Category Archives: Cisco

Basic Cisco Router Configuration

This entry will show a basic working configuration for a Cisco router. This configuration is from a Cisco 1841 running IOS 12.4(3h). The complete configuration is at the bottom of this post. The configuration uses DHCP on the WAN interface so the router will obtain an IP address from the ISP. The configuration uses NAT/PAT to allow multiple computer and devices to get online. The router will act as a DHCP server for the LAN.

DHCP For LAN

ip dhcp excluded-address 192.168.70.1 192.168.70.99
ip dhcp excluded-address 192.168.70.110 192.168.70.254
!
ip dhcp pool LAN
   network 192.168.70.0 255.255.255.0
   dns-server 8.26.56.26 8.8.8.8
   default-router 192.168.70.1
   lease 8


FastEthernet0/1 is setup as our LAN interface and has the IP address 192.168.70.1. Here we are enabling DHCP for the 192.168.70.0/24 network. The router will now hand out all IP addresses on that network. Up above we exclude 192.168.70.1 through 192.168.70.99. Then we exclude 192.168.70.110 through 192.168.70.254. This limits our IP pool to 10 IP addresses: 192.168.70.100 through 192.168.70.109. The DHCP server will provide 8.26.56.26 and 8.8.8.8 as two DNS servers for the client to use. 192.168.70.1 is provided as the default gateway. lease 8 specifies that the lease lasts for 8 days. If you omit that it will default to 1 day. lease is specified in day hour minute. If you want the lease to last for 8 hours and 30 minutes you would do:

stupiderror(dhcp-config)#lease 0 8 30

PAT Configuration
Cisco calls this PAT (port address translation) pretty much everyone else refers to it as NAT (network address translation). This configuration will replace any LAN IP address that is going to the Internet with the IP address on FastEthernet0/0, which is acting as our WAN interface.

interface FastEthernet0/0
 description WAN Interface
 ip address dhcp
 ip nat outside
!
interface FastEthernet0/1
 description LAN Interface
 ip address 192.168.70.1 255.255.255.0
 ip nat inside
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.70.0 0.0.0.255


On FastEthernet0/0 we have the command ip nat outside specifying it as the outside interface. On FastEthernet0/1 we have a similar command that specifies inside. We also have an access list that permits 192.168.70.0/24. Those three commands won’t do anything on their own. ip nat inside source list 1 interface FastEthernet0/0 overload is what ties everything together. This says on the inside interface apply source access-list 1 and overload it on interface FastEthernet0/0. We need to overload it because we can have up to 254 hosts on the LAN and we only have one IP address on the WAN (FastEthernet0/0). If a host were to get on the network that had an IP address outside of 192.168.70.0/24 and was somehow able to reach FastEthernet0/1 (would pretty much require a secondary IP address on the interface) the access-list would prevent it from being translated if it were to exit FastEthernet0/0.

Configuration

stupiderror#sh run
Building configuration...

*Feb 21 14:35:18.419: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1439 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname stupiderror
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$4D28$g74YPSLPm4lhTQR2Iuy01.
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.70.1 192.168.70.99
ip dhcp excluded-address 192.168.70.110 192.168.70.254
!
ip dhcp pool LAN
   network 192.168.70.0 255.255.255.0
   dns-server 64.7.11.2 8.8.8.8
   default-router 192.168.70.1
   lease 8
!
!
no ip domain lookup
ip domain name example.net
ip ssh version 2
!
!
!
!
username stupiderror privilege 15 secret 5 $1$BG7S$BAvySovWUZ4k58nfOKXSu9
!
!
!
!
!
interface FastEthernet0/0
 description WAN Interface
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description LAN Interface
 ip address 192.168.70.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
!
interface Serial0/1/0
 no ip address
 shutdown
!
ip classless
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.70.0 0.0.0.255
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
end

Cisco Password Recovery

This entry shows how to reset the password on a Cisco router. We are doing this on a Cisco 1841. This will require taking the device down but the configuration will not be lost.

Console Connection
First we need to connect our computer to the console port on the Cisco router using a Cisco console cable or rollover cable. If your computer doesn’t have a serial port you will need a USB to DB9 serial adapter. We will be using an adapter made by Pluggable. This uses a prolific chipset which will allow us to send the break sequence we will need soon.
If you are using windows you can use a program like putty to make the serial connection. In the *nix world minicom works well.
You will need to specify the com port to use such as COM3
Speed: 9600
Data bits: 8
Stop bits: 1
Parity: None
Flow control: None
Make your connection to the router now.

Boot To ROMMON
We will show two ways to do this.
First we will get to rommon by sending the break sequence.
Power cycle the router and press break in your console session as soon as text starts to scroll.
Note: On a Lenovo Thinkpad T430 you press FN + B for break.
You should see this:

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c1841 platform with 262144 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

Readonly ROMMON initialized
rommon 1 >

If you can't send the break key to get to rommon then you can try removing the flash. To remove the flash first power the router off. Use the black button to pop the compact flash out. Power the router on and it should boot to the rommon prompt. If you removed the compact flash then you need to power it down after changing the configuration register, do not type reset. Once the router is powered off you can then insert the compact flash and turn it back on.

Now type confreg 0x2141 followed by reset.

rommon 1 > confreg 0x2141
You must reset or power cycle for new config to take effect.
rommon 2 > reset

The router will now reboot

Recover Configuration and Reset Password
When it starts back up you should now see:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:

Choose no. Then you want to enter enable mode and copy the start-up configuration to the running configuration. By going in to rommon and changing the configuration register we prevented the router from loading the startup-config. The router booted and has no configuration loaded. We can now enter enable mode and load the startup-config. At this point the router is up and running with its configuration and we are logged in. We can now change the password and overwrite the existing password which we don't know. Then we just need to restore the configuration register and save our changes.

Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started! 

Router>en
Router#copy start run
Destination filename [running-config]?
1430 bytes copied in 2.756 secs (519 bytes/sec)
stupiderror#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
stupiderror(config)#user stupiderror priv 15 secret 0 stupidpass
stupiderror(config)#enable secret 0 stupidpass
stupiderror(config)#config-reg 0x2102
stupiderror(config)#exit
*Feb 21 15:50:23.991: %SYS-5-CONFIG_I: Configured from console by console
stupiderror#wr mem
Building configuration...
[OK]


At this point the router should be back up and running with a password we now know.