How To Configure DHCP on OpenWRT router

First uninstall pre-installed dnsmasq:

/etc/init.d/dnsmasq stop
opkg remove dnsmasq

Then install the ISC DHCP server app:

opkg install http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/isc-dhcp-server-ipv4_4.2.4-3_ar71xx.ipk

dhcp_install

Once that is done run:

nano /etc/dhcpd.conf

and replace the content with this:

# Show that we want to be the only DHCP server in this network:
authoritative;

option domain-name "myHome.com";
option domain-name-servers 192.168.0.1, 192.168.0.2;
#DHCP Scope:
subnet 192.168.0.0 netmask 255.255.255.0 {
#DHCP range
range 192.168.0.100 192.168.0.130;
#default gateway
option routers 192.168.0.1;
}

default-lease-time 691200; # 8 days
max-lease-time 864000; # 10 days

# Static assignments
host PC1 {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.0.10;
}

host PC2 {
hardware ethernet 00:88:77:77:66:66;
fixed-address 192.168.0.11;
}

Save the file and start the service

/etc/init.d/dhcpd start

To see dhcpd leases run:

more /var/dhcpd.leases

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.4

lease 192.168.1.100 {
  starts 4 2015/03/05 17:57:24;
  ends 4 2015/03/05 17:59:24;
  tstp 4 2015/03/05 17:59:24;
  cltt 4 2015/03/05 17:57:24;
  binding state free;
  hardware ethernet 11:22:33:55:44:33;
  client-hostname "Windows7-PC";
}
lease 192.168.1.102 {
  starts 4 2015/03/05 18:19:06;
  ends 4 2015/03/05 18:21:06;
  tstp 4 2015/03/05 18:21:06;
  cltt 4 2015/03/05 18:19:06;
  binding state free;
  hardware ethernet 11:33:55:ee:ff:55;
  client-hostname "mobile-phone";
}

Job done. To install DNS follow here.

TP-LINK TL WR1043ND v2 OpenWRT setup

The aim is to replace the TP-LINK firmware with OpenWRT and convert the device into LAN access point.

1. Get the firmware:

Downloaded the firmware from here. File called: openwrt-ar71xx-generic-tl-wr1043nd-v2-squashfs-factory

2. Login to the router and upgrade the firmware.

3. Login to the router via telnet:

BusyBox v1.22.1 (2015-02-25 03:48:40 UTC) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 CHAOS CALMER (Bleeding Edge, r44528)
 -----------------------------------------------------
  * 1 1/2 oz Gin            Shake with a glassful
  * 1/4 oz Triple Sec       of broken ice and pour
  * 3/4 oz Lime Juice       unstrained into a goblet.
  * 1 1/2 oz Orange Juice
  * 1 tsp. Grenadine Syrup
 -----------------------------------------------------
root@OpenWrt:~#

and set the root password. Once that is done re-login via SSH.

4. As I am not connecting that device to internet as yet, I need to tell it what is the default gateway:

root@OpenWrt:/etc/config# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
root@OpenWrt:/etc/config# route add default gw 192.168.1.254 br-lan
root@OpenWrt:/etc/config# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.254   0.0.0.0         UG    0      0        0 br-lan
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan
root@OpenWrt:/etc/config# ping google.com
PING google.com (216.58.209.238): 56 data bytes
64 bytes from 216.58.209.238: seq=0 ttl=56 time=8.552 ms
64 bytes from 216.58.209.238: seq=1 ttl=56 time=8.600 ms

5. Install Web Console.
Add the a line like this to your /etc/opkg.conf to enable the openwrt package repository:

src luci http://downloads.openwrt.org/kamikaze/8.09.2/YOUR_ARCHITECTURE/packages

then run:

# opkg update

then to install the https enabled web console:

root@OpenWrt:/# opkg install luci-ssl
 Installing luci-ssl (git-15.051.48491-4137afe-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/luci/luci-ssl_git-15.051.48491-4137afe-1_all.ipk.
 Installing luci (git-15.051.48491-4137afe-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/luci/luci_git-15.051.48491-4137afe-1_all.ipk.
 Installing libustream-polarssl (2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libustream-polarssl_2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0_ar71xx.ipk.
 Installing libpolarssl (1.3.10-1) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libpolarssl_1.3.10-1_ar71xx.ipk.
 Installing px5g (3) to root...
 Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/px5g_3_ar71xx.ipk.
 Configuring luci.
 Configuring libpolarssl.
 Configuring libustream-polarssl.
 Configuring px5g.
 Configuring luci-ssl.

7. Login to the Web Console:

OpenWRT-login

 

Job Done.

Cisco ASA – setup logging to Syslog-ng

Assuming that SyslogNG is configured and running then the setup is quick and easy:

Cisco ASA config:

1. Enable logging:

logging enable 
 logging timestamp

2. Send messages to our sylog server:

logging trap notifications
 logging facility 21 
 logging device-id hostname 
 logging host inside IP.ADD.RE.SS udp 514

available trap levels:

{1 | alerts}—Immediate action needed
{2 | critical}—Critical conditions
{3 | errors}—Error conditions
{4 | warnings}—Warning conditions
{5 | notifications}—Normal but significant conditions
{6 | informational}—Informational messages
{7 | debugging}— Debugging messages

3. Optional – setup NTP

ntp server 192.5.41.41 source outside 
ntp server 192.5.41.40 source outside prefer

 

 Syslog-ng config:

open /etc/syslog-ng/syslog-ng.conf

and add the following lines:

source s_net {
       udp(ip(192.168.1.60) port(514));
       tcp(ip(192.168.1.60) port(51400));
};

and

log {
  source(s_net);
  destination(d_mysql);
};

then restart the syslog-ng service:

service syslog-ng restart

 

How to enable SSH login access to a Cisco 800 Series


So you want to be able to secure your router so that it is necessary to ssh into it rater than just telnet in.

If this is being used as an ADSL or DSL router like in the article “Setting up a Cisco 800 series for ADSL

NOTE: This should work with any Cisco 800 Series router including the Cisco 801 Cisco 827 Cisco 837 Cisco 877 and Cisco 877W routers provided the Cisco IOS on the router supports ssh
Firstly is ssh enabled?

router#sh ip ssh
SSH Disabled – version 2.0
%Please create RSA keys to enable SSH.
Authentication timeout: 60 secs; Authentication retries: 5

In this case its not, if you got a error saying that sh ip ssh is not recognized then you would know that ssh is not supported or possibly that the command is different for your platform.

How to enable SSH on a Cisco 800 series

router# config term
router(config)#crypto key generate rsa usage-keys label router-key
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

router (config)#
000047: *Mar 1 20:40:50.843 UTC: %SSH-5-ENABLED: SSH 1.99 has been enabled
router (config)#exit

According to the line above SSH has been enabled, we can confirm this by running the sh ip ssh command again.

router#sh ip ssh
SSH Enabled – version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#

Now setting the router up to accept ssh logins

Usually it will anyway because by default the transport is set to all

transport preferred all
transport input all

But we want to change that

Router#conf t
!
line vty 0 4
access-class 1 in
exec-timeout 30 0
privilege level 15
login local
transport preferred ssh
transport input ssh
!
Write your config and test it.

Cisco Router Show Commands

View version information show version
View current configuration (DRAM) show running-config
View startup configuration (NVRAM) show startup-config
Show IOS file and flash space show flash
Shows all logs that the router has in its memory show log
View the interface status of interface e0 show interface e0
Overview all interfaces on the router show ip interfaces brief
View type of serial cable on s0 show controllers 0 (note the space between the ‘s’ and the ‘0’)
Display a summary of connected cdp devices show cdp neighbor
Display detailed information on all devices show cdp entry *
Display current routing protocols show ip protocols
Display IP routing table show ip route
Display access lists, this includes the number of displayed matches show access-lists
Check the router can see the ISDN switch show isdn status
Check a Frame Relay PVC connections show frame-relay pvc
show lmi traffic stats show frame-relay lmi
Display the frame inverse ARP table show frame-relay map