Cisco: Configure a Cisco ADSL Router with IOS

From ReceptiveIT

Contents 1 Overview 1.1 Enabling Privileged Commands 1.2 Editing Configuration 1.3 Writing Configuration 2 SSH 2.1 Overview 2.2 Enabling SSH 2.3 Troubleshooting 3 Port Forwarding (DNAT)

Overview

Cisco routers use an operating system called IOS, or Internet Operating System. It might seem quite archaic, but it is very stable and flexible.

There are a few things that you need to know about Cisco IOS before you start.

1) When you log into IOS, you do not have access to privileged commands. To access privileged commands, you have to enable them, which may require additional authentication.

2) When you make a configuration change in IOS, it will take effect immediately.

3) When you make a configuration change in IOS, it will not survive a reboot, unless you have asked the Cisco to write the configuration. This is quite handy if you screw up a configuration item and lock yourself out, as you remedy this by simply rebooting the Cisco.

Enabling Privileged Commands

enable

Editing Configuration

configure terminal

Writing Configuration

write terminal
write

SSH

Overview

By default, most Cisco routers will be configurable via telnet. Chances are that whatever operating system you are currently using will have a telnet client, which is quite convenient. Unfortunately, the internet has changed over the years, and telnet, which sends data unencrypted, was designed for a simpler time.

"How can we make telnet secure", I hear you say. Simple, we use SSH (Secure Shell) instead.

Enabling SSH

Before you can enable SSH you need to assign user IDs and passwords. These are just login id's and are required regardless if you use telnet or SSH.

To enable locally administered user IDs, use the following set of configuration commands.

firewall#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
firewall(config)#username admin password secret
firewall(config)#aaa new-model
firewall(config)#aaa authentication login local_auth local
firewall(config)#line vty 0 4
firewall(config-line)#login authentication local_auth
firewall(config-line)#exit
firewall(config)#end
firewall#

Now when you telnet into the device you should see the Username prompt

User Access Verification
Username: admin
Password:
firewall>

To enable the ssh server, use the following set of configuration commands.

firewall#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
firewall(config)#crypto key generate rsa
The name for the keys will be: firewall.domain.local
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take  a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]
firewall(config)#ip ssh time-out 120
firewall(config)#ip ssh authentication-retries 3
firewall(config)#end

Troubleshooting

% Please define a domain-name first. We simply need to define a domain name that the new RSA key will attach itself to. To define a domain name, use the following

firewall(config)#ip domain-name domain.local

Port Forwarding (DNAT)

This example is assuming we want to forward the internet port for SSH (TCP Port 22) to an internal host on the same port number.

To log in as the Admin user;

enable

We want to enter the configuration from the terminal;

conf t

Now for the NAT

ip nat inside source static tcp 192.168.0.1 22 200.0.0.1 22 route-map nonat extendable

Now for the source

e