Cisco Router?

Carlosinfl · Dec 13, 2004

Can someone recommend a Cisco router running their IOS for a basic/advance home user?

I do have 2 Linux web servers, 1 mail server, & 3 game servers in my network being fed through a cable driven dynamic IP address.

Thanks for any suggestions.

Boscoh · Dec 13, 2004

The Cisco 8xx series is good. The 17xx series are nice also.

I've never seen pricing on the 8xx series, but the 17xx's are somewhat expensive for a home user.

omega-x · Dec 13, 2004

a cheap 2500 on ebay will do..if you have the time to learn IOS

other than that..just make a linux router with PF or iptables.
does just about the same damned thing

animeguru · Dec 13, 2004

The 2500s are dirt cheap on ebay these days, look for a 2514 that comes with two tranceivers.

If you've got the means, the 2600s aren't too steep either (around $600 or so). Of course, it'd be total overkill, but isn't that what it's all about??

You'll need IOS 12.2 if you're running DHCP on the WAN side.

WesM63 · Dec 13, 2004

Yikes, no need to spend that much!

1605R or 1711

Use ebay, I know you can get the 1605R for under $300 (usually alot less()

NetJunkie · Dec 13, 2004

Skip the router and buy a Cisco PIX 501 firewall. It handles NAT and firewalling FAR FAR better.

XOR != OR · Dec 13, 2004

NetJunkie said:
Skip the router and buy a Cisco PIX 501 firewall. It handles NAT and firewalling FAR FAR better.

Than...what exactly? We had a few 501s. We replaced them with linux firewalls.

They are more functional.

animeguru · Dec 13, 2004

WesM63 said:
Yikes, no need to spend that much!

1605R or 1711

Use ebay, I know you can get the 1605R for under $300 (usually alot less()

?? The 2500s are around $100 on ebay. It's the 2600s that are around $600.

XOR != OR said:
Than...what exactly? We had a few 501s. We replaced them with linux firewalls.

They are more functional.

What distro are you running and for how many users. I'm just starting to really play with Linux and I like to see what others are doing.

NetJunkie · Dec 13, 2004

XOR != OR said:
Than...what exactly? We had a few 501s. We replaced them with linux firewalls.

They are more functional.

He wanted a router for what appeared to be firewall work. The 501 does it better. Want to build one out of Linux go ahead. I don't do that anymore as the 501 works well and doesn't use the power and create the heat of another Linux box.

Plus...I manage PIX at work so config is simple.

IceWindus · Dec 13, 2004

Im growing fonder of SonicWalls the more I work with them, fewer of our clients are willing to shell out the money for PIX or Cisco's these days.

XOR != OR · Dec 13, 2004

NetJunkie said:
He wanted a router for what appeared to be firewall work. The 501 does it better.

How so?

You give me specifics about what he needs, and why a 501 is better for the task.

And I don't buy the bs about power and heat. The 501s get hotter than my little linux boxes. Size, sure, the pixes are smaller. That's about it.

Plus...I manage PIX at work so config is simple.

Sure, to you. And now, sadly, to me as well. But for the rest of the given world, linux firewall configs are far easier ( admittingly, arguable ).

What distro are you running and for how many users. I'm just starting to really play with Linux and I like to see what others are doing.

Distro doesn't matter, although I've been using slack, debian ( bleh ) and RH stuff for 4+ years now. Just recently, I've been using suse for the desktop ( very nice ). For the firewall stuff ( and the like ), it's pretty close to the kernel, so any distro will have what you need.

Im growing fonder of SonicWalls the more I work with them, fewer of our clients are willing to shell out the money for PIX or Cisco's these days.

Nor should they. You can get a 50 user license 501 on ebay for ~300 bucks. Most people have an old system laying around that can be setup as a firewall.

The only reason those pix sell are because of the Cisco name.

-(Xyphox)- · Dec 13, 2004

animeguru said:
The 2500s are dirt cheap on ebay these days, look for a 2514 that comes with two tranceivers.

If you've got the means, the 2600s aren't too steep either (around $600 or so). Of course, it'd be total overkill, but isn't that what it's all about??

You'll need IOS 12.2 if you're running DHCP on the WAN side.

Hehe, get them brand new from cisco at like 3000

I have 2 of them, Great great routers... never buy anything buy cisco
Also should get an Pix Firewall

-(Xyphox)- · Dec 13, 2004

Here's part of my one of my running configs, of course Names of Interfaces i changed
hostname GAD
enable secret *****
interface Serial0/0
description this is the DCE serial interface connected to Anniston's S0/0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.2.1 255.255.255.0 secondary
ip address 192.168.3.1 255.255.255.0 secondary
ip address 192.168.4.1 255.255.255.0 secondary
ip address 192.168.5.1 255.255.255.0 secondary
ip address 192.168.6.1 255.255.255.0 secondary
ip address 192.168.7.1 255.255.255.0 secondary
ip address 192.168.8.1 255.255.255.0 secondary
ip address 192.168.9.1 255.255.255.0 secondary
ip address 192.168.10.1 255.255.255.0 secondary
clock rate 64000
no ip split-horizon
no shutdown
exit
interface Serial0/1
description this is the DCE serial interface connected to Boaz's S0/0
ip address 192.168.101.1 255.255.255.0
ip address 192.168.102.1 255.255.255.0 secondary
ip address 192.168.103.1 255.255.255.0 secondary
ip address 192.168.104.1 255.255.255.0 secondary
ip address 192.168.105.1 255.255.255.0 secondary
ip address 192.168.106.1 255.255.255.0 secondary
ip address 192.168.107.1 255.255.255.0 secondary
ip address 192.168.108.1 255.255.255.0 secondary
ip address 192.168.109.1 255.255.255.0 secondary
ip address 192.168.110.1 255.255.255.0 secondary
clock rate 64000
no ip split-horizon
no shutdown
exit
interface lo 0
ip address 172.16.0.1 255.255.0.0
exit
interface lo 209
ip address 209.0.0.1 255.255.255.0
ip address 209.0.0.254 255.255.255.0 sec
exit
interface lo 62
ip address 62.0.0.1 255.0.0.0
exit
interface lo 198
ip address 198.0.0.1 255.255.255.0
exit
router igrp 1
network 192.168.1.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 2
network 192.168.2.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 3
network 192.168.3.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 4
network 192.168.4.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 5
network 192.168.5.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0

exit
router igrp 6
network 192.168.6.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 7
network 192.168.7.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 8
network 192.168.8.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 9
network 192.168.9.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 10
network 192.168.10.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 101
network 192.168.101.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit

router igrp 102
network 192.168.102.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 103
network 192.168.103.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 104
network 192.168.104.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 105
network 192.168.105.0
network 172.16.0.1
network 209.0.0.0
network 62.0.0.1
network 198.0.0.1
exit
router igrp 106
network 192.168.106.0
network 172.16.0.1
network 209.0.0.0
network 62.0.0.1
network 198.0.0.1
exit
router igrp 107
network 192.168.107.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 108
network 192.168.108.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 109
network 192.168.109.0
network 172.16.0.0

network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 110
network 192.168.110.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
line con 0
login
password*****
exit
line aux 0
login
password *****
exit

WesM63 · Dec 13, 2004

animeguru said:
?? The 2500s are around $100 on ebay. It's the 2600s that are around $600.

Sorry, I just seen the $600. I just checked ebay, you can pickup a 1605R for $150 or less and 1711 for $300.

BobSutan · Dec 13, 2004

XOR != OR said:
Nor should they. You can get a 50 user license 501 on ebay for ~300 bucks. Most people have an old system laying around that can be setup as a firewall.

The only reason those pix sell are because of the Cisco name.

There's more to infrastructure than cost. TCO, support, etc are all things that need to be considered. If the Linux guru who set up the firewall quits, gets fired, goes to jail, whatever, then there goes your business's support for that device. Something bad happens to the PIX? Call TAC, or invoke your service contract and have a rep at your door in a matter of hours--all for the low low price of ......

In all seriousness, for many a business/PHB standpoint, Cisco IS the enterprise. Linux may be nice and perfectly fine for SMB, but I have yet to see a large enterprise/company that is willing to invest the time, money, and risk into something that doesn't have a proven track record, which if you're building the box yourself is exactly what you're gonna get (despite how good your rep may be). After all, one day you WILL be gone and unable to support it (one way or another), but there are tens of thousands of qualified Cisco technicians out there.

shaihulud · Dec 13, 2004

xyphox, why is your dce s0/0 clocks low?

NetJunkie · Dec 13, 2004

XOR != OR said:
How so?

You give me specifics about what he needs, and why a 501 is better for the task.

And I don't buy the bs about power and heat. The 501s get hotter than my little linux boxes. Size, sure, the pixes are smaller. That's about it.Sure, to you. And now, sadly, to me as well. But for the rest of the given world, linux firewall configs are far easier ( admittingly, arguable ).

He asked for a router recommendation, I made another. A PIX is a better firewall than a 1700 router because it has actual stateful firewall inspection. It has better NAT support because it understands a large number of protocols and helps them work via NAT. For info on that look at the "fix up" commands in PIX OS.

Run Linux if you want. I wasn't comparing that. I'm comparing a PIX 501 to the 1700 router he asked about.

-(Xyphox)- · Dec 13, 2004

shaihulud said:
xyphox, why is you dce s0/0 clocks low?

This router does not see the outside world, its one of many we have in our CCNA class i teach. The 64000 just an standard clockrate for the labs

SYN ACK · Dec 14, 2004

that's a lot of multinetting

elguapo · Dec 14, 2004

how dare you recommend a PIX....

he OBVIOUSLY needs a 6509

omega-x · Dec 14, 2004

woo. alot of that makes sense to me.

why all the IGRP settings though?

-(Xyphox)- said:
Here's part of my one of my running configs, of course Names of Interfaces i changed
hostname GAD
enable secret *****
interface Serial0/0
description this is the DCE serial interface connected to Anniston's S0/0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.2.1 255.255.255.0 secondary
ip address 192.168.3.1 255.255.255.0 secondary
ip address 192.168.4.1 255.255.255.0 secondary
ip address 192.168.5.1 255.255.255.0 secondary
ip address 192.168.6.1 255.255.255.0 secondary
ip address 192.168.7.1 255.255.255.0 secondary
ip address 192.168.8.1 255.255.255.0 secondary
ip address 192.168.9.1 255.255.255.0 secondary
ip address 192.168.10.1 255.255.255.0 secondary
clock rate 64000
no ip split-horizon
no shutdown
exit
interface Serial0/1
description this is the DCE serial interface connected to Boaz's S0/0
ip address 192.168.101.1 255.255.255.0
ip address 192.168.102.1 255.255.255.0 secondary
ip address 192.168.103.1 255.255.255.0 secondary
ip address 192.168.104.1 255.255.255.0 secondary
ip address 192.168.105.1 255.255.255.0 secondary
ip address 192.168.106.1 255.255.255.0 secondary
ip address 192.168.107.1 255.255.255.0 secondary
ip address 192.168.108.1 255.255.255.0 secondary
ip address 192.168.109.1 255.255.255.0 secondary
ip address 192.168.110.1 255.255.255.0 secondary
clock rate 64000
no ip split-horizon
no shutdown
exit
interface lo 0
ip address 172.16.0.1 255.255.0.0
exit
interface lo 209
ip address 209.0.0.1 255.255.255.0
ip address 209.0.0.254 255.255.255.0 sec
exit
interface lo 62
ip address 62.0.0.1 255.0.0.0
exit
interface lo 198
ip address 198.0.0.1 255.255.255.0
exit
router igrp 1
network 192.168.1.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 2
network 192.168.2.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 3
network 192.168.3.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 4
network 192.168.4.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 5
network 192.168.5.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0

exit
router igrp 6
network 192.168.6.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 7
network 192.168.7.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 8
network 192.168.8.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 9
network 192.168.9.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 10
network 192.168.10.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 101
network 192.168.101.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit

router igrp 102
network 192.168.102.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 103
network 192.168.103.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 104
network 192.168.104.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 105
network 192.168.105.0
network 172.16.0.1
network 209.0.0.0
network 62.0.0.1
network 198.0.0.1
exit
router igrp 106
network 192.168.106.0
network 172.16.0.1
network 209.0.0.0
network 62.0.0.1
network 198.0.0.1
exit
router igrp 107
network 192.168.107.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 108
network 192.168.108.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 109
network 192.168.109.0
network 172.16.0.0

network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
router igrp 110
network 192.168.110.0
network 172.16.0.0
network 209.0.0.0
network 62.0.0.0
network 198.0.0.0
exit
line con 0
login
password*****
exit
line aux 0
login
password *****
exit

SYN ACK · Dec 14, 2004

i think he's just doing that to simulate.

..although why do that. get a switch that does dot1q and trunk the router<-->switch than port based vlans on the switch and do it that way.

ksanders2006 · Dec 14, 2004

Just one question: Why do you even need a "Cisco router"?

omega-x · Dec 15, 2004

because
"cisco is the epitome of stability and features and support"

but you gotta take a godless amount of training hours to understand it all..

linux you say? viva la linux.

Boscoh · Dec 15, 2004

ksanders2006 said:
Just one question: Why do you even need a "Cisco router"?

Perhaps he wants to learn IOS?

SYN ACK · Dec 21, 2004

omega-x said:
because
"cisco is the epitome of stability and features and support"

but you gotta take a godless amount of training hours to understand it all..

linux you say? viva la linux.

Funny, I didn't know linux could do EIGRP?

hmm

j4zzee · Dec 21, 2004

carloswill said:
Can someone recommend a Cisco router running their IOS for a basic/advance home user?... Thanks for any suggestions.

I am running a Cisco 831 with a IP/FW plus 3DES IOS version... as my gateway and firewall.
Not the cheapest thing, as I had to add flash/memory to hold a larger IOS with SDM and CWS installed... but it has a small footprint, is nice and quiet, and has fairly decent throughput for my home network.. If you go Cisco be sure to purchase a SmartNet contract to take full advantage of Cisco's offerings for your device...

Happy Hopping · Dec 23, 2004

NetJunkie said:
He asked for a router recommendation, I made another. A PIX is a better firewall than a 1700 router because it has actual stateful firewall inspection. It has better NAT support because it understands a large number of protocols and helps them work via NAT. .

For home office usage, who is the best if money is not an issue?

Is it the PIX 501 or the Watchguard SOHO or SMC?

Does PIX 501 do ALL of the following?

allow you to turn/off different ports to the internet.. Most exploits target specific ports or a range of ports.

Isolate/block domains

Allow for an emergency disconnect from the web.

I tend to think w/ firewall, it is more of an appliance box, so the longer that co. been around, the better the R&D.

Cisco Router?

Loves the juice

[H]ard|Gawd

2[H]4U

Needs More Cowbell

2[H]4U

[H]F Junkie

[H]F Junkie

Needs More Cowbell

[H]F Junkie

n00b

[H]F Junkie

Supreme [H]ardness

Supreme [H]ardness

2[H]4U

[H]F Junkie

Gawd

[H]F Junkie

Supreme [H]ardness

[H]ard|Gawd

Limp Gawd

2[H]4U

[H]ard|Gawd

Limp Gawd

2[H]4U

[H]ard|Gawd

[H]ard|Gawd

Limp Gawd

Supreme [H]ardness