cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4096
Views
0
Helpful
25
Replies

I need some help with my Cisco 851 Integrated Services Router

boduzapho
Level 1
Level 1

I bought this router from a friend,

I got the Cisco Configuration Assistant and the Cisco Network Assistant along with the internal java based control application for it. I managed to set up everything I think properly. The Vlan has DHCP set up and it is giving out IP's The Outside WAN interface (Fastethernet4) is set to DHCP and is pulling an IP from my ISP (Cox).

The issue I am having is even though my PC is getting an IP I have no internet access. I made sure NAT was set up to forward unknows to the Fastethernet4 interface. I even turned off the Firewall to ensure it was not blocking me..

Can anyone tell me what I may be missing?

Thanks in advance!

25 Replies 25

So I pulled my line to test and it came up for like 5 seconds, then went away.. again

Hi Ark,

Do you get an IPaddress from four ISP?

I think you can check with "show ip interface brief" command and see if there is any IP behind fa4.

If you got an IP, you can try pinging an outside IP address from your PC's DOS command window.

Br

Dimi

Ok so I got it working, i dont know how, but I do know there is 1 more issue with it...

My Download is limited to about T1 speeds, yet my upload is maxing out at 6 megs (As it should)

Here is the latest config thats working:

User Access Verification

Username: mark

Password:

yourname#show config

Using 2831 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

resource policy

!

ip subnet-zero

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool

   import all

   network 10.10.10.0 255.255.255.248

   default-router 10.10.10.1

   lease 0 2

!

ip dhcp pool mypool

   network 10.10.10.0 255.255.255.0

   dns-server 8.8.8.8 8.8.4.4

   lease 7

!

!

ip cef

no ip domain lookup

ip domain name yourdomain.com

!

!

crypto pki trustpoint TP-self-signed-1837859499

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1837859499

revocation-check none

rsakeypair TP-self-signed-1837859499

!

!

crypto pki certificate chain TP-self-signed-1837859499

certificate self-signed 01 nvram:IOS-Self-Sig#3906.cer

username cisco privilege 15 secret 5 $1$IC4h$/C4XPpTV2sPLwL1OffScd/

username mark privilege 15 secret 5 $1$VJhP$7fvxL41Unrqb8fQGhu7W/1

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip classless

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet4 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

no cdp run

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username "cisco"

with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username   privilege 15 secret 0

no username cisco

Replace and with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------------

^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

yourname#

Any Idea why Im being throttled to 1.54 megs on my Downloads?

Anyway I'm happy to hear that your browsing is working .

For the upload/download speed issue I think you have to contact your service provider .It has nothing to do with configuration . Please make sure about your interface speed and duplex .Also please rate the useful comments

Regards

Haris P

Actually, My laptop is on the cisco, when I connect it to the netgear router like my big computer I get 50 megs down, when it is on the cisco 851 its only at 1.5 megs, so I think it has something to do with the cisco 851.

Dear ,

Try to check the interface speed on both netgear and

Cisco .It should be 100/Full on both side . If your

netgear is having gig interface ,try to change the

speed to 100/Full manually on both side and please

check the result

Regards

The laptop ethernet card is 100/full but I do not know how to change that on the cisco...

I would add this to your config, I may have overlooked it but I did not see a gateway of last-resort.


ip route 0.0.0.0 0.0.0.0 dhcp

Also, on your original reply you mentioned that you were not getting an IP address.  I seen that you were blocking 10.10.10.0, when you removed the ACL it worked.

"access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_11##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log"

Dependent on Cox network their DHCP/BOOTP servers may be on a 10.x.x.x network.  Possibly the 10.10.10.x network you were blocking by your first ACL statement.  I know TW I receive my IP via a 10.x address.  Look below for reference.

Router871w#sh dhcp lease
Temp IP addr: 24.94.x.x  for peer on Interface: FastEthernet4
Temp  sub net mask: 255.255.252.0
   DHCP Lease server: 10.113.240.1, state: 5 Bound
   DHCP transaction id: C3C
   Lease: 43200 secs,  Renewal: 21600 secs,  Rebind: 37800 secs
Temp default-gateway addr: 24.94.x.x
   Next timer fires after: 05:29:54
   Retry count: 0   Client-ID: cisco-001b.8fxx.a2xx-Fxx
   Client-ID hex dump: 636973636F2D303031622E386664332E
                      
Verify for yourself with a "sh dhcp lease"

You may want to place this first on any inbound ACL:

permit udp any eq bootps any eq bootpc

Also, when you do a deny ip any any, you need to configure the firewall feature in the IOS to allow connections that originate inside out.

Example:

ip inspect name FIREWALL tcp
ip inspect name FIREWALL udp

interface FastEthernet4
   ip inspect FIREWALL out

Hope this helps and improves your speed.

On Wed, Mar 16, 2011 at 7:09 PM, stevjarbeck <

Steve ....
Message:
--------------------------------------------------------------
I would add this to your config, I may have overlooked it but I did not see a gateway of last-resort.


ip route 0.0.0.0 0.0.0.0 dhcp



Also, on your original reply you mentioned that you were not getting an IP address.  I seen that you were blocking 10.10.10.0, when you removed the ACL it worked.

"access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_11##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log"

Dependent on Cox network their DHCP/BOOTP servers may be on a 10.x.x.x network.  Possibly the 10.10.10.x network you were blocking by your first ACL statement.  I know TW I receive my IP via a 10.x address.  Look below for reference.

Router871w#sh dhcp lease
Temp IP addr: 24.94.x.x  for peer on Interface: FastEthernet4
Temp  sub net mask: 255.255.252.0
   DHCP Lease server: 10.113.240.1, state: 5 Bound
   DHCP transaction id: C3C
   Lease: 43200 secs,  Renewal: 21600 secs,  Rebind: 37800 secs
Temp default-gateway addr: 24.94.x.x
   Next timer fires after: 05:29:54
   Retry count: 0   Client-ID: cisco-001b.8fxx.a2xx-Fxx
   Client-ID hex dump: 636973636F2D303031622E386664332E
                     
Verify for yourself with a "sh dhcp lease"

----------------------------------------------------------------------------------- Here it is:
yourname#sh dhcp lease
Temp IP addr: 192.168.1.6  for peer on Interface: FastEthernet4
Temp  sub net mask: 255.255.255.0
   DHCP Lease server: 192.168.1.1, state: 3 Bound
   DHCP transaction id: BF2
   Lease: 86400 secs,  Renewal: 43200 secs,  Rebind: 75600 secs
Temp default-gateway addr: 192.168.1.1
   Next timer fires after: 11:25:56
   Retry count: 0   Client-ID: cisco-0018.1849.a68a-Fa4
   Client-ID hex dump: 636973636F2D303031382E313834392E
                       613638612D466134
   Hostname: yourname
-------------------------------------------------------------------------------------------------------


You may want to place this first on any inbound ACL:
permit udp any eq bootps any eq bootpc ---- It gave me an error when I put this into the config


Also, when you do a deny ip any any, you need to configure the firewall feature in the IOS to allow connections that originate inside out.

Example:
ip inspect name FIREWALL tcp  -- worked
ip inspect name FIREWALL udp  -- wprked

interface FastEthernet4
   ip inspect FIREWALL out  -- worked

  I did a wr after and rebooted
test out at 25 mb down about half of the other PC's
But a great improvement...
Heres the new running config:
yourname#sh config
Using 2914 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
ip dhcp pool mypool
   network 10.10.10.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4
   lease 7
!
!
ip cef
ip inspect name FIREWALL tcp
ip inspect name FIREWALL udp
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-1837859499
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1837859499
revocation-check none
rsakeypair TP-self-signed-1837859499
!
!
crypto pki certificate chain TP-self-signed-1837859499
certificate self-signed 01 nvram:IOS-Self-Sig#3906.cer
username cisco privilege 15 secret 5 $1$IC4h$/C4XPpTV2sPLwL1OffScd/
username mark privilege 15 secret 5 $1$VJhP$7fvxL41Unrqb8fQGhu7W/1
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
ip inspect FIREWALL out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username   privilege 15 secret 0
no username cisco
Replace and with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
yourname#

When you are doing a download, try to download from a server that will max your pipe, as you are downloading issue this command into the router:

sh proc cpu hist

You will get something like this:

Router871w#sh proc cpu hist

Router871w   08:33:07 PM Wednesday Mar 16 2011 EST


      11111111111122222
      1133333777772222233333     11111               2222222222222
  100
   90
   80
   70
   60
   50
   40
   30
   20        **********
   10 *****************
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)


      21111111112212111211112111 21 21111111211111 111 11111111311
      214622735973413943634537042038114445331342419335245310543038
  100
   90
   80
   70
   60
   50
   40
   30           *                                              *
   20 *  *  * **** * * **  ***   *  *    *  *        *  *   *  * *
   10 ***#*###########*##***#*** ********************* **********#
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%


      334243332343343232232443323233532355421322242343533324323213233322232443
      026949707829289997979243097981024411495297956900911770038562626086606864
  100
   90
   80
   70
   60                                                 *
   50   *          *                *   **       *    *                    **
   40   * ***  *** ** *  * **   * * *   ***      * ** *  * *  *     *      **
   30 ******************************** ***** **************** ** *************
   20 ************************************************************************
   10 **#**##**####********###**#*******##**********#******#*****#*********#**
     0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
               0    5    0    5    0    5    0    5    0    5    0    5    0
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%


Router871w#

If its maxed as you are downloading, you may have reached the limitations of that 851.  I'm just curious if you are maxing out your processor on the router.

Review Cisco Networking for a $25 gift card