Hello Georg,

I was confused by the ports available and from the tutorial i followed, just known that there are several models with different number of ports in Cisco 800 Series. My WAN port is solve and i have another problem is it okay to add another issue here? My other issue is i dont have internet connection even if i follow the wizard in CCPE web and from CLI with the basic tutorials. can you also help me with this? please see #show run

Building configuration...

Current configuration : 5156 bytes
!
! Last configuration change at 18:11:24 GMT Wed Feb 6 2036 by admin
!
version 15.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
wan mode ethernet
clock timezone GMT 7 0
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
dns-server 10.10.10.1
lease 0 2
!
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 1.1.1.1
!
!
!
ip domain name router.cisco
ip name-server 192.168.1.1
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
!
!
!
!
!
!
!
!
!
!
!
!
object-group network local_cws_net
!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
any
!
object-group network vpn_remote_subnets
any
!
username admin privilege 15 secret 5 $1$ja2P$Ut2s1Yvd8IZN/yh3.lxMi1
!
!
controller VDSL 0
shutdown
no cdp run
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list INTERNET_NAT_ACL interface GigabitEthernet2 overload
ip nat inside source list nat-list interface GigabitEthernet2 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended INTERNET_NAT_ACL
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended OUTSIDE_FILTER_IN
permit tcp any host 192.168.1.104 established
permit icmp any host 192.168.1.104 echo-reply
permit udp host 8.8.8.8 eq domain host 192.168.1.104
permit udp host 1.1.1.1 eq domain host 192.168.1.104
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
!
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
banner exec ^C
% Password expiration warning.<

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username

cisco

for one-time use. If you have already used the username

cisco

to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C

-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username

cisco

with the password

cisco

These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> 

with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------

^C
!
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 60000 1000
!
end

Try simple :

no ip nat inside source list INTERNET_NAT_ACL interface GigabitEthernet2 overload
no ip nat inside source list nat-list interface GigabitEthernet2 overload
ip nat inside source list 23 interface GigabitEthernet2 overload
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet2
ip route 0.0.0.0 0.0.0.0 GigabitEthernet2 dhcp
!
no ip access-list extended INTERNET_NAT_ACL
!

see how that works ?

I agree with the comment about configuration wizard and like most of your suggestions. One picky point is the mismatch between the DHCP pool which defines 10.10.10.0 as /24 and vlan 1 interface which defines it as /25.

Hello good day, I followed your config with few addon while slowly configuring in CLI, I have internet in client side but i have to manually input the IP Address. Can you please guide me again regarding DHCP so i can set my pc in auto obtain? please see attached config

Current configuration : 1725 bytes
!
! Last configuration change at 03:17:31 UTC Thu Feb 7 2036
!
version 15.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
wan mode ethernet
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool LAN
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
dns-server 8.8.8.8
!
!
ip cef
no ipv6 cef
!
!
controller VDSL 0
shutdown
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 10.10.10.1 255.255.255.128
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet2 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet2 dhcp
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
access-list 1 permit 10.10.10.0 0.0.0.127
access-list 23 permit 10.10.10.0 0.0.0.127
!
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 60000 1000
!
end

Thanks for the update. Glad to know that you have worked through the config using CLI and that now you do have Internet access. I am puzzled that you say "but i have to manually input the IP Address." From what I am seeing in the config I would expect that DHCP would be working. Can you tell us which port your pc connects to, and confirm that if you configure the pc for DHCP that it does not receive an IP address?

One note is about access list 23. It was used in the original config as part of the access-class config. It is not used for that now and I see no reason to have it in the config now.

I am surprised to see this under the line vty

transport input none

The result of this is that there will be no connection to the vty lines (used for SSH or telnet access to the router). Perhaps that is what you intended? If not then remove it.

Hi Richard, I think I have properly configured it on its basic configuration as of now. I'm wondering if its normal for this model to have a maximum throughput of 200Mbps while my ISP can achieve 1000Mbps? This is my working configuration...

Current configuration : 1700 bytes
!
! Last configuration change at 21:34:51 UTC Mon Jan 1 1900
!
version 15.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
wan mode ethernet
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool LAN
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
dns-server 8.8.8.8
!
ip cef
no ipv6 cef
!
controller VDSL 0
shutdown
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 10.10.10.1 255.255.255.128
ip helper-address 10.10.10.1
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet2 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet2 dhcp
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 1 permit 10.10.10.0 0.0.0.127
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 60000 1000
!
end

I do not have any good response about the throughput question. Perhaps someone else might?

Your config looks pretty good. I do not see any serious issues. I do have a couple of comments:

- I am not sure where this came from or what it is intended to accomplish

ip helper-address 10.10.10.1

helper-address is usually used if the dhcp server is remote. But the dhcp is provided on this device. This is not a problem. But why is it here? My suggestion is to remove it.

- transport input none

on the vty. I commented on this before. I am not sure if this in intentional or not. It will prevent remote access to the device. If that is what you intended then you have achieved your goal. If that is not what you intended then what was its purpose?

Otherwise I believe that this config is simple but serviceable.

i just remove the ip helper address line.. and to my surprise I was able to obtain IP Address.. waaaahh I think it needs time just to obtain an ip address.. is this normal for cisco? thank you Richard for pointing it out and I've learned a lot.. have a nice day ahead! 

regarding the vty I did not do anything i think its default, I will need to check and read about it as I'm still new to cisco hehe, as of now I'm using console to usb and will try to open remote access. thank you a lot!

What is normal for Cisco is that if the client requesting an IP address from DHCP and the device providing the DHCP service (in your case the router) are in the same subnet then no additional configuration is needed. The client sends the request, the server receives the request, server sends the address, client receives the address. There could be some reasons why this might process a bit slowly (I believe that DHCP is a relatively low priority task for Cisco routers). I wonder if some of the delay might be booting and initializing on the PC, and establishing connectivity. When the PC is running and has an address, if you send a release and then a renew does it get the address quicker?

I am not so familiar with the particular model of Cisco router that you are using and am not sure what its defaults are. For most Cisco routers on the vty the default is transport input all. I am not sure why the default would be different on this router, but perhaps it is. At any rate when you get a chance test whether you are able to connect to it using telnet or using SSH (after you have enabled SSH on the router). If it works that is good (and I am surprised, but sometimes that happens). If access using telnet/SSH does not work then change the vty to transport input all and see if that fixes it.

when doing ipconfig /release and /renew it does obtain a bit faster compared to disabling and enabling the network interface. 

regarding the vty, i have added these lines and now i can access ssh on the LAN side. i think this is correct as i only want to use ssh.  

!
line vty 0 4
login local
transport input ssh
!

thank you very for the time and guidance.

Thanks for the update. Glad to verify that release and renew is quicker than disabling and enabling the network interface. That is as I would expect.

Configuration of the vty is appropriate if you want to use SSH and not telnet.

You are welcome. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.