msgbartop
msgbarbottom

06 May 12 Cisco 881 IOS Router basic configuration with Dynamic WAN IP

Just finished configuring a Cisco 881 IOS Router with Comcast and Dynamic IP address. Sharing my configuration experience and steps for the Cisco router. Requirement: I just needed the Cisco 881 Router connected to the Comcast modem so that computers connected to the Cisco 881 router can access the network and the Internet.

Picture below shows you the connectivity diagram for my local network.

Keeping the above connectivity requirements I configured the Cisco 881 Router like this, Note: Keep in mind there are other configuration options too, I’m just sharing a very basic level of Cisco 881 configuration with Comcast ISP and Dynamic IP address:

conf t
!
hostname myhomerouter
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100 (This command is used to exclude the IP’s from the DHCP Range)
ip dhcp excluded-address 192.168.1.254 (Excluded this – VLAN 1 IP)
ip dhcp excluded-address 192.168.1.245 (Excluded this – Access Point IP)
!
ip dhcp pool dhcppool (Created DHCP Pool and named it)
import all
network 192.168.1.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.1.254 (VLAN 1 IP)
lease 5 (No really required, just making the lease for 5 days)
!
ip domain name mydomain.local
!
username admin secret mysecret-here (Using the “secret” keywords encrypts the password”)
enable secret mysecret-here
!
crypto key generate rsa modulus 1024 (generating RSA key for SSH access)
!
ip ssh version 2 (This enables SSH version 2.0 in case default is 1.99)
!
int range fa0-3
no shut
spanning-tree portfast
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip nat inside source list inside-nat-pool interface FastEthernet4 overload (This will actually NAT all the IP’s from the “inside-nat-pool” ACL. This uses Ports instead of one to one mapping. Its more like “many to one”. For instance multiple Internal IP addresses get translated to a single IP that is assigned to the WAN Interface or FastEthernet 4 on Cisco 881 Router)
!
!
ip access-list standard rtr_access (This access list will be used for the VTY Line)
permit 192.168.1.0 0.0.0.255
!
ip access-list extended inside-nat-pool (This is for the NAT Overload we did above)
permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
login local (If you have TACACS+, RADIUS or some other external form of authentication use that but since I don’t have it I am just using the local authentication that I defined above locally)
no modem enable
line aux 0
line vty 0 4
transport input ssh (This will only allow access to the router via SSH
access-class rtr_access in (This will only allow networks or hosts that are specified in the ACL to be able to access the router)
login local (If you have TACACS+, RADIUS or some other external form of authentication use that but since I don’t have it I am just using the local authentication that I defined above locally)

You definitely want to focus on adding some access list statements to secure your network and the Cisco 881 router once you are done configuring the basic connectivity

Note: Please keep in mind that this is a very basic configuration example on Cisco 881 Router with Comcast ISP and Dynamic WAN IP, use this as a reference point only. There are other configuration options available to tweak this according to your needs. Remember to always backup your work before you make any changes, always test configurations in the lab and never do anything that you can not undo :).

Tags: , ,

Leave a Comment

WordPress SEO