Cisco setup

The easyest way to setup your Cisco router for P25Link and P25NX is to follow Bryan's W9CR wiki. There he explains you how to setup your router for AllStar® and P25 on Quantar.

You need to have Advanced Enterpriseservices imageinstalled to supportSerial TUNnel (STUN) and DMVPN.

Here is an example configuration. Please don't copy this blindly.

service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname #SET-HOSTNAME-HERE
!
aaa new-model
!
!
aaa authentication login localauth local
aaa authorization exec default local
aaa accounting delay-start
aaa session-id common
!
clock timezone EST -5 0 $CHANGE THIS
clock summer-time EDT recurring
!
ip dhcp pool RPI
network 172.31.4.100 255.255.255.252 #Change this to Fa0/1
default-router 172.31.12.101 #change this to Fa0/1 interface IP
dns-server 4.2.2.2 #DNS SERVER
lease 0 1
!
!
ip cef
ip multicast-routing
!
username w9cr privilege 15 secret 5 $1$9lDK$ALihMA.kF88ExXKVmFq7K/
username nx4y privilege 15 secret 5 $1$//au$PLHBB3ZORaUJwm6b8VuWB0
$ADD YOU IN HERE

crypto isakmp policy 1
authentication pre-share
crypto isakmp key B841AF1D3FD327D83F6CF81D4CB address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 60
!
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
crypto ipsec transform-set NO-CRYPT ah-sha-hmac
mode transport
crypto ipsec transform-set VPN-TS esp-aes esp-sha-hmac
!
crypto ipsec profile vpnprof
set transform-set NO-CRYPT
!
stun peer-name 172.31.300.101 #CHANGE THIS TO FA0/1 IP
stun protocol-group 130 basic #change this to your group
!
!
!
interface Loopback0
ip address 10.2.4.130 255.255.255.255 #what the admins give you
ip pim sparse-mode
!
interface Tunnel1
bandwidth 1000
ip address 172.21.400.130 255.255.240.0 #change this
no ip redirects
ip mtu 1400
ip pim nbma-mode
ip pim sparse-mode
ip nhrp authentication p25nx
ip nhrp map multicast 44.98.249.177
ip nhrp map 172.21.1.1 44.98.249.177
ip nhrp network-id 100001
ip nhrp holdtime 600
ip nhrp nhs 172.21.1.1
ip nhrp server-only
ip tcp adjust-mss 1350
ip ospf network broadcast
ip ospf priority 0
delay 900
cdp enable
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile vpnprof shared
!
interface FastEthernet0/0
description INTERNET
ip address dhcp #allow for DHCP, or you can set static.
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address autoconfig default
ipv6 enable
!
interface FastEthernet0/1
description TO RPi NETWORK
ip address 172.31.4567.101 255.255.255.252 # Must match subnet
ip pim sparse-mode
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1400
ip igmp query-interval 125
duplex auto
speed auto
!
interface Serial0/0/0
mtu 2104
no ip address
encapsulation stun
clock rate 9600
stun group 130
stun route all tcp 172.31.4.102 #change to the IP of the RPi
!
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
!
router ospf 1
network 10.2.4.130 0.0.0.0 area 0
network 172.21.4.130 0.0.0.0 area 0
network 172.31.4.100 0.0.0.3 area 0
! Turn off Crap
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip pim bidir-enable
ip pim spt-threshold infinity
ip nat inside source list NAT interface FastEthernet0/0 overload
#update these with your RPi Address.
ip nat inside source static tcp 172.31.4.102 22 interface FastEthernet0/0 45632
ip nat inside source static tcp 172.31.4.102 222 interface FastEthernet0/0 222
ip nat inside source static tcp 172.31.4.102 8080 interface FastEthernet0/0 8080
ip nat inside source static udp 172.31.4.102 4569 interface FastEthernet0/0 4569
!
ip access-list standard NAT
permit 172.31.0.0 0.0.255.255
!
ip access-list extended VTY-ACL
! UPDATE THIS.
permit tcp 192.168.0.0 0.0.255.255 any range 22 telnet
permit tcp 44.98.0.0 0.0.255.255 any range 22 telnet
permit tcp 208.38.136.0 0.0.0.255 any range 22 telnet
permit tcp host 67.78.199.10 any range 22 telnet
permit tcp 10.0.0.0 0.255.255.255 any range 22 telnet
permit tcp host 96.254.123.27 any range 22 telnet
permit tcp 172.16.0.0 0.15.255.255 any range 22 telnet
deny ip any any log-input
!
ip radius source-interface FastEthernet0/0
logging origin-id hostname
logging source-interface FastEthernet0/0
logging 44.98.254.1
!
snmp-server community p25nx RO
!
line con 0
exec-timeout 0 0
line aux 0
modem DTR-active
no exec
transport input telnet
transport output none
stopbits 1
line vty 0 4
access-class VTY-ACL in #VTY ACL
exec-timeout 180 0
transport input telnet ssh
escape-character 3
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server pool.ntp.org