1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Real Life Cisco 877 ADSL, VPN & Wireless Configurations

Discussion in 'General Cisco Certifications' started by craigie, Jul 24, 2010.

  1. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    I have been really busy work wise recently and have seen that more and more people have been taking there ICND1 and ICND2 exams recently.

    One of the things I found hardest when transitioning my knowledge of the CCNA to the practical implementation was the following:

    - ADSL setup
    - Wireless Configuration
    - VPN Configuration
    - Access Lists

    Therefore, I have taken a bit of timeout to put together a couple of real world configurations that I have installed recently. There is a step by step explanation of the most poignant parts, with my notes being in red.

    Cisco 877 ADSL Wireless Router

    This is installed in a Branch Office, the customer uses a Hosted Mail Service, but the same configuration would apply if you use a Smart Host in an Exchange environment.

    I separate out the LAN and Wireless LAN and create VLAN’s for the traffic so if needed in the future, I can apply more granular control.

    Current configuration : 7020 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname <Cisco 877 Wireless>
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    no logging console
    enable secret 5 $1$.Nun$TtKIksU7V2hyGOhLAPfEI0
    !
    aaa new-model
    !
    !
    !
    !
    aaa session-id common
    !
    crypto pki trustpoint TP-self-signed-561390702
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-561390702
    revocation-check none
    rsakeypair TP-self-signed-561390702
    !
    !
    crypto pki certificate chain TP-self-signed-561390702
    certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 35363133 39303730 32301E17 0D303230 33303130 30303830
    325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3536 31333930
    37303230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    B80286CA 15F5B971 582568B5 5BBFD14A CA3B8C58 8141E04E E8557637 48EFCD59
    726D06F8 537CEBCE 891EF10B 7EF332DE B2B4C19A 8CF4AD6B 00D55974 EDC782B8
    63B4EE98 601757CA 8D5F7AE9 18E740EA DB89E9F1 1B231A55 323E48BB E5AC90DB
    B732DA58 6E4F7F25 305D38C9 6E9A1237 33B62747 4A453010 32AB8ABC D3B8A0ED
    02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
    11041B30 19821774 74646570 6F74732E 74746465 706F7473 2E636F2E 756B301F
    0603551D 23041830 16801497 6BBE2B19 E5483052 F516B9D2 08072036 C2AACE30
    1D060355 1D0E0416 0414976B BE2B19E5 483052F5 16B9D208 072036C2 AACE300D
    06092A86 4886F70D 01010405 00038181 0083212E 0F95DFDF F683D743 617D48FB
    8915EEEE F940D32E 28D9A099 61701B5A 7586D9A3 BA9E033D 1A1F1483 64FA161B
    1476D712 A3C9D4BC 345B80B8 C0EFF9CA 05B110EA 2AA4AA71 5C476D04 8ED9F294
    0676AC29 29C2B112 FD52692A FC401078 CB43AD03 211C9F15 3D5A306F 6CF75341
    EDF06FAC 241FD8E6 F2877CF6 EB396B54 96
    quit
    dot11 syslog
    dot11 vlan-name WLAN vlan 2
    !

    Assign SSID, specify the VLAN for the SSID to work on. Authentication open means we are allowing any device to connect (not applying any MAC address filtering), guest mode means that the SSID is being broadcast.

    dot11 ssid <SSID Name>
    vlan 2
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 <Pre Shared Key>
    !
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.2
    ip dhcp excluded-address 192.168.1.121 192.168.1.254
    ip dhcp excluded-address 192.168.0.1 192.168.0.2
    ip dhcp excluded-address 192.168.0.121 192.168.0.254
    !

    Separated out the LAN and Wireless LAN’s DHCP Scope

    ip dhcp pool lan_dhcp
    network 192.168.0.0 255.255.255.0
    dns-server 208.67.222.222 208.67.220.220
    default-router 192.168.0.1
    !
    ip dhcp pool wlan_dhcp
    network 192.168.1.0 255.255.255.0
    dns-server 208.67.222.222 208.67.222.222
    default-router 192.168.1.1
    !
    !
    no ip domain lookup
    ip domain name <Domain Name>
    ip name-server 208.67.222.222
    ip name-server 208.67.220.220
    !
    !
    !
    username admin privilege 15 secret 5 $1$sZ7F$CfLyee9odpCviBecKFBcw.
    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    !
    !

    ADSL Settings

    interface ATM0
    no ip address
    atm vc-per-vp 64
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !

    Using WPA Wireless Encryption method, specifying which VLAN it is for.

    interface Dot11Radio0
    no ip address
    !
    encryption vlan 2 mode ciphers tkip
    !
    ssid <SSID Name>
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !

    Sub Wireless Interface, with Access List LANTraffic being applied and this also the inside for NAT

    interface Dot11Radio0.2
    description WLAN
    encapsulation dot1Q 2
    ip address 192.168.1.1 255.255.255.0
    ip access-group LANTraffic in
    ip nat inside

    ip virtual-reassembly
    no cdp enable
    !

    Ethernet Interfaces, with Access List LANTraffic being applied and this also the inside for NAT

    interface Vlan1
    description LAN
    ip address 192.168.0.1 255.255.255.0
    ip access-group LANTraffic in
    ip nat inside

    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !

    External Interface, with Access List outside-in being applied, also the outside for NAT and this is where you can specify a fixed public IP address.

    interface Dialer1
    ip address negotiated
    ip access-group outside-in in
    ip nat outside

    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer idle-timeout 0
    dialer persistent
    dialer-group 1
    no cdp enable
    ppp authentication pap chap callin
    ppp chap hostname <Broadband User Name>
    ppp chap password 7 <Broadband Password>
    !
    ip forward-protocol nd

    Sends all traffic out the External Interface

    ip route 0.0.0.0 0.0.0.0 Dialer1
    !

    I turn off the GUI interfaces (common this is Cisco!)

    no ip http server
    no ip http secure-server

    Access List NAT is being overloaded on the Dialer 1 (external IP Address) to allow one to many connections from the internal LAN to the internet.

    ip nat inside source list NAT interface Dialer1 overload

    The client only has one Public IP Address due to this we have to specify the individual Port Numbers as well we are NATing to more than one internal IP Address. If I can, I always create a one to one NAT rule then apply an Access List to the Outside Interface to control traffic flow.

    ip nat inside source static tcp 192.168.0.13 5633 <Public IP Address> 5633 extendable
    ip nat inside source static udp 192.168.0.13 5633 <Public IP Address> 5633 extendable
    ip nat inside source static tcp 192.168.0.13 5634 <Public IP Address> 5634 extendable
    ip nat inside source static udp 192.168.0.13 5634 <Public IP Address> 5634 extendable
    ip nat inside source static tcp 192.168.0.115 5800 <Public IP Address> 5800 extendable
    ip nat inside source static tcp 192.168.0.115 5900 <Public IP Address> 5900 extendable
    !

    This Access List controls what LAN traffic is allowed out externally. SMTP, POP3 and IMAP4 are locked down to specific Public IP Address, this is so that if a PC on the internal network gets a malware/virus infection the Public IP Address won’t get blacklisted and the customer’s mail flow won’t be affected. Normally I would only allow the Exchange Server IP Address(s) out, but this is a Hosted Mail Solution so the whole W/LAN needs access.

    ip access-list extended LANTraffic
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq smtp
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq smtp
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq smtp
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq smtp
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq smtp
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq smtp
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq pop3
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq pop3
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq pop3
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq pop3
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq pop3
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq pop3
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq 143
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq 143
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq 143
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq 143
    permit tcp 192.168.0.0 0.0.0.255 host <Public IP Address> eq 143
    permit tcp 192.168.1.0 0.0.0.255 host <Public IP Address> eq 143
    deny tcp any any eq smtp
    deny tcp any any eq pop3
    deny tcp any any eq 143

    This part of the Access List states that only traffic generated from the internal LAN may be allowed back in again, which helps prevent rogue access and spoofing.

    permit ip 192.168.0.0 0.0.0.255 any reflect tcptraffic
    permit ip 192.168.1.0 0.0.0.255 any reflect tcptraffic
    evaluate tcptraffic

    This Access List is stating which LAN IP Addresses are allowed to be NAT’d

    ip access-list extended NAT
    permit ip 192.168.0.0 0.0.0.255 any
    permit ip 192.168.1.0 0.0.0.255 any

    This Access List tells traffic coming in from the internet where to go for certain ports.

    ip access-list extended outside-in
    permit icmp any any
    permit tcp any eq 5633 host 192.168.0.13 eq 5633
    permit udp any eq 5633 host 192.168.0.13 eq 5633
    permit tcp any eq 5634 host 192.168.0.13 eq 5634
    permit udp any eq 5634 host 192.168.0.13 eq 5634
    permit tcp any eq 5800 host 192.168.0.115 eq 5800
    permit tcp any eq 5900 host 192.168.0.115 eq 5900
    permit ip any any
    !
    no cdp run
    !
    !
    !
    control-plane
    !
    banner motd ^C##### No Unauthorised Access #####^C
    !
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    password 7 <Password>
    transport input ssh
    !
    scheduler max-task-time 5000
    end
     
    Last edited: Jul 24, 2010
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
    yusuf likes this.
  2. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Cisco 877 ADSL Router Site To Site VPN

    This is installed in a Branch Office, the customer has a Site to Site VPN configured to the two external Public IP Address (different circuits) so that if Head Office have a failure, this router will automatically failover and use the alternate Public IP Address for the Site to Site VPN.

    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname <Cisco 877>
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5 $1$aJSt$TX8X459MR/fl60d9aQi1N1
    !
    aaa new-model
    !
    !
    !
    !
    aaa session-id common
    !
    crypto pki trustpoint TP-self-signed-2197863876
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2197863876
    revocation-check none
    rsakeypair TP-self-signed-2197863876
    !
    !
    crypto pki certificate chain TP-self-signed-2197863876
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32313937 38363338 3736301E 170D3032 30333031 30303036
    35345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31393738
    36333837 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    81009FAF 0C3E7690 BD0A1E86 AFF8BA7F 875F4D4C F3A82307 FD207874 FC7A42F4
    9649DC35 6E6FF92E 3E8C825F BB04A261 6381E527 22E3178C 68E525FA 4C0499DE
    6C329886 8A36E293 4F9C2315 514B8CBD D547721A F1CD221F 2E0B4EFD 1DA7A246
    183C61C5 445999F6 DA9D16C7 AF431F03 C4C93190 E58D332F 4034A9A1 DC659B0B
    1BA30203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
    301F0603 551D2304 18301680 1461D122 32F506B1 8EF06440 95693030 8F70B7B7
    13301D06 03551D0E 04160414 61D12232 F506B18E F0644095 6930308F 70B7B713
    300D0609 2A864886 F70D0101 04050003 81810001 11E70F15 55AD4C45 625E796D
    93C768B8 3C90BFBC 88158010 E642E5F8 983B4624 BD58952B D6065088 9BEECCEA
    A397BFDD C8C82167 F982BFED 6E2AB8D4 63256316 D1B9C03B B3C90B9A 3F2F13C7
    899BFD5B F95910C2 4EA938A1 68FFB469 521F4C2B D30E3203 5C5B7C62 8D14667B
    256AC177 46E2399C 2A55CB72 92B5C591 9C9E58
    quit
    dot11 syslog
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.29.8.1 10.29.8.99
    ip dhcp excluded-address 10.29.8.10
    !
    ip dhcp pool dhcppool
    import all
    network 10.29.8.0 255.255.255.0
    default-router 10.29.8.10
    dns-server 10.29.0.3 10.29.0.201
    update arp
    !
    !
    no ip domain lookup
    ip domain name <Domain Name>
    !
    !
    !
    username admin privilege 15 secret 5 $1$SGdn$ptsJdg2BBECP1zKN1ZGlD1
    !
    !

    This is where we specify the Transform Set (ISAKMP Policy), specifying Phase 1 (which is DES, as they have a poor internet connection and we need to reduce payload for the VPN) and Phase 2 (which is MD5), that we are using a Pre Shared Key and what the Public IP Addresses are that we are connecting to.

    crypto isakmp policy 10
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key <Pre Shared Key> address <Public IP Address> no-xauth
    crypto isakmp key <Pre Shared Key> address <Public IP Address> no-xauth
    !
    !
    crypto ipsec transform-set <Transform Set Name> esp-des esp-md5-hmac
    !
    crypto map <Map Name> 10 ipsec-isakmp
    set peer <Public IP Address>
    set peer <Public IP Address>
    set transform-set <Transform Set Name>

    This tells the Crypto Map which Access List to use when sending traffic over the VPN

    match address newcastlevpn
    !
    archive
    log config
    hidekeys
    !
    !
    !
    !
    !

    ADSL Settings

    interface ATM0
    no ip address
    no ip mroute-cache
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !

    Ethernet Interfaces, with Access List LANTraffic being applied and this also the inside for NAT

    interface Vlan1
    ip address 10.29.8.10 255.255.255.0
    ip access-group lantraffic in
    ip nat inside

    ip virtual-reassembly
    ip tcp adjust-mss 1452
    hold-queue 100 out
    !

    External Interface, with Access List outside-in being applied, also the outside for NAT and this is where you I have fixed public IP address.

    You need to specify the Crypto Map name so that External Interface knows that it can accept VPN connections.

    interface Dialer0
    ip address <Public IP Adddress> 255.255.255.252
    ip access-group outside-in in
    ip nat outside

    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer idle-timeout 0
    dialer persistent
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname <Broadband User Name>
    ppp chap password 7 <Broadband Password>
    crypto map <Map Name>
    !
    ip forward-protocol nd

    Sends all traffic out the External Interface

    ip route 0.0.0.0 0.0.0.0 Dialer0
    !

    I turn off the GUI interfaces (common this is Cisco!)

    no ip http server
    no ip http secure-server


    Access List NAT is being overloaded on the Dialer 1 (external IP Address) to allow one too many connections from the internal LAN to the internet.

    Also this is where we tell the Access List NAT not to NAT any traffic from our LAN to the external LAN.


    ip nat inside source list NAT interface Dialer0 overload
    !
    ip access-list extended NAT
    deny ip 10.29.8.0 0.0.0.255 10.29.0.0 0.0.0.255
    permit ip 10.29.8.0 0.0.0.255 any

    This part of the Access List states that only traffic generated from the internal LAN may be allowed back in again, which helps prevent rogue access and spoofing.

    ip access-list extended lantraffic
    permit ip 10.29.8.0 0.0.0.255 any reflect tcptraffic
    evaluate tcptraffic

    This Access List tells the Crypto Map which traffic to pass over the Site to Site VPN Tunnel
    ip access-list extended newcastlevpn
    permit ip 10.29.8.0 0.0.0.255 10.29.0.0 0.0.0.255

    This Access List specifies which traffic is allowed in the External Interface.

    ip access-list extended outside-in
    permit icmp any any
    permit ip 10.29.0.0 0.0.0.255 10.29.8.0 0.0.0.255
    permit ip 10.29.8.0 0.0.0.255 any
    permit ip any any
    !
    no cdp run
    !
    !
    !
    control-plane
    !
    !
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    password 7 <Password>
    transport input ssh
    !
    scheduler max-task-time 5000
    end
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    Thanks Craigie, great guide - a while back I attempted to replace one of our 837's with an 877 but for the life of me I couldn't get the VPN tunnel working.

    I'll compare with your config next week and hopefully find out where I was going wrong
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  4. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    How did you get on mate?
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    Sorry bud I still haven't managed to get round to it due to a few other problems taking priority - if not tomorrow I'll try early next week and let you know how I get on.

    Cheers
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  6. cyberdog

    cyberdog Bit Poster

    22
    0
    2
    Hi Craigie,

    Do you have a basic config for an 877W that will just get me connected to my service provider (B.T.Broadband) and the internet. Just to get me started. I can then look into other possibilities with this router.:oops::oops:
     
  7. m1979

    m1979 Bit Poster

    14
    0
    2
    It really pisses me off in CCNA, that they teach you 'real world' things, but forget, that CCNA in 99% will work with 800 series routers...

    Configuration of these devices is a part of CCNP. So stupid! Is it really more important to know how to configure frame relay? dont think so...

    Take a look here
    http://certforums.com/forums/showthread.php?t=19952

    or use google...
     
  8. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Uh... what? Not sure what is the point you're trying to make here...

    Umm... yes, it IS important... particularly so if you are working with Frame Relay in your real-world job. :rolleyes: Just because YOU have never worked with it doesn't mean that others do not.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  9. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    I think the point he is trying to make is that he thinks more CCNA students will come across configuring an 800 series router than configuring Frame Relay.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  10. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Ooookay... so configure an 800-series router. I don't understand why that would be a problem... they work pretty much the same as every other router Cisco has. :blink
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  11. m1979

    m1979 Bit Poster

    14
    0
    2

    Ahahahahaa... come on... Have you seen at least one 8xx Cisco router? This is a layer2+layer3 device, usually with a wireless built-in. It requires much more configuration and applied in a different way, that they teach in CCNA...

    My point is: I uderstand, that Frame Relay is important. The same is with going through all details of OSI model... great... but after that you arrive on site as a CCNA, they give you 800 series router (as it is a device for SMALL companies, so should not require a lot of configurationa and knowledge) and.... CCNA guy has no idea how to configure it to make it work! On CCNA they do not even mention (!!!!!!!!!!!!!) about xDSL interfaces and how to configure 800 series devices...

    In my opinion its stupid
     
  12. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Yes, in fact, I have... and it's really not that much different. Not if you've worked with Cisco devices.

    If you want to learn how to configure wireless, that's what the CCNA Wireless is for.

    So you scoff at old technologies like Frame Relay, and yet you bring up xDSL? :biggrin ahahahahahhahah!

    I stand behind my previous point: configuring an 800-series router is not that much different.

    You say "they give you 800 series router". Okay... YOU might have gotten an 800-series router... but you cannot assume that EVERYONE uses them. They don't... most companies use what they have.

    Then don't certify. Cisco obviously feels that it's not that important to teach the specifics of THAT particular router model.
     
    Last edited: Aug 23, 2010
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  13. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Well why not learn how to configure a 800 series router? Don't see what the big fuss is here. :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  14. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    From what i have seen of along my Cisco studies, is that Cisco dont want to put their eggs all in one basket......
    If they put all of the "popular" topics in the CCNA and missed out some of the fundamentals then the market would get flooded with "paper" CCNA's and it would take the value of the qualification away as they would not know half as much as a CCNA does with the current topics and not many people would go on to do the CCNP either!!

    Although i found it frustrating that some topics were not covered in the CCNA (DSL, Full VPN Config etc) i got on with my studies and BEFORE I got to site, when they sent me to install a 877, i read up on it and played around with the config in my spare time which then enabled me to configure it properly and NOT look like a "CCNA who doesnt know what he's doing"! :D

    The 8xx routers are really not that much different to the ones mentioned in the CCNA!!

    I am now studying the route exam for my CCNP which is keeping me busy and most importantly... Interested! Unlike lower level Microsoft qualifications, the Cisco qualifications actualy feel like they have a bit of substance behind them and if they were any different i think it would be a crying shame!!!! :cry:

    Thanks for listening to my early morning Rant! 8)
    Jon
     
    Last edited: Aug 24, 2010
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  15. m1979

    m1979 Bit Poster

    14
    0
    2
    Ok... will not argue..

    Too late, I am CCNA already ;-)

    But my point is that Cisco created 800 series routers for small/medium size companies and does not prepare to configure them! Do you have to get CCNP to learn it? I will still say, that 8xx routers are very popular and if Cisco decided to introduce these topics into CCNA, it would be very good!

    I know that CCNA prepares very well for general networking, but... well... you know a lot about everything, but you are not able to configure a SMALL OFFICE router??? And pls dont tell me that after CCNA you can do it... you can, but will spend a lot of time inside Cisco docs and online trying to figure out what the hell ATM interface is.

    I prefer MS way: if you are MCSA you know to configure a server for SMALL office, MCSE - big office.

    After CCNA - you know a little about everything, but the truth is that NOONE will allow u to configure FR or OSPF if u are CCNA only, so I would prefer to get some xDSL knowledge instead of details of DR & BDR of OSPF... which I will never ever have a chance to use in a real life as CCNA
     
    Last edited: Aug 25, 2010
  16. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    I can't help but lol at this thread.
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  17. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    How so? Do you not learn how to configure an interface with an IP address? Do you not learn how to configure static routing? RIP? OSPF? EIGRP? Do you not learn how to ping, trace, telnet, SSH? Do you not learn about how to configure ACLs, NAT, DNS, and DHCP? Of course you do.

    But, for the record, Cisco says that the CCNA is for people who work in medium-sized networks... not little-bitty networks. Per their site:

    Cisco Certified Network Associate (CCNA®) validates the ability to install, configure, operate, and troubleshoot medium-size route and switched networks, including implementation and verification of connections to remote sites in a WAN.

    No... the CCNP deals with larger networks, not smaller.

    To learn how to configure an 800-series router, you have pretty much everything you need - and then some! - with the CCNA. Those things that they don't teach you, you can learn on your own, or get them in another course. For example, if you want to learn how to configure wireless, perhaps the CCNA Wireless exam would be helpful.

    But... they already do. :blink It's quite obvious you're on a rant and not listening to what we're saying...

    Absolutely you can do it! Or, at least, you should be able to do it. If you are not, you need to revisit your study methods.

    If you don't know what an ATM interface is, you didn't study hard enough... it's on pages 525-527 of the CCENT/ICND1 book by Cisco Press... right next to all the DSL (pp. 519-523) stuff you're whining about. :rolleyes:

    Umm... that's not "MS way". If you have a small office, you don't really need the MCSA. The MCSA is designed for people with 6 months of experience in a multi-server, multi-site, 250+ user environment. That's not "small".

    Someone has filled your head with a lot of misinformation, and that's unfortunate.

    I disagree. Few companies will allow you to configure FR or OSPF if you are CCNA with no experience whatsoever... but if you have the CCNA and experience, they'll certainly allow you to do so. I was allowed to, and I'm sure others on here were as well.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  18. m1979

    m1979 Bit Poster

    14
    0
    2
    Ok I think this is the problem... Cisco advertises all certificates to be 'real world', so I would expect to put FULL small business router in CCNA!!!

    Well... take a better look at CCNP and you will see, that they teach you in CCNP track how to configure xDSL routers... not in CCNA !

    You were very lucky... 99% would not allow to do it


    And remember: we are talking about a CCNA person, not like you with 100 other certs, you have already forgotten how it is to be a fresh CCNA??? I remember and I saw that they had not prepared me to work in a real world ;-)
     
    Last edited: Aug 25, 2010
  19. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Nothing prepares you, hence why most members here always promote real world experience as well as IT certification.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  20. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    ^^ This. Nothing truly prepares you for "real world" but the "real world".

    That said... the CCNA contains more than enough for you to configure the 800-series router... assuming you're not just using the GUI-based configuration tool... which, if you're using that, you're already starting out the wrong way.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page

Loading...