Cable modem configuration in cisco routers.

Router> ena
Router# config t
Router(config)# no logging console ! Suppress console messages
Router(config)# no cdp run ! Disable Cisco discovery protocol
Router(config)# hostname lab-r1
lab-r1(config)# ip domain-name test.net ! Your domain name
lab-r1(config)# int vlan1
lab-r1(config-if)# descr LAN switch ports on inside interface
lab-r1(config-if)# ip address 192.168.1.1 255.255.255.0 ! Private IP address
lab-r1(config-if)# no ip unreachables
lab-r1(config-if)# no ip redirects
lab-r1(config-if)# no ip proxy-arp
lab-r1(config-if)# ip virtual-reassembly
lab-r1(config-if)# no shut
ab-r1(config-if)# int fa4
lab-r1(config-if)# descr WAN interface to ISP using a STATIC IP
lab-r1(config-if)# ip address 66.238.5.254 255.25.255.0 ! Static IP from your ISP
lab-r1(config-if)# duplex auto
lab-r1(config-if)# speed auto
lab-r1(config-if)# no ip unreachables
lab-r1(config-if)# no ip redirects
lab-r1(config-if)# no ip proxy-arp
lab-r1(config-if)# ip virtual-reassembly
lab-r1(config-if)# no shut
lab-r1(config-if)# exit
lab-r1(config)# ip route 0.0.0.0 0.0.0.0 66.238.5.1 ! Provided by ISP (Gateway)
lab-r1(config)# ip name-server 66.238.5.2 66.238.5.3 ! Provided by ISP
lab-r1(config)# enable secret MyPass ! Privileged EXEC mode password
lab-r1(config)# user Admin privilege 15 secret MyPass ! Telnet user name and pass
lab-r1(config)# line vty 0 4 ! Telnet virtual terminal
lab-r1(config-line)# login local
lab-r1(config)# ip access-list extended NAT-ACL
lab-r1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 any ! All local hosts
lab-r1(config-ext-nacl)# exit
lab-r1(config)# ip nat inside source list NAT-ACL interface fa4 overload
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 25 int fa4 25
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 80 int fa4 80
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 443 int fa4 443
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 4125 int fa4 4125
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 1723 int fa4 1723
lab-r1(config)# int vlan1 ! Your LAN switch port
lab-r1(config-if)# ip nat inside
lab-r1(config-if)# int fa4 ! Your WAN port
lab-r1(config-if)# ip nat outside
lab-r1(config-if)# exit
lab-r1(config)# ip inspect name IPFW tcp
lab-r1(config)# ip inspect name IPFW udp
lab-r1(config)# ip inspect name IPFW cuseeme
lab-r1(config)# ip inspect name IPFW ftp
lab-r1(config)# ip inspect name IPFW tftp
lab-r1(config)# ip inspect name IPFW rcmd
lab-r1(config)# ip inspect name IPFW realaudio
lab-r1(config)# ip inspect name IPFW smtp
lab-r1(config)# ip inspect name IPFW h323
lab-r1(config)# ip inspect name IPFW sqlnet
lab-r1(config)# ip inspect name IPFW streamworks
lab-r1(config)# ip inspect name IPFW vdolive
lab-r1(config)# ip inspect name MAIL-FW smtp
lab-r1(config)# int fa4 ! Your WAN interface
lab-r1(config-if)# ip inspect IPFW out ! Apply CBAC to WAN interface out
lab-r1(config-if)# ip inspect MAIL-FW in ! Apply CBAC EIE to WAN interface in
lab-r1(config-if)# exit
lab-r1(config)# ip dhcp pool MYNET
lab-r1(dhcp-config)# network 192.168.1.0 255.255.255.0
lab-r1(dhcp-config)# domain-name geekvenue.net ! Your domain name
lab-r1(dhcp-config)# default-router 192.168.1.1 ! This router's address
lab-r1(dhcp-config)# dns-server 192.168.1.2 ! Your local DNS or ISPs
lab-r1(dhcp-config)# netbios-name-server 192.168.1.2 ! Your WINS (optional)
lab-r1(dhcp-config)# lease 0 2 ! 0 days & 2 hours
lab-r1(dhcp-config)# exit
lab-r1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.25 !Your static IPs
lab-r1(config)# ip access-list extended IPFW-ACL ! Create a named ACL
!Allow Windows Small Business Server Services
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq smtp ! smtp
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq www ! http
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq 443 ! https
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq 4125 ! MS RWW
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq 1723 ! MS PPTP
! Allow Outbound Ping and Traceroute
lab-r1(config-ext-nacl)# permit icmp any any administratively-prohibited
lab-r1(config-ext-nacl)# permit icmp any any echo-reply
lab-r1(config-ext-nacl)# permit icmp any any packet-too-big
lab-r1(config-ext-nacl)# permit icmp any any time-exceeded
lab-r1(config-ext-nacl)# permit icmp any any traceroute
lab-r1(config-ext-nacl)# permit gre any any
lab-r1(config-ext-nacl)# deny ip any any log ! Deny and log ALL traffic
lab-r1(config-ext-nacl)# exit
lab-r1(config)# int fa4 ! WAN interface
lab-r1(config-if)# ip access-group IPFW-ACL in ! ACL on WAN interface
lab-r1(config-if)# exit
lab-r1(config)# ip access-list standard VTY-ACL
lab-r1(config-std-nacl)# permit 192.168.1.0 0.0.0.255 ! All local hosts
lab-r1(config-std-nacl)# exit
lab-r1(config)# line vty 0 4
lab-r1(config-line)# access-class VTY-ACL in
lab-r1(config-line)# login local
lab-r1(config-line)# transport input telnet ssh
lab-r1(config-line)# exit
lab-r1(config)# crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
lab-r1(config)#
lab-r1(config)# service password-encryption
lab-r1(config)# exit
lab-r1# copy run start
Destination filename [startup-config]? {press ENTER}

 by the author.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store