This work is licenced under a Creative Commons Licence.
Below is part of the configuration that I use for my Cisco 877 on be*, with some thoughts and tips following it.
version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname DESIRED_ROUTER_HOSTNAME ! boot-start-marker boot-end-marker ! logging message-counter syslog enable password DESIRED_ENABLE_PASSWORD ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization network default local ! ! aaa session-id common clock timezone London 0 clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00 ! ! dot11 syslog ip source-route ! ! ! ! ip cef ip domain name ROUTER_DOMAIN_NAME no ipv6 cef ! multilink bundle-name authenticated ! ! ! username DESIRED_ROUTER_USERNAME privilege 15 password 0 DESIRED_ROUTER_PASSWORD ! ! ! archive log config hidekeys ! ! ! bridge irb ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive dsl enable-training-log ! interface ATM0.1 point-to-point description Link to Be ip address STATIC_IP NETMASK ip pim sparse-dense-mode ip nat outside ip virtual-reassembly atm route-bridged ip pvc 0/101 oam-pvc manage encapsulation aal5snap ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 no ip address bridge-group 1 ! interface BVI1 description local range ip address 192.168.99.1 255.255.255.0 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 STATIC_IP no ip http server no ip http secure-server ! ! ip nat inside source list 1 interface ATM0.1 overload ! access-list 1 permit 192.168.99.0 0.0.0.255 ! ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 no modem enable line aux 0 line vty 0 4 transport input ssh ! scheduler max-task-time 5000 end
For clarity, I've left my internal network in here, though you may not want to use 192.168.99.0/24 as your own. This config puts the 877 as a gateway at 192.168.99.1, allowing all LAN traffic on 192.168.99.0/24 to access the internet.
If you're unsure what netmask to be using for your config, you can work it out relatively easily. Login to your bebox, and backup your config. This will give you a user.ini file which can be read in any text editor, with your IP address in CIDR format, e.g. 1.2.3.4/28. You can then put this into a netmask calculator and take your results from there.
There is a security flaw with this particular configuration in that it will allow anyone from the internet to login to your router via SSH (provided they provide a correct username/password combination). You probably do not want this, so should adjust your configuration accordingly. All other inbound ports are closed.
Also, when playing around with this setup, I had many hours of hassle with it not working. I gave up for a while, and went back to using the bebox which stopped working very soon afterwards. Turns out that I had damaged the dsl cable, and the 877 was not able to sync while the bebox was (for a while at least).
You also probably want to get NTP working on it to keep the time accurate. This can be done, in configuration mode, by using the command ntp peer IP_ADDRESS_OF_NTP_SERVER. After a few minutes it will have been synced, and can be checked using show clock
SDM
Hi,
With this config are you able to access SDM/http(s) config screens?
Thanks
Afraid not.
I don't think so. I'll be honest though, I've never tried to use them on any piece of cisco kit.
ASA5505
I am on BE Pro and wish to add an ASA 5505 behind the router. It should be possible right?
Of course :-)
Of course :-)