Hi,
I have been on break for a few months, but now starting to mess around with networking stuff again. I have been waiting on wiring guys to come setup my house with Cat5e, and they finished this last night.
I have a 12 port punch pannel (only using 6 of the ports) installed and in my network closet, I also have a business level cable modem installed in the network closet.
I am thinking of this would be the best setup (please feel free to comment).
[B]Cable modem ===> 891 Cisco IRS router [/B](with 8 build int 8 port switch.)
Then use the 6 of the 8 ports from the switch on my 891 router to go into my punch down pannel and send internet through the house.
ports 1-4 go back to my office. Ports 5-6 go to the living room.
I was going to hook up a linksys router E4200 to port 5 and run wireless off it. I dont know if there is anything special I would need to do on that. I am guessing I would connect to router eithernet port of the linksys E4200. Then use Linksys E4200 to supply wireless to phones, and a couple computers the kids use.
I am running Windows Server 2008 R2, and I use it for DHCP, and DNS as well as have my own Exchange 2010 server. I was going to run these to the two leftover switch ports on the 891 Cisco router; so they supply the DHCP for my network as well as DNS.
(In the past I had sever connected to the linksys E4200 via wireless and it would push the DHCP and DNS to the linksys which pushed it automatically out the Linksys to supply the rest of the nodes in the house with IP addresses. This all pretty much worked automatically so figured it would work same by plugging into the Cisco 891 switch port as its the same idea, which is why I got my house wired I dont want to run my servers wirelessly)
anyway I can connect to my servers from the internet, and I also have web server for testing. This means I need to access different things from the internet. TDP, port 80 for browsing and a few others. So I want it left open some.
However I was wondering if there is some things I need to do for my router to help protect and if this config seems like its ok or if I am missing anything. I have not tested it yet, I am doing this at work as I brought my router in to work to configure it. (I have not been able to setup some of the small things like logging sync yet but I will. my goal is to be able to reach this router from the internet as well as be able to reach my server via windows rdp.)
===========================================
Router#show running-config
Building configuration...
Current configuration : 2157 bytes
!
! Last configuration change at 18:45:57 UTC Tue Jan 15 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 (SomePassword)
!
no aaa new-model
!
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
ip name-server (ISP DNS IP here)
no ipv6 cef
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO891W-AGN-A-K9 sn FTX1423818V
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
ip address xxx.xxx.xxx.xxx 255.255.255.224
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
description This is the LAN facing interface of the router, used as gateway for
PC
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx (My IP's Default Gateway)
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
password 7 (SomePassword)
login
transport input all
!
end
Router#
====================================
The above works from the static IP I assigned my router out to my ISP. I can ping my ISP by IP and after I put in the ISP DNS server I could ping by domain name:
---------------------------------------------------------------------------------------------------
Router#ping www.google.com
Translating "www.google.com"...domain server (ISP DNS IP here) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.227.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/19/24 ms
--------------------------------------------------------------------------------------------------
I can also ping by IP:
---------------------------------------------------------------------------
Router#ping 8.8.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms
Router#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Router#ping 192.168.1.45
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.45, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/12 ms
Router#ping 8.8.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms
------------------------------------------------------------------------------
I am also able to ping my windows server as well as my PC from the router.
------------------------------------------------------------------------------
Router#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Router#ping 192.168.1.45
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.45, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/12 ms
------------------------------------------------------------------------------
And they can ping the vlan of the router.
I was on lunch break and forgot to try and ping the WAN side of the router which I just now thought do I need to setup a routing protocol for that router? should I setup EIGRP ?
I also though it might be an issue with the NAT since the 192.168.1.0 network cannot get ping or open web pages to the internet. However maybe its the routing protocol I need to put in place. However, the directions I used to do this didnt have anything about routing protocol.
here is that web link:
http://xyfon.com/tech-tips/configure-internet-access-cisco-891/
I didnt use DHCP stuff because I have windows server 2008 that does that as is mentioned above.
Any help or ideas is appreciated.
Respectfully,
Brian C.
