cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6038
Views
0
Helpful
26
Replies

Need help configuring a Cisco 871W

ericjgrenier
Level 1
Level 1

I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path, and I cant get BVI configured (see error below). I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Also what port would I hook my switch into?Thank you

Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin

Self decompressing the image : #################################################

########################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

Image text-base: 0x8002008C, data-base: 0x813FEFCC

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem

ory.

Processor board ID FHK121021J4

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces

1 802.11 Radio

128K bytes of non-volatile configuration memory.

24576K bytes of processor board System flash (Intel Strataflash)

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Initialized

*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Enabled sslinit fn

*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to down

*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to up

*Ma

Router>

Router>r 1 00:00:11.607: USB init complete.

*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a

dministratively down

*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to down

*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to

administratively down

*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing

a cold start

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha

nged state to up

*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to

up

*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to

up

*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to

up

*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st

ate to administratively down

*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et3, changed state to up

*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et2, changed state to down

*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et1, changed state to up

*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to down

*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do

t11Radio0, changed state to down

Router>enable

Router#vlan data

Router(vlan)#vlan 10 name Internal-LAN

Vlan can not be added. Maximum number of 1 vlan(s) in the database.

Router(vlan)#enable

^

% Invalid input detected at '^' marker.

Router(vlan)#exit

APPLY completed.

Exiting....

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#service password-encryption

Router(config)#hostname

united(config)#enable secret

united(config)#enable password

united(config)#enable password

united(config)#aaa new-model

united(config)#aaa authentication login default local

united(config)#aaa authorization exec default local

united(config)#aaa session-id common

united(config)#ip http server

united(config)#ip http secure-server

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

united(config)#

*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled

*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri

te memory" to save new certificatewrite memory

united(config)#^Z

united#

*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#line con 0

united(config-line)#password

united(config-line)#line vty 0 4

united(config-line)#password

united(config-line)#exit

united(config)#line vty 0 4

united(config-line)#exit

united(config)#ip domain name united

united(config)#no ip domain lookup

united(config)#username united privilege 15 password

united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99

united(config)#service dhcp

united(config)#ip dhcp pool VLAN10

united(dhcp-config)#exit

united(config)#ip dhcp pool internal-net

united(dhcp-config)#network 192.168.1.0 255.255.255.0

united(dhcp-config)#default-router 192.168.1.1

united(dhcp-config)#import all

united(dhcp-config)#domain-name

united(dhcp-config)#lease 4

united(dhcp-config)#exit

united(config)#access-list 1 permit 192.168.1.0 0.0.0.255

united(config)#ip nat inside source list 1 interface FastEthernet4 overload

united(config)#

*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan

ged state to up

united(config)#interface FastEthernet4

united(config-if)#ip address dhcp

united(config-if)#ip tcp adjust-mss 1460

united(config-if)#ip nat outside

united(config-if)#no cdp enable

united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP

united(config)#interface FastEthernet0

united(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host.

Connecting hubs, concentrators, switches, bridges, etc.to this interface

when portfast is enabled, can cause temporary spanning tree loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0 but will only

have effect when the interface is in a non-trunking mode.

united(config-if)#interface Dot11Radio0

united(config-if)#encryption vlan 1 mode ciphers tkip

united(config-if)#ssid united

united(config-if-ssid)#vlan 1

united(config-if-ssid)#authentication open

united(config-if-ssid)#authentication key-management wpa

united(config-if-ssid)#wpa-psk ascii

united(config-if-ssid)#exit

united(config-if)#channel

% Incomplete command.

united(config-if)#channel 1

united(config-if)#no cdp enable

united(config-if)#no dot11 extension aironet

united(config-if)#exit

united(config)#interface Vlan 1

united(config-if)#description internal Network

united(config-if)#ip nat inside

united(config-if)#ip virtual-reassembly

united(config-if)#bridge-group 1

united(config-if)#bridge-group 1 spanning-disabled

united(config-if)#exit

united(config)#^Z

united#

*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured! //dont understand why

^

% Invalid input detected at '^' marker.

united(config)#interface FastEthernet4

united(config-if)#description WAN interface - TO Internet

united(config-if)#ip address 68.99. 255.255.

united(config-if)#no shutdown

united(config-if)#exit

*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to

up

*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to up

united(config)#^Z

united#

*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface fastethernet0

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet1

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet2

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet3

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#ip inspect name MYFW tcp

united(config)#ip inspect name MYFW udp

united(config)#ip access-list extended internet-inbound-ACL

united(config-ext-nacl)#permit udp any eq bootps any eq bootpc

united(config-ext-nacl)#permit icmp any any echo

united(config-ext-nacl)#permit esp any any

united(config-ext-nacl)#interface FastEthernet4

united(config-if)#ip inspect MYFW out

united(config-if)#ip access-group Internet-inbound-ACL in

united(config-if)#^Z

united#

*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 unassigned YES unset up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface vlan1

united(config-if)#ip address 192.168.1.1 255.255.255.0

united(config-if)#no shhutdown

^

% Invalid input detected at '^' marker.

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 192.168.1.1 YES manual up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#interface Dot11Radio0.1

united(config-subif)#encapsulation dot1Q 1 native

united(config-subif)#no snmp trap link-status

united(config-subif)#bridge-group 1

united(config-subif)#bridge-group 1 subscriber-loop-control

united(config-subif)#bridge-group 1 spanning-disabled

united(config-subif)#bridge-group 1 block-unknown-source

united(config-subif)#no bridge-group 1 source-learning

united(config-subif)#no bridge-group 1 unicast-flooding

united(config-subif)#exit

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#^Z

united#

*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface

FastEthernet0 is up, line protocol is down

Internet protocol processing disabled

FastEthernet1 is up, line protocol is up

Internet protocol processing disabled

FastEthernet2 is up, line protocol is down

Internet protocol processing disabled

FastEthernet3 is up, line protocol is up

Internet protocol processing disabled

FastEthernet4 is up, line protocol is up

Internet address is 68.99./27

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is Internet-inbound-ACL

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain outside

BGP Policy Mapping is disabled

Outgoing inspection rule is MYFW

Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

Vlan1 is up, line protocol is up

Internet address is 192.168.1.1/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain inside

BGP Policy Mapping is disabled

Virtual-Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Virtual-Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

NVI0 is up, line protocol is up

Internet protocol processing disabled

united#

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface Dot11Radio0

united(config-if)#no shutdown

united(config-if)#exit

*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta

te to down

*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to up

united(config)#interface Dot11Radio0.1

united(config-subif)#no shutdown

united(config-subif)#exit

united(config)#int dot0

united(config-if)#no shut

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console

united#

                  

I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path. I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Thank you

Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin

Self decompressing the image : #################################################

########################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

Image text-base: 0x8002008C, data-base: 0x813FEFCC

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem

ory.

Processor board ID FHK121021J4

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces

1 802.11 Radio

128K bytes of non-volatile configuration memory.

24576K bytes of processor board System flash (Intel Strataflash)

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Initialized

*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change

d to: Enabled sslinit fn

*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to down

*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to up

*Ma

Router>

Router>r 1 00:00:11.607: USB init complete.

*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a

dministratively down

*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to down

*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to

administratively down

*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL

EASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Sat 11-Aug-07 03:34 by khuie

*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing

a cold start

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha

nged state to up

*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to

up

*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to

up

*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to

up

*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st

ate to administratively down

*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et3, changed state to up

*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et2, changed state to down

*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et1, changed state to up

*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to down

*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do

t11Radio0, changed state to down

Router>enable

Router#vlan data

Router(vlan)#vlan 10 name Internal-LAN

Vlan can not be added. Maximum number of 1 vlan(s) in the database.

Router(vlan)#enable

^

% Invalid input detected at '^' marker.

Router(vlan)#exit

APPLY completed.

Exiting....

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#service password-encryption

Router(config)#hostname

united(config)#enable secret

united(config)#enable password

united(config)#enable password

united(config)#aaa new-model

united(config)#aaa authentication login default local

united(config)#aaa authorization exec default local

united(config)#aaa session-id common

united(config)#ip http server

united(config)#ip http secure-server

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

united(config)#

*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled

*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri

te memory" to save new certificatewrite memory

united(config)#^Z

united#

*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#line con 0

united(config-line)#password

united(config-line)#line vty 0 4

united(config-line)#password

united(config-line)#exit

united(config)#line vty 0 4

united(config-line)#exit

united(config)#ip domain name united

united(config)#no ip domain lookup

united(config)#username united privilege 15 password

united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99

united(config)#service dhcp

united(config)#ip dhcp pool VLAN10

united(dhcp-config)#exit

united(config)#ip dhcp pool internal-net

united(dhcp-config)#network 192.168.1.0 255.255.255.0

united(dhcp-config)#default-router 192.168.1.1

united(dhcp-config)#import all

united(dhcp-config)#domain-name

united(dhcp-config)#lease 4

united(dhcp-config)#exit

united(config)#access-list 1 permit 192.168.1.0 0.0.0.255

united(config)#ip nat inside source list 1 interface FastEthernet4 overload

united(config)#

*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan

ged state to up

united(config)#interface FastEthernet4

united(config-if)#ip address dhcp

united(config-if)#ip tcp adjust-mss 1460

united(config-if)#ip nat outside

united(config-if)#no cdp enable

united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP

united(config)#interface FastEthernet0

united(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host.

Connecting hubs, concentrators, switches, bridges, etc.to this interface

when portfast is enabled, can cause temporary spanning tree loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0 but will only

have effect when the interface is in a non-trunking mode.

united(config-if)#interface Dot11Radio0

united(config-if)#encryption vlan 1 mode ciphers tkip

united(config-if)#ssid united

united(config-if-ssid)#vlan 1

united(config-if-ssid)#authentication open

united(config-if-ssid)#authentication key-management wpa

united(config-if-ssid)#wpa-psk ascii

united(config-if-ssid)#exit

united(config-if)#channel

% Incomplete command.

united(config-if)#channel 1

united(config-if)#no cdp enable

united(config-if)#no dot11 extension aironet

united(config-if)#exit

united(config)#interface Vlan 1

united(config-if)#description internal Network

united(config-if)#ip nat inside

united(config-if)#ip virtual-reassembly

united(config-if)#bridge-group 1

united(config-if)#bridge-group 1 spanning-disabled

united(config-if)#exit

united(config)#^Z

united#

*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured! //dont understand why

^

% Invalid input detected at '^' marker.

united(config)#interface FastEthernet4

united(config-if)#description WAN interface - TO Internet

united(config-if)#ip address 68.99. 255.255.

united(config-if)#no shutdown

united(config-if)#exit

*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to

up

*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et4, changed state to up

united(config)#^Z

united#

*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface fastethernet0

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet1

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet2

united(config-if)#no shutdown

united(config-if)#exit

united(config)#interface fastethernet3

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#ip inspect name MYFW tcp

united(config)#ip inspect name MYFW udp

united(config)#ip access-list extended internet-inbound-ACL

united(config-ext-nacl)#permit udp any eq bootps any eq bootpc

united(config-ext-nacl)#permit icmp any any echo

united(config-ext-nacl)#permit esp any any

united(config-ext-nacl)#interface FastEthernet4

united(config-if)#ip inspect MYFW out

united(config-if)#ip access-group Internet-inbound-ACL in

united(config-if)#^Z

united#

*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 unassigned YES unset up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface vlan1

united(config-if)#ip address 192.168.1.1 255.255.255.0

united(config-if)#no shhutdown

^

% Invalid input detected at '^' marker.

united(config-if)#no shutdown

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 192.168.1.1 YES manual up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#interface Dot11Radio0.1

united(config-subif)#encapsulation dot1Q 1 native

united(config-subif)#no snmp trap link-status

united(config-subif)#bridge-group 1

united(config-subif)#bridge-group 1 subscriber-loop-control

united(config-subif)#bridge-group 1 spanning-disabled

united(config-subif)#bridge-group 1 block-unknown-source

united(config-subif)#no bridge-group 1 source-learning

united(config-subif)#no bridge-group 1 unicast-flooding

united(config-subif)#exit

united(config)#interface BVI1

Integrated Routing and Bridging is not configured!

^

% Invalid input detected at '^' marker.

united(config)#^Z

united#

*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console

united#sh ip interface

FastEthernet0 is up, line protocol is down

Internet protocol processing disabled

FastEthernet1 is up, line protocol is up

Internet protocol processing disabled

FastEthernet2 is up, line protocol is down

Internet protocol processing disabled

FastEthernet3 is up, line protocol is up

Internet protocol processing disabled

FastEthernet4 is up, line protocol is up

Internet address is 68.99./27

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is Internet-inbound-ACL

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain outside

BGP Policy Mapping is disabled

Outgoing inspection rule is MYFW

Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

Vlan1 is up, line protocol is up

Internet address is 192.168.1.1/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain inside

BGP Policy Mapping is disabled

Virtual-Dot11Radio0 is administratively down, line protocol is down

Internet protocol processing disabled

Virtual-Dot11Radio0.1 is administratively down, line protocol is down

Internet protocol processing disabled

NVI0 is up, line protocol is up

Internet protocol processing disabled

united#

united#config t

Enter configuration commands, one per line. End with CNTL/Z.

united(config)#interface Dot11Radio0

united(config-if)#no shutdown

united(config-if)#exit

*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta

te to down

*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to up

united(config)#interface Dot11Radio0.1

united(config-subif)#no shutdown

united(config-subif)#exit

united(config)#int dot0

united(config-if)#no shut

united(config-if)#exit

united(config)#^Z

united#

*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console

united#

26 Replies 26

Eric,

Please make the following changes:

Add:

Dot11 ssid unitedWireless

Vlan 1

   Authentication open

   Authentication key-management wpa

   Wpa-psk ascii 7 (insert your ssid password here)

Keep the first line here and delete the remaining items under this ssid configuration

Ssid unitedWireless

Remove:

            Vlan 1

            Authentication open

            Authentication key-management wpa

            Wpa-psk ascii 7 (password)

Remove:

No dot11 extension Aironet

Under interface vlan 1

Remove:

            Ip nat inside

Remove:

            Ip route 0.0.0.0 0.0.0.0 dhcp

Add:

            Ip access-class 2

Add:

Line con0

            Login authentication local_authen

            Transport output telnet

Line vty 0 4

            Access-class 23 in

            Privilege level 15

            Authorization exec local_author

            Login authentication local_authen

            Transport input telnet ssh

Make these changes and see if this does not fix the wireless problem as well as the ISP connectivity issues. Post your updated config once you have been able to make these changes. I also ran across two attachments that helped me as well.

not to sound too stupid but how do I "remove" lines? Thanks for the info I will try it today.

Eric,

You use the "no" command. For example:

Remove:

           no Vlan 1

           no Authentication open

           no Authentication key-management wpa

           no Wpa-psk ascii 7 (password)

Remove:

This one is a bit different, get rid of the word no:

Before:No dot11 extension Aironet

After: dot11 extension aironet

Under interface vlan 1

Remove:

           no Ip nat inside

is the access-class command wrong?  What does this command do?  Do i have to put in an IP address?

I cannot make the last 3 "adds".

My bad on this one:

Ip access-class 2

it should be

ip http access-class 2

Which other ones could you not add?

Eric,

No, it is not wrong. You have the following line in your configuration but it is not applied anywhere:

access-list 23 permit 10.10.10.0 0.0.0.15

I'm just applying it to your line vty 0 4 location. It matches the config I sent you.

No IP address is needed. This command restricts vty access to those hosts within the 10.10.10.240 subnet.

If you do not want it at all, then just do a:

no access-list 23 permit 10.10.10.0 0.0.0.15

So I think I made all of the edits and it still isnt working.  here is my running config

Eric,

Copy and paste the following into your router:

ssid unitedWireless

    no vlan 1

    no authentication open

    no authentication key-management wpa

    no guest-mode

    no wpa-psk ascii 7 xxxxxxxxxxxxxxx (replace with your password)

dot11 ssid unitedWireless

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 7 xxxxxxxxxxxxxxx (replace with your password)

broadcast-key vlan 1 change 72

interface Dot11Radio0

description Main Wireless Interface

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

interface Vlan1

no ip nat inside

interface BVI1

ip address 10.10.10.1 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

ip forward-protocol nd

ip http authentication local

no aaa authentication login default local

no aaa authorization exec default local

aaa authentication login local_authen local

aaa authorization exec local_author local

line con 0

password 7 14021C0218012E7A767B6760

login authentication local_authen

no modem enable

transport output telnet

line aux 0

login authentication local_authen

transport output telnet

line vty 0 4

access-class 23 in

privilege level 15

password 7 02130A521F030B701E1D5D4C

authorization exec local_author

login authentication local_authen

transport input telnet ssh

Let me know how this works for you.

Also,

After you get the above changes made, please post the results of:

Sh ip int brief

Sh ip route

And post an updated running config.

Thanks,

I am still not getting DNS resolution (i still have to statically assign the DNS servers to each individual computer) and windows 7 computers arent getting access to the internet at all, they keep pulling a 169 address. 

Type the following commands and paste their outputs here:

Sh ip int brief

Sh ip route

And please post an updated running config with the above changes implemented.

Hello,

     Thats true, you need to include the dns server on your global config mode and dhcp statement as well.

regards,

Francis 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco