Cisco 800 series router configuration for beginners - Page 2

eugeneg99 · ‎09-05-2012

I have just bought my first non-domestic router, a CISCO 887VA-K9 which needs basic configuration to get it working. I have a copy of the configuration guide (334 pages) and CP Express user's guide (94 pages) and have spent an hour reading but either they are missing something or my brain is too small to figure out step 1. Would some kind soul please just give me a clue how to get started. Perhaps from where to download a CP Express installation kit for Windows.

Is the only way via a terminal emulator connected via a serial port ? Is there a graphical interface I can use ? Are there any basic tutorials for beginners ? This is probably the only non-domestic routrer I shall work on so I don't want to invest in a full training course. I just need enough to plug in the ISP credentials and set up DHCP.

blau grana · ‎05-06-2013

aaa new-model

!

aaa authentication login default local

aaa authentication enable default enable

!

username dubem password YOUR_PASSWORD

! enable http server -> you should be able to configure via web now

ip http server

You did not configure NAT, that is reason why your local LAN is unable to access internet. Do you have access to internet from router?

# ping 8.8.8.8

Can you post current configuration?

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

cadet alain · ‎05-06-2013

Hi,

post your running-config.

Regards

Alain

Don't forget to rate helpful posts.

chidubem1 · ‎05-06-2013

Please understand that you are helping a newbie....always indicate a step by step approach....thanks.

here under is the current config. How do I enable the http and configure the NAT?

MSHIELD#show running-config

Building configuration...

Current configuration : 6586 bytes

!

! Last configuration change at 12:50:17 UTC Mon May 6 2013 by admin

version 15.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname MSHIELD

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 10 log

security passwords min-length 6

logging buffered 4096

logging console critical

enable secret 5 $1$PjmY$GRm4BWTG6PZFKj.NC.kgw/

enable password 7 10460C1809031A1903113E2E3679

!

aaa new-model

!

aaa authentication login local_auth local

!

aaa session-id common

memory-size iomem 10

!

no ip source-route

no ip gratuitous-arps

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

ip dhcp excluded-address 192.168.0.1 192.168.0.99

!

ip dhcp pool MSHIELD-Pool

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 192.168.0.2 192.168.0.1 8.8.8.8

domain-name multishieldltd.com

!

no ip bootp server

ip domain name multishieldltd.com

ip inspect audit-trail

ip inspect udp idle-time 1800

ip inspect dns-timeout 7

ip inspect tcp idle-time 14400

ip inspect name autosec_inspect ftp timeout 3600

ip inspect name autosec_inspect http timeout 3600

ip inspect name autosec_inspect rcmd timeout 3600

ip inspect name autosec_inspect realaudio timeout 3600

ip inspect name autosec_inspect smtp timeout 3600

ip inspect name autosec_inspect tftp timeout 30

ip inspect name autosec_inspect udp timeout 15

ip inspect name autosec_inspect tcp timeout 3600

ip cef

login block-for 6 attempts 3 within 5

no ipv6 cef

!

license udi pid CISCO881-K9 sn FCZ1639C0TZ

!

username admin password 7 04530E070335445C060C111200

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

shutdown

!

interface FastEthernet3

no ip address

shutdown

!

interface FastEthernet4

ip address 41.203.YY.XX 255.255.255.252

ip access-group autosec_firewall_acl in

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect autosec_inspect out

ip verify unicast source reachable-via rx allow-default 103

duplex half

speed auto

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

!

router rip

redistribute connected

network 41.0.0.0

network 192.168.0.0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip access-list extended autosec_firewall_acl

permit udp any any eq bootpc

deny ip any any

!

logging trap debugging

logging facility local2

access-list 100 permit udp any any eq bootpc

access-list 101 permit udp any any eq bootpc

access-list 102 permit udp any any eq bootpc

access-list 103 permit udp any any eq bootpc

dialer-list 1 protocol ip permit

no cdp run

!

snmp-server group mygroup v3 auth read root

snmp-server view root iso included

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps vrrp

snmp-server enable traps call-home message-send-fail server-fail

snmp-server enable traps tty

snmp-server enable traps license

snmp-server enable traps auth-framework sec-violation

snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop conf

ig

snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service

-up

snmp-server enable traps flash insertion removal

snmp-server enable traps adslline

snmp-server enable traps vdsl2line

snmp-server enable traps envmon

snmp-server enable traps c3g

snmp-server enable traps isdn call-information

snmp-server enable traps isdn layer2

snmp-server enable traps isdn chan-not-avail

snmp-server enable traps isdn ietf

snmp-server enable traps mac-notification

snmp-server enable traps energywise

snmp-server enable traps vstack

snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-c

hange inconsistency

snmp-server enable traps aaa_server

snmp-server enable traps atm subif

snmp-server enable traps bfd

snmp-server enable traps memory bufferpeak

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps config-ctid

snmp-server enable traps entity

snmp-server enable traps fru-ctrl

snmp-server enable traps resource-policy

snmp-server enable traps event-manager

snmp-server enable traps hsrp

snmp-server enable traps ipmulticast

snmp-server enable traps msdp

snmp-server enable traps mvpn

snmp-server enable traps cpu threshold

snmp-server enable traps ipsla

snmp-server enable traps syslog

snmp-server enable traps l2tun session

snmp-server enable traps l2tun pseudowire status

snmp-server enable traps vtp

snmp-server enable traps pw vc

snmp-server enable traps firewall serverstatus

snmp-server enable traps nhrp nhs

snmp-server enable traps nhrp nhc

snmp-server enable traps nhrp nhp

snmp-server enable traps nhrp quota-exceeded

snmp-server enable traps waas

snmp-server enable traps gdoi gm-start-registration

snmp-server enable traps gdoi gm-registration-complete

snmp-server enable traps gdoi gm-re-register

snmp-server enable traps gdoi gm-rekey-rcvd

snmp-server enable traps gdoi gm-rekey-fail

snmp-server enable traps gdoi ks-rekey-pushed

snmp-server enable traps gdoi gm-incomplete-cfg

snmp-server enable traps gdoi ks-no-rsa-keys

snmp-server enable traps gdoi ks-new-registration

snmp-server enable traps gdoi ks-reg-complete

snmp-server enable traps ike policy add

snmp-server enable traps ike policy delete

snmp-server enable traps ike tunnel start

snmp-server enable traps ike tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps ethernet cfm alarm

snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down

snmp-server host 192.168.0.1 version 3 auth admin

snmp-server host 192.168.0.1 private

snmp-server host 192.168.0.1 public

!

banner motd ^Cuthorized ^C

!

line con 0

exec-timeout 5 0

login authentication local_auth

transport output telnet

line aux 0

exec-timeout 15 0

login authentication local_auth

transport output telnet

line vty 0 4

password 7 0503030E2D58461B1610031719

login authentication local_auth

transport input telnet

!

end

blau grana · ‎05-06-2013

Hello Dubem,

- configure NAT

interface Fa4

ip nat outside

interface Vlan1

ip nat inside

ip access-list exten NAT_ACL

deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.255.255

permit ip 192.168.0.0 0.0.0.255 any

deny ip any any

route-map MAP_ACL

ip nat inside source route-map MAP_ACL interface Fa4 overload

- enable http and https access

ip http server

ip http secure-server

I noticed that you have no routing configured, just RIP. I do not think that you run RIP with your ISP, probably you were just testing some configuration.

Remove RIP and configure static default route toward internet.

no router rip

ip route 0.0.0.0 0.0.0.0 Fa4 41.203.YY.XX

- IP address 41.203.YY.XX should be IP which ISP assigned to interface toward your router, your next-hop.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

chidubem1 · ‎05-06-2013

Hey grana and Cadet....I love you!

I have been on this for months...lol.

I did what you directed and used my Ip route 0.0.0.0.0 0.0.0.0 Fa4 41. 203. (Isp default gateway address) istread of our WAN IP...then it worked!!!...It worked.!!!!!!..

For the browser-based, i was able to login but the webpage displays nothing.

Grana, You rock!

I will come back tomorrow for the WLAN and Port fowarding. But for today, thanks Grana and Cadet.

mfurnival · ‎05-16-2013

If you are really struggling with the command line you could try SDM (

http://software.cisco.com/download/release.html?mdfid=281795035&softwareid=283768243&release=2.5&relind=AVAILABLE&rellifecycle=&reltype=latest ). SDM is a GUI based tool for managing routers - It is a bit more user friendly than the HTTP interface. It is a retired product these days though - it is fine for basic stuff though.

chidubem1 · ‎05-27-2013

Thaks guys, I went on vacation and resumed a couple of days ago.

What steps should I take to configure the wireless features on my Cisco 881 router. Please help. I appreciate your support so far.

Thanks

Daniel Boling · ‎05-27-2013

If you have been handed a Cisco router with a router port, a lan switch and an access point all in one, I have to agree with mfurnival and suggest to use Cisco SDM software if this is your first experiance with Cisco. If you still want to use the CLI, then you can use the example below.

* I don't see any radio interfaces in the configurations above. Are you sure the model you ordered came with integrated antennas?

! Create an SSID and broadcast:

dot11 ssid MY_SSID

vlan 1

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii MY_PASSWORD

! Configure the physical interface, assuming you have a Dot11Radio0 interface

interface Dot11Radio0

no shutdown

no ip address

encryption vlan 1 mode ciphers tkip

ssid MY_SSID

! Configure a subinterface

interface Dot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

! Configure a BVI, where x.x.x.x x.x.x.x is your LAN gateway IP address and subnet mask

interface BVI1

ip address x.x.x.x x.x.x.x

ip nat inside

ip virtual-reassembly

! Modify your VLAN configuration

interface Vlan1

no ip address

ip nat inside

ip virtual-reassembly

bridge-group 1

bridge-group 1 spanning-disabled

! Other commands

bridge 1 route ip

chidubem1 · ‎05-28-2013

Thanks Danel and Mfurnival. I tried using the SDM and see what I got:

THIS IS AN UNSUPPORTED ROUTER. SDM WILL BE CLOSED AS A RESULT.

I visited cisco's website and found out that my router is not listed to use SDM. My router is 800 series.

I also need to configure Port forwarding on this router and it will be nice if i can use a web-based tool to manage my router.

The router could not also be managed using the IP address when it is typed on the browser's address. It only prompts for username and password once I enter them, a blank page displays on the browser.

If you know of any other web-based or GUI tool please help me with information.

johnlloyd_13 · ‎05-28-2013

Hi,

You can use CCP (latest is version 2.7) given your IOS is supported:

http://www.cisco.com/go/ciscocp

Cisco 880 Series 12.4(20)T

Sent from Cisco Technical Support iPhone App

dudus2222 · ‎06-24-2013

i was able to config LAN dhcp successfuly and my default route wored fine, but i my LAN PCs cant ping public DNS IP nor could they browse internet. only my 800 series router could. pls help.

Daniel Boling · ‎06-24-2013

Please post your config

chidubem1 · ‎06-25-2013

Hi Emma,

Check the Network properties of each computer on your LAN, and ensure that Obtain an IP address automatically is selected. Also ensure that Obtain DNS server address automatically is selected.

michael.grinman · ‎06-26-2013

Hi,
Post your config, I think I know, what's the problem

Michael

Sent from Cisco Technical Support iPad App

dudus2222 · ‎06-27-2013

Thanks you all to your timely response. i got the problem solved. the problem was not from my LAN, every devices in the LAN got appropritate IP from DHCP and can ping my WAN interface IP, only that NAT was not function properly even though i was correctly configured; but this device has a unique statment which needed to be add to my nat inforamtion before nat would ever work well and that is "reversal" i arrive at that by using ? at the end of every command i entered to the router for me to see more useful commands availlable. as a matter of fact the moment i add that, the problem solved every one can connect to the internet. the command "reversal" at the end of NAT overload statement permint NAT in - NAT out on my WAN interface.