This is for more general topics about networking and vendors.
Hello, we have a new cisco 2811 with wic-t1-csudsu-v2 card and are trying to configure it for a t1 frame relay line from uunet/mci/verizon. The line has been in place and up & running with an old "router" for sometime(~6yrs), but the old router is starting to have issues so we are replacing it. I just started working here and they want me to get the new cisco setup and ready to replace the old unit. The problem is the person who originally setup this old livingston/pm3 "router" is no longer working here and they cant seem to find the original config info from verizon. We called verizon and got a "ticket number" a day ago, but no info yet from them. I have setup several types of more basic routers and am just starting with some cisco classes, but I am really a cisco newb. The cisco is amazing in all the options it has, but can be a bit overwhelming for a cisco newbie. I have read through quite a bit of cisco docs and whatnot, and searched through the forum and I think I have "converted" the setup info from the old router into the 2811 correctly. I have been able to get several bits of info out of the old router, but it is pretty old and some of the terminology seems abit different, so I was hoping someone could glance over my cisco config and tell me if im even close to converting it correctly!Basically we have a DS1/T1 frame relay line from "verizon", and we are allocated a full class c /24 block of ip addresses. I have attached the info from the old router and the running config from the 2811.
TomI have looked at the information that you posted and I believe that your configuration of the new router is pretty reasonable. I do have one big thing and several small things to mention about it.- it looks like the old router was running RIP and the new router is not. In terms of getting your data forwarded out the static default route that is configured will work ok. But I wonder if your up-stream gateway (Verizon) is using RIP to learn your subnet (verify that it is up and reachable)? If they stop getting RIP updates for your network will they still forward to you>- I do not see any reason why you would need ip forward-protocol nd.- in general I am not fond of configuring privilege level 15 on the vty lines. It means that anyone who gets remote access to the router will automatically be in privilege mode. (of course since the router is doing local authentication and the only user ID configured has privilege 15 specified it means that anyone who can login get privilege level anyway). in general I would prefer to have people login to user level and then have to use the enable password/secret to get to privilege mode. Since I do not know how many people would have access to this router may be it is not a big deal.HTHRick
Hello Rick,Thanks for taking a look!-Yes I was also wondering about the RIP, it worries me a little. I don't know if that was supposed to be there or if it was mis-configured with RIP on in the first place. Wonder if I could do some sniffing and find out if they are trying to get RIP updates since they still haven't got back with us yet??-You know, I missed seeing that "ip forward-protocol nd" myself.. Not sure how it got there and we wouldn't be forwarding network disk datagrams that I know of? I also just noticed "multilink bundle-name authenticated" and I didn't add that either. Wonder if when I opened SDM and accessed the router SDM added them for some reason? We aren't doing any multilink at the moment, guess I will remove those two settings.-On the vty lines & access, probably only 2 or 3 people at most will have access and I was going to add acl's that only allow management from local/trusted sources also, just had not added them yet.Thanks,Tom
TomThe multilink bundle-name authenticated is inserted into the config in some current versions of IOS. It is not something that SDM did (I have seen it on routers on which SDM was removed before the configuration was begus). It is not worth worrying about (and I am not sure whether you could remove it if you tried). I am not sure how the ip forward-protocol nd got there (perhaps SDM) and I believe that you can (and should) remove it.As far as the RIP is concerned, I am not sure how you would sniff it - especially on the Frame Relay/serial interface which is where it really matters. I believe that your best bet is to hope for some clarification from Verizon. Or if you do not get the clarification, then be aware when you put the new router into production that if things break then the first thing that you should do is to enable RIP routing with network statements that include both the serial and the LAN interface.HTHRick
RickI removed the ip forward-protocol. I read through some cisco docs and webpages on cisco commands , and they talk about multlink for ppp bundles, but not how to disable it or why it was on by default.We finally got a contact by verizon today, talked with a tech briefly, he said our basic line settings sounded correct, but that he didn't now why RIP would be on unless it was mistakenly turned on at some point, but that they didn't need it on. He then said he would send us a example config. This is what he sent:-----------------------------------hello Tom.Here's settings & example config for your cisco router.hostname u69xxx-gwno service udp-small-serversno service tcp-small-servers!ip subnet-zeroip classlessip routing!interface FastEthernet 0/0description To Yourlocalnet/Switch/FastEthernetip address XXX.XXX.75.1 255.255.255.0no ip directed broadcastno shutdown!interface Serial 0/0description To UUNET (u69xxx)bandwidth 1536encapsulation frame-relay IETFframe-relay lmi-type ansino ip addressno shutdownno fair-queue!interface Serial 0/0.1 point-to-pointip address YYY.YYY.160.82 255.255.255.252frame-relay interface-dlci 500 IETFbandwidth 1536no shutdown!ip route 0.0.0.0 0.0.0.0 Serial 0/0.1!ip domain-name ALTER.NETip name-server 220.127.116.11 < ====== this is VZB dns server ip ..you can add with your dns server ip / domain if you using your own dns server.Thank you,Verizon Support--------------------------------What are your thoughts about the subnet-zero and classless, and that route without the gateway address we used in the old router? Thanks again for your input!Tom