10-19-2012 06:36 AM - edited 03-04-2019 05:54 PM
I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path, and I cant get BVI configured (see error below). I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Also what port would I hook my switch into?Thank you
Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin
Self decompressing the image : #################################################
########################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support:
http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
Image text-base: 0x8002008C, data-base: 0x813FEFCC
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem
ory.
Processor board ID FHK121021J4
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Initialized
*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Enabled sslinit fn
*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to down
*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to up
*Ma
Router>
Router>r 1 00:00:11.607: USB init complete.
*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to down
*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to
administratively down
*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support:
http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha
nged state to up
*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to
up
*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to
up
*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to
up
*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st
ate to administratively down
*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et3, changed state to up
*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et2, changed state to down
*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et1, changed state to up
*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to down
*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do
t11Radio0, changed state to down
Router>enable
Router#vlan data
Router(vlan)#vlan 10 name Internal-LAN
Vlan can not be added. Maximum number of 1 vlan(s) in the database.
Router(vlan)#enable
^
% Invalid input detected at '^' marker.
Router(vlan)#exit
APPLY completed.
Exiting....
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#hostname
united(config)#enable secret
united(config)#enable password
united(config)#enable password
united(config)#aaa new-model
united(config)#aaa authentication login default local
united(config)#aaa authorization exec default local
united(config)#aaa session-id common
united(config)#ip http server
united(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
united(config)#
*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled
*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri
te memory" to save new certificatewrite memory
united(config)#^Z
united#
*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#line con 0
united(config-line)#password
united(config-line)#line vty 0 4
united(config-line)#password
united(config-line)#exit
united(config)#line vty 0 4
united(config-line)#exit
united(config)#ip domain name united
united(config)#no ip domain lookup
united(config)#username united privilege 15 password
united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99
united(config)#service dhcp
united(config)#ip dhcp pool VLAN10
united(dhcp-config)#exit
united(config)#ip dhcp pool internal-net
united(dhcp-config)#network 192.168.1.0 255.255.255.0
united(dhcp-config)#default-router 192.168.1.1
united(dhcp-config)#import all
united(dhcp-config)#domain-name
united(dhcp-config)#lease 4
united(dhcp-config)#exit
united(config)#access-list 1 permit 192.168.1.0 0.0.0.255
united(config)#ip nat inside source list 1 interface FastEthernet4 overload
united(config)#
*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan
ged state to up
united(config)#interface FastEthernet4
united(config-if)#ip address dhcp
united(config-if)#ip tcp adjust-mss 1460
united(config-if)#ip nat outside
united(config-if)#no cdp enable
united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP
united(config)#interface FastEthernet0
united(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0 but will only
have effect when the interface is in a non-trunking mode.
united(config-if)#interface Dot11Radio0
united(config-if)#encryption vlan 1 mode ciphers tkip
united(config-if)#ssid united
united(config-if-ssid)#vlan 1
united(config-if-ssid)#authentication open
united(config-if-ssid)#authentication key-management wpa
united(config-if-ssid)#wpa-psk ascii
united(config-if-ssid)#exit
united(config-if)#channel
% Incomplete command.
united(config-if)#channel 1
united(config-if)#no cdp enable
united(config-if)#no dot11 extension aironet
united(config-if)#exit
united(config)#interface Vlan 1
united(config-if)#description internal Network
united(config-if)#ip nat inside
united(config-if)#ip virtual-reassembly
united(config-if)#bridge-group 1
united(config-if)#bridge-group 1 spanning-disabled
united(config-if)#exit
united(config)#^Z
united#
*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured! //dont understand why
^
% Invalid input detected at '^' marker.
united(config)#interface FastEthernet4
united(config-if)#description WAN interface - TO Internet
united(config-if)#ip address 68.99. 255.255.
united(config-if)#no shutdown
united(config-if)#exit
*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to
up
*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to up
united(config)#^Z
united#
*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface fastethernet0
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet1
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet2
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet3
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#ip inspect name MYFW tcp
united(config)#ip inspect name MYFW udp
united(config)#ip access-list extended internet-inbound-ACL
united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
united(config-ext-nacl)#permit icmp any any echo
united(config-ext-nacl)#permit esp any any
united(config-ext-nacl)#interface FastEthernet4
united(config-if)#ip inspect MYFW out
united(config-if)#ip access-group Internet-inbound-ACL in
united(config-if)#^Z
united#
*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 unassigned YES unset up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface vlan1
united(config-if)#ip address 192.168.1.1 255.255.255.0
united(config-if)#no shhutdown
^
% Invalid input detected at '^' marker.
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 192.168.1.1 YES manual up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#interface Dot11Radio0.1
united(config-subif)#encapsulation dot1Q 1 native
united(config-subif)#no snmp trap link-status
united(config-subif)#bridge-group 1
united(config-subif)#bridge-group 1 subscriber-loop-control
united(config-subif)#bridge-group 1 spanning-disabled
united(config-subif)#bridge-group 1 block-unknown-source
united(config-subif)#no bridge-group 1 source-learning
united(config-subif)#no bridge-group 1 unicast-flooding
united(config-subif)#exit
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#^Z
united#
*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface
FastEthernet0 is up, line protocol is down
Internet protocol processing disabled
FastEthernet1 is up, line protocol is up
Internet protocol processing disabled
FastEthernet2 is up, line protocol is down
Internet protocol processing disabled
FastEthernet3 is up, line protocol is up
Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
Internet address is 68.99./27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is Internet-inbound-ACL
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Outgoing inspection rule is MYFW
Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
Vlan1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Virtual-Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Virtual-Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
NVI0 is up, line protocol is up
Internet protocol processing disabled
united#
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface Dot11Radio0
united(config-if)#no shutdown
united(config-if)#exit
*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta
te to down
*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
united(config)#interface Dot11Radio0.1
united(config-subif)#no shutdown
united(config-subif)#exit
united(config)#int dot0
united(config-if)#no shut
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console
united#
I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path. I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Thank you
Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin
Self decompressing the image : #################################################
########################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
Image text-base: 0x8002008C, data-base: 0x813FEFCC
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem
ory.
Processor board ID FHK121021J4
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Initialized
*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Enabled sslinit fn
*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to down
*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to up
*Ma
Router>
Router>r 1 00:00:11.607: USB init complete.
*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to down
*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to
administratively down
*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha
nged state to up
*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to
up
*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to
up
*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to
up
*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st
ate to administratively down
*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et3, changed state to up
*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et2, changed state to down
*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et1, changed state to up
*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to down
*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do
t11Radio0, changed state to down
Router>enable
Router#vlan data
Router(vlan)#vlan 10 name Internal-LAN
Vlan can not be added. Maximum number of 1 vlan(s) in the database.
Router(vlan)#enable
^
% Invalid input detected at '^' marker.
Router(vlan)#exit
APPLY completed.
Exiting....
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#hostname
united(config)#enable secret
united(config)#enable password
united(config)#enable password
united(config)#aaa new-model
united(config)#aaa authentication login default local
united(config)#aaa authorization exec default local
united(config)#aaa session-id common
united(config)#ip http server
united(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
united(config)#
*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled
*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri
te memory" to save new certificatewrite memory
united(config)#^Z
united#
*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#line con 0
united(config-line)#password
united(config-line)#line vty 0 4
united(config-line)#password
united(config-line)#exit
united(config)#line vty 0 4
united(config-line)#exit
united(config)#ip domain name united
united(config)#no ip domain lookup
united(config)#username united privilege 15 password
united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99
united(config)#service dhcp
united(config)#ip dhcp pool VLAN10
united(dhcp-config)#exit
united(config)#ip dhcp pool internal-net
united(dhcp-config)#network 192.168.1.0 255.255.255.0
united(dhcp-config)#default-router 192.168.1.1
united(dhcp-config)#import all
united(dhcp-config)#domain-name
united(dhcp-config)#lease 4
united(dhcp-config)#exit
united(config)#access-list 1 permit 192.168.1.0 0.0.0.255
united(config)#ip nat inside source list 1 interface FastEthernet4 overload
united(config)#
*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan
ged state to up
united(config)#interface FastEthernet4
united(config-if)#ip address dhcp
united(config-if)#ip tcp adjust-mss 1460
united(config-if)#ip nat outside
united(config-if)#no cdp enable
united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP
united(config)#interface FastEthernet0
united(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0 but will only
have effect when the interface is in a non-trunking mode.
united(config-if)#interface Dot11Radio0
united(config-if)#encryption vlan 1 mode ciphers tkip
united(config-if)#ssid united
united(config-if-ssid)#vlan 1
united(config-if-ssid)#authentication open
united(config-if-ssid)#authentication key-management wpa
united(config-if-ssid)#wpa-psk ascii
united(config-if-ssid)#exit
united(config-if)#channel
% Incomplete command.
united(config-if)#channel 1
united(config-if)#no cdp enable
united(config-if)#no dot11 extension aironet
united(config-if)#exit
united(config)#interface Vlan 1
united(config-if)#description internal Network
united(config-if)#ip nat inside
united(config-if)#ip virtual-reassembly
united(config-if)#bridge-group 1
united(config-if)#bridge-group 1 spanning-disabled
united(config-if)#exit
united(config)#^Z
united#
*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured! //dont understand why
^
% Invalid input detected at '^' marker.
united(config)#interface FastEthernet4
united(config-if)#description WAN interface - TO Internet
united(config-if)#ip address 68.99. 255.255.
united(config-if)#no shutdown
united(config-if)#exit
*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to
up
*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to up
united(config)#^Z
united#
*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface fastethernet0
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet1
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet2
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet3
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#ip inspect name MYFW tcp
united(config)#ip inspect name MYFW udp
united(config)#ip access-list extended internet-inbound-ACL
united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
united(config-ext-nacl)#permit icmp any any echo
united(config-ext-nacl)#permit esp any any
united(config-ext-nacl)#interface FastEthernet4
united(config-if)#ip inspect MYFW out
united(config-if)#ip access-group Internet-inbound-ACL in
united(config-if)#^Z
united#
*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 unassigned YES unset up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface vlan1
united(config-if)#ip address 192.168.1.1 255.255.255.0
united(config-if)#no shhutdown
^
% Invalid input detected at '^' marker.
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 192.168.1.1 YES manual up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#interface Dot11Radio0.1
united(config-subif)#encapsulation dot1Q 1 native
united(config-subif)#no snmp trap link-status
united(config-subif)#bridge-group 1
united(config-subif)#bridge-group 1 subscriber-loop-control
united(config-subif)#bridge-group 1 spanning-disabled
united(config-subif)#bridge-group 1 block-unknown-source
united(config-subif)#no bridge-group 1 source-learning
united(config-subif)#no bridge-group 1 unicast-flooding
united(config-subif)#exit
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#^Z
united#
*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface
FastEthernet0 is up, line protocol is down
Internet protocol processing disabled
FastEthernet1 is up, line protocol is up
Internet protocol processing disabled
FastEthernet2 is up, line protocol is down
Internet protocol processing disabled
FastEthernet3 is up, line protocol is up
Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
Internet address is 68.99./27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is Internet-inbound-ACL
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Outgoing inspection rule is MYFW
Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
Vlan1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Virtual-Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Virtual-Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
NVI0 is up, line protocol is up
Internet protocol processing disabled
united#
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface Dot11Radio0
united(config-if)#no shutdown
united(config-if)#exit
*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta
te to down
*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
united(config)#interface Dot11Radio0.1
united(config-subif)#no shutdown
united(config-subif)#exit
united(config)#int dot0
united(config-if)#no shut
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console
united#
10-19-2012 07:58 AM
Eric,
That is pretty messy. So could you do a "show run" and post just that information in your reply?
It is a bit hard to follow where you are in your configuration process. I have an 871W and with any luck at all, I may be able to get you up and running. Regrettably when I checked my flash drives, I did not have a copy of the working configuration of the 871W with me here at work. But I believe we can get this working for you.
10-19-2012 08:54 AM
Unfortunately I do not have access to the router here at work. It is something that I will be in front of tonight but also need to get it working tonight. If by any chance I can get in front of the router earlier I will post what I have. Hopefully you'll be able to help me tonight. Thank you
10-19-2012 09:54 AM
Eric,
I'm in the Mountain Time Zone. When I get home, I'll upload my 871W config to this post and you can go over it and compare it with what you have. Make changes to match what you see, and I'll check back in here tomorrow to see where you are at.
I will be heading to a local college hockey game so I'll be out for the good portion of the evening tonight. We'll get ya' working.
Who is your ISP, if you don't mind me asking?
10-19-2012 11:26 AM
ISP is Cox Communications (cable)
10-19-2012 11:30 AM
Thanks again for the help!!!!
10-19-2012 02:53 PM
Eric,
Here is an initial config without any firewall configurations included. Work on getting the basic configuration working first to your ISP, then start adding in the firewall configurations later after you are sucessful with your initial access.
My ISP is Comcast so I don't think there are any major differences between the two. I did not set an IP address on my fa4 interface, I used DHCP and Comcast provided it to me. I believe the same should work for you.
This one worked for me so hopefully it will work for you as well with minimal changes. I'll check back in tomorrow to see how things are progressing.
10-19-2012 03:30 PM
thank you so much. Im going to try this and Ill let ya know how it goes.
10-22-2012 04:46 AM
So here is what I got for my setup. I have been able to make a connection to the internet but I have to statically configure each machine with DNS (i have a static IP from my ISP) and I dont understand why. This is causing a major headaches with the printers because they arent receiving DHCP and when I statically try to configure them it wont work either. Also the wireless is not working? Any reason for that? Thanks again in advanced for helping
st 2 remark HTTP Access-class list
access-list 2 remark SCM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.15
access-list 2 deny any
access-list 23 permit 10.10.10.0 0.0.0.15
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CC
NOTICE TO USERS
THIS IS A PRIVATE COMPUTER SYSTEM.
It is for authorized use only. Users(authorized or unauthorized)
have no explicit or implicit expectation of privacy.
Any or all uses of this system and all files on this system may
be intercepted, monitored, recorded, copied, audited, inspected,
and disclosed to authorized site and law enforcement personnel,
as well as authorized officials of other agencies, both domestic
and foreign.
By using this system, the user consents to such interception,
monitoring, recording, copying, auditing, inspection, and disclosure
at the discretion of authorized site personnel.
Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal penalties.
By continuing to use this system you indicate your awareness of and
consent to these terms and conditions of use.
If you do not agree to the conditions stated in this warning.
LOG OFF IMMEDIATELY!!!
^C
!
line con 0
password 7
no modem enable
line aux 0
line vty 0 4
password 7
!
scheduler max-task-time 5000
end
10-22-2012 07:29 AM
Eric,
If you can find out what DNS servers your ISP is using, you can add them to the router configuration. That may take care of that issue. Having a static IP from your ISP is not necessarily a problem in the grand scheme of things so I would not worry about that.
As for why you are not connecting via the wireless side of things, I'm gonna need you to capture your configuration and post it here. Do a "show run" and post it here when you get the chance. I can then go over the config and see where I can give you some guidance.
10-22-2012 08:20 AM
10-22-2012 08:29 AM
Ok,
Thanks, I'll set this up on my router at home this evening and see what happens. I'll let ya' know as soon as I can.
10-22-2012 09:23 AM
Eric,
Unless there is a compelling reason for it, I strongly recommend you do not add any security to your configuration until you get it working initially. While this does pose a certain risk, the focus here is to get the router configuration working between your clients and the ISP first. Once that is successful you can then start bringing in the layers of security into your configuration.
When I first started configuring my 871W on my home network I concentrated on the basics first, once I got everything working, I saved that baseline configuration and then began bringing in other ACL's and firewall configurations and built up to my final working configuration.
Are you using SDM/CCP or are you strictly configuring via command line? It looks as though command line is the method I am seeing. Just curious on my part. Makes no bearing on how it is done.
10-22-2012 10:39 AM
Its for a business which is why I have the firewall settings in there, nothing crazy just some basic stuff. Ive been using command line to put in the commands and reviewing it via SDM. The SDM doesnt seem all that intuitive (to me anyways). But I did include the DNS servers in my global config.
10-22-2012 11:02 AM
Ok,
Thanks. SDM is a bit clunky. CCP is better, at least I think it is, but it still has it's quirks. I do like the way that SDM/CCP sets up the firewall settings, low-med-high, and you have the ability to preview the commands prior to downloading them to the router. It gives you a good template in how to modify it to fit your own needs.
Thanks for the info regarding the reason for the security settings. I just tend to remove any ancillary configurations and get the main settings to a working point then go from there. As it is, I understand why you may not be inclined to do that.
I'm looking over the config now.....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide