Cisco Router 800 Series Software Configuration Guide
Have a look at the manual Cisco Router 800 Series Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
3-27 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 3 Configuring Advanced Networks Controlling the DDR ISDN Line Activation UDP broadcasts associated with networks running DHCP relay UDP broadcasts associated with NTP IP broadcasts, including RIP and EIGRP broadcasts The following sections describe how to control these types of traffic. UDP Broadcasts in Windows Networks The “Configuring UDP Broadcasts” section on page 3-23 describes how to configure the router to forward UDP broadcasts. To control monthly costs, you can configure an extended access list so that UDP broadcasts do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols. Configuration of an Extended Access List Starting in global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation. Command Purpose Step 1router# configure terminalEnter global configuration mode. Step 2router(config)# interface bri0Change to interface configuration mode for the WAN interface. Step 3router(config-if)# dialer-group 1Create a dialer list. Step 4router(config-if)# exitReturn to global configuration mode. Step 5router(config)# access-list 100 deny udp any any eq netbios-nmSet NetBIOS name service packets not to activate the ISDN line. Step 6router(config)# access-list 100 deny udp any any eq netbios-dgmSet NetBIOS datagram service packets not to activate the ISDN line.
Chapter 3 Configuring Advanced Networks Controlling the DDR ISDN Line Activation 3-28 Cisco 800 Series Software Configuration Guide 78-5372-06 NoteThis example of an extended access list includes commonly anticipated restrictions. The information in this section is meant to be used as a base from which you can add or delete restrictions as appropriate for your particular network. The extended access list that you create depends on your particular network. UDP Broadcasts in DHCP Relay Environment The “Configuring DHCP Relay” section on page 3-25 describes how to configure the router to forward UDP broadcasts. To control costs, you can configure an extended access list so that UDP broadcasts do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols. Configuration Starting in global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation. Step 7router(config)# access-list 100 permit ip any anyPermit all other IP traffic. Step 8router(config)# dialer-list 1 protocol ip list 100Set IP packets to activate the ISDN line. Command Purpose Command Purpose Step 1router# configure terminalEnter global configuration mode. Step 2router(config)# interface bri0Change to interface configuration mode for the WAN interface. Step 3router(config-if)# dialer-group 1Create a dialer list.
3-29 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 3 Configuring Advanced Networks Controlling the DDR ISDN Line Activation UDP Broadcasts in NTP Environment You can configure an extended access list so that UDP broadcasts associated with NTP do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and can permit or deny specific protocols. Configuration Starting in global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts associated with NTP do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation. Step 4router(config-if)# exitReturn to global configuration mode. Step 5router(config)# access-list 100 deny udp any any eq 135Set location services packets not to activate the ISDN line. Step 6router(config)# access-list 100 permit ip any anyPermit all other IP traffic. Step 7router(config)# dialer-list 1 protocol ip list 100Set IP packets to activate the ISDN line. Command Purpose Command Purpose Step 1router# configure terminalEnter global configuration mode. Step 2router(config)# interface bri0Specify parameters for the WAN interface. Step 3router(config-if)# dialer-group 1Create a dialer list. Step 4router(config-if)# exitReturn to global configuration mode. Step 5router(config)# access-list 100 deny udp any any eq ntpSet NTP packets not to activate the ISDN line.
Chapter 3 Configuring Advanced Networks Controlling the DDR ISDN Line Activation 3-30 Cisco 800 Series Software Configuration Guide 78-5372-06 IP Traffic You can configure an extended access list so that IP broadcasts, including RIP and EIGRP broadcasts, do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols. Configuration Starting in global configuration mode, use the following steps to configure an extended access list so that IP packets do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation. Step 6router(config)# access-list 100 permit ip any anyPermit all other IP traffic. Step 7router(config)# dialer-list 1 protocol ip list 100Specify that extended access list 100 defines which IP packets activate the ISDN line. Command Purpose Command Purpose Step 1router# configure terminalEnter global configuration mode. Step 2router(config)# interface bri0Change to interface configuration mode for the WAN interface. Step 3router(config-if)# dialer-group 1Create a dialer list. Step 4router(config-if)# exitReturn to global configuration mode. Step 5router(config)# access-list 100 deny eigrp any anySet EIGRP packets not to activate the ISDN line. Step 6router(config)# access-list 100 deny udp any any eq ripSet RIP packets not to activate the ISDN line. Step 7router(config)# access-list 100 permit ip any anyAllow other packets to activate the ISDN line.
3-31 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 3 Configuring Advanced Networks Restricting Access to Your Network Restricting Access to Your Network You can restrict access to your network by creating an extended access list. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols. Figure 3-5 and Ta b l e 3 - 5 show an example of a network with restricted access. See Ta b l e 3 - 1 for restrictions on network access. NoteThis network example and extended access list include commonly anticipated restrictions. The information in this section is meant to be used as a base from which you can add or delete restrictions as they relate to your particular network. The extended access list that you create depends on your particular network. Figure 3-5 Restricting Access to IP Network 192.168.1.2 192.168.1.1 10.0.0.1 10.0.0.3 74936 800 192.168.1.3 192.168.1.4 1 2 3 4 5
Chapter 3 Configuring Advanced Networks Restricting Access to Your Network 3-32 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuration of Extended Access List Starting in global configuration mode, use the following steps to set up an extended access list based on the restrictions in Ta b l e 3 - 1. For information on the commands used in this table, refer to the Cisco IOS documentation. Callout Number Description 1SMTP mail server 2We b s e r v e r 3FTP server 4Internet service provider 5DNS server Table 3-1 Restrictions on IP Network-to-Internet Access Access Permitted Access Denied Permit any host on network 192.168.1.0 to access any Internet host.Prevent any Internet host from spoofing any host on the network. (Spoofing is illegally misrepresenting the address of the sender.) Permit the outside Internet Domain Name System (DNS) server to send TCP replies to any host on the network 192.168.1.0.Deny any Internet host from making a remote terminal connection (Telnet) to any host on network. Permit the outside Internet DNS server to send UDP replies to any host on the network 192.168.1.0. Permit any Internet host to access the Simple Mail Transport Protocol (SMTP) mail server 192.168.1.2. Permit any Internet host to access the Web server 192.168.1.3. Permit any Internet host to access the File Transport Protocol (FTP) server with IP address 192.168.1.4.
3-33 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 3 Configuring Advanced Networks Restricting Access to Your Network Command Purpose Step 1router# configure terminalEnter global configuration mode. Step 2router(config)# interface bri0Change to interface configuration mode for the WAN interface. Step 3router(config-if)# dialer-group 1Create a dialer list. Step 4router(config-if)# exitReturn to global configuration mode. Step 5router(config)# access-list 100 permit tcp any 192.168.1.0 0.0.0.255 establishedPermit any host on the specified network to access any Internet host if it has an established connection. Step 6router(config)# access-list 100 deny ip any 192.168.1.0 0.0.0.255 anyPrevent IP spoofing using the specified network. Step 7router(config)# access-list 100 permit tcp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domainPermit the DNS server to send TCP replies to the specified network. Step 8router(config)# access-list 100 permit udp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domainPermit the DNS server to send UDP replies to the specified network. Step 9router(config)# access-list 100 permit tcp any host 192.168.1.2 eq smtpPermit any host to access the mail server through SMTP. Step 10router(config)# access-list 100 permit tcp any host 192.168.1.3 eq wwwPermit any host to access the mail server through HTTP. Step 11router(config)# access-list 100 permit tcp any host 192.168.1.4 eq ftpAllow access to the FTP server from any Internet host through FTP. Step 12router(config)# access-list 100 deny tcp any 192.168.1.0 0.0.0.255 eq telnetRestrict any Internet host from making a Telnet connection to any host on the specified network. Step 13router(config)# interface dialer 1Change to dialer interface configuration mode. Step 14router(config-if)# ip access-group 100 inActivate access list 100.
Chapter 3 Configuring Advanced Networks Restricting Access to Your Network 3-34 Cisco 800 Series Software Configuration Guide 78-5372-06
CHAPTER 4-1 Cisco 800 Series Software Configuration Guide 78-5372-06 4 Network Scenarios This chapter provides sample network scenarios and configurations using Cisco 800 series and Cisco SOHO series routers. This chapter is useful if you are building a new network and want examples of features or configurations. If you already have a network set up and you want to add specific features, see Chapter 7, “Router Feature Configuration.” This chapter includes the following sections: Cisco 827 Router Network Connections, page 4-2 Cisco 837 Router Network Connections, page 4-3 Cisco 831 Router Virtual Private Network Connections, page 4-5 Cisco 836 or Cisco SOHO 96 Network Connection, page 4-6 Internet Access Scenarios, page 4-8 Configuring Dial Backup over the Console Port, page 4-24 Configuring Dial Backup over the ISDN Interface, page 4-24 Configuring the DHCP Server, page 4-56 Voice Scenario, page 4-79 Each scenario in this chapter is described, and a network diagram and configuration network examples are provided as models on which you can pattern your network. The examples cannot, however, anticipate all of your network needs. You can choose not to use features presented in the examples, and you can choose to add or substitute features that better suit your needs.
Chapter 4 Network Scenarios Cisco 827 Router Network Connections 4-2 Cisco 800 Series Software Configuration Guide 78-5372-06 Cisco 827 Router Network Connections Figure 4-1 and Ta b l e 4 - 1 illustrate an example of a network topology employing a Cisco 827 router connecting to the following: Public switched telephone network (PSTN) Corporate intranet Service provider on the Internet Service provider data center Figure 4-1 Cisco 827 Router Network Connections DSLAMCisco 7200 Cisco 827/827-4VCisco 3640 Cisco 6400 Cisco 6400 PSTNCisco MGXCisco 6400ISP POP 74576 ISP POP ISP POP1 2 3 4 5