Cisco ADSL & 1720 router Valid HTML 4.01!

 

Background

When I had my adsl line installed some time ago, I bought a no-name adsl modem/router from a local shop who assured me that even though it was only £35, it was a good, reliable model. Well it wasn't, it would drop the line without any indications why and not reconnect without a hard reset (power cycle). Also it claimed to have BSD based ip filtering in it somewhere, I'm not sure where but I could not find the setup tab on the poorly layed out web based interface, and a scan with nmap resembled a swiss cheese rather than a secure internet facing router. It was not possible to disable telnet access from the internet (adsl) side. All in all, I decided it was time to do it properly.
Several visits to ebay later, I had a Cisco Wic1-adsl card, a 1720 host router and upgraded flash and dram. Eventually I managed to get the IOS upgraded to 12.3.xxx which supports the wic1-adsl card with a c1700-ipbase-mz.123-6c.bin image.
 

Upgrade the Flash & DRAM

Although not strictly necessary for me at the moment, I chose to upgrade the flash and DRAM in the 1720 to support an ipv6 enabled image. As v6 is another complete stack running along side v4, it takes a large extra chunk of flash and ram when running. However at the moment I have not been able to get an ipv6 image. If you are going to upgrade, it is best to copy the flash image and running config if appropriate to an external tftp server in case they are needed again. I'll assume you have a tftp server configured. If not, you need to sort one out now, you will not get far without one.
The listing below shows the copy running-config and flash to tftp commands, you will need to be in enable mode to do this.
1720-adsl#copy running-config tftp:
Address or name of remote host [ ]? 192.168.1.1
Destination filename [1720-adsl-confg]? 
.....
1720-adsl#


1720-adsl#show flash: 
System flash directory:
File  Length   Name/status
  1   7517112  c1700-ipbase-mz.123-6c.bin  
[7517176 bytes used, 9260040 available, 16777216 total]
16384K bytes of processor board System flash (Read/Write)

1720-adsl#copy flash tftp
Source filename [ ]? c1700-ipbase-mz.123-6c.bin
Address or name of remote host [ ]? 192.168.1.1
Destination filename [c1700-ipbase-mz.123-6c.bin]? 
.....
1720-adsl#
Having saved your original ios image and config, you will need to open up the 1720 to replace the flash chip and insert the DRAM simm. Obviously you will not have an image on the new flash chip unless one was already in place, the commands copy tftp flash & copy tftp running-config will copy the other way round, from your tftp server to the router. The ios image will save in flash automatically, but you will have to do a copy running-config startup-config command to save the config after editing it to suit.
See www.cisco.com for instructions on how to install the flash and DRAM safely. (.pdf)
 

Configuring the router & WIC1-adsl card

As usual, Cisco's website is a good starting place for this sort of info, and this config is based on what I read there. Your ISP will have provided some information about your username and password etc. My ISP has supplied me with a static ip address range of 8 addresses, this actually leaves 5 useable addresses, one is reserved as the network address, one as the broadcast address, and the router needs one as well.
From the listing below, it seems the isp uses ip un-numbered from the dslam to the router, and the dialer0 and Fa0 ethernet have the router static ipaddress allocated:-
1720-adsl#show ip interface brief 
Interface               IP-Address   OK? Method Status	Protocol
ATM0                  unassigned   YES NVRAM  up	up      
Dialer0			aa.bb.cc.dd   YES IPCP   	up	up      
FastEthernet0	    aa.bb.cc.dd   YES NVRAM  up		up      
Virtual-Access1   unassigned    YES unset  	up	    up      
Virtual-Access2   unassigned    YES unset  	up	    up      
1720-adsl#
If you are familiar with IOS, the config below will be fairly obvious, if you have used ISDN, the dialer part will seem familiar. The explanation below is somewhat abridged, IOS puts some lines in as defaults, and I will not explain obvious settings anyway...... The config first sets the hostname, and the ATM0 & FastEthernet0 interfaces. The Dialer0 is a virtual interface to hold the ppp config settings for authentication.
Since this is a stub router, the default route for all unknown traffic is the internet, via the adsl interface (ip route 0.0.0.0 0.0.0.0 Dialer0).
As this is an internet facing router, some access security is a good idea, remember it is not going to be behind your firewall. The access-list statements restrict access to the router except from designated addresses. In my case I have chosen to allow requests from the public ipaddress of my firewall, all other requests are denied. The number "23" is arbitrary, I have used 23 as it is the port number used by telnet which is the access protocol used. I do not think ssh is supported by my version of IOS. As a precaution, I have chosen to log each useage of the access-list. This will be used to send information to an internal syslog server. Interesting events such as external access attempts and port scans will be recorded safely on an internal device.
1720-adsl#sh run
Building configuration...

Current configuration : 1459 bytes
!
! No configuration change since last restart
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 1720-adsl
!
boot-start-marker
boot-end-marker
!
enable secret 5 Guess-me-xxxxxxxxxxxxx
!
memory-size iomem 25
clock timezone GMT 0
clock summer-time BST recurring 4 Sun Mar 1:00 4 Sun Oct 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip domain list xxxxx.co.uk
no ip domain lookup
ip domain name xxxxx.co.uk
ip name-server xx.xx.xx.xx
ip name-server yy.yy.yy.yy
no ftp-server write-enable
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 dsl enable-training-log
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 ip address zz.zz.zz.zz 255.255.255.248
 speed auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname guess-me
 ppp chap password 0 guess-me-as-well
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
access-list 23 permit bb.bb.bb.bb log
access-list 23 deny   any log
dialer-list 1 protocol ip permit
!
line con 0
 password top-secret
line aux 0
line vty 0 4
 access-class 23 in
 password top-secret
 login
!
ntp clock-period 17179765
ntp server aa.aa.aa.aa
!
end

1720-adsl# 
 

Configuring the router & WIC1-shdsl card

If you are fortunate enough to have an SDSL or Symmetric Digital Subscriber Line, you probably don't need this guide :-)
The configuration here is based on Cisco's recommendatiions, some of the parameters will need changing to reflect the settings your ISP has given you.
Although I cannot be certain, it appears that the IOS which supports the ADSL WIC card also supports the SHDSL card, or maybe that is vice versa.

version 12.3
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
logging buffered 8192 debugging
no logging console
enable secret 5 trytoguessme
!
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl equipment-type CPE
 dsl operating-mode GSHDSL symmetric annex B
 dsl linerate AUTO
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 ip address aa.bb.cc.dd 255.255.255.224
 speed auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname yourusername@yourisp.com
 ppp chap password 7 guessmeaswell
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
access-list 23 permit ee.ff.gg.hh
access-list 23 deny   any log
dialer-list 1 protocol ip permit
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
 access-class 23 in
 password 7 anotherguess
 login
!
scheduler max-task-time 5000
ntp clock-period 121793462
ntp server 62.232.4.232 
!
end
 

To Do:-

  1. Set up syslog server.
  2. Enable SNMP for traffic graphing and line monitoring.
  3. Web based monitoring status page.
  4. Use spare 10MB/s ethernet port to terminate an ipv6 tunnel when I can source an appropriate IOS image.
Back to Cisco topics