The Trusty Cisco 678 (Needs A Refresh)

Posted on
by bgrantrobus

I’ve been using the same Cisco 678 DSL router/modem for around a decade, and I had a 675 for a year or two before that. My DSL provider tries to sell or lease me a new DSL modem every time I call to change my service or move, but I’m sticking with my 678 until it dies, doesn’t support the service I need, or my provider completely drops support for it. (I can’t recall contacting them for any kind of support related to anything other than a service change or move; their residential DSL service has been stable and sufficient, and my 678 just keeps trucking.) I recently made a small service change and decided to reset and reconfigure my router/modem.

Connecting

The 678 can be reset and configured using the LAN port, but connecting to the management port using the provided management cable is safer. If you don’t have a management cable, Cisco is kind enough to tell you how (basically, a DB9 to RJ45 cable). If you’re stuck using the LAN, then do your homework, double check your work, and be prepared to accept defeat. I use telnet when connecting over the LAN and screen, tip, or cu when connecting with the management cable.

When the connection is initially opened, the router should prompted for the exec password. If the router/modem is already running when the connection is opened, then it may be necessary to hit enter to trigger the prompt.

If you don’t know the exec or enable passwords for your router/modem, then check out the Password Recovery Procedure for the Cisco 6xx.

Resetting

Start by resetting the router/modem to a known state. If the current state is a complete disaster, then it can be completely reset using RMON. See Erase the Configuration from the Password Recovery Procedure for details. Typically, the router/modem can be reset by connecting and erasing the configuration in normal mode (shown below).

This is where working with the LAN can be tricky. If the configuration is erased and written, but the connection is dropped before a new configuration is written, the router could be left in an unknown/undesirable state. If you’re connected using the LAN, skip the reboot step at the end. And, good luck!

User Access Verification
Password: <your password>

cbos>enable
Password: <your password>

cbos#set nvram erase
Erasing Running Configuration.
You must use "write" for changes to be permanent.

cbos#write 
Warning: traffic may pause while NVRAM is being modified
NVRAM written.

cbos#reboot

The router/modem will reboot into a “clean” state with no configuration (including blank passwords).

Configuring

My configuration is fairly straight forward. I have a single external IP and a handful of devices that use network address translation (NAT) to access the outside world. Most of my internal network is assigned static IPs, but I maintain a small pool of IPs for (mostly wireless) DHCP devices. In my setup, my Cisco 678 acts as the modem and router, but it’s possible to configure the 678 as a simple modem bridged to another device that handles PPP, NAT, DHCP, etc. For details, see the RFC 1483 Routing section in the Cisco 600 Series Installation and Operation Guide.

I start by connecting and setting the passwords for exec and enable.

User Access Verification
Password:<your password; blank after reset>

cbos>enable
Password:<your password; blank after reset>

cbos#set password exec <new password>
Exec Password Change Successful!

cbos#set password enable <new password>
Enable Password Change Successful!

Next, configure the PPP connection.

cbos#set ppp wan0-0 ipcp 0.0.0.0
PPP wan0-0 IPCP Address set to 0.0.0.0

cbos#set ppp wan0-0 dns 0.0.0.0
PPP wan0-0 DNS Server Addresses set to 0.0.0.0

cbos#set ppp wan0-0 authentication enable
PAP and CHAP Authentication is now enabled on specified port

cbos#set ppp wan0-0 login <your login>
User name for wan0-0 has been set to <your login>

cbos#set ppp wan0-0 password <your password>
Password for wan0-0 has been set to <your password>.

cbos#set ppp restart enabled
CPE Remote Restart is now enabled...

Next, enable network address translation (NAT).

cbos#set nat enabled
NAT is now enabled
You must use "write" then reboot for changes to take effect.

Next, configure the internal/local network. The LAN port is eth0, and the following example sets the router/modem’s IP to 10.0.0.1.

cbos#set interface eth0 address 10.0.0.1
eth0 ip address changed from 10.0.0.1 to 10.0.0.1

Next, setup a DHCP server for the internal/local network. The following example allocates a pool of 16 IPs starting at 10.0.0.200, sets a DNS server to pass to DHCP clients, and a gateway that points to the router.

cbos#set dhcp server enabled
DHCP Server enabled

cbos#set dhcp server pool 0 ip 10.0.0.200 size 16 netmask 255.255.255.0
Pool 0 IP parameter is now 10.0.0.200

cbos#set dhcp server pool 0 dns <dns server IP>
Pool 0 DNS parameter is now <dns server IP>

cbos#set dhcp server pool 0 gateway 10.0.0.1
Pool 0 gateway parameter is now 10.0.0.1

cbos#set dhcp server pool 0 enabled
DHCP Server Pool 0 now enabled

Next, configure the WAN port. Before executing the following steps, disconnect the phone line. Once the configuration is complete and written, the phone line can be reconnected.

cbos#set interface wan0-0 close
Closing connection wan0-0

cbos#set interface wan0-0 vpi 0
Change completed.

cbos#set interface wan0-0 vci 32
Change completed.

cbos#set interface wan0-0 open
Opening connection wan0-0

Finally, write the configuration and reboot.

cbos#write
Warning: traffic may pause while NVRAM is being modified
NVRAM written.

cbos#reboot

Validating

At this point, I like to connect over the LAN and issue a few commands to validate that the running configuration was persisted correctly, the DSL line is trained and authenticated, and the connection’s upstream and downstream data rates are correct (verify you’re getting what you pay for).

User Access Verification
Password: <your password>

cbos>enable
Password: <your password>

cbos#show nvram
Warning: traffic may pause while NVRAM is being accessed
[[ CBOS = Section Start ]]
NSOS MD5 Enable Password = <omitted>
NSOS Remote Restart = enabled
NSOS MD5 Root Password = <omitted>
NSOS MD5 Commander Password = <omitted>
[[ PPP Device Driver = Section Start ]]
PPP Port Option = 00, IPCP,IP Address,3,Auto,Negotiation Not Required,Negotiable,IP,0.0.0.0
PPP Port Option = 00, IPCP,Primary DNS Server,129,Auto,Negotiation Not Required,Negotiable,IP,0.0.0.0
PPP Port Option = 00, IPCP,Secondary DNS Server,131,Auto,Negotiation Not Required,Negotiable,IP,0.0.0.0
PPP Port User Name = 00, <omitted>
PPP Port User Password = 00, ****
[[ IP Routing = Section Start ]]
IP NAT = enabled
[[ DHCP = Section Start ]]
DHCP Server = enabled
DHCP Server Pool IP = 00, 10.0.0.200
DHCP Server Pool DNS = 00, <omitted>
[[ ATM WAN Device Driver = Section Start ]]
ATM WAN Virtual Connection Parms = 00, 0, 32, 0

cbos#show interface wan0
wan0 ADSL Physical Port
 Line Trained
Actual Configuration:
 Overhead Framing: 3
 Trellis Coding: Enabled
 Standard Compliance: T1.413
 Downstream Data Rate: 6144 Kbps
 Upstream Data Rate: 896 Kbps
<omitted the rest... but there's lots more!>

cbos#show interface wan0-0
WAN0-0 ATM Logical Port
 PVC (VPI 0, VCI 32) is open.
 ScalaRate set to Auto
 AAL 5 UBR Traffic
 PPP LCP State: Opened
 PPP NCP State (IP Routing): Opened
 PPP MRU: 2048 HDLC Framing: disabled MPOA Mode: VC Mux
 PPP Login: <your login>
 Authentication Type: Autodetecting/PAP
 RADIUS: disabled
 PPP Tx: 113997 Rx: 387171 
 Dest IP: <omitted>
 Dest Mask: 255.255.255.255
 IP Port Enabled

If there are any problems, check out the Cisco 600 Series Installation and Operation Guide – Troubleshooting.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>