- Cisco Community
- Technology and Support
- Networking
- Routing
- Cisco 887 VA-M initial configuration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Cisco 887 VA-M initial configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2019 06:30 AM
Hi dear Cisco community
As a non CCNA engineer (please excuse me) so I'm not very familiar with the IOS and CLA.
Nevertheless I've decided, or I shall rather say I was forced, to start my adventure with the CISCO ISR 887 VA-M by my lovely ISP Vodafone. Their router is well... utterly s%$# at best and drops my VDSL connection several times a day and cannot work in bridge mode.
Router Configuration
After my research I have found that CISCO 887 VA-M router is officially certified by BT Openreach for VDSL2 (80Mb/20Mb) connection and it cost very reasonable money. So I bought one and I'm kind of stuck as device is in factory reset condition.
I have two options on how to configure it that depends on few factors.
I have static IP from my ISP, an ESXi server with 4 NICs running few VMs that are sitting in DMZ with few services NATed to local IPs and a WS2016 Domain Controller running DNS and DHCP that will obviously be on LAN. Nothing fancy but without better knowledge of the device architecture and IOS it get's quite frustrating. I would also like to use VPN client to connect remotely.
I have a working setup that was previously using WatchGuard firewall through Virgin Router running in a bridge mode.
It was all set and running using dynDNS but as Virgin is a ripoff (£65 no static IP vs £24 on Vodafone with static IP a month) I have decided to swap the ISP.
So, I can swap entirely to CISCO 887 VA-M if this device can provide me access to the built-in web console for Firewall, NAT, VLANs, VPN and routing. Unfortunately I could not find any information if such feature is available. Does any one of you guys know if the 887 VA-M provides it or if there is an alternate way through for example a desktop app? (CCP is a no-go as it requires Java 1.6 or lower).
If there is no web or desktop app then I could continue using my existing setup and 887 in a bridge mode.
So far I have configured all LAN ports on VLAN1, a C class IP address for the VLAN1, I can ping it and all ports are in no shutdown (as well as VLAN) as an exercise.
Taking above to the account could you please answer and help with following:
1. Is there web or software console for FW, NAT, VLAN, L3 and VPN? If yes, how to configure, if not go to 5.
2. How to configure PPPoE for VDSL2 connection?
3. Would the configuration with NAT, FW and VPN still allow me to use full VDSL2 bandwidth (80/20 Mbs)? If not, go to 5.
4. Knowing my setup would you suggest to configure spanning tree (rest of the L2 switches are unmanaged in flat topology)
5. How to configure PPPoE vor VDSL2 in bridge mode?
6. How to disable PoE on FETH0 FETH1?
7. What else should I configure to keep it stable and safe?
I don't need to use PoE as I have dedicated PoE switch for my CCTV, I'm also not too worried about power saving so I would prefer to run everything on 100% always on (except PoE)
There are plenty of options in the help guide but I'm not familiar with many of them:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide/SCG800_Guide_BookMap_chapter_010.html
I know that I ask for a big favour, but it would be greatly appreciated.
Thanks in advance.
- Labels:
-
Other Routers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2019 08:08 AM
Hello,
I think CCP is the only web interface the 887 uses as GUI, so if you cannot use that, you are kind of stuck with the command line. Which to be honest is not too bad, as it is a lot easier than the GUI, in my opinion. You need to access the 887 through the console port and use a free software such as Putty in order to get access.
Below is a sample configuration. What is your experience with the command line ?
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname Vodafone_Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret enablesecret
enable password enablepassword
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
memory-size iomem 10
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
!
no ip source-route
!
ip dhcp excluded-address 192.168.0.0 192.168.0.5
ip dhcp excluded-address 192.168.0.100 192.168.0.255
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
dns-server yourdnsserveripaddress
default-router 192.168.1.1
!
ip cef
!
archive
log config
logging enable
logging size 500
hidekeys
username username secret password
!
controller VDSL 0
operating mode vdsl2
modem customUKAnnexM
modem customUKAnnexA
modem UKfeature
!
ip ssh version 2
!
bba-group pppoe global
!
interface Ethernet0
no ip address
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description Downlink to Switch
no ip address
duplex full
speed 100
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer1
description Vodafone vDSL
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname {ISP-USERNAME-HERE}
ppp chap password 0 {ISP-PASSWORD-HERE}
ppp pap sent-username {ISP-USERNAME-HERE} password 0 {ISP-PASSWORD-HERE}
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 remark vty
access-list 23 deny any log
dialer-list 1 protocol ip permit
!
line con 0
logging synchronous
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
escape-character 3
!
scheduler max-task-time 5000
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2019 11:48 AM
Firstly, thank you for replying to my post.
My first post and an almost immediate response, this is very impressive.
Secondly, I have done some research about the ISR 887 and it seems that it's not best at handling 80Mbs connection with firewall and NAT at the same time. I have found an information that with VPN enabled on top of it the bandwidth can drop even to 25Mbs.
This is obviously understandable as we are talking about almost a 10 years old device model.
So I think that my best option is configure it in a bridge mode between Eth0 and FEth0.
To answer your question regarding CLI I can tell that although I'm not familiar CISCO commands I can do PowerShell, CMD, Linux and some Java and HTML, so I guess that this is not much different. I was able as an exercise to configure VLAN and enable all switch ports myself, so this must not be that much complicated.
I would appreciate if you could send me a config for 887VA-M to use it as a VDSL2 modem so that I could pass all the traffic and public IP straight through it onto the WAN port of my WatchGuard firewall. If that's possible please let me know in which line I should add my PPPoE credentials. Hopefully that should do.
To make it easier I can factory reset the router to start from scratch. Would you be able to help?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2019 12:57 PM
Hello,
to be honest, if you use a Watchguard (Firebox I assume), you would not need the Cisco, at all. The PPPoE configuration would go on the external interface of the Watchguard (assuming that you have a model that supports VDSL, such as the T10-D). I think the Fireboxes have a much higher throughput than the Ciscos (and as you already said, your model is very old).
The sample configuration I sent is for the Cisco being directly connected to the ISP. Since you already own the device, you might as well try and configure it and get it connected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2020 03:28 PM
Hello All,
I have been trying to configure a Cisco 887 VAW since the one I have been supplied by ISP is not very good, I have below configuration but still not working, can you advise where I'm going wrong, many thanks.
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname Cisco_ISP_ROUTER
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
memory-size iomem 10
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
!
no ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool INTERNAL-LAN
import all
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
!
no ip domain lookup
ip inspect WAAS flush-timeout 10
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C887VA-W-E-K9 sn FCZXXXX
!
!
archive
log config
logging enable
logging size 500
hidekeys
!
!
!
!
controller VDSL 0
operating mode vdsl2
modem customUKAnnexM
modem customUKAnnexA
modem UKfeature
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no ip route-cache
shutdown
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
no ip route-cache
!
interface Ethernet0
no ip address
shutdown
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe-client dial-pool-number 1
!
interface FastEthernet0
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
!
interface Vlan1
no ip address
!
interface Vlan100
description INTERNAL-LAN
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
description Dialer for VDSL
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
interface Dialer1
no ip address
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool LAN-NET 192.168.1.1 192.168.1.254 netmask 255.255.255.0
ip nat inside source list 1 pool INTERNAL-LAN overload
ip nat inside source list INTERNAL-LAN interface Dialer1 overload
ip nat inside source list LAN-POOL interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
transport output all
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
*************************************************************INTEGRATED AP Config**************************************************************
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco887AP
!
logging rate-limit console 9
enable secret 5 $1$Fv.X$hTBqpl5EicsYw9bvJos10/
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid Cisco_2.4GHz
vlan 100
dot1x credentials XXXXXXXX
!
!
!
username XXXX password XXXX
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
!
encryption vlan 100 mode wep mandatory
!
broadcast-key vlan 1 change 45
!
!
ssid Cisco_2.4GHz
!
antenna gain 0
channel 2462
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2020 12:08 AM
Hello,
try and make the changes/additions marked in bold:
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname Cisco_ISP_ROUTER
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
memory-size iomem 10
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
no ip source-route
ip cef
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
--> ip dhcp excluded address 192.168.100.1
!
--> ip dhcp pool LAN
--> network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
--> ip dhcp pool WIRELESS
--> network 192.168.100.0 255.255.255.0
--> default-router 192.168.100.1
--> dns-server 8.8.8.8 8.8.4.4
!
no ip domain lookup
ip inspect WAAS flush-timeout 10
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid C887VA-W-E-K9 sn FCZXXXX
!
archive
log config
logging enable
logging size 500
hidekeys
!
controller VDSL 0
operating mode vdsl2
modem customUKAnnexM
modem customUKAnnexA
modem UKfeature
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no ip route-cache
shutdown
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
no ip route-cache
!
interface Ethernet0
no ip address
shutdown
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe-client dial-pool-number 1
!
interface FastEthernet0
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 100
no ip address
no cdp enable
spanning-tree portfast
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
--> switchport mode trunk
--> switchport trunk native vlan 100
!
interface Vlan1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Vlan100
description WIRELESS
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
description Dialer for VDSL
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
--> no interface Dialer1
no ip address
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
--> no ip nat pool LAN-NET 192.168.1.1 192.168.1.254 netmask 255.255.255.0
--> no ip nat inside source list 1 pool INTERNAL-LAN overload
--> no ip nat inside source list INTERNAL-LAN interface Dialer1 overload
--> no ip nat inside source list LAN-POOL interface Dialer1 overload
--> no ip route 0.0.0.0 0.0.0.0 Dialer1
--> ip nat inside source list 1 interface Dialer 0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 permit 192.168.1.0 0.0.0.255
--> access-list 1 permit 192.168.100.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
transport output all
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
*************************************************************INTEGRATED AP Config**************************************************************
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco887AP
!
logging rate-limit console 9
enable secret 5 $1$Fv.X$hTBqpl5EicsYw9bvJos10/
!
no aaa new-model
!
dot11 syslog
!
dot11 ssid Cisco_2.4GHz
vlan 100
dot1x credentials XXXXXXXX
!
username XXXX password XXXX
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 100 mode wep mandatory
!
--> broadcast-key vlan 100 change 45
!
!
ssid Cisco_2.4GHz
!
antenna gain 0
channel 2462
station-role root
!
--> interface Dot11Radio0.100
--> encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
--> interface GigabitEthernet0.100
description the embedded AP GigabitEthernet 0 is an internal interfaceconnecting AP with the host router
--> encapsulation dot1q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
--> ip default-gateway 192.168.100.1
--> bridge 1 protocol ieee
--> bridge 1 route ip
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2020 06:23 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2020 06:25 AM
Hello Georg Pauwen / All,
Thanks for the promt reply, it was much appreciated. So I'm trying to set up a Cisco 887VAW for home use with a personal and a Guest WiFi. The Cisco 887 which has an integrated AP so I dont need to configure an external AP.
I have an ASA5505 which I would like to deply somtime, but for now if I can get the router working I'd be happy.
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime localtime
no service password-encryption
!
hostname Cisco887_ISP
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
memory-size iomem 10
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
!
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.100.1 192.168.100.49
ip dhcp excluded-address 192.168.100.144 192.168.100.254
ip dhcp excluded-address 172.16.100.1 172.16.100.49
ip dhcp excluded-address 172.16.100.200 172.16.100.254
!
ip dhcp pool LOCAL
network 192.168.100.0 255.255.255.0
default-router 172.16.100.254
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool GUEST
network 172.16.100.0 255.255.255.0
default-router 172.16.100.254
dns-server 8.8.8.8 8.8.4.4
!
!
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C887VA-W-E-K9 sn FCZ1644C2K6
!
!
!
!
!
!
controller VDSL 0
operating mode vdsl2
!
!
!
!
bridge irb
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 1/32
bridge-dot1q encap 101
pppoe-client dial-pool-number 1
!
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
description VDSL Internet connection - VLAN 101 tagged (VLAN provided by ISP)
encapsulation dot1Q 101
pppoe-client dial-pool-number 1
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 100
switchport mode trunk
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
bridge-group 1
!
interface Vlan100
description WIRELESS
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
bridge-group 2
!
interface Dialer0
description ADSL WAN
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ppp chap password 0 gu78Mwlc
ppp pap sent-username XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.100.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
bridge 1 route ip
bridge 2 route ip
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco887AP
!
logging rate-limit console 9
enable secret 5 $XXXXXXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid VODAFONE_2.4GHz
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXX
!
dot11 ssid VODAFONE_2.4GHz (Guest)
vlan 100
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
username Cisco password 7 XXXXXXXXXXXXXXXXXXX
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.100.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2020 10:00 AM
Hello,
make the changes marked in bold. Can you ping 8.8.8.8 from the router ?
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
--> no bridge-group 1
interface Vlan100
description WIRELESS
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
--> no bridge-group 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2020 11:47 AM
I will amend the config as suggested and will let you know how I get on, In the meantime, is there a reason for removing the bridge-group 1 and 2, I thought the bridge-group was required, or is that only if using external AP ?
Cisco887_ISP# sh ver
Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
NAME: "C887VA-W-E-K9 chassis", DESCR: "C887VA-W-E-K9 chassis"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2020 12:17 PM
1) Now able to ping the google and BBC dns.
2) What about LAN interfaces, should they not be configured with IP or should I configure DHCP, I will be using the LAN ports for PS4/XBOX/PC/Laptop?
3) The only thing left now is my SSID not being advertised, and would like to use Private and Guest Wifi.
4) I will be configuring ASA5505 soon, and may use one of the LAN ports on this router, so any specific config needed for this port, not urgent just now, but will be good to know.
Sending 500, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Success rate is 100 percent (500/500), round-trip min/avg/max = 32/33/60 ms
Cisco887_ISP#ping 151.101.64.81 (BBC.co.uk)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 151.101.64.81, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/40 ms
Cisco887_ISP#sh ip int brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM initializing down
ATM0.1 unassigned YES unset initializing down
Dialer0 90.253.192.184 YES IPCP up up
Ethernet0 unassigned YES NVRAM up up
Ethernet0.101 unassigned YES unset up up
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
NVI0 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset up up
Vlan1 192.168.1.1 YES NVRAM up up
Vlan100 192.168.100.1 YES NVRAM up up
Wlan-GigabitEthernet0 unassigned YES unset up up
wlan-ap0 unassigned YES NVRAM up up
q
bridge-group removed from the VLAN
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan100
description WIRELESS
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
Controller VDSL 0 is UP
Daemon Status: Up
XTU-R (DS) XTU-C (US)
Chip Vendor ID: 'BDCM' 'IFTN'
Chip Vendor Specific: 0x0000 0xB206
Chip Vendor Country: 0xB500 0xB500
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x4602 0x0000
Modem Vendor Country: 0xB500 0x0000
Serial Number Near: C887VA-W 15.1(4)M
Serial Number Far: 5502321626
Modem Version Near: 15.1(4)M
Modem Version Far: 0xb206
Modem Status: TC Sync (Showtime!)
DSL Config Mode: VDSL2
Trained Mode: G.993.2 (VDSL2) Profile 17a
TC Mode: PTM
Selftest Result: 0x00
DELT configuration: disabled
DELT state: not running
Trellis: ON ON
Line Attenuation: 0.0 dB 0.0 dB
Signal Attenuation: 0.0 dB 0.0 dB
Noise Margin: 6.2 dB 6.2 dB
Attainable Rate: 77428 kbits/s 20889 kbits/s (My ISP confirmed I should be getting 66 Mbps download,this does not seem right)
Actual Power: dBm - 4.0 dBm
Per Band Status: D1 D2 D3 U0 U1 U2 U3
Line Attenuation(dB): 5.8 12.5 20.6 0.1 9.9 14.5 N/A
Signal Attenuation(dB): 5.8 12.5 20.6 0.1 9.7 14.4 N/A
Noise Margin(dB): 6.4 6.2 6.2 8.7 6.6 6.0 N/A
Total FECS: 352 273
Total ES: 0 0
Total SES: 0 0
Total LOSS: 0 0
Total UAS: 0 0
Total LPRS: 0 0
Total LOFS: 0 0
Total LOLS: 0 0
Bit swap: 44 1
Full inits: 1
Failed full inits: 0
Short inits: 0
Failed short inits: 0
Firmware Source File Name (version)
-------- ------ -------------------
VDSL embedded VDSL_LINUX_DEV_01212008 (1)
Modem FW Version: 110506_1916-4.02L.03.A2pv6C032b.d23i
Modem PHY Version: A2pv6C032b.d23i
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 64647 0 19993
Previous Speed: 0 0 0 0
Reed-Solomon EC: 0 352 0 273
CRC Errors: 0 0 0 0
Header Errors: 0 0 0 0
Interleave (ms): 0.00 7.00 0.00 8.00
Actual INP: 0.00 3.00 0.00 2.10
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
