
service password-encryption
This allows encrypted passwords to be used in the configuration.
service sequence numbers
This puts sequence numbers on system logged (syslog) messages.
hostname
boot-start-marker
logging userinfo
logging buffered 32000 informational
logging console informational
logging monitor informational
enable secret 5
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
This defines the hostname and is typically used in logging and for the command prompt when connected to the console.
boot system flash:c837-k9o3sy6-mz.123-11.T10.bin
boot-end-marker
This section defines what should happen at boot. We're defining the IOS file here, so you should check where your file is being booted from (typically flash) and also the filename.
Adding this means that the system will log when a user accesses the privileged level.
This sends all logged messages to a buffer internal to the device. It's worth noting that although these are logged, they're lost in the event of power loss or reboot.
This defines what level of messages should be relayed to the console. In this case, all messages up to and including the level of informational are displayed on the console.
In the same way as the logging console command above, this defines what level of logging is sent to the terminal (monitor) lines. Again, any messages up to and including informational are sent to the terminal lines.
This is the password used to access the privileged level of the device.
This defines the timezone of the unit, and is used for the timestamp of logs.