Page All: Viewing All Pages
Page 1
Intro:
Many readers are like me and want to see what Cisco's Internetwork Operating System (IOS) can do and how powerful it is. There are a plethora of guides on the internet to do many useful functions with a router and a later version of IOS, but none that are easy to follow and give step by step instructions on how to do basic setups such as a home router. I am sure many of you have an inexpensive router sitting in your homes doing all the routing for your network. I think it is time to upgrade to a bit more expensive router than can do the job of that and more.
Stop Right There:
Do not bother to buy a Cisco router if you do not plan on learning IOS. This is the only reason I purchased mine. There is no benefit to owning a Cisco router (except bragging rights, I guess) over a SOHO based router. The SOHO router is cheaper and is much easier to setup. If you do not want to spend time configuring a router, do not purchase one.
Just The Config:
In searching for guides while trying to setup my personal 2612, all I wanted was the config output so I could input the commands. Without further ado, here is the basic home router config file. It gets its address from DHCP on the internet side and acts as a DHCP server on the LAN side using port address translation.
Simple.
What You Need:
There are a few parts you need to configure a Cisco router. The first is a Cisco router. It should be one that is running an up to date version of IOS. 12.2 or higher would be fine to use. If you do not have this version of IOS, you will need to acquire an image and load it into your router. This is beyond the scope of this article, but there are many guides on how to do this elsewhere. You also will need a RJ45 to serial cable. What? Instead of making a serial port on the back of the router, it is a plain RJ45 port that needs to be adapted to serial. You can get these cables at many places or make your own. Did I mention you need a computer with a serial port? Yes, not many new computers have them today. I did notice some new routers that have USB on them as well. Lastly, you will need a power cord to power your router. All the other networking equipment is gravy.
Step By Step:
Now that you have the configuration you need, we can go through how to setup your router step by step. I will explain each command as I go. The first thing you will need to do is setup the router all by itself. Make sure you are near a computer that has a serial port and open up a terminal session using something like HyperTerminal if you are on Windows. Setup the port settings to 9600bps, 8 data, no flow control, 1 stop bit, and no parity (9600 8-N-1). Now plug in the RJ45 to serial cable into your serial port and the console port on the router. Turn on the router. You will be greeted by something that looks like this...
Eventually you will be looking at something that says "Press RETURN to get started!" or the end of the boot up process. It is at this point you can press return a few times to bring up a prompt and now we can get started
Step 1: Erase Your Configuration
My router had some things setup in it that were plaguing me and I could not resolve the issue. It is better to start with a fresh router. To do this, issue the "write erase" command at a configuration terminal. How do you get there? If you have a fresh router, this is good practice. First thing you will notice when you have a prompt is what type of prompt is it?
There are two types.
Routerhostname> - This is the unenabled prompt that is for user functions. It is basically useless beyond some minor things.
Routerhostname# - This is the 'root' prompt that you will be able to use. To get to this from the other prompt, type "enable".
If you are at routerhostname>, type "enable" to get to the enable prompt. Now that you are in the root mode prompt, to actually configure the router, you need to enter the configure terminal mode. To do this, you enter 'configure terminal' or 'conf t' at the enable prompt. Most IOS functions can be shortened. This will bring you to the config prompt.
Routerhostname(config)#
How?
You can get out of the config prompt by pressing control+z or by typing "exit" and then pressing enter. We are getting ahead of ourselves. To erase the configuration of the router, you only need to be at the enable prompt. To do this, type "write erase" at the prompt. After this is done, do a reload on the router to reboot.
See, that was not so bad. Now you have the basic feel for IOS and I can get down to business.
Step 2: No Service Config
You might be getting messages such as these...
If this is happening, you should disable the configuration service by typing 'no service config' at a configuration prompt. How do you do this?
I went to the enable prompt and then entered the terminal configuration mode. I type 'no service config' and then I exited the config prompt by typing 'exit'. The last line is to commit the changes to memory. You can use 'write mem' at an enable prompt or the current command of 'copy running-config startup-config' tells you what you are actually doing. When you make a change to the configuration you are changing the running config. You need to commit these changes to memory or else when the router reloads, you will lose your changes. Sometimes this is good when you screw something up. When you are done with above, issue another 'reload' command at the enable prompt.
Intro:
Many readers are like me and want to see what Cisco's Internetwork Operating System (IOS) can do and how powerful it is. There are a plethora of guides on the internet to do many useful functions with a router and a later version of IOS, but none that are easy to follow and give step by step instructions on how to do basic setups such as a home router. I am sure many of you have an inexpensive router sitting in your homes doing all the routing for your network. I think it is time to upgrade to a bit more expensive router than can do the job of that and more.
Stop Right There:
Do not bother to buy a Cisco router if you do not plan on learning IOS. This is the only reason I purchased mine. There is no benefit to owning a Cisco router (except bragging rights, I guess) over a SOHO based router. The SOHO router is cheaper and is much easier to setup. If you do not want to spend time configuring a router, do not purchase one.
Just The Config:
In searching for guides while trying to setup my personal 2612, all I wanted was the config output so I could input the commands. Without further ado, here is the basic home router config file. It gets its address from DHCP on the internet side and acts as a DHCP server on the LAN side using port address translation.
Code
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname aserouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxx
!
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool LAN
import all
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1
!
!
!
!
!
interface Ethernet0/0
description Internet Port
ip address dhcp
ip nat outside
half-duplex
!
interface Ethernet0/1
description LAN Port
ip address 10.0.0.1 255.0.0.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/0 overload
no ip http server
ip classless
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
no cdp run
!
line con 0
line aux 0
line vty 0 4
transport service none
login
no password
!
!
end
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname aserouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxx
!
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool LAN
import all
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1
!
!
!
!
!
interface Ethernet0/0
description Internet Port
ip address dhcp
ip nat outside
half-duplex
!
interface Ethernet0/1
description LAN Port
ip address 10.0.0.1 255.0.0.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/0 overload
no ip http server
ip classless
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
no cdp run
!
line con 0
line aux 0
line vty 0 4
transport service none
login
no password
!
!
end
Simple.
What You Need:
There are a few parts you need to configure a Cisco router. The first is a Cisco router. It should be one that is running an up to date version of IOS. 12.2 or higher would be fine to use. If you do not have this version of IOS, you will need to acquire an image and load it into your router. This is beyond the scope of this article, but there are many guides on how to do this elsewhere. You also will need a RJ45 to serial cable. What? Instead of making a serial port on the back of the router, it is a plain RJ45 port that needs to be adapted to serial. You can get these cables at many places or make your own. Did I mention you need a computer with a serial port? Yes, not many new computers have them today. I did notice some new routers that have USB on them as well. Lastly, you will need a power cord to power your router. All the other networking equipment is gravy.
Step By Step:
Now that you have the configuration you need, we can go through how to setup your router step by step. I will explain each command as I go. The first thing you will need to do is setup the router all by itself. Make sure you are near a computer that has a serial port and open up a terminal session using something like HyperTerminal if you are on Windows. Setup the port settings to 9600bps, 8 data, no flow control, 1 stop bit, and no parity (9600 8-N-1). Now plug in the RJ45 to serial cable into your serial port and the console port on the router. Turn on the router. You will be greeted by something that looks like this...
Code
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 32768 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0x75ed1c
Self decompressing the image : ############################################################################################################################## [OK]
Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
000092 0X000B3280 C2600 Dual Ethernet
0X00098670 public buffer pools
0X00211000 public particle pools
TOTAL: 0X0035C8F0
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 4Mb.
Using 12 percent iomem. [4Mb/32Mb]
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 32768 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0x75ed1c
Self decompressing the image : ############################################################################################################################## [OK]
Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
000092 0X000B3280 C2600 Dual Ethernet
0X00098670 public buffer pools
0X00211000 public particle pools
TOTAL: 0X0035C8F0
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 4Mb.
Using 12 percent iomem. [4Mb/32Mb]
Eventually you will be looking at something that says "Press RETURN to get started!" or the end of the boot up process. It is at this point you can press return a few times to bring up a prompt and now we can get started
Step 1: Erase Your Configuration
My router had some things setup in it that were plaguing me and I could not resolve the issue. It is better to start with a fresh router. To do this, issue the "write erase" command at a configuration terminal. How do you get there? If you have a fresh router, this is good practice. First thing you will notice when you have a prompt is what type of prompt is it?
There are two types.
Routerhostname> - This is the unenabled prompt that is for user functions. It is basically useless beyond some minor things.
Routerhostname# - This is the 'root' prompt that you will be able to use. To get to this from the other prompt, type "enable".
If you are at routerhostname>, type "enable" to get to the enable prompt. Now that you are in the root mode prompt, to actually configure the router, you need to enter the configure terminal mode. To do this, you enter 'configure terminal' or 'conf t' at the enable prompt. Most IOS functions can be shortened. This will bring you to the config prompt.
Routerhostname(config)#
How?
Code
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
You can get out of the config prompt by pressing control+z or by typing "exit" and then pressing enter. We are getting ahead of ourselves. To erase the configuration of the router, you only need to be at the enable prompt. To do this, type "write erase" at the prompt. After this is done, do a reload on the router to reboot.
Code
Router>en
Router#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#
*Mar 1 00:15:05.527: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Router#reload
Proceed with reload? [confirm]
Router#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#
*Mar 1 00:15:05.527: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Router#reload
Proceed with reload? [confirm]
See, that was not so bad. Now you have the basic feel for IOS and I can get down to business.
Step 2: No Service Config
You might be getting messages such as these...
Code
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/router-confg (Timed out)
%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/router-confg (Timed out)
%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)
If this is happening, you should disable the configuration service by typing 'no service config' at a configuration prompt. How do you do this?
Code
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no service config
Router(config)#exit
Router#wr mem
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no service config
Router(config)#exit
Router#wr mem
I went to the enable prompt and then entered the terminal configuration mode. I type 'no service config' and then I exited the config prompt by typing 'exit'. The last line is to commit the changes to memory. You can use 'write mem' at an enable prompt or the current command of 'copy running-config startup-config' tells you what you are actually doing. When you make a change to the configuration you are changing the running config. You need to commit these changes to memory or else when the router reloads, you will lose your changes. Sometimes this is good when you screw something up. When you are done with above, issue another 'reload' command at the enable prompt.
Page 2
Step 3: Line By Line Config
I will give you the step by step commands to type in then I will go through and explain them.
And you are done! Now we can go through each command. At the config prompt, the 'service password-encryption' command enables a weak cipher when displaying password when you do a 'show run' command at the enable prompt. It masks a password but does not give strong encryption. Always mask your own passwords! The 'enable secret newpassword' command issues an enable password using the 'newpassword' that you just typed. Now to get into the enable prompt, you need to enter this password. The command 'no ip domain lookup' makes the router not try to resolve names when issuing a wrong command. Just do it. The command 'no cdp run' stops the Cisco Discovery Service from running and giving out information about your router. Now we get to some interesting commands.
The next line 'line vty 0 4' enters the router into the line configuration mode. Notice how the prompt changes? vty stands for virtual terminal. We are not getting into any form of security settings with the router so it is best to disable telnet logins all together. At the config-line prompt typing 'transport service none' stops the router from accepting telnet logins. Since you have physical access to the router, this is not a big deal. In a later article we will go over how to setup access lists and such, but for now leave it disabled. Typing 'exit' from the config-line prompt brings you back to the normal config prompt.
The command 'no ip http server' stops the http configuration server from running. This is a security risk. The commands 'ip classless' and 'ip subnet-zero' are basic modern day configuration commands. Most IP address are classless addresses now. The next command 'hostname aserouter' sets the router's name to "aserouter". Feel free to change this.
What is this next line? Well, 'int eth0/0' (or the longer command 'interface Ethernet0/0') brings us into the interface configuration mode. Notice the prompt now says "config-if" instead of just "config". We are using the eth0 port as the internet port as you can tell by the 'description Internet Port' command. That command is for comments about the interface. We do not want to put this interface administrativally down so we issue the 'no shutdown' command. The next command 'ip address dhcp' should be easy to understand. This interface will be getting its address by DHCP. You can see that my router acquired an address when I typed that command. Now, 'ip nat outside' is the way to build the network address translation mappings (actually we will be using port address translation) for your router. Type 'exit' to go back to the global config prompt.
Now configure the second interface by typing 'int eth0/1' at the prompt. This is the LAN port by the 'description LAN Port' command. We do not want to put this interface administrativally down so we issue the 'no shutdown' command. We will be assigning an 'ip address 10.0.0.1 255.0.0.0' to the interface. The first part is the IP address and the second part is the subnet mask. You can use 192.168.0.1 and 255.255.255.0 if you would like. The command 'ip nat inside' tells the router that this interface will be the remaining interface to do nat on. Type 'exit' to get back into the global config mode.
We need to tell the router to not give out its own IP address by using the 'ip dhcp excluded-address 10.0.0.1' command. This reserves the address. You can issue a range to reserve other IP address on your network. If you want to reserve a large amount of address use 'ip dhcp excluded-address 10.0.0.1 10.250.0.0' to reserve a huge chunk of addresses for your network. Now we need to configure the DHCP server. The command 'ip dhcp pool LANNET' bring us to the dhcp-config prompt. "LANNET" is a label that can be anything you want. Type 'import all' to get DHCP information (such as DNS and routing info) to DHCP clients. You need to do this to make this work. The command 'network 10.0.0.0 255.0.0.0' should be easy to understand. We are using the 10.x.y.z network with a 255.0.0.0 subnet. The 'default-router 10.0.0.1' command tells the router to give DHCP clients its address for default routes. Now type 'exit' to get out of the dhcp-config prompt.
The last step is to enable nat on the router. You need to setup an access list. Do this by issuing 'access-list 1 permit 10.0.0.0 0.255.255.255' at the global config prompt. That command says to permit any traffic from the 10.0.0.0 network. Now type 'ip nat inside source list 1 interface ethernet0/0 overload' at the prompt. This command enables port address translation and makes your router now function like a normal SOHO router. Type 'exit' to get back to the enable prompt.
Now commit your changes to memory by issuing the 'copy run start' command and you are now done. All that is left to do is to test it out.
Conclusion:
You have now learned the basic way to setup a Cisco router using PAT/NAT on a home network. There are ways to harden your router and we will go over these techniques in another article. Stay tuned for more articles like this in the future. I hope you enjoyed reading this and if you have any questions, feel free to »post in the forums. Also, be sure to enter our monthly forum contests. You can »win an ATI X1900 AIW.
Step 3: Line By Line Config
I will give you the step by step commands to type in then I will go through and explain them.
Code
Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#enable secret newpassword
Router(config)#no ip domain lookup
Router(config)#no cdp run
Router(config)#line vty 0 4
Router(config-line)#transport service none
Router(config-line)#exit
Router(config)#no ip http server
Router(config)#ip classless
Router(config)#ip subnet-zero
Router(config)#hostname aserouter
aserouter(config)#int eth0/0
aserouter(config-if)#description Internet Port
aserouter(config-if)#no shutdown
aserouter(config-if)#ip address dhcp
*Mar 1 00:11:06.740: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.1.5, mask 255.255.255.0, hostname aserouter
aserouter(config-if)#ip nat outside
aserouter(config-if)#exit
aserouter(config)#int eth0/1
aserouter(config-if)#description LAN Port
aserouter(config-if)#no shutdown
aserouter(config-if)#ip address 10.0.0.1 255.0.0.0
aserouter(config-if)#ip nat inside
aserouter(config-if)#exit
aserouter(config)#ip dhcp excluded-address 10.0.0.1
aserouter(config)#ip dhcp pool LANNET
aserouter(dhcp-config)#import all
aserouter(dhcp-config)#network 10.0.0.0 255.0.0.0
aserouter(dhcp-config)#default-router 10.0.0.1
aserouter(dhcp-config)#exit
aserouter(config)#access-list 1 permit 10.0.0.0 0.255.255.255
aserouter(config)#ip nat inside source list 1 interface ethernet0/0 overload
aserouter(config)#exit
aserouter#
*Mar 1 00:16:50.812: %SYS-5-CONFIG_I: Configured from console by console
aserouter#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
aserouter#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#enable secret newpassword
Router(config)#no ip domain lookup
Router(config)#no cdp run
Router(config)#line vty 0 4
Router(config-line)#transport service none
Router(config-line)#exit
Router(config)#no ip http server
Router(config)#ip classless
Router(config)#ip subnet-zero
Router(config)#hostname aserouter
aserouter(config)#int eth0/0
aserouter(config-if)#description Internet Port
aserouter(config-if)#no shutdown
aserouter(config-if)#ip address dhcp
*Mar 1 00:11:06.740: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.1.5, mask 255.255.255.0, hostname aserouter
aserouter(config-if)#ip nat outside
aserouter(config-if)#exit
aserouter(config)#int eth0/1
aserouter(config-if)#description LAN Port
aserouter(config-if)#no shutdown
aserouter(config-if)#ip address 10.0.0.1 255.0.0.0
aserouter(config-if)#ip nat inside
aserouter(config-if)#exit
aserouter(config)#ip dhcp excluded-address 10.0.0.1
aserouter(config)#ip dhcp pool LANNET
aserouter(dhcp-config)#import all
aserouter(dhcp-config)#network 10.0.0.0 255.0.0.0
aserouter(dhcp-config)#default-router 10.0.0.1
aserouter(dhcp-config)#exit
aserouter(config)#access-list 1 permit 10.0.0.0 0.255.255.255
aserouter(config)#ip nat inside source list 1 interface ethernet0/0 overload
aserouter(config)#exit
aserouter#
*Mar 1 00:16:50.812: %SYS-5-CONFIG_I: Configured from console by console
aserouter#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
aserouter#
And you are done! Now we can go through each command. At the config prompt, the 'service password-encryption' command enables a weak cipher when displaying password when you do a 'show run' command at the enable prompt. It masks a password but does not give strong encryption. Always mask your own passwords! The 'enable secret newpassword' command issues an enable password using the 'newpassword' that you just typed. Now to get into the enable prompt, you need to enter this password. The command 'no ip domain lookup' makes the router not try to resolve names when issuing a wrong command. Just do it. The command 'no cdp run' stops the Cisco Discovery Service from running and giving out information about your router. Now we get to some interesting commands.
The next line 'line vty 0 4' enters the router into the line configuration mode. Notice how the prompt changes? vty stands for virtual terminal. We are not getting into any form of security settings with the router so it is best to disable telnet logins all together. At the config-line prompt typing 'transport service none' stops the router from accepting telnet logins. Since you have physical access to the router, this is not a big deal. In a later article we will go over how to setup access lists and such, but for now leave it disabled. Typing 'exit' from the config-line prompt brings you back to the normal config prompt.
The command 'no ip http server' stops the http configuration server from running. This is a security risk. The commands 'ip classless' and 'ip subnet-zero' are basic modern day configuration commands. Most IP address are classless addresses now. The next command 'hostname aserouter' sets the router's name to "aserouter". Feel free to change this.
What is this next line? Well, 'int eth0/0' (or the longer command 'interface Ethernet0/0') brings us into the interface configuration mode. Notice the prompt now says "config-if" instead of just "config". We are using the eth0 port as the internet port as you can tell by the 'description Internet Port' command. That command is for comments about the interface. We do not want to put this interface administrativally down so we issue the 'no shutdown' command. The next command 'ip address dhcp' should be easy to understand. This interface will be getting its address by DHCP. You can see that my router acquired an address when I typed that command. Now, 'ip nat outside' is the way to build the network address translation mappings (actually we will be using port address translation) for your router. Type 'exit' to go back to the global config prompt.
Now configure the second interface by typing 'int eth0/1' at the prompt. This is the LAN port by the 'description LAN Port' command. We do not want to put this interface administrativally down so we issue the 'no shutdown' command. We will be assigning an 'ip address 10.0.0.1 255.0.0.0' to the interface. The first part is the IP address and the second part is the subnet mask. You can use 192.168.0.1 and 255.255.255.0 if you would like. The command 'ip nat inside' tells the router that this interface will be the remaining interface to do nat on. Type 'exit' to get back into the global config mode.
We need to tell the router to not give out its own IP address by using the 'ip dhcp excluded-address 10.0.0.1' command. This reserves the address. You can issue a range to reserve other IP address on your network. If you want to reserve a large amount of address use 'ip dhcp excluded-address 10.0.0.1 10.250.0.0' to reserve a huge chunk of addresses for your network. Now we need to configure the DHCP server. The command 'ip dhcp pool LANNET' bring us to the dhcp-config prompt. "LANNET" is a label that can be anything you want. Type 'import all' to get DHCP information (such as DNS and routing info) to DHCP clients. You need to do this to make this work. The command 'network 10.0.0.0 255.0.0.0' should be easy to understand. We are using the 10.x.y.z network with a 255.0.0.0 subnet. The 'default-router 10.0.0.1' command tells the router to give DHCP clients its address for default routes. Now type 'exit' to get out of the dhcp-config prompt.
The last step is to enable nat on the router. You need to setup an access list. Do this by issuing 'access-list 1 permit 10.0.0.0 0.255.255.255' at the global config prompt. That command says to permit any traffic from the 10.0.0.0 network. Now type 'ip nat inside source list 1 interface ethernet0/0 overload' at the prompt. This command enables port address translation and makes your router now function like a normal SOHO router. Type 'exit' to get back to the enable prompt.
Now commit your changes to memory by issuing the 'copy run start' command and you are now done. All that is left to do is to test it out.
Conclusion:
You have now learned the basic way to setup a Cisco router using PAT/NAT on a home network. There are ways to harden your router and we will go over these techniques in another article. Stay tuned for more articles like this in the future. I hope you enjoyed reading this and if you have any questions, feel free to »post in the forums. Also, be sure to enter our monthly forum contests. You can »win an ATI X1900 AIW.