Anilrgowda

router>show version
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SY56I-M), Version 12.0(5)T1,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 17-Aug-99 12:52 by cmong
Image text-base: 0x80008088, data-base: 0x807B37B0
ROM: System Bootstrap, Version 12.0(1)XA1, RELEASE SOFTWARE (fc1)
router uptime is 2 days, 1 hour, 45 minutes
System returned to ROM by power-on
System image file is "flash:120-5"
cisco 1720 (MPC860) processor (revision 0x301) with 18432K/2048K
bytes of memory.
Processor board ID JAD98504058 (230041443), with hardware revision 0000
M860 processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
1 Serial network interface(s)
1 Serial(sync/async) network interface(s)
WIC T1-DSU
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
router>

This version of IOS has some security vulnerabilities, but it is fine for lab use. To create another usable interface, then, the best bet we have is to use the AUX port. First, you need to cable it. All you need is a terminal adapter (the beige thing with RJ-45 on one side and DB-9 on the other, marked terminal). You have to use a rollover cable to connect the AUX port on the Cisco to the terminal adapter. The terminal adapter can then plug into a regular DB-9 port on a PC. For more options and detailed explanations, see this article. For us, the regular light blue console cable *was* a rollover cable. Our working router configuration is:

router#show run Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname router ! boot system flash 120-5 no logging console enable password password ! username username password 0 password ! ! ! ! ip subnet-zero no ip domain-lookup ! ! ! cns event-service server ! ! process-max-time 200 ! interface Serial0 no ip address no ip directed-broadcast shutdown ! interface Serial1 no ip address no ip directed-broadcast shutdown ! interface FastEthernet0 ip address 10.50.100.200 255.255.255.0 ip access-group 100 in ip access-group 100 out no ip directed-broadcast ! interface Async5 ip address 10.10.10.10 255.255.255.0 ip access-group 100 in ip access-group 100 out no ip directed-broadcast encapsulation ppp async mode interactive peer default ip address 10.10.10.11 fair-queue 64 16 0 no cdp enable ppp authentication chap ! ip classless ip route 0.0.0.0 0.0.0.0 10.50.100.82 no ip http server ! access-list 100 permit ip any any snmp-server engineID local 00000009020000500F0254CC snmp-server community public RO snmp-server enable traps snmp snmp-server enable traps isdn call-information snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps frame-relay snmp-server enable traps rtr snmp-server enable traps rsvp ! line con 0 exec-timeout 0 0 transport input none line aux 0 password password autoselect during-login autoselect ppp login modem InOut transport input all escape-character NONE stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 password password login ! end router#

Security is wide open on this. We may mess with some of the filters in the future. The SNMP is also not secure. Not only is the config not secure, but the version of IOS is not secure. Read our terms of use. The point of this article is just to get the AUX port to do PPP. For us, the AUX port was interface Async5. We connected an XP box to the PPP interface using the mdmcbx.inf file from this site. There is an excellent write-up on how to do this at the Cisco site here.

The network config we have is:

XP Box (10.10.10.11)<->(noip)Router(10.50.100.200)<->(LAN)<->(.82)GW<->ISP

The hosts on the LAN go through the gateway for everything that isn't on 10.50.100. So, with the above setup, you can't communicate with anything but the router, since anything from 10.10.10 is assumed to come in via .82. What is needed to get this all working correctly is a static route on the default gateway. This is a GNU/Linux box that we have been using for many, many years as a NAT/Firewall box. It is an old Pentium 133. It is extremely secure, since we allow nothing at all. The only access is via the console. About the only thing that could be vulnerable on it is the kernel itself. Anyway, the following command to add the static route is probably specific to GNU/Linux, or at least *NIX:

route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.50.100.200 dev eth0

Eth0 is the interface on the LAN side of this box. All this means is that in the one case where the destination is the 10.10.10 network, send the traffic to 10.50.100.200. This is the Cisco router, so at that point the Cisco will make sure that the traffic gets back to the XP box.

Now, when we look at this with the MRTG monitoring we set up in this article, we see traffic going through the router: