cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6037
Views
0
Helpful
26
Replies

Need help configuring a Cisco 871W

ericjgrenier
Level 1
Level 1

I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path, and I cant get BVI configured (see error below). I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Also what port would I hook my switch into?Thank you

Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin

Self decompressing the image : #################################################

########################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

Image text-base: 0x8002008C, data-base: 0x813FEFCC

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem

ory.

Processor board ID FHK121021J4

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces

1 802.11 Radio

128K bytes of non-volatile configuration memory.

24576K bytes of processor board System flash (Intel Strataflash)

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Initialized

*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Enabled sslinit fn

*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to down

*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to up

*Ma

Router>

Router>r 1 00:00:11.607: USB init complete.

*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a

dministratively down

*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to down

*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to

administratively down

*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing

a cold start

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha

nged state to up

*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to

up

*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to

up

*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to

up

*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st

ate to administratively down

*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et3, changed state to up

*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et2, changed state to down

*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et1, changed state to up

*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to down

*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do

t11Radio0, changed state to down

Router>enable

Router#vlan data

Router(vlan)#vlan 10 name Internal-LAN

Vlan can not be added. Maximum number of 1 vlan(s) in the database.

Router(vlan)#enable

^

% Invalid input detected at '^' marker.

Router(vlan)#exit

APPLY completed.

Exiting....

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#service password-encryption

Router(config)#hostname

united(config)#enable secret

united(config)#enable password

united(config)#enable password

united(config)#aaa new-model

united(config)#aaa authentication login default local

united(config)#aaa authorization exec default local

united(config)#aaa session-id common

united(config)#ip http server

united(config)#ip http secure-server

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

united(config)#

*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled

*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri

te memory" to save new certificatewrite memory

united(config)#^Z

united#

*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#line con 0

united(config-line)#password

united(config-line)#line vty 0 4

united(config-line)#password

united(config-line)#exit

united(config)#line vty 0 4

united(config-line)#exit

united(config)#ip domain name united

united(config)#no ip domain lookup

united(config)#username united privilege 15 password

united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99

united(config)#service dhcp

united(config)#ip dhcp pool VLAN10

united(dhcp-config)#exit

united(config)#ip dhcp pool internal-net

united(dhcp-config)#network 192.168.1.0 255.255.255.0

united(dhcp-config)#default-router 192.168.1.1

united(dhcp-config)#import all

united(dhcp-config)#domain-name

united(dhcp-config)#lease 4

united(dhcp-config)#exit

united(config)#access-list 1 permit 192.168.1.0 0.0.0.255

united(config)#ip nat inside source list 1 interface FastEthernet4 overload

united(config)#

*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan

ged state to up

united(config)#interface FastEthernet4

united(config-if)#ip address dhcp

united(config-if)#ip tcp adjust-mss 1460

united(config-if)#ip nat outside

united(config-if)#no cdp enable

united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP

united(config)#interface FastEthernet0

united(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host.

Connecting hubs, concentrators, switches, bridges, etc.to this interface

when portfast is enabled, can cause temporary spanning tree loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0 but will only

have effect when the interface is in a non-trunking mode.

united(config-if)#interface Dot11Radio0

united(config-if)#encryption vlan 1 mode ciphers tkip

united(config-if)#ssid united

united(config-if-ssid)#vlan 1

united(config-if-ssid)#authentication open

united(config-if-ssid)#authentication key-management wpa

united(config-if-ssid)#wpa-psk ascii

united(config-if-ssid)#exit

united(config-if)#channel

% Incomplete command.

united(config-if)#channel 1

united(config-if)#no cdp enable

united(config-if)#no dot11 extension aironet

united(config-if)#exit

united(config)#interface Vlan 1

united(config-if)#description internal Network

united(config-if)#ip nat inside

united(config-if)#ip virtual-reassembly

united(config-if)#bridge-group 1

united(config-if)#bridge-group 1 spanning-disabled

united(config-if)#exit

united(config)#^Z

united#

*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured! //dont understand why

^

% Invalid input detected at '^' marker.

united(config)#interface FastEthernet4

united(config-if)#description WAN interface - TO Internet

united(config-if)#ip address 68.99. 255.255.

united(config-if)#no shutdown

united(config-if)#exit

*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to

up

*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to up

united(config)#^Z

united#

*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface fastethernet0

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet1

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet2

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet3

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#ip inspect name MYFW tcp

united(config)#ip inspect name MYFW udp

united(config)#ip access-list extended internet-inbound-ACL

united(config-ext-nacl)#permit udp any eq bootps any eq bootpc

united(config-ext-nacl)#permit icmp any any echo

united(config-ext-nacl)#permit esp any any

united(config-ext-nacl)#interface FastEthernet4

united(config-if)#ip inspect MYFW out

united(config-if)#ip access-group Internet-inbound-ACL in

united(config-if)#^Z

united#

*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 unassigned YES unset up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface vlan1

united(config-if)#ip address 192.168.1.1 255.255.255.0

united(config-if)#no shhutdown

^

% Invalid input detected at '^' marker.

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 192.168.1.1 YES manual up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#interface Dot11Radio0.1

united(config-subif)#encapsulation dot1Q 1 native

united(config-subif)#no snmp trap link-status

united(config-subif)#bridge-group 1

united(config-subif)#bridge-group 1 subscriber-loop-control

united(config-subif)#bridge-group 1 spanning-disabled

united(config-subif)#bridge-group 1 block-unknown-source

united(config-subif)#no bridge-group 1 source-learning

united(config-subif)#no bridge-group 1 unicast-flooding

united(config-subif)#exit

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#^Z

united#

*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface

FastEthernet0 is up, line protocol is down

Internet protocol processing disabled

FastEthernet1 is up, line protocol is up

Internet protocol processing disabled

FastEthernet2 is up, line protocol is down

Internet protocol processing disabled

FastEthernet3 is up, line protocol is up

Internet protocol processing disabled

FastEthernet4 is up, line protocol is up

Internet address is 68.99./27

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is Internet-inbound-ACL

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain outside

BGP Policy Mapping is disabled

Outgoing inspection rule is MYFW

Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

Vlan1 is up, line protocol is up

Internet address is 192.168.1.1/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain inside

BGP Policy Mapping is disabled

Virtual-Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Virtual-Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

NVI0 is up, line protocol is up

Internet protocol processing disabled

united#

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface Dot11Radio0

united(config-if)#no shutdown

united(config-if)#exit

*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta

te to down

*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to up

united(config)#interface Dot11Radio0.1

united(config-subif)#no shutdown

united(config-subif)#exit

united(config)#int dot0

united(config-if)#no shut

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console

united#

                  

I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path. I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Thank you

Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin

Self decompressing the image : #################################################

########################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

Image text-base: 0x8002008C, data-base: 0x813FEFCC

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem

ory.

Processor board ID FHK121021J4

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces

1 802.11 Radio

128K bytes of non-volatile configuration memory.

24576K bytes of processor board System flash (Intel Strataflash)

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Initialized

*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Enabled sslinit fn

*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to down

*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to up

*Ma

Router>

Router>r 1 00:00:11.607: USB init complete.

*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a

dministratively down

*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to down

*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to

administratively down

*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing

a cold start

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha

nged state to up

*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to

up

*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to

up

*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to

up

*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st

ate to administratively down

*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et3, changed state to up

*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et2, changed state to down

*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et1, changed state to up

*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to down

*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do

t11Radio0, changed state to down

Router>enable

Router#vlan data

Router(vlan)#vlan 10 name Internal-LAN

Vlan can not be added. Maximum number of 1 vlan(s) in the database.

Router(vlan)#enable

^

% Invalid input detected at '^' marker.

Router(vlan)#exit

APPLY completed.

Exiting....

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#service password-encryption

Router(config)#hostname

united(config)#enable secret

united(config)#enable password

united(config)#enable password

united(config)#aaa new-model

united(config)#aaa authentication login default local

united(config)#aaa authorization exec default local

united(config)#aaa session-id common

united(config)#ip http server

united(config)#ip http secure-server

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

united(config)#

*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled

*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri

te memory" to save new certificatewrite memory

united(config)#^Z

united#

*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#line con 0

united(config-line)#password

united(config-line)#line vty 0 4

united(config-line)#password

united(config-line)#exit

united(config)#line vty 0 4

united(config-line)#exit

united(config)#ip domain name united

united(config)#no ip domain lookup

united(config)#username united privilege 15 password

united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99

united(config)#service dhcp

united(config)#ip dhcp pool VLAN10

united(dhcp-config)#exit

united(config)#ip dhcp pool internal-net

united(dhcp-config)#network 192.168.1.0 255.255.255.0

united(dhcp-config)#default-router 192.168.1.1

united(dhcp-config)#import all

united(dhcp-config)#domain-name

united(dhcp-config)#lease 4

united(dhcp-config)#exit

united(config)#access-list 1 permit 192.168.1.0 0.0.0.255

united(config)#ip nat inside source list 1 interface FastEthernet4 overload

united(config)#

*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan

ged state to up

united(config)#interface FastEthernet4

united(config-if)#ip address dhcp

united(config-if)#ip tcp adjust-mss 1460

united(config-if)#ip nat outside

united(config-if)#no cdp enable

united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP

united(config)#interface FastEthernet0

united(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host.

Connecting hubs, concentrators, switches, bridges, etc.to this interface

when portfast is enabled, can cause temporary spanning tree loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0 but will only

have effect when the interface is in a non-trunking mode.

united(config-if)#interface Dot11Radio0

united(config-if)#encryption vlan 1 mode ciphers tkip

united(config-if)#ssid united

united(config-if-ssid)#vlan 1

united(config-if-ssid)#authentication open

united(config-if-ssid)#authentication key-management wpa

united(config-if-ssid)#wpa-psk ascii

united(config-if-ssid)#exit

united(config-if)#channel

% Incomplete command.

united(config-if)#channel 1

united(config-if)#no cdp enable

united(config-if)#no dot11 extension aironet

united(config-if)#exit

united(config)#interface Vlan 1

united(config-if)#description internal Network

united(config-if)#ip nat inside

united(config-if)#ip virtual-reassembly

united(config-if)#bridge-group 1

united(config-if)#bridge-group 1 spanning-disabled

united(config-if)#exit

united(config)#^Z

united#

*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured! //dont understand why

^

% Invalid input detected at '^' marker.

united(config)#interface FastEthernet4

united(config-if)#description WAN interface - TO Internet

united(config-if)#ip address 68.99. 255.255.

united(config-if)#no shutdown

united(config-if)#exit

*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to

up

*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to up

united(config)#^Z

united#

*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface fastethernet0

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet1

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet2

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet3

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#ip inspect name MYFW tcp

united(config)#ip inspect name MYFW udp

united(config)#ip access-list extended internet-inbound-ACL

united(config-ext-nacl)#permit udp any eq bootps any eq bootpc

united(config-ext-nacl)#permit icmp any any echo

united(config-ext-nacl)#permit esp any any

united(config-ext-nacl)#interface FastEthernet4

united(config-if)#ip inspect MYFW out

united(config-if)#ip access-group Internet-inbound-ACL in

united(config-if)#^Z

united#

*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 unassigned YES unset up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface vlan1

united(config-if)#ip address 192.168.1.1 255.255.255.0

united(config-if)#no shhutdown

^

% Invalid input detected at '^' marker.

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 192.168.1.1 YES manual up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#interface Dot11Radio0.1

united(config-subif)#encapsulation dot1Q 1 native

united(config-subif)#no snmp trap link-status

united(config-subif)#bridge-group 1

united(config-subif)#bridge-group 1 subscriber-loop-control

united(config-subif)#bridge-group 1 spanning-disabled

united(config-subif)#bridge-group 1 block-unknown-source

united(config-subif)#no bridge-group 1 source-learning

united(config-subif)#no bridge-group 1 unicast-flooding

united(config-subif)#exit

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#^Z

united#

*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface

FastEthernet0 is up, line protocol is down

Internet protocol processing disabled

FastEthernet1 is up, line protocol is up

Internet protocol processing disabled

FastEthernet2 is up, line protocol is down

Internet protocol processing disabled

FastEthernet3 is up, line protocol is up

Internet protocol processing disabled

FastEthernet4 is up, line protocol is up

Internet address is 68.99./27

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is Internet-inbound-ACL

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain outside

BGP Policy Mapping is disabled

Outgoing inspection rule is MYFW

Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

Vlan1 is up, line protocol is up

Internet address is 192.168.1.1/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain inside

BGP Policy Mapping is disabled

Virtual-Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Virtual-Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

NVI0 is up, line protocol is up

Internet protocol processing disabled

united#

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface Dot11Radio0

united(config-if)#no shutdown

united(config-if)#exit

*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta

te to down

*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to up

united(config)#interface Dot11Radio0.1

united(config-subif)#no shutdown

united(config-subif)#exit

united(config)#int dot0

united(config-if)#no shut

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console

united#

26 Replies 26

turnera
Level 1
Level 1

Eric,

That is pretty messy. So could you do a "show run" and post just that information in your reply?

It is a bit hard to follow where you are in your configuration process. I have an 871W and with any luck at all, I may be able to get you up and running. Regrettably when I checked my flash drives, I did not have a copy of the working configuration of the 871W with me here at work. But I believe we can get this working for you.

Unfortunately I do not have access to the router here at work.  It is something that I will be in front of tonight but also need to get it working tonight.  If by any chance I can get in front of the router earlier I will post what I have.  Hopefully you'll be able to help me tonight.  Thank you

Eric,

I'm in the Mountain Time Zone. When I get home, I'll upload my 871W config to this post and you can go over it and compare it with what you have. Make changes to match what you see, and I'll check back in here tomorrow to see where you are at.

I will be heading to a local college hockey game so I'll be out for the good portion of the evening tonight. We'll get ya' working.

Who is your ISP, if you don't mind me asking?

ISP is Cox Communications (cable)

Thanks again for the help!!!!

Eric,

Here is an initial config without any firewall configurations included. Work on getting the basic configuration working first to your ISP, then start adding in the firewall configurations later after you are sucessful with your initial access.

My ISP is Comcast so I don't think there are any major differences between the two. I did not set an IP address on my fa4 interface, I used DHCP and Comcast provided it to me. I believe the same should work for you.

      

This one worked for me so hopefully it will work for you as well with minimal changes. I'll check back in tomorrow to see how things are progressing.

thank you so much.  Im going to try this and Ill let ya know how it goes.

So here is what I got for my setup.  I have been able to make a connection to the internet but I have to statically configure each machine with DNS (i have a static IP from my ISP) and I dont understand why.  This is causing a major headaches with the printers because they arent receiving DHCP and when I statically try to configure them it wont work either.  Also the wireless is not working?  Any reason for that?  Thanks again in advanced for helping

st 2 remark HTTP Access-class list
access-list 2 remark SCM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.15
access-list 2 deny   any
access-list 23 permit 10.10.10.0 0.0.0.15
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CC
NOTICE TO USERS

                 THIS IS A PRIVATE COMPUTER SYSTEM.

It is for authorized use only. Users(authorized or unauthorized)
have no explicit or implicit expectation of privacy.

Any or all uses of this system and all files on this system may
be intercepted, monitored, recorded, copied, audited, inspected,
and disclosed to authorized site and law enforcement personnel,
as well as authorized officials of other agencies, both domestic
and foreign.

By using this system, the user consents to such interception,
monitoring, recording, copying, auditing, inspection, and disclosure
at the discretion of authorized site personnel.

Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal penalties.

By continuing to use this system you indicate your awareness of and
consent to these terms and conditions of use.

If you do not agree to the conditions stated in this warning.

                         LOG OFF IMMEDIATELY!!!
^C
!
line con 0
password 7
no modem enable
line aux 0
line vty 0 4
password 7
!
scheduler max-task-time 5000
end


Eric,

If you can find out what DNS servers your ISP is using, you can add them to the router configuration. That may take care of that issue. Having a static IP from your ISP is not necessarily a problem in the grand scheme of things so I would not worry about that.

As for why you are not connecting via the wireless side of things, I'm gonna need you to capture your configuration and post it here. Do a "show run" and post it here when you get the chance. I can then go over the config and see where I can give you some guidance. 

I thought I posted the show run that I got.  I did specify the DNS servers but it doesnt seem to be trickling down to the clients...let me try this again, I removed some of the IPs and stuff of that nature for security

Ok,

Thanks, I'll set this up on my router at home this evening and see what happens. I'll let ya' know as soon as I can.

Eric,

Unless there is a compelling reason for it, I strongly recommend you do not add any security to your configuration until you get it working initially. While this does pose a certain risk, the focus here is to get the router configuration working between your clients and the ISP first. Once that is successful you can then start bringing in the layers of security into your configuration.

When I first started configuring my 871W on my home network I concentrated on the basics first, once I got everything working, I saved that baseline configuration and then began bringing in other ACL's and firewall configurations and built up to my final working configuration.

Are you using SDM/CCP or are you strictly configuring via command line? It looks as though command line is the method I am seeing. Just curious on my part. Makes no bearing on how it is done.

Its for a business which is why I have the firewall settings in there, nothing crazy just some basic stuff.  Ive been using command line to put in the commands and reviewing it via SDM.  The SDM doesnt seem all that intuitive (to me anyways).  But I did include the DNS servers in my global config.

Ok,

Thanks. SDM is a bit clunky. CCP is better, at least I think it is, but it still has it's quirks. I do like the way that SDM/CCP sets up the firewall settings, low-med-high, and you have the ability to preview the commands prior to downloading them to the router. It gives you a good template in how to modify it to fit your own needs.

Thanks for the info regarding the reason for the security settings. I just tend to remove any ancillary configurations and get the main settings to a working point then go from there. As it is, I understand why you may not be inclined to do that.

I'm looking over the config now.....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco