Self-configuration when plug the provider's cable

Unanswered Question
Jan 21st, 2008
User Badges:

Hi all

I've a 1801 router with a recently erased NVRAM with command "write erase".

When i plug the ethernet cable of my internet provider and i reload it, it autocinfigures with some config that my provider sends, including the hostname, the fastethernet 0 interface with dhcp configuration, etc.

Anyone can explain me what happens here?

Attached you can find the "sh run" and "sh ip int brief" outputs

Thanks

Miquel



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
msbassols Mon, 01/21/2008 - 02:36
User Badges:

Thank you patrick but i don't think so


Look at my fastethernet0 interface, the default state is in shutdown and no ip address but in my case, selfs configure at ip address dhcp, no shutdown and i obtain public address from my provider with no command issued after the write erase command. The Same for the hostname, look at my router's name (cliente-32520) i never issued this name and is in spanish language like my provider...


patrickvanham Mon, 01/21/2008 - 02:49
User Badges:

Sorry, as you were discussing your ISP I mistakenly looked at the ATM interface. What happens if you go into global configuration mode and type in "default interface FastEthernet0"?


If the configuration is still dhcp, I'd say the ISP has made some changes to the default configuration. I was also going to suggest unplugging all cables except console and do write erase again and reload, still with only the console cable.

Pavel Bykov Mon, 01/21/2008 - 02:45
User Badges:
  • Silver, 250 points or more

All is because "ip address dhcp" command on the interface.


Delete that. Try erasing nvram, and then rebooting the router with the ISP cable unplugged.


Remember, if port was down when router boots, it would have NO WAY of getting the infromation from outside. Therefore the theory of it receiving the configuration from the provider could be the work of Configuration Register.


Check "show version" to see if it is 0x2102. Otherwise try rebooting it with no config with cables unplugged. After boot is ok, you can connect to the ISP and see, that if there is no dhcp command, it will not be configured.



Also, what do you think is DHCP is for? PCs are configured by DHCP just like that. That's how it works.

pcameron Mon, 01/21/2008 - 03:35
User Badges:
  • Cisco Employee,

It's actually happening because this command is in the system config -


service config


This enables autoloading of configuration files from a network server. Normally it would look at the IP address configured under the boot host or boot network commands, but as these are not configured, the router sends a tftp broadcast request for a file called 'router-config' to 255.255.255.255.


It looks like the ISP has is picking this up and responding with a basic config template, which also includes the ip address dhcp' under the FE port.


If you plug a console into the router during the boot you will probably see a reference as the config request is accepted and a file is sent in response.


The solution - put in 'no service config' to prevent the router from broadcasting the config request.


Refer here for more background -


http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_command_reference_chapter09186a00800d9c3b.html#xtocid109669


amolwaghmare Mon, 01/21/2008 - 06:18
User Badges:

if wanna hack his router simply be in his network and send wrong configuration file !

Richard Burts Mon, 01/21/2008 - 09:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Amol


If you can be connected to the network on the interface that sends the request at the time that the request is sent, and if you respond to the request before the provider does, then you could tftp your own version of the config file. Once the router has received the tftp of the original config file it does not continue to accept tftp of more config files. So while there is some security risk in this, it is probably not a great risk.


HTH


Rick

Actions

This Discussion