Basic Cisco Configuration
Here’s a simple basic introduction to Cisco IOS, and a test configuration, using a router to connect clients to the internet, using overload.
Before you start
Be aware that, in order to configure the terminal, you need to put it in to configure mode. By default, the router will be in user mode. Type in ‘en’ or ‘enable’ at the prompt to get to ‘Privileged Exec’ mode, then type in conf t at the prompt. To load the configuration changes, click ctrl and z. To save the running config to the NVRA M so it will survive a reboot, type
Copy running-config startup config, press enter to accept all warnings and then your configuration is saved.
To view the running configuration type sh config
Sample configuration
Inside network: 192.168.200.0
Router inside address: 192.168.200.1
Outside address: 192.168.1.253
Outside gateway 192.168.1.254
Outside DNS 192.168.1.254
Step 1. Decide on your inside and outside address space.
In this case inside is 192.168.200.0
Outside is 192.168.1.0. DHCP is available but I am going to use a fixed IP.
The WAN interface:
conf t
Router(config)#interface FastEthernet0/0
Router(config-if)#description Outside World
Router(config-if)#ip address 23.42.53.24 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#
ctrl z
If you want to assign the WAN address by DHCP:
ip address dhcp
The LAN interface:
Router(config)#interface Ethernet0
Router(config-if)#description Internal LAN
Router(config-if)#ip address 10.10.10.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#
Step 2 To configure the default gateway, do the following:
Router(config)#ip route 0.0.0.0 0.0.0.0 23.42.53.1
To configure DNS server, you need to be able to enable IP lookup, and then configure the address of the DNS server:
Ip domain-lookup
To configure the address of the DNS servers:
R1(config)# ip dns server
R1(config)# ip domain-lookup
R1(config)# ip name-server 4.2.2.5
R1(config)# ip name-server 4.2.2.6
Step 3: Configure router as DHCP server if desired
R1# configure terminal
R1(config)# service dhcp
R1(config)# ip dhcp pool NET-POOL (Note: This line just names the DHCP pool)
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.1.1
R1(dhcp-config)# dns-server 192.168.1.5 195.170.0.1
R1(dhcp-config)# domain-name Firewall.cx
R1(dhcp-config)# lease 9
The domain-name and lease parameters are not mandatory. By default, the lease time for an IP address is one day, however we can specify any time range we need. For example, if we need to set the lease time for 4 hours and 30 minutes we would use the following command under our DHCP pool:
R1(dhcp-config)# lease 0 4 30
To view IP configuration: sh ip int brief
Step 4 Configure the router to forward packets from the internet. This is known in Cisco parlance as nat overload or PAT
You’ll configure your Cisco router using seven commandsThe first command you’ll execute will tell the router which public IP address you want to use for PAT:
ip nat pool mypool 192.168.1.253 192.168.1.253 prefix 24
This command configures a pool (range) of IP addresses to use for your translation. In this case, we want only one address in our pool, which we will overload. We do this by assigning the same IP address (192.168.1.253) for the start and end of the pool.
The next command will tell your router which IP addresses it is allowed to translate:
access-list 1 permit any
The next command is:
ip nat inside source list 1 pool mypool overload
This command puts the pool definition and the access list together. In other words, it tells the router what will be translated to what. The overload keyword turns this into a PAT configuration. If you left out overload, you would be able to translate only one IP address at a time, so only one client could use the Internet at a time.
Next, you need to tell PAT/NAT what interfaces are the inside network and what interfaces are the outside network. Here’s an example:
interface ethernet 0
ip nat inside
interface serial 0
ip nat outside
Step 5 Configure port forwarding for RDP, web servers, etc.
ip nat inside source static tcp 192.168.69.53 55541 interface Ethernet1 55541
Replace 192.168.69.53 with the actual IP Address of the pc you want the traffic forwarded to. Replace Ethernet1 with the interface on the 1800 that is configured with “ip nat outside”
In this case, an internal host has been configured with a fixed IP of 192.168.200.100 and we are looking to forward port 3389 (RDP)
Ip nat inside source static tcp 192.168.200.100 3389 interface fastethernet0/0 3389
IT Support Blog 