Dave Posted November 23, 2006 Report Share Posted November 23, 2006 Guys, i've got a cisco 837 sat in my office not doing anything. What is it and what can i do with it? Thanks Dave Link to comment Share on other sites More sharing options...
R32Ash Posted November 23, 2006 Report Share Posted November 23, 2006 It's a router. You could use it to connect some PCs together. Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 ok, it has 6 holes in the back: 1-4 Ethernet.. ok to connect the computers 1 ADSL.. ok, connect the broadband. So i can have 4 computers that all talk to each other and all have broadband access.. great. It also has a CONSOLE hole.. what does that do? Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 and can i use it as a router without the adsl attached? Link to comment Share on other sites More sharing options...
Mac Posted November 23, 2006 Report Share Posted November 23, 2006 It's a basic ADSL router mate - wired, not wireless. You could attached PCs to it and use it as a hub if you want but they're not that straight-forward to configure. Those little 800 series don't even use the Cisco IOS command set - I think they're some bought in rubbish If you need to connect 4 PCs together over a wired n/w just buy a small netgear hub/switch for pennies. It'll save you a lot of effort. I wouldnt' even use it as an ADSL router to be honest... Simpler and cheaper solutions about. Link to comment Share on other sites More sharing options...
R32Ash Posted November 23, 2006 Report Share Posted November 23, 2006 Sorry Dave, I only know what it is. Link to comment Share on other sites More sharing options...
Mac Posted November 23, 2006 Report Share Posted November 23, 2006 Oh, the console port is for a serial connection. You tend to use this to set the units up. Do you have a blue 9-pin serial cable with it as well? Ebay it and buy a consumer unit Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 Yes, the blue cable is in the bag with all the other bits. what doi do with that? it's got everything, power cables, phone cables, network cables, blue cable. Link to comment Share on other sites More sharing options...
Markpaq Posted November 23, 2006 Report Share Posted November 23, 2006 Dave, It's a serious piece of kit and ideal to use as your DSL connection. I've got the newer version with Wireless, the 857W. Stateful packet inspection, IDS, Access control. These all depend on the version of IOS you have installed but all in all it's pretty near the top of the tree as far as security is concerned. The console port is used to manage the router using a serial connection. If you need any help setting it up then drop me a PM. Link to comment Share on other sites More sharing options...
Mac Posted November 23, 2006 Report Share Posted November 23, 2006 They're good bits of kit for a n/w techy but a royal pain in the ass for anyone who doesn't understand them - do they use IOS now? The 7/800 series I used didn't. Like I said, I'd ebay it and get a Netgear something or other - would be far easier Link to comment Share on other sites More sharing options...
Markpaq Posted November 23, 2006 Report Share Posted November 23, 2006 They do run IOS and I'll agree that they're not for the faint hearted but if you want a secure connection and a comprehensive firewall then this would be it. Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 If i used that router, could i then disgard the firewall software on the computers? At the moment i have 4 computers on a wired router (hub) that talk to themselves, and then they all have a wireless broadband conenction. Would it be more sensible to use this device and have it all through one port? Link to comment Share on other sites More sharing options...
Markpaq Posted November 23, 2006 Report Share Posted November 23, 2006 Personally I would say yes, the 837 (with the right code) is a hardware firewall which will allways be better than a software one. You could connect your four devices to the onboard 10/100 switch or chain another switch from it if you had more than four. Connect your console cable to the 837, use hyperterm or some other terminal emulator and set it to 9600 8,N,1. If you can login and get some sort of prompt type SHOW VERSION and pm me the result, I'll be able to tell you what sort of feature set it's got installed. Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 Thanks mark, It'll take me a day or two, but i will let you know what comes up! Thanks! Link to comment Share on other sites More sharing options...
Markpaq Posted November 23, 2006 Report Share Posted November 23, 2006 No prob. Link to comment Share on other sites More sharing options...
mb Posted November 23, 2006 Report Share Posted November 23, 2006 We have one of these - I think they have a more user friendly setup or you can load the secure command line job. A "consultant" came, configured it for the command line system, rebooted then ran away never to come back. After several hours on the phone to Cisco (who also considered the command line a nightmare) we got it configured - has been pretty perfect ever since though ! For home use I would agree with the sell & buy (several) consumer units advice as they are expensive too ! Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 I might stick it on e-bay, but can't find any software in the box... is that a problem? Link to comment Share on other sites More sharing options...
Markpaq Posted November 23, 2006 Report Share Posted November 23, 2006 Software is onboard in NVRAM. The "User Friendly" tool is CRWS Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 So with this box, the 4 connected computers will all get broadband, but is it also a hub?.. where the pc's will see each other aswell? Link to comment Share on other sites More sharing options...
Dave Posted November 23, 2006 Author Report Share Posted November 23, 2006 And is there a device that will do both. Most of my PC's only have one network card and i'm looking for a network and broadband solution from one box.. possible? Link to comment Share on other sites More sharing options...
Calm Chris Posted November 23, 2006 Report Share Posted November 23, 2006 Need a server, to serve emails to each PC from a central access point. Ditto printing. A BB router / hub gives each PC access to anything that is plugged in to it. So a BB router tends to have only simple functionality regarding PC to PC access. A server allows true file sharing, common data sharing, mail and printing. I'm not that in to PC technology, so I'm going to suggest you await further comment..... Link to comment Share on other sites More sharing options...
Markpaq Posted November 24, 2006 Report Share Posted November 24, 2006 [ QUOTE ] So with this box, the 4 connected computers will all get broadband, but is it also a hub?.. where the pc's will see each other aswell? [/ QUOTE ] Yes and yes except it's a switch not a hub. The difference between switches and hubs Link to comment Share on other sites More sharing options...
Markpaq Posted November 24, 2006 Report Share Posted November 24, 2006 [ QUOTE ] And is there a device that will do both. Most of my PC's only have one network card and i'm looking for a network and broadband solution from one box.. possible? [/ QUOTE ] The 837 was designed for exactly that, (along with some other bells and whistles). Link to comment Share on other sites More sharing options...
Mac Posted November 24, 2006 Report Share Posted November 24, 2006 Ok, lets see you set it up then Link to comment Share on other sites More sharing options...
Markpaq Posted November 24, 2006 Report Share Posted November 24, 2006 Building configuration... Current configuration : 8338 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption no service dhcp ! hostname ABCDEF ! boot-start-marker boot-end-marker ! memory-size iomem 5 no logging buffered no logging console enable secret 5 "It's a secret" ! aaa new-model ! ! aaa authentication login default local aaa authorization auth-proxy default local ! aaa session-id common ! resource policy ! clock timezone GMT 0 clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00 ip subnet-zero no ip source-route ! ! ip cef no ip domain lookup ip domain name "It's a secret" no ip bootp server ip inspect udp idle-time 10 ip inspect tcp idle-time 300 ip inspect tcp synwait-time 10 ip inspect name FW-OUTSIDE tcp ip inspect name FW-OUTSIDE udp ip inspect name FW-OUTSIDE icmp ip inspect name FW-OUTSIDE smtp ip ips sdf location flash://attack-drop.sdf ip ips name IDS ip ssh authentication-retries 1 ip ssh version 2 login block-for 300 attempts 2 within 60 login quiet-mode access-class TELNET login on-failure log login on-success log ! ! interface Null0 no ip unreachables ! interface Loopback0 no ip address no ip redirects no ip unreachables no ip proxy-arp ! interface Ethernet0 description INSIDE bandwidth 100000 ip address 192.168.16.30 255.255.255.248 no ip redirects ip nat inside ip virtual-reassembly ip route-cache flow hold-queue 100 out ! interface Ethernet2 no ip address no ip redirects no ip unreachables no ip proxy-arp hold-queue 100 out ! interface ATM0 description Physical for Dialer0 bandwidth 8192 no ip address no atm ilmi-keepalive dsl operating-mode auto pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 shutdown duplex auto speed auto ! interface FastEthernet3 shutdown duplex auto speed auto ! interface FastEthernet4 shutdown duplex auto speed auto ! interface Dialer0 description OUTSIDE bandwidth 8192 ip address "It's a secret" 255.255.255.0 ip access-group OUTSIDE in ip verify unicast source reachable-via rx no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip nat outside ip inspect FW-OUTSIDE out ip ips IDS in ip virtual-reassembly rate-limit input access-group 190 512000 1500 2000 conform-action transmit exceed-action drop rate-limit input access-group 191 128000 1500 2000 conform-action transmit exceed-action drop rate-limit input access-group 192 128000 1500 2000 conform-action transmit exceed-action drop encapsulation ppp ip route-cache flow ip policy route-map black-hole dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname "It's a secret" ppp chap password 7 "It's a secret" ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server no ip http secure-server ip flow-export source Ethernet0 ip flow-export version 5 peer-as ! ip nat inside source list 10 interface Dialer0 overload ip nat inside source static tcp 192.168.16.29 25 interface Dialer0 25 ip nat inside source static tcp 192.168.16.29 3389 interface Dialer0 3389 ip nat inside source static tcp 192.168.16.29 80 interface Dialer0 80 ! ! ip access-list extended BLACK-HOLE permit ip 0.0.0.0 1.255.255.255 any permit ip 2.0.0.0 0.255.255.255 any permit ip 5.0.0.0 0.255.255.255 any permit ip 7.0.0.0 0.255.255.255 any permit ip 10.0.0.0 0.255.255.255 any permit ip 23.0.0.0 0.255.255.255 any permit ip 27.0.0.0 0.255.255.255 any permit ip 31.0.0.0 0.255.255.255 any permit ip 36.0.0.0 1.255.255.255 any permit ip 39.0.0.0 0.255.255.255 any permit ip 42.0.0.0 0.255.255.255 any permit ip 49.0.0.0 0.255.255.255 any permit ip 50.0.0.0 0.255.255.255 any permit ip 77.0.0.0 0.255.255.255 any permit ip 78.0.0.0 1.255.255.255 any permit ip 92.0.0.0 3.255.255.255 any permit ip 96.0.0.0 15.255.255.255 any permit ip 112.0.0.0 7.255.255.255 any permit ip 120.0.0.0 0.255.255.255 any permit ip 127.0.0.0 0.255.255.255 any permit ip 169.254.0.0 0.0.255.255 any permit ip 172.16.0.0 0.15.255.255 any permit ip 173.0.0.0 0.255.255.255 any permit ip 174.0.0.0 1.255.255.255 any permit ip 176.0.0.0 7.255.255.255 any permit ip 184.0.0.0 3.255.255.255 any permit ip 192.0.2.0 0.0.0.255 any permit ip 192.168.0.0 0.0.255.255 any permit ip 197.0.0.0 0.255.255.255 any permit ip 198.18.0.0 0.1.255.255 any permit ip 223.0.0.0 0.255.255.255 any permit ip 224.0.0.0 31.255.255.255 any deny ip any any ip access-list extended OUTSIDE deny ip 0.0.0.0 1.255.255.255 any log-input deny ip 2.0.0.0 0.255.255.255 any log-input deny ip 5.0.0.0 0.255.255.255 any log-input deny ip 7.0.0.0 0.255.255.255 any log-input deny ip 10.0.0.0 0.255.255.255 any log-input deny ip 23.0.0.0 0.255.255.255 any log-input deny ip 27.0.0.0 0.255.255.255 any log-input deny ip 31.0.0.0 0.255.255.255 any log-input deny ip 36.0.0.0 1.255.255.255 any log-input deny ip 39.0.0.0 0.255.255.255 any log-input deny ip 42.0.0.0 0.255.255.255 any log-input deny ip 49.0.0.0 0.255.255.255 any log-input deny ip 50.0.0.0 0.255.255.255 any log-input deny ip 77.0.0.0 0.255.255.255 any log-input deny ip 78.0.0.0 1.255.255.255 any log-input deny ip 92.0.0.0 3.255.255.255 any log-input deny ip 96.0.0.0 15.255.255.255 any log-input deny ip 112.0.0.0 7.255.255.255 any log-input deny ip 120.0.0.0 0.255.255.255 any log-input deny ip 127.0.0.0 0.255.255.255 any log-input deny ip 169.254.0.0 0.0.255.255 any log-input deny ip 172.16.0.0 0.15.255.255 any log-input deny ip 173.0.0.0 0.255.255.255 any log-input deny ip 174.0.0.0 1.255.255.255 any log-input deny ip 176.0.0.0 7.255.255.255 any log-input deny ip 184.0.0.0 3.255.255.255 any log-input deny ip 192.0.2.0 0.0.0.255 any log-input deny ip 192.168.0.0 0.0.255.255 any log-input deny ip 197.0.0.0 0.255.255.255 any log-input deny ip 198.18.0.0 0.1.255.255 any log-input deny ip 223.0.0.0 0.255.255.255 any log-input deny ip 224.0.0.0 31.255.255.255 any log-input deny icmp any any log-input fragments permit tcp any host "It's a secret" eq 22 log-input permit tcp any host "It's a secret" eq smtp permit tcp 16.8.0.0 0.0.255.255 host "It's a secret" eq 3389 deny ip any any log-input ip access-list extended TELNET permit ip host 192.168.16.29 any deny ip any any log-input logging trap notifications logging source-interface Ethernet0 logging 192.168.16.29 access-list 10 permit 192.168.16.24 0.0.0.7 access-list 190 remark CAR-UDP access-list 190 permit udp any any access-list 191 remark CAR-ICMP access-list 191 permit icmp any any access-list 192 remark CAR-Multicast access-list 192 permit ip any 224.0.0.0 15.255.255.255 dialer-list 1 protocol ip permit no cdp run route-map black-hole permit 1 match ip address BLACK-HOLE set interface Null0 ! ! control-plane ! banner motd ^CC ****************************************************************** * THIS COMPUTER SYSTEM IS FOR AUTHORISED OFFICIAL USE ONLY. * * * * The use of this computer system will be subject to monitoring * * and recording without further notice. Auditing may include the * * use of keystroke monitoring. * * * * Any individual who uses this system expressly consents to such * * monitoring and is advised that information about their use of * * this system may be provided to the relevant authorities if * * evidence of criminal or other unauthorised activity is found. * ****************************************************************** ^C ! line con 0 exec-timeout 0 0 no modem enable line aux 0 transport output none line vty 0 exec-timeout 2 0 logging synchronous transport input ssh transport output ssh line vty 1 access-class TELNET in exec-timeout 3 0 logging synchronous transport input ssh transport output ssh line vty 2 4 transport input none transport output none ! scheduler max-task-time 5000 scheduler interval 500 sntp server 129.132.2.21 sntp server 130.149.17.8 end Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now