Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
6
Replies

Swapping a Netopia R5300 with 1751

alexleon
Level 1
Level 1

‎02-11-2004 10:26 PM - edited ‎03-02-2019 01:32 PM

Hello everyone, I am planning to swap out a Netopia R5300 router with a Cisco 1751 router. I am new to Cisco IOS and needed some help by comparing my Netopia router configuration with the new 1751 router config. I started out by using config maker to setup my initial 1751 router and then implemented SDM as I got a burst of confidence. It turn out really nice and learned quite a few things with this exercise. I really liked the security auding features in the SDM.

Can anyone help me out and tell me if my 1751 is configured correctly based on the Netopia R5300 listing, thanks.

Netopia Router R5300

---------------------------------------------------------------

DLCI

- DLCI 16

- Remote address 216.X.6.1

T1 Line Configration

- Line encoding: B8ZS

- Frame Mode: ESF

- Number of DSO channels: 24

- Channel data rate: Nx64K

- Data Link Encapsulation: Frame Relay

- Address Translation: no

- IP Addressing: no

- Local WAN IP Address: 216.X.6.52

- Local WAN IP Mask: 255.255.255.0

- Frame Relay Management Type: ANSI (ANNEX D)

Frame Relay

- LMI Type: ANSI (ANNEX D)

- T391 (polling interval in secs): 10

- N391 (Polls/Full Status Cycles): 6

- N392 (Error threshold): 3

- N393 (Monitored event window): 4

- TX injection management: none

- Maximum TX frame size: 1522

IP Setup

- Ethernet IP address: 216.X.60.97

- Ethernet subnet mask: 255.255.255.240

- Default IP Gateway: 216 X.6.1

- Backup IP Gateway: 0.0.0.0

- Primary Domain Name server: 216.X.0.2

- Secondary Domain Name Server: 216.X.0.3

- Domain Name: ispname.net

- Receive RIP: off

- Transmit RIP: off

CISCO 1751

-------------------------------------------------------------

!

! Last configuration change at 23:29:28 America Wed Feb 4 2004 by alex

! NVRAM config last updated at 23:33:00 America Wed Feb 4 2004 by alex

!

version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname LAADSA

!

logging queue-limit 100

logging buffered 51200 debugging

logging console critical

enable secret xxxxx

!

username alex privilege 15 password xxxxxx

memory-size iomem 20

clock timezone America/New_York -5

clock summer-time America/New_York date Apr 6 2003 2:00 Oct 26 2003 2:00

ip subnet-zero

no ip source-route

!

!

ip name-server 216.X.0.3

ip name-server 216.X.0.2

!

no ip bootp server

ip cef

!

!

!

!

interface Null0

no ip unreachables

!

interface FastEthernet0/0

description $FW_INSIDE$connected to EthernetLAN

ip address 216.X.60.97 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

speed auto

!

interface Serial0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation frame-relay

ip route-cache flow

service-module t1 remote-alarm-enable

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

description $FW_OUTSIDE$connected to Internet

ip address 216.X.6.52 255.255.255.240

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

frame-relay interface-dlci 16 IETF

!

router rip

version 2

passive-interface Serial0/0.1

network 216.X.60.0

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

ip http server

ip http access-class 1

!

!

logging trap debugging

logging 216.X.60.97

access-list 1 remark HTTP Access-class list

access-list 1 remark SDM_ACL Category=1

access-list 1 permit 216.X.60.96 0.0.0.15

access-list 1 deny any

access-list 100 remark VTY Access-class list

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip 216.X.60.96 0.0.0.15 any

access-list 100 deny ip any any

no cdp run

banner login ^CWARNING: Authorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

password xxxx

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

access-class 100 in

privilege level 15

password xxxx

login local

transport input telnet

!

scheduler allocate 4000 1000

scheduler interval 500

end

Labels:
0 Helpful
6 Replies 6

alexleon
Level 1
Level 1

‎02-12-2004 12:43 PM

Can anyone help me out here? I would greatly appreciate it, thanks in advance.

0 Helpful

r.banez
Level 1
Level 1

‎08-25-2004 11:21 PM

Hi!

Any update on your problem?

I'm trying to swap the netopia 4322 with a Cisco 3660.

I have the same config as yours except the IP Address.

I can't seem to make the frame-relay sub-interface to go up. The serial 0/0 in my side is UP/UP but the sub-interface is down/down.

0 Helpful

alexleon
Level 1
Level 1
In response to r.banez

‎08-26-2004 07:11 AM

Well I did not get any replies from this forum but I figured out what I had to do. Here's a config file I am currently using without real IP's so be careful and check lines that need your unique network information.

Config File:

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname YOUR-COMPANY-NAME

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$XjK6$hycGdiMlvJaA01

!

username alex privilege 15 password 7 09196B3A0

memory-size iomem 20

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

no ip source-route

ip cef

!

no ip bootp server

ip domain name YOUR-ISP-NAME.NET

ip name-server x.x.x.x

ip name-server x.x.x.x

no ftp-server write-enable

!

interface Null0

no ip unreachables

!

interface FastEthernet0/0

description $ETH-LAN$$FW_INSIDE$connected to EthernetLAN

ip address 216.X.X.X 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

speed auto

no cdp enable

!

interface Serial0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation frame-relay

ip route-cache flow

no fair-queue

service-module t1 remote-alarm-enable

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

description $FW_OUTSIDE$connected to Internet

ip address X.X.X.X 255.255.255.0

ip access-group 101 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

frame-relay interface-dlci 16 IETF

!

router rip

version 2

passive-interface Serial0/0.1

network X.X.X.0

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 X.X.X.X

ip http server

ip http access-class 1

!

logging trap debugging

logging X.X.X.X

access-list 1 remark HTTP Access-class list

access-list 1 remark ACL Category=1

access-list 1 permit X.X.X.X 0.0.0.15

access-list 1 deny any

access-list 100 remark VTY Access-class list

access-list 100 remark ACL Category=1

access-list 100 permit ip X.X.X.X 0.0.0.15 any

access-list 100 deny ip any any

access-list 101 remark Restrictions

access-list 101 remark ACL Category=1

access-list 101 deny ip 12.129.204.0 0.0.0.255 any

access-list 101 deny ip 12.129.205.0 0.0.0.255 any

access-list 101 remark Deny packets with localhost, broadcast and multicast addresses

access-list 101 deny ip 127.0.0.0 0.255.255.255 any log

access-list 101 deny ip 255.0.0.0 0.255.255.255 any log

access-list 101 deny ip host 0.0.0.0 any

access-list 101 remark Mail Server

access-list 101 permit tcp any host X.X.X.X eq smtp

access-list 101 remark DNS Restrictions

access-list 101 permit tcp any host X.X.X.X eq domain

access-list 101 permit udp any host X.X.X.X eq domain

access-list 101 remark Allow ntp to time server

access-list 101 permit udp any eq ntp host X.X.X.X eq ntp

access-list 101 remark Prevent spoofing. Deny incoming packets that have with internal address

access-list 101 deny ip 216.X.X.0 0.0.0.240 any log

access-list 101 remark More spoofing prevention. Insert ip address of external router interface ip address

access-list 101 deny ip host X.X.X.X any log

access-list 101 permit ip any any

no cdp run

banner login ^CWARNING: Authorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

password 7 08235E4B

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

access-class 100 in

privilege level 15

password 7 02502168

login local

transport input telnet

!

scheduler allocate 4000 1000

scheduler interval 500

!

end

0 Helpful

r.banez
Level 1
Level 1
In response to alexleon

‎08-26-2004 10:35 PM

Hi!

I was looking on your config. It looks the same as the old one. Except for the access-list and the IOS version. Your new config looks like its running on IOS 12.3 atleast while the old one is 12.2 or below.

There are some difference though from my current config. I'll try to redo mine later. I'm nowhere near the routers. I'm waiting for someone to physically transfer the T1 line to the Cisco router. Below is my old config.

Here is the config I used before.

--=== Start Config ====--

interface Serial1/0

no ip address

no ip nat inside

encapsulation frame-relay IETF

frame-relay lmi-type ansi

interface Serial1/0.16 point-to-point

ip address X.X.X.X 255.255.255.0

frame-relay interface-dlci 16

ip route 0.0.0.0 0.0.0.0 X.X.X.X

--== End of config ==--

This is the configuration for most frame-relay on the country where I am now. The difference is that the IETF is placed in the encapsulation and not on the interface-dlci as per your config.

I'll try to make some changes to make it similar to yours.

0 Helpful

r.banez
Level 1
Level 1
In response to r.banez

‎08-27-2004 08:41 AM

My T1 is finally working. Thanks.

What I'm not sure is which part that I need to make it work. I change the all the new settings at the same time. so I can't confirm if its " no ip proxy-arp", "service-module t1 remote-alarm-enable" in the Serial interface or "ip verify unicast reverse-path", "no ip proxy-arp" or "IETF" in the "interface-dlci" in the sub-interface. Or maybe all of the above. :)

I don't have time and money as of the moment to test which part. Its too expensive to dialup internationally to the Aux port of the router. :)

Users are now testing the T1 and the IPSec between the 2 sites. So far its been better than having the Netopia router in-between the T1 internet and the Cisco router. Voice calls are acceptable. While with netopia in between, we can't even make a single call.

Below are my config for the T1 transfer. Hope this helps to anybody that is planning to do the same. :)

--=== Start of Config ===--

interface FastEthernet 0/0

ip address x.x.x.x 255.255.255.0

interface Serial1/0

no ip address

no ip proxy-arp

encapsulation frame-relay

service-module t1 remote-alarm-enable

frame-relay lmi-type ansi

interface Serial1/0.16 point-to-point

ip address x.x.x.x 255.255.255.0

ip verify unicast reverse-path

no ip proxy-arp

frame-relay interface-dlci 16 IETF

ip route 0.0.0.0 0.0.0.0 x.x.x.x

--=== End of Config ===--

0 Helpful

r.banez
Level 1
Level 1
In response to alexleon

‎08-27-2004 12:45 AM

Btw, What module is installed in your 1751 Router? Is it WIC-1DSU-T1 - 1-Port T1/Fractional T1 DSU/CSU WAN Interface Card?

Thanks.

0 Helpful
Customers Also Viewed These Support Documents