I've used IPCop for ages. It rocks, but runs on a PC and so takes up space and uses a fair whack of power, and needs a seperate LAN hub and wireless AP.
I use Cisco hardware at work, and I had the chance of a 871W to use. I use Virgin Media, so have one DHCP-issued IP address, and I wanted a simple config with a LAN with DHCP and a WPA-PSK wireless LAN- basically what a cheapy Netgear-type item will do.
Actually working this all out took a while, so I'm posting the config here for others to use. Feel free to pick holes in it and make suggestions (see the bottom of the page) if you like.
[edit 5/12/2011] I've fixed the dynamic DNS so it actually works, and added NTP client and server.
I'm assuming that you can attach a console cable, and get logged in with full privilege, and know how to drive the IOS command line.
This config will give you a 192.168.1.x LAN with the router at 192.168.1.1. The router will do DNS caching, and assign addresses on the LAN and WLAN with DCHP. SSH remote access is enabled- to change this use 'transport input none' on line vty 0 4.
Note that this isn't doing any packet inspection or QOS- these are available, but I'll be adding those later. It does, however, provide basic NAT and access-control security.
Anything [in square brackets] is something you need to supply.
version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname [your hostname] ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging message-counter syslog logging buffered 4096 logging console critical enable secret [enable secret] enable password [enable password] ! aaa new-model ! ! aaa authentication login local_auth local ! ! aaa session-id common ! ! dot11 syslog ! dot11 ssid [wireless network name] authentication open authentication key-management wpa guest-mode wpa-psk ascii [wpa network key] ! ! no ip source-route no ip gratuitous-arps ! ! ip dhcp excluded-address [start of exclusion] [end of exclusion] ! ip dhcp pool pool1 import all network 192.168.1.0 255.255.255.0 domain-name [your domain name] dns-server 192.168.1.1 default-router 192.168.1.1 ! ! ip cef no ip bootp server ip domain name [your domain name] ! no ipv6 cef multilink bundle-name authenticated ! ! ! username [username] password [password] ! ! ! ! ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 1 ! bridge irb --More-- ! ! interface FastEthernet0 spanning-tree portfast ! interface FastEthernet1 spanning-tree portfast ! interface FastEthernet2 spanning-tree portfast ! interface FastEthernet3 spanning-tree portfast ! interface FastEthernet4 ip address dhcp ip verify unicast source reachable-via rx allow-default 100 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly speed auto full-duplex ! interface Dot11Radio0 no ip address no ip redirects no ip unreachables no ip proxy-arp ! encryption mode ciphers tkip ! ssid [wireless network name] ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly bridge-group 1 ! interface Dialer0 no ip address no cdp enable ! interface BVI1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet4 no ip http server no ip http secure-server --More-- ! ! ip dns server ip nat inside source list 101 interface FastEthernet4 overload ! ! logging trap debugging logging facility local2 access-list 100 permit udp any any eq bootpc access-list 101 permit ip 192.168.1.0 0.0.0.255 any no cdp run ! ! ! ! ! ! control-plane ! bridge 1 protocol dec bridge 1 route ip banner motd ^C Unauthorised access prohibited ^C ! line con 0 login authentication local_auth no modem enable transport output telnet line aux 0 login authentication local_auth transport output telnet line vty 0 3 password [ssh access passsword] transport input ssh ! scheduler max-task-time 5000 end
ip host [hostname] [ip address]To use no-ip.com for dynamic DNS:
ip ddns update method no-ip HTTP add http://[no-ip username]:[no-ip password]%40dynupdate.no-ip.com/nic/update%3Fhostname=[no-ip hostname] interval maximum 0 2 0 0 interval minimum 0 1 0 0 ! interface fastethernet4 ip ddns update hostname [no-ip hostname] ip ddns update no-ipTo use an NTP server and offer NTP to your LAN:
ntp master 4 ntp server pool.ntp.org
Copyright Chris Bartram (stymaster[at]piglet-net.net) 2009. If you find this information useful, or wish to comment, please let me know.