The Cisco 678

The Cisco 678 is a little DSL (ADSL/ATM) to ethernet router that is often used in home applications (they call it a CPE, which stands for "Customer Premises Equipment" -- cisco loves these acronyms). There are a whole flock of 600 series routers (we resist the temptation to call them modems) with different features and even external connections. The 675 is almost the same as the 678, but mine is a 678 and the detailed differences are spelled out in the following Cisco 600 series manual. The 678 supports DMT encoding and the 675 does not, that seems to be the main difference. DMT stands for "discrete multi tone". The 678 runs at 8032 receive/864 transmit (kbps). The 675 runs at 7168 receive/1088 transmit (kbps).

They both support an amazing collection of TCP/IP protocols, including telnet, http, tftp, smtp, dhcp, various NAT schemes, arp, rip, icmp, and more. A big table in the manual details the specific differences between the different boxes. The typical unit will have a pair of RJ-11 hookups for the telephone line and an actual telephone, and an RJ-45 for the ethernet hookup. Mine has a serial port via another RJ-45, with a special cable to connect a terminal or the equivalent (they call this the management port). Use 38400, 8 data, no parity, one stop bit, and no flow control.

The lights are as follows:

To dork with it using the "management" serial port, hit enter over and over until you see some kind of prompt announcing the CBOS version and asking for a password. Here are some possible commands: 

show version
enable
write (saves changes to NVRAM)
reboot
quit (leaves CBOS)
set telnet timeout off
set prompt billybob
set password exec password
set password enable password

set bridging rfc1483 enabled
(a 678 can either be a bridge or a router, not both)
(bridging is either rfc1483 or ppp/bcp, but not both)

set int eth0 address 

set web disabled
set web enabled

set dhcp server enabled
show dhcp server pool 0
show dhcp server

set dhcp client enabled
set dhcp client interface eth0
show dhcp client

set nat enabled
show nat

set nat entry add     proto
(proto is UDP, TCP, or ICMP)
(port 23 is telnet, 69 is TFTP, 161 is SNMP, 80 is HTTP)
set nat entry add 10.0.0.2 80 216.160.92.4 80 tcp (forwards HTTP)
set nat entry add 10.0.0.2 20 216.160.92.4 20 tcp (forwards FTP)
set nat entry add 10.0.0.2 21 216.160.92.4 21 tcp (forwards FTP)


set nat entry delete
set nat timeout
set nat outside-IP

set radius enabled
set radius remote x.x.x.x
set radius secret mysecret
set ppp wan0-0 radius enabled
set ppp wan0-0 login cisco
set ppp wan0-0 password fishball
show radius

set snmp enabled
set snmp disbled
set snmp remote 198.162.2.57
set snmp traps 198.162.2.50

set syslog remote 

set interface eth0 address 192.168.34.9
set interface eth0 mask 255.255.255.0

set interface wan0-0 dest 192.168.34.10
(wan0 is a physical WAN port, wan0-x is a logical WAN port)

(vpi may range from 0-3, vci may range 0-63)

set interface wan0 maxvcs 1-8
set interface wan0-0 enable
set interface wan0-0 disable
set interface wan0-0 open
set interface wan0-0 close

set interface wan0-0 vpi 2
set interface wan0-0 vci 4

set route 
set route add ip 192.168.9.1 gw 192.168.10.250
set route add ip 192.168.10.0 mask 255.255.255.0 gw 192.168.245.228 metric 1
set route default 192.168.245.228

set rip enabled
set rip disabled

set filter 0 on deny eth0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

stats
stats wan0

To do anything "interesting" with a cisco router, you need to type enable. CBOS (the cisco operating system that runs in the router), has two modes known as exec and enable. Exec mode is useful for examining things, but is safe in that you cannot change any settings. Enable does require a password.

To use telnet, telnet must be enabled in CBOS. TFTP is used to backup configuration files, and to update CBOS firmware. New CBOS images for CBOS version 2.3 or higher are named c627..bin Config files may be put as the name nscfg.cfg.

To use tftp to upgrade the CBOS image: 

su
tftp
mode binary
put 12.0.8.5:nsrouter.c678dmt.2.3.5.012.bin
On the CBOS side, use show errors to verify that tftp is working. reboot will activate the image (use show version to check).

CBOS version 2.4.2 and earlier had vulnerabilities, in particular the code red worm would explit the web interface on CBOS through 2.4.2ap, and would even cause a denial of service issue if the web service was disabled. This was fixed in CBOS 2.4.3 (My 678 shipped with version 2.4.1) A good, but not fully effective workaround is to set the web port number to some value greater than 1024 via: 

set web port 1025

You may want to upgrade to 2.4.6 (which was available on the Qwest DSL site August 2, 2007), here is the stuff. Be SURE you have a 675 or a 678 to use this (I was nervous about using this with a 678, until I called qwest (August 3, 2007) and was directed to the second link, which provides an identical image. The short ReleaseNotes (dated 05/20/2002) simply says this is for 6xx series access routers (yep, they call them routers). As with any firmware upgrade, be ready for trouble if you do this. If it is good it will be simple and easy, if it is bad, you will have a dead modem. You probably want to save the image of your config and current OS before you do it.

To put the modem into bridge mode (it comes, or mine did, in PPP mode), do this: 

cbos> enable
Password:
cbos# set nvram erase
cbos# write
cbos# reboot
Password:  (unless you've set an exec password)
cbos> enable
Password:  (will bring up cbos# unless you've set an enable password)
cbos# set bridging rfc1483 enable
cbos# set bridging management enable (this is not required but it allows web management)
cbos# set int wan0-0 disable
cbos# set int wan0-0 vpi 0 vci 32
		(vpi - 1 for cap and 0 for DMT)
		(vci - 1 for cap and 32 for DMT or 35 for AOL)
cbos# set int wan0-0 enable
cbos# write
cbos# reboot
Feedback? Questions? Drop me a line!

Uncle Tom's Computer Info / [email protected]