Copyright

Creative Commons License

This work is licenced under a Creative Commons Licence.

User login

Working config for Bethere static IP on a Cisco 877

Below is part of the configuration that I use for my Cisco 877 on be*, with some thoughts and tips following it.


version 12.4                                                                    
no service pad                                                                  
service timestamps debug datetime msec                                          
service timestamps log datetime msec                                            
no service password-encryption                                                  
!                                                                               
hostname DESIRED_ROUTER_HOSTNAME
!                                                                               
boot-start-marker                                                               
boot-end-marker                                                                 
!                                                                               
logging message-counter syslog                                                  
enable password DESIRED_ENABLE_PASSWORD                                                        
!                                                                               
aaa new-model                                                                   
!                                                                               
!                                                                               
aaa authentication login default local                                          
aaa authorization exec default local                                            
aaa authorization network default local                                         
!                                                                               
!                                                                               
aaa session-id common                                                           
clock timezone London 0                                                         
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00             
!                                                                               
!                                                                               
dot11 syslog                                                                    
ip source-route                                                                 
!                                                                               
!                                                                               
!                                                                               
!                                                                               
ip cef                                                                          
ip domain name ROUTER_DOMAIN_NAME                                                  
no ipv6 cef                                                                     
!                                                                               
multilink bundle-name authenticated                                             
!                                                                               
!                                                                               
!                                                                               
username DESIRED_ROUTER_USERNAME privilege 15 password 0 DESIRED_ROUTER_PASSWORD
!                                                                               
!                                                                               
!                                                                               
archive                                                                         
 log config                                                                     
  hidekeys                                                                      
!                                                                               
!                                                                               
!                                                                               
bridge irb                                                                      
!                                                                               
!                                                                               
interface ATM0                                                                  
 no ip address                                                                  
 no ip redirects                                                                
 no ip unreachables                                                             
 no ip proxy-arp                                                                
 no atm ilmi-keepalive                                                          
 dsl enable-training-log                                                        
!                                                                               
interface ATM0.1 point-to-point                                                 
 description Link to Be                                                         
 ip address STATIC_IP NETMASK                                        
 ip pim sparse-dense-mode                                                       
 ip nat outside                                                                 
 ip virtual-reassembly                                                          
 atm route-bridged ip                                                           
 pvc 0/101                                                                      
  oam-pvc manage                                                                
  encapsulation aal5snap                                                        
 !                                                                              
!                                                                               
interface FastEthernet0                                                         
!                                                                               
interface FastEthernet1                                                         
!                                                                               
interface FastEthernet2                                                         
!                                                                               
interface FastEthernet3                                                         
!                                                                               
interface Vlan1                                                                 
 no ip address                                                                  
 bridge-group 1                                                                 
!                                                                               
interface BVI1                                                                  
 description local range                                                        
 ip address 192.168.99.1 255.255.255.0                                          
 ip nat inside                                                                  
 ip virtual-reassembly                                                          
!                                                                               
ip forward-protocol nd                                                          
ip route 0.0.0.0 0.0.0.0 STATIC_IP                                           
no ip http server                                                               
no ip http secure-server                                                        
!                                                                               
!                                                                               
ip nat inside source list 1 interface ATM0.1 overload                           
!                                                                               
access-list 1 permit 192.168.99.0 0.0.0.255                                     
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
control-plane                                                                   
!                                                                               
bridge 1 protocol ieee                                                          
bridge 1 route ip                                                               
!                                                                               
line con 0                                                                      
 no modem enable                                                                
line aux 0                                                                      
line vty 0 4                                                                    
 transport input ssh                                                            
!                                                                               
scheduler max-task-time 5000                                                    
end                                                                             

For clarity, I've left my internal network in here, though you may not want to use 192.168.99.0/24 as your own. This config puts the 877 as a gateway at 192.168.99.1, allowing all LAN traffic on 192.168.99.0/24 to access the internet.

If you're unsure what netmask to be using for your config, you can work it out relatively easily. Login to your bebox, and backup your config. This will give you a user.ini file which can be read in any text editor, with your IP address in CIDR format, e.g. 1.2.3.4/28. You can then put this into a netmask calculator and take your results from there.

There is a security flaw with this particular configuration in that it will allow anyone from the internet to login to your router via SSH (provided they provide a correct username/password combination). You probably do not want this, so should adjust your configuration accordingly. All other inbound ports are closed.

Also, when playing around with this setup, I had many hours of hassle with it not working. I gave up for a while, and went back to using the bebox which stopped working very soon afterwards. Turns out that I had damaged the dsl cable, and the 877 was not able to sync while the bebox was (for a while at least).

You also probably want to get NTP working on it to keep the time accurate. This can be done, in configuration mode, by using the command ntp peer IP_ADDRESS_OF_NTP_SERVER. After a few minutes it will have been synced, and can be checked using show clock

SDM

Hi,

With this config are you able to access SDM/http(s) config screens?

Thanks

Afraid not.

I don't think so. I'll be honest though, I've never tried to use them on any piece of cisco kit.

ASA5505

I am on BE Pro and wish to add an ASA 5505 behind the router. It should be possible right?

Of course :-)

Of course :-)