At this point, you're probably looking to expand your internet and Wi-Fi capabilities in your workplace or home office. If so, then working with a Cisco Ethernet router is a great way to get the hands on experience working with networking concepts and the associated technology and equipment. It's also a great skill to have if you're ever looking to expand into information technology.
The benefits of working with a Cisco router is that it's a much more flexible unit, allowing more versatility and customization that the more commonly used Linksys or Netgear routers. Cisco routers also allow for later expansion to your setup if you want to add more units, increase your security and firewall protocols, or start a small business.
The process of configuring a Cisco router can be a bit confusing, especially if you're not already familiar with IOS, Cisco's Internetworking Operating System, or Network Address Translation (NAT), which is the process of assigning IP addresses to your routers so that they can support several devices onto the internet without assigning each device its own unique address to do so. For now, we'll just keep it simple and look at a simplified process of configuring your Ethernet router.
What do you need?
Well, first you need a Cisco router with IOS 12.2 or later. This version has the necessary firewall protections to secure your network. You also need a console cable (also called a rollover cable) and a computer with a DB-9 serial port. If you don't have the port, there are USB-to-serial converters that will suffice. You will also need a HyperTerminal emulation program on your computer to access the IOS commands in the router. Most Windows OS have them included but most can be downloaded, depending on your preferred medium. Apple users use programs like Zterm and Linux users can use Minicom.
1) Connect the computer to the router and start the emulation program. You'll be prompted by a command screen. Type 'Enable' to get executive privilege and follow with 'erase startup-config' to get a blank configuration. If you don't want to write your own configuration, most Cisco devices run on Telnet or SSH, an auto-config program.
2) Identify the ports on the router that you want to connect to. One port connects your WAN (wide access network) device, the other connects the LAN (local access network). Make sure you know the difference since each has their own IP configuration.
3) Now you need to configure the IP addresses. In the HyperTerminal, type 'configure terminal', then: interface <interface name> (to enter the IP address for the LAN interface)
Assign the IP address: ip address <address> <netmask>.
The netmask a 32-bit mask that separates the IP address into subnets and specifies the number of available hosts.
4) Configure the access lists. The access lists allow data packets to travel from node to node through the router. There are two access lists, one for the LAN, the other for the WAN, both are inbound to accept data. There are a series of coded lines that designate the specific path you want the data to travel and it's best to consult a professional or an expert in coded syntax for the proper path lines.
5) You'll want to set up the basic firewall protections by initiating TCP inspection protocols. This ensures that the data that you receive is actually the intended data.
First, set up a TCP SYN timeout threshold to limit the flood of potential attacks:
ip tcp synwait-time 30
This drops any TCP session that doesn't connect within 30 seconds. Now, set up inspection rules for your possible connections (TCP/UDP/ICMP).
ip inspect name <inspection rule name> tdp
ip inspect name <inspection rule name> udp
ip inspect name <inspection rule name> icmp
6) Apply the access lists and inspection rules for the inbound directions for the WAN and the LAN. You can do the same thing in the outbound direction, as well, though there is little chance of you transmitting dangerous packets if you're inbound is properly protected.
7) Following the application process, you'll want to set up NAT to translate the internal IP addresses you assigned to the external Internet.
ip access?list <list name>
permit <ip address> <netmask>
Next, identify the parts that will be participating in the NAT, both the LAN and the WAN, and then the actual NAT statement: 'ip nat inside <list name> interface <WAN router port> overload'
8) By now, you want to make sure that the interfaces aren't in a shutdown state so you run a quick 'no shutdown' check. You do this for each interface individually. When everything looks good, it's time for a test run: 'copy running-config startup-config' saves your work and protects against restarts, power outages and the like. Once this passes, you're done and you've successfully configured your Cisco Ethernet router for your office or home network.