I think I am doing the same thing in my home lab, this info may help you.
EasyIP Phase 3 (DHCP Client) is definately not available until 12.1(5)T
(which is deferred to 12.1(5)T8). Make sure you don't use the deferred
release 12.1(5)T.
I would highly recommend NOT using telnet to remotely administer your
router, that is a huge hole, not to mention everything you type is in the
clear (including enable passwords). Use SSH. That is available in the
DES(56) or 3DES(168) images, unfortunately not the 2500. Use a linux box
behind your firewall router (using NAT port translation) to ssh to from
remote locations.
In any case you will need 16MB of flash and probably 8MB or DRAM in a 2501
to even run the above images. I'm pretty sure that ROM should not be an
issue in a 2501, as long as it is at least at the level that supports 16MB
of flash and more than 2MB of DRAM (VERY early ROMs did not support either,
I doubt you have something that old).
This info is from a c3620, but most of this should apply...
FIREWALL-RTR#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IO3-M), Version 12.1(5)T8, RELEASE SOFTWARE
(fc1)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Mon 07-May-01 19:45 by ccai
Image text-base: 0x60008950, data-base: 0x60A76000
ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT
RELEASE SOFTWARE (fc2)
ROM: 3600 Software (C3620-IO3-M), Version 12.1(5)T8, RELEASE SOFTWARE (fc1)
FIREWALL-RTR uptime is 5 days, 15 hours, 12 minutes
System returned to ROM by reload at 21:50:43 PDT Thu May 31 2001
System restarted at 21:52:28 PDT Thu May 31 2001
System image file is "flash:c3620-io3-mz.121-5.T8.bin"
cisco 3620 (R4700) processor (revision 0x81) with 28672K/4096K bytes of
memory.
Processor board ID 04124745
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
DRAM configuration is 32 bits wide with parity enabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
FIREWALL-RTR#dir flash:
Directory of flash:/
1 -rw- 6026252 c3620-io3-mz.121-5.T8.bin
2 -rw- 1545728 May 31 2001 03:17:25 qdm.tar
16777216 bytes total (9205108 bytes free)
FIREWALL-RTR#sh run
Building configuration...
Current configuration : 4387 bytes
!
! Last configuration change at 12:06:39 PDT Tue Jun 5 2001
! NVRAM config last updated at 12:08:26 PDT Tue Jun 5 2001
!
version 12.1
no service single-slot-reload-enable
service nagle
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
no service dhcp
!
hostname FIREWALL-RTR
!
logging buffered 16384 debugging
logging rate-limit console 10 except errors
no logging console
enable secret
!
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip cef
!
!
no ip finger
!
ip inspect name firewall ftp
ip inspect name firewall udp
ip inspect name firewall tcp
ip audit notify log
ip audit po max-events 100
ip audit smtp spam 25
ip audit name AUDIT.1 info action alarm
ip audit name AUDIT.1 attack action alarm drop reset
!
class-map match-all telnet
match access-group 2002
class-map match-all ftp
match access-group 2001
class-map match-all web
match access-group 2000
!
!
policy-map test1
class ftp
police 56000 56000 56000 conform-action transmit exceed-action drop
class telnet
police 56000 56000 56000 conform-action transmit exceed-action drop
class class-default
police 56000 1000 1000 conform-action transmit exceed-action drop
!
!
!
interface BRI0/0
no ip address
shutdown
!
interface Ethernet0/0
description Internal Net
ip address 192.168.255.1 255.255.255.0
ip access-group 101 in
no ip redirects
no ip proxy-arp
ip nat inside
ip inspect firewall in
full-duplex
!
interface Ethernet0/1
description Internet
bandwidth 512000
ip address dhcp
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip audit AUDIT.1 in
half-duplex
service-policy input test1
fair-queue
no cdp enable
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip http server
ip http access-class 1
!
no logging trap
access-list 1 permit 192.168.255.0 0.0.0.255
access-list 100 deny icmp any any redirect
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 224.0.0.0 31.255.255.255 any
access-list 100 permit udp host 0.0.0.0 eq bootps host 255.255.255.255 eq
bootpc
access-list 100 deny ip host 0.0.0.0 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 permit udp host any eq bootpc
access-list 100 permit udp host any eq bootps
access-list 100 permit udp host any gt 1023
access-list 100 permit udp host any gt 1023
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any unreachable
access-list 100 permit icmp any any administratively-prohibited
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any time-exceeded
access-list 100 deny ip any any log
access-list 101 permit ip host 192.168.255.10 any
access-list 101 permit udp 192.168.255.0 0.0.0.255 any eq domain
access-list 101 permit tcp 192.168.255.0 0.0.0.255 any eq www
access-list 101 permit tcp 192.168.255.0 0.0.0.255 any eq 443
access-list 101 permit tcp 192.168.255.0 0.0.0.255 any eq ftp
access-list 101 permit tcp 192.168.255.0 0.0.0.255 any eq pop3
access-list 101 permit tcp 192.168.255.0 0.0.0.255 any eq smtp
access-list 101 permit tcp 192.168.255.0 0.0.0.255 any eq 6666
access-list 101 permit tcp 192.168.255.0 0.0.0.255 host 192.168.255.1 eq
telnet
access-list 101 permit icmp 192.168.255.0 0.0.0.255 any
access-list 101 deny ip any any
access-list 2000 remark inbound web traffic
access-list 2000 permit tcp any eq www any
access-list 2001 remark inbound ftp traffic
access-list 2001 permit tcp any range ftp-data ftp any
access-list 2002 remark inbound telnet traffic
access-list 2002 permit tcp any eq telnet any
!
line con 0
transport input none
line aux 0
no exec
line vty 0 4
access-class 1 in
password
login
transport preferred none
transport input telnet
transport output none
!
end
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7419&t=7216
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
