![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
BobSutan
[H]F Junkie
- Joined
- Apr 5, 2000
- Messages
- 12,121
Q: Ive broken my router configuration and I cant access the configuration to change it. I just bought a used router and dont know the password, what can i do?
A: Cisco has a step-by-step Password Recovery guide to recover the password.
Q: Can I purchase a 2501, 2503, 2505, and 2507 as a home router for cable or DSL?
A: Yes and no. These routers only have one Ethernet port; you would need two of these models and a serial cable to do this, or you'd have to use NAT-on-a-stick (see below). Alternatively this can be done using secondary IP addressing and a hub or switch.
Q: Ive made some changes, saved them and now whenever I try to enable I get the following message "% No authentication server running"
A: Youve enable TACACS+, this is a server that authenticates you to access the router configuration mode. The only way to fix it is through the password recovery.
Q: Where can I purchase flash RAM or DRAM for my 2500 so I can use newer a IOS?
A: Ive looked all over the net, some seem like good deals, others are a scam, best place to keep an eye on is auction sites like eBay, and Ive seen a number of good deals in there.
Q: where can I get a newer IOS? Can I get it from a buddys router and install it?
A: Since the IOS is copyrighted, you must either get it direct from Cisco or a Cisco authorized reseller. Again, Ive seen a lot of them for sale on eBay, but these are grey-market at best. You legally cannot copy it from one router to another.
Q: Where can I get a 2500 router for a great deal?
A: Best places Ive seen are auction sites. If you go with an authorized dealer, you will pay for it. Watch a site like eBay, my definition of a good deal is a router with 16mb flash, and 6mb or more of dram, if you can get this for under US$150, its a fair deal.
Q: Are there websites that briefly goes over the different specifications of the different 2500 models?
A: Ciscos own site contains a wealth of information; this link refers to the different 2500 configurations.
Q. How do I setup my new Cisco router if I have a dynamic IP address?
A: This was first introduced in Cisco IOS® software release 12.1(2)T. You will need that IOS or later in order to be able to pull an IP from your ISP.
http://www.cisco.com/warp/public/109/router_behind_cm_19268.shtml
Additionally, if your provider uses PPP or ATM (PPPoA), you will need to use IOS version 12.2(8)T or newer.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cce.html
If your router does not come with the IOS necessary for DHCP, and you plan to aquire it, you will need a router with at least 16MB of Flash RAM to install the newer IOS.
Q. I have NAT working how do I forward ports?
A: ip nat inside source static tcp 192.168.0.5 22 interface Ethernet1 22
This would make a ssh request comming in on ethernet 1 forwarded to port 22 of 192.168.0.5
Q. How do I send the logs from my router to a remote syslog server?
A: Well the syslog server on the remote host needs to be running and willing to accept connections from other hosts, but the commands are:
logging on
logging 192.168.0.12
the 192.168.0.12 would be the ip address or hostname of whatever log server you are sending the logs to.
Q. How do I send the logs from my ACL to this remote host?
A: Simple, just add the word "log" to the end of it..
example:
access-list 102 deny tcp any any eq 31337 log
Q. How do I upgrade my routers IOS 2500?
A: Follow the following steps to upgrade a routers IOS
Step 1
Before you add the new modules, you'll want to backup the IOS and startup-config to a TFTP server. There are plenty of those out there for download.
Download.com TFTP
Cisco's TFTP and Pumpkin seem to be favorites of the guys I've worked with.
Step 2
View Cisco's guide to loading and maintaining system images & Copying an Image from Flash Memory to a TFTP Server
Once you have the TFTP transfers complete, verifiy the files are where they're supposed to be. You don't want to do the upgrade and then find out your IOS didn't make it.
Step 3
Once you've got the above steps done, you'll need to swap the physical modules inside the router. Do that and load up the router. If the new Flash module has and IOS on it, and you choose not to use it, simply configure it for your network and copy the flash and startup-configs back down to the router. It'd also be a good idea to backup the IOS on the new Flash module as well, just in case.
Step 4
If the new Flash module does NOT have an IOS on it, you'll need to get the IOS that you originally saved to the TFTP server. In order to do this you'll need to go through some seemingly unorthodox proceedures utilizing the Boot Image & rommon.
Go to the document http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a008009464c.shtml#download]Download Using the Boot Image and a Trivial File Transfer Protocol (TFTP) Server[/url]
Related information:
Unorthodox procedures (Xmodem & Ymodem for 1600 & 3600 series only)
Configuring Additional File Transfer Functions
How To Copy a System Image from One Device to Another
Flash Upgrade for Cisco 2500
ROMmon Recovery for the Cisco 2500, 3000, AS5100, and uBR900 Series Routers
Cisco TFTP information
Using another router as a TFTP server
Configuring Additional File Transfer Functions
Bootstrap Program
Maintaining the Access Server <--Includes opening the chasis and changing out the SIMMs
Virtual Configuration Register
This goes along with upgrading a routers IOS .
Q. How do I partition the Flash to load large IOS images?
A: You simply have to log into the router and use the command:
Router(config)#partition flash 1 16
where the "1" is the number of partitions you want and the "16" is the size in MB that you want the partiton.
If you get an error like
%Error: Default partitioning cannot be done
You have to log on to your router and make sure that the second flash stick doesnt have an image loaded on it. You can view this by doing the Show Flash command.
If there is an image on the second stick you have to erase it with 'erase flash', it should give you a choice of which partition you wish to erase.
After you erase the second bank go back to the conf term and use the 'part flash 1 16' command, reload and now you should have yourself one large partition.
Q. How do I make a CiscoPro router into a regular Cisco router
A: To be able to load any IOS images newer then 11.2 on a CiscoPro (beige box) you are going to have to update the software license that resides in the router firmware.
Im only going to post this one way to do it. However, there may be easier ways to accomplish this.
Step 1: Get the license upgrade
To do this you need to go to here(you will need to create an account on the cisco page to be able to view the page, its free so no worries) and download the according license upgrade for you series router. Don't worry about that Router Software Loader program they have there, it wont work with those license upgrades they have on the page, dont ask me why, but they wont.
Step 2: Download a TFTP server
After you have the BIN file of the licence update for your router you need you get a TFTP program, a good one is Pumpkin that Bob linked to in his FAQ. And put the image in the according folder for your TFTP server to be able to serve it.
Step 3: Back up current image
Refer to portion of the FAQ for backing up your current IOS if you wish to reload it when you are finished.
Note: I do not know if CiscoPro images will work once you update the licensing for the router, so to be on the safe side I would have a new regular IOS (non-pro) on hand that you wish to load.
Step 4: Tell the router to boot from the BootROM
Start a console session with your router and reboot it.
During the boot press ctrl+break to break the boot sequence.
You will come to a ">" prompt, type the fallowing:
>o/r 0x2101 enter
>i enter
Step 5: Load the image to flash
The router will reboot normaly in boot mode, do the fallowing:
enable Enter password
Copy tftp flash Enter all the info, with the flash image name being 'cpa**-up.bin' replaceing the ** with the one you downloaded, answer yes to continue when it tells you that the image may not be for your router
Configure terminal
Config-register 0x2102
Exit
Write memory
Reload
It should tell you at some point that it has been updated to a Cisco Router.
Reload once again for good measure.
Step 6: Load your new IOS
Refer to step 5 but with your IOS image.
After you have your new IOS loaded I found that if you do not have that cpa**-up.bin in flash it gives you an error at boot up(though I dont think it hurt anything) So to do that, enable and then do another copy tftp flash, but the thing this time when it ask you to confirm eraseing the flash press "N" and it will just save the cpa**-up.bin after your IOS image in the flash.
And there you go. You should now have a Cisco router that accepts normal Cisco IOS releases.
Q. How do I add a secondary IP to an Interface?
A. Assuming "ethernet0" is the interface, use the secondary interface command as follows:
router(config)#interface Ethernet0
router(config-if)#ip address 192.168.0.1 255.255.255.0 secondary
You may then route fron the primary IP address to the secondary.
This would allow you to route over a single port to a single ethernet segment.
Note that it would be easy to bypass the router by setting devices to the other subnet or spoofing one of the other addresses. Obviously this is not a good idea for security (and other) reasons, but doable.
This is usually used when changing IP addresses in a large installation so that the two subnets can communicate during the changeover, because an existing router can be utilized as a temporary solution.
Q: How do I use a Cisco router for my home Internet connection?
A: There are two main ways to go about this (actually there are several). If you can manage to get two 2501 routers, you can connect them with Router A's Ethernet AUI interface connected to the Cable/DSL TA and Router B's Ethernet AUI interface will connect to your internal switch (where all your hosts connect to--this is the core of your network). The key to making this setup work is the two routers will need to be connected in a Back-to-Back fashion following these steps.
NOTE: IIRC, the Serial interface on these routers is capable of 4Mbit, even though the how-to only shows them as running at 64Kbit. There is some debate as to what the max speed is in a back-to-back configuration, so you may need to play with the speeds to best match your particular setup. Longer DTE-DCE cables have been known to affect the max speed as well.
The other popular method is to get a 2514 which has two Ethenet AUI interfaces. One interface connects to the TA, the other connects to your switch. More often than not for home configurations, you'll need to configure NAT. In order to do this, I suggest you follow these steps. You may also need to enable Easy IP should you recieve an address from your Service Provider via DHCP.
A second option is to have two routers utilize the AUX ports on both routers in a back-to-back fashion. However, this will limit your bandwidth to about 38Kbit. Its really good when playing with unequal costs path balancing or as a backup link.
The last option is for those of you that may have a Cisco router such as a 2501 (only one Ethernet interface). In order to do this you'll need to implement what Cisco calls NAT-on-a-stick.
See here for help with cisco NAT-on-a-stick.
Here's another Cisco link on NOAS.
For more info on how NAT works, visit http://www.cisco.com/warp/public/556/nat-cisco.shtml
If you're just building something to learn IOS you can do it fairly cheap.
Get Cisco 2500 with little RAM/FLASH (they're dirt cheap), expand RAM to maximum by using traditional 16MB 72pin FPM SIMM. You might have to try few different sticks but most of them will work fine on Ciscos. Get new IOS, compress it using mzmaker.exe and upload to your Cisco as usual. Actually you can compress IOS image using regular unix 'compress' command as wel but it'll be a lot larger. It's also possible that your Cisco has ancient old flash and it'll refuse booting compressed images but it's unlikely. Never seen so old on ones I've upgraded including couple CiscoPros.
What you'll get? Run-from-RAM Cisco with brand new IOS that requires only half of flash but twice as much RAM. We all have those 16 MB FPM SIMMs laying around so they're free unlike special Cisco FLASHs modules. You can also upgrade IOS on FLASH without booting from ROM since it'll be in Read-Write mode now. However there's one catch; in Run-from-FLASH mode you'll have separate memory channel to FLASH and RAM. Packets processed by router will go thru RAM channel and program code thru FLASH channel. When running IOS from RAM it'll share same memory channel for then causing slowdown. Since IOS itself is running faster from RAM than FLASH it'll compensate this. Probably you won't notice any change in speed.
Get MZMAKER from here:
http://www.packetattack.com/downloads.html
IOS upgrade is problem unless you can find it cheaply from somewhere. And with cheap IOS upgrade it's most likely outdated.
P.S. You can also boot Ciscos using TFTP server and IOS will be Run-from-RAM then. So these devices are designed to support RAM IOSes. Cisco CCO won't support you if you use compressed images on models that doesn't officially support them but after all we're talking about hobby routers. No sensible provider would use these beasts on new installations. Existing installations are completely different story.
A: Cisco has a step-by-step Password Recovery guide to recover the password.
Q: Can I purchase a 2501, 2503, 2505, and 2507 as a home router for cable or DSL?
A: Yes and no. These routers only have one Ethernet port; you would need two of these models and a serial cable to do this, or you'd have to use NAT-on-a-stick (see below). Alternatively this can be done using secondary IP addressing and a hub or switch.
Q: Ive made some changes, saved them and now whenever I try to enable I get the following message "% No authentication server running"
A: Youve enable TACACS+, this is a server that authenticates you to access the router configuration mode. The only way to fix it is through the password recovery.
Q: Where can I purchase flash RAM or DRAM for my 2500 so I can use newer a IOS?
A: Ive looked all over the net, some seem like good deals, others are a scam, best place to keep an eye on is auction sites like eBay, and Ive seen a number of good deals in there.
Q: where can I get a newer IOS? Can I get it from a buddys router and install it?
A: Since the IOS is copyrighted, you must either get it direct from Cisco or a Cisco authorized reseller. Again, Ive seen a lot of them for sale on eBay, but these are grey-market at best. You legally cannot copy it from one router to another.
Q: Where can I get a 2500 router for a great deal?
A: Best places Ive seen are auction sites. If you go with an authorized dealer, you will pay for it. Watch a site like eBay, my definition of a good deal is a router with 16mb flash, and 6mb or more of dram, if you can get this for under US$150, its a fair deal.
Q: Are there websites that briefly goes over the different specifications of the different 2500 models?
A: Ciscos own site contains a wealth of information; this link refers to the different 2500 configurations.
Q. How do I setup my new Cisco router if I have a dynamic IP address?
A: This was first introduced in Cisco IOS® software release 12.1(2)T. You will need that IOS or later in order to be able to pull an IP from your ISP.
http://www.cisco.com/warp/public/109/router_behind_cm_19268.shtml
Additionally, if your provider uses PPP or ATM (PPPoA), you will need to use IOS version 12.2(8)T or newer.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cce.html
If your router does not come with the IOS necessary for DHCP, and you plan to aquire it, you will need a router with at least 16MB of Flash RAM to install the newer IOS.
Q. I have NAT working how do I forward ports?
A: ip nat inside source static tcp 192.168.0.5 22 interface Ethernet1 22
This would make a ssh request comming in on ethernet 1 forwarded to port 22 of 192.168.0.5
Q. How do I send the logs from my router to a remote syslog server?
A: Well the syslog server on the remote host needs to be running and willing to accept connections from other hosts, but the commands are:
logging on
logging 192.168.0.12
the 192.168.0.12 would be the ip address or hostname of whatever log server you are sending the logs to.
Q. How do I send the logs from my ACL to this remote host?
A: Simple, just add the word "log" to the end of it..
example:
access-list 102 deny tcp any any eq 31337 log
Q. How do I upgrade my routers IOS 2500?
A: Follow the following steps to upgrade a routers IOS
Step 1
Before you add the new modules, you'll want to backup the IOS and startup-config to a TFTP server. There are plenty of those out there for download.
Download.com TFTP
Cisco's TFTP and Pumpkin seem to be favorites of the guys I've worked with.
Step 2
View Cisco's guide to loading and maintaining system images & Copying an Image from Flash Memory to a TFTP Server
Once you have the TFTP transfers complete, verifiy the files are where they're supposed to be. You don't want to do the upgrade and then find out your IOS didn't make it.
Step 3
Once you've got the above steps done, you'll need to swap the physical modules inside the router. Do that and load up the router. If the new Flash module has and IOS on it, and you choose not to use it, simply configure it for your network and copy the flash and startup-configs back down to the router. It'd also be a good idea to backup the IOS on the new Flash module as well, just in case.
Step 4
If the new Flash module does NOT have an IOS on it, you'll need to get the IOS that you originally saved to the TFTP server. In order to do this you'll need to go through some seemingly unorthodox proceedures utilizing the Boot Image & rommon.
Go to the document http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a008009464c.shtml#download]Download Using the Boot Image and a Trivial File Transfer Protocol (TFTP) Server[/url]
Related information:
Unorthodox procedures (Xmodem & Ymodem for 1600 & 3600 series only)
Configuring Additional File Transfer Functions
How To Copy a System Image from One Device to Another
Flash Upgrade for Cisco 2500
ROMmon Recovery for the Cisco 2500, 3000, AS5100, and uBR900 Series Routers
Cisco TFTP information
Using another router as a TFTP server
Configuring Additional File Transfer Functions
Bootstrap Program
Maintaining the Access Server <--Includes opening the chasis and changing out the SIMMs
Virtual Configuration Register
This goes along with upgrading a routers IOS .
Q. How do I partition the Flash to load large IOS images?
A: You simply have to log into the router and use the command:
Router(config)#partition flash 1 16
where the "1" is the number of partitions you want and the "16" is the size in MB that you want the partiton.
If you get an error like
%Error: Default partitioning cannot be done
You have to log on to your router and make sure that the second flash stick doesnt have an image loaded on it. You can view this by doing the Show Flash command.
If there is an image on the second stick you have to erase it with 'erase flash', it should give you a choice of which partition you wish to erase.
After you erase the second bank go back to the conf term and use the 'part flash 1 16' command, reload and now you should have yourself one large partition.
Q. How do I make a CiscoPro router into a regular Cisco router
A: To be able to load any IOS images newer then 11.2 on a CiscoPro (beige box) you are going to have to update the software license that resides in the router firmware.
Im only going to post this one way to do it. However, there may be easier ways to accomplish this.
Step 1: Get the license upgrade
To do this you need to go to here(you will need to create an account on the cisco page to be able to view the page, its free so no worries) and download the according license upgrade for you series router. Don't worry about that Router Software Loader program they have there, it wont work with those license upgrades they have on the page, dont ask me why, but they wont.
Step 2: Download a TFTP server
After you have the BIN file of the licence update for your router you need you get a TFTP program, a good one is Pumpkin that Bob linked to in his FAQ. And put the image in the according folder for your TFTP server to be able to serve it.
Step 3: Back up current image
Refer to portion of the FAQ for backing up your current IOS if you wish to reload it when you are finished.
Note: I do not know if CiscoPro images will work once you update the licensing for the router, so to be on the safe side I would have a new regular IOS (non-pro) on hand that you wish to load.
Step 4: Tell the router to boot from the BootROM
Start a console session with your router and reboot it.
During the boot press ctrl+break to break the boot sequence.
You will come to a ">" prompt, type the fallowing:
>o/r 0x2101 enter
>i enter
Step 5: Load the image to flash
The router will reboot normaly in boot mode, do the fallowing:
enable Enter password
Copy tftp flash Enter all the info, with the flash image name being 'cpa**-up.bin' replaceing the ** with the one you downloaded, answer yes to continue when it tells you that the image may not be for your router
Configure terminal
Config-register 0x2102
Exit
Write memory
Reload
It should tell you at some point that it has been updated to a Cisco Router.
Reload once again for good measure.
Step 6: Load your new IOS
Refer to step 5 but with your IOS image.
After you have your new IOS loaded I found that if you do not have that cpa**-up.bin in flash it gives you an error at boot up(though I dont think it hurt anything) So to do that, enable and then do another copy tftp flash, but the thing this time when it ask you to confirm eraseing the flash press "N" and it will just save the cpa**-up.bin after your IOS image in the flash.
And there you go. You should now have a Cisco router that accepts normal Cisco IOS releases.
Q. How do I add a secondary IP to an Interface?
A. Assuming "ethernet0" is the interface, use the secondary interface command as follows:
router(config)#interface Ethernet0
router(config-if)#ip address 192.168.0.1 255.255.255.0 secondary
You may then route fron the primary IP address to the secondary.
This would allow you to route over a single port to a single ethernet segment.
Note that it would be easy to bypass the router by setting devices to the other subnet or spoofing one of the other addresses. Obviously this is not a good idea for security (and other) reasons, but doable.
This is usually used when changing IP addresses in a large installation so that the two subnets can communicate during the changeover, because an existing router can be utilized as a temporary solution.
Q: How do I use a Cisco router for my home Internet connection?
A: There are two main ways to go about this (actually there are several). If you can manage to get two 2501 routers, you can connect them with Router A's Ethernet AUI interface connected to the Cable/DSL TA and Router B's Ethernet AUI interface will connect to your internal switch (where all your hosts connect to--this is the core of your network). The key to making this setup work is the two routers will need to be connected in a Back-to-Back fashion following these steps.
NOTE: IIRC, the Serial interface on these routers is capable of 4Mbit, even though the how-to only shows them as running at 64Kbit. There is some debate as to what the max speed is in a back-to-back configuration, so you may need to play with the speeds to best match your particular setup. Longer DTE-DCE cables have been known to affect the max speed as well.
The other popular method is to get a 2514 which has two Ethenet AUI interfaces. One interface connects to the TA, the other connects to your switch. More often than not for home configurations, you'll need to configure NAT. In order to do this, I suggest you follow these steps. You may also need to enable Easy IP should you recieve an address from your Service Provider via DHCP.
A second option is to have two routers utilize the AUX ports on both routers in a back-to-back fashion. However, this will limit your bandwidth to about 38Kbit. Its really good when playing with unequal costs path balancing or as a backup link.
The last option is for those of you that may have a Cisco router such as a 2501 (only one Ethernet interface). In order to do this you'll need to implement what Cisco calls NAT-on-a-stick.
See here for help with cisco NAT-on-a-stick.
Here's another Cisco link on NOAS.
For more info on how NAT works, visit http://www.cisco.com/warp/public/556/nat-cisco.shtml
If you're just building something to learn IOS you can do it fairly cheap.
Get Cisco 2500 with little RAM/FLASH (they're dirt cheap), expand RAM to maximum by using traditional 16MB 72pin FPM SIMM. You might have to try few different sticks but most of them will work fine on Ciscos. Get new IOS, compress it using mzmaker.exe and upload to your Cisco as usual. Actually you can compress IOS image using regular unix 'compress' command as wel but it'll be a lot larger. It's also possible that your Cisco has ancient old flash and it'll refuse booting compressed images but it's unlikely. Never seen so old on ones I've upgraded including couple CiscoPros.
What you'll get? Run-from-RAM Cisco with brand new IOS that requires only half of flash but twice as much RAM. We all have those 16 MB FPM SIMMs laying around so they're free unlike special Cisco FLASHs modules. You can also upgrade IOS on FLASH without booting from ROM since it'll be in Read-Write mode now. However there's one catch; in Run-from-FLASH mode you'll have separate memory channel to FLASH and RAM. Packets processed by router will go thru RAM channel and program code thru FLASH channel. When running IOS from RAM it'll share same memory channel for then causing slowdown. Since IOS itself is running faster from RAM than FLASH it'll compensate this. Probably you won't notice any change in speed.
Get MZMAKER from here:
http://www.packetattack.com/downloads.html
IOS upgrade is problem unless you can find it cheaply from somewhere. And with cheap IOS upgrade it's most likely outdated.
P.S. You can also boot Ciscos using TFTP server and IOS will be Run-from-RAM then. So these devices are designed to support RAM IOSes. Cisco CCO won't support you if you use compressed images on models that doesn't officially support them but after all we're talking about hobby routers. No sensible provider would use these beasts on new installations. Existing installations are completely different story.