OpenDNS

[stfcinbmth]

Latest

Router#show running-config
Building configuration...

Current configuration : 871 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
!
no aaa new-model
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 hold-queue 100 out
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
ip classless
ip http server
no ip http secure-server
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login
!
scheduler max-task-time 5000
!
end

[jonny72]

Is it still fucked?

[ron dodgers]

aaaaaah I've just emptied me plums of netgeek sperm over me keyboards - too early !!!!

[stfcinbmth]

aaaaaah I've just emptied me plums of netgeek sperm over me keyboards - too early !!!!

@jonny nope I can almost get in now, if I had a compatible browser

[stfcinbmth]

Managed to get into it, Netscape 4.7 did the trick

[Batch]

Look up subnetting if you're bored for an explanation.

I think I'll be OK. Its been a while but my first job was developing ISDN bridge/routers

10.x.x.x. is normally a private class a address. You can of course apply a class c mask if you wish.

Also I'd very much doubt 10.10.10.0 is usable as a host address, its the network address and I think used to be used as a broadcast address by older Unix based systems. Unless of course Cisco have ignored the RFC, which wouldn't be altogether surprising.

[jonny72]

Also I'd very much doubt 10.10.10.0 is usable as a host address, its the network address and I think used to be used as a broadcast address by older Unix based systems. Unless of course Cisco have ignored the RFC, which wouldn't be altogether surprising.

Again, that used to be true but not anymore - updated RFC's were issued 15 years ago. I'm not sure whether they actually get used in practice as it seems to confuse everyone and it can cause problems if the network isn't configured properly.

I'm studying towards my Cisco CCNA certification and it confuses the fuck out of everyone studying for it, primarily as the Cisco course material isn't clear on the subject and they don't clearly state what is expected when it comes to the exam.

[Batch]

Well you learn something new ever day!

edit, are you absolutely sure the network address can be assigned in this case? Its a Class C, so 10.10.10.0 is the network address, which I thought was reserved along with the broadcast 10.10.10.255.

If it were class A then 10.0.0.0 and 10.255.255.255 would be reserved network/broadcast addresses, but 10.0.1.0 (etc) would be fine?

[stfcinbmth]

It seems that I'm up and running

[Sussex]

Hooray!

[stfcinbmth]

Only on the one pc so far, the win 7 doesn't want to connect. Might be something to do with the network showing as public

[jonny72]

Have you made any more changes to the config yet?

I don't think DHCP was set up plus there was only one IP address set up on the ports.

You can change all that shit via the command line, but I'd stick with the web interface for now. Though you might want to then look at the config via the command line to see the effect of the changes - if you're interested in learning more about IOS and router configs. Being a sad techie, learning IOS is cool as its the OS that pretty much runs the entire internet.

Not sure why it would need a specific (old) browser, but the version of IOS it's running is old. Would be worth upgrading it at some point, if you decide to and need some help let me know as whilst installing it is pretty simple, finding the right version for your router ain't so simple.

[stfcinbmth]

Done DHCP etc. Couple of problems, the main one being it's not using the OpenDNS servers even though I specified it in the CRWS ISP setup so there's something wrong there. Also now trying to use the CRWS I get a java applet window constantly checking the "Router model, IOS version and IOS features" with this going you can't change anything in the CRWS
However I can access it using SDM

[stfcinbmth]

Windows 7 pc now up and running, appears the problem was I had set the ip I wanted it to use manually, switched it to dhcp and voila

Latest Running Config

Router#show running-config
Building configuration...

Current configuration : 4003 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
no logging buffered
enable secret 5 $1$Nc78$IGJVT5PjPoa.52GDxFfkg0
!
username Router password 0 xxxxxxxxxx@
username CRWS_Venky privilege 15 password 0 $1$W1fA$o1oSEpa143457876
username CRWS_dheeraj privilege 15 password 0 $1$W1fA$o1oSEpa802771682
username CRWS_Vijay privilege 15 password 0 $1$W1fA$o1oSEpa1362991162
username CRWS_Ritesh privilege 15 password 0 $1$W1fA$o1oSEpa1849835979
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.240.1 192.168.240.129
ip dhcp excluded-address 192.168.240.181 192.168.240.254
ip dhcp excluded-address 192.168.240.125
ip dhcp excluded-address 192.168.240.139
!
ip dhcp pool CLIENT
   import all
   network 192.168.240.0 255.255.255.0
   default-router 192.168.240.125
   lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 description CRWS Generated text. Please do not delete this:192.168.240.125-255.255.255.0
 ip address 192.168.240.125 255.255.255.0 secondary
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
 hold-queue 100 out
!
interface ATM0
 no ip address
 no ip mroute-cache
 atm vc-per-vp 64
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer1
 ip address negotiated
 ip access-group 111 in
 ip nat outside
 ip inspect myfw out
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxxxxxxxxx-dsl
 ppp chap password 0 xxxxxxxxxxx
 ppp pap sent-username xxxxxxxxxxxxdsl password 0 xxxxxxxxxxxxxx
 ppp ipcp dns request
 ppp ipcp wins request
 hold-queue 224 in
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.240.139 12123 interface Dialer1 12123
ip nat inside source static udp 192.168.240.139 12123 interface Dialer1 12123
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
!
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 102 permit ip 192.168.240.0 0.0.0.255 any
access-list 111 permit udp any any eq 12123
access-list 111 permit tcp any any eq 12123
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny   ip any any
dialer-list 1 protocol ip permit
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 login local
 length 0
!
scheduler max-task-time 5000
!
end

Not a clue what those in red are?

[jonny72]

From a quick check it looks like those users get added automatically by CRWS, not sure why or if they get cleaned up.

I can't see any entries in that config for DNS, the following commands *should* do the trick....

this should enable it for the specific DHCP pool....

router>enable
router#configure terminal
router(config)#ip dhcp pool CLIENT
router(config-dhcp)#dns-server x.x.x.x x.x.x.x (up to x6)
router(config-dhcp)#exit
router(config)#ip dns server
router(config)#ip name-server x.x.x.x x.x.x.x (up to x6)

this should enable it globally....

router>enable
router#configure terminal
router(config)#ip dns server
router(config)#ip name-server x.x.x.x x.x.x.x (up to x6)

Check to make sure it works (you'll need to refresh the IP settings on the PC's) before saving the config (see previous commands).