10-19-2012 06:36 AM - edited 03-04-2019 05:54 PM
I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path, and I cant get BVI configured (see error below). I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Also what port would I hook my switch into?Thank you
Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin
Self decompressing the image : #################################################
########################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support:
http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
Image text-base: 0x8002008C, data-base: 0x813FEFCC
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem
ory.
Processor board ID FHK121021J4
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Initialized
*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Enabled sslinit fn
*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to down
*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to up
*Ma
Router>
Router>r 1 00:00:11.607: USB init complete.
*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to down
*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to
administratively down
*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support:
http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha
nged state to up
*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to
up
*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to
up
*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to
up
*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st
ate to administratively down
*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et3, changed state to up
*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et2, changed state to down
*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et1, changed state to up
*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to down
*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do
t11Radio0, changed state to down
Router>enable
Router#vlan data
Router(vlan)#vlan 10 name Internal-LAN
Vlan can not be added. Maximum number of 1 vlan(s) in the database.
Router(vlan)#enable
^
% Invalid input detected at '^' marker.
Router(vlan)#exit
APPLY completed.
Exiting....
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#hostname
united(config)#enable secret
united(config)#enable password
united(config)#enable password
united(config)#aaa new-model
united(config)#aaa authentication login default local
united(config)#aaa authorization exec default local
united(config)#aaa session-id common
united(config)#ip http server
united(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
united(config)#
*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled
*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri
te memory" to save new certificatewrite memory
united(config)#^Z
united#
*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#line con 0
united(config-line)#password
united(config-line)#line vty 0 4
united(config-line)#password
united(config-line)#exit
united(config)#line vty 0 4
united(config-line)#exit
united(config)#ip domain name united
united(config)#no ip domain lookup
united(config)#username united privilege 15 password
united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99
united(config)#service dhcp
united(config)#ip dhcp pool VLAN10
united(dhcp-config)#exit
united(config)#ip dhcp pool internal-net
united(dhcp-config)#network 192.168.1.0 255.255.255.0
united(dhcp-config)#default-router 192.168.1.1
united(dhcp-config)#import all
united(dhcp-config)#domain-name
united(dhcp-config)#lease 4
united(dhcp-config)#exit
united(config)#access-list 1 permit 192.168.1.0 0.0.0.255
united(config)#ip nat inside source list 1 interface FastEthernet4 overload
united(config)#
*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan
ged state to up
united(config)#interface FastEthernet4
united(config-if)#ip address dhcp
united(config-if)#ip tcp adjust-mss 1460
united(config-if)#ip nat outside
united(config-if)#no cdp enable
united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP
united(config)#interface FastEthernet0
united(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0 but will only
have effect when the interface is in a non-trunking mode.
united(config-if)#interface Dot11Radio0
united(config-if)#encryption vlan 1 mode ciphers tkip
united(config-if)#ssid united
united(config-if-ssid)#vlan 1
united(config-if-ssid)#authentication open
united(config-if-ssid)#authentication key-management wpa
united(config-if-ssid)#wpa-psk ascii
united(config-if-ssid)#exit
united(config-if)#channel
% Incomplete command.
united(config-if)#channel 1
united(config-if)#no cdp enable
united(config-if)#no dot11 extension aironet
united(config-if)#exit
united(config)#interface Vlan 1
united(config-if)#description internal Network
united(config-if)#ip nat inside
united(config-if)#ip virtual-reassembly
united(config-if)#bridge-group 1
united(config-if)#bridge-group 1 spanning-disabled
united(config-if)#exit
united(config)#^Z
united#
*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured! //dont understand why
^
% Invalid input detected at '^' marker.
united(config)#interface FastEthernet4
united(config-if)#description WAN interface - TO Internet
united(config-if)#ip address 68.99. 255.255.
united(config-if)#no shutdown
united(config-if)#exit
*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to
up
*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to up
united(config)#^Z
united#
*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface fastethernet0
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet1
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet2
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet3
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#ip inspect name MYFW tcp
united(config)#ip inspect name MYFW udp
united(config)#ip access-list extended internet-inbound-ACL
united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
united(config-ext-nacl)#permit icmp any any echo
united(config-ext-nacl)#permit esp any any
united(config-ext-nacl)#interface FastEthernet4
united(config-if)#ip inspect MYFW out
united(config-if)#ip access-group Internet-inbound-ACL in
united(config-if)#^Z
united#
*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 unassigned YES unset up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface vlan1
united(config-if)#ip address 192.168.1.1 255.255.255.0
united(config-if)#no shhutdown
^
% Invalid input detected at '^' marker.
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 192.168.1.1 YES manual up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#interface Dot11Radio0.1
united(config-subif)#encapsulation dot1Q 1 native
united(config-subif)#no snmp trap link-status
united(config-subif)#bridge-group 1
united(config-subif)#bridge-group 1 subscriber-loop-control
united(config-subif)#bridge-group 1 spanning-disabled
united(config-subif)#bridge-group 1 block-unknown-source
united(config-subif)#no bridge-group 1 source-learning
united(config-subif)#no bridge-group 1 unicast-flooding
united(config-subif)#exit
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#^Z
united#
*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface
FastEthernet0 is up, line protocol is down
Internet protocol processing disabled
FastEthernet1 is up, line protocol is up
Internet protocol processing disabled
FastEthernet2 is up, line protocol is down
Internet protocol processing disabled
FastEthernet3 is up, line protocol is up
Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
Internet address is 68.99./27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is Internet-inbound-ACL
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Outgoing inspection rule is MYFW
Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
Vlan1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Virtual-Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Virtual-Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
NVI0 is up, line protocol is up
Internet protocol processing disabled
united#
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface Dot11Radio0
united(config-if)#no shutdown
united(config-if)#exit
*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta
te to down
*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
united(config)#interface Dot11Radio0.1
united(config-subif)#no shutdown
united(config-subif)#exit
united(config)#int dot0
united(config-if)#no shut
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console
united#
I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path. I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Thank you
Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin
Self decompressing the image : #################################################
########################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
Image text-base: 0x8002008C, data-base: 0x813FEFCC
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem
ory.
Processor board ID FHK121021J4
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Initialized
*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Enabled sslinit fn
*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to down
*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to up
*Ma
Router>
Router>r 1 00:00:11.607: USB init complete.
*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to down
*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to
administratively down
*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha
nged state to up
*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to
up
*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to
up
*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to
up
*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st
ate to administratively down
*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et3, changed state to up
*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et2, changed state to down
*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et1, changed state to up
*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to down
*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do
t11Radio0, changed state to down
Router>enable
Router#vlan data
Router(vlan)#vlan 10 name Internal-LAN
Vlan can not be added. Maximum number of 1 vlan(s) in the database.
Router(vlan)#enable
^
% Invalid input detected at '^' marker.
Router(vlan)#exit
APPLY completed.
Exiting....
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#hostname
united(config)#enable secret
united(config)#enable password
united(config)#enable password
united(config)#aaa new-model
united(config)#aaa authentication login default local
united(config)#aaa authorization exec default local
united(config)#aaa session-id common
united(config)#ip http server
united(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
united(config)#
*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled
*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri
te memory" to save new certificatewrite memory
united(config)#^Z
united#
*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#line con 0
united(config-line)#password
united(config-line)#line vty 0 4
united(config-line)#password
united(config-line)#exit
united(config)#line vty 0 4
united(config-line)#exit
united(config)#ip domain name united
united(config)#no ip domain lookup
united(config)#username united privilege 15 password
united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99
united(config)#service dhcp
united(config)#ip dhcp pool VLAN10
united(dhcp-config)#exit
united(config)#ip dhcp pool internal-net
united(dhcp-config)#network 192.168.1.0 255.255.255.0
united(dhcp-config)#default-router 192.168.1.1
united(dhcp-config)#import all
united(dhcp-config)#domain-name
united(dhcp-config)#lease 4
united(dhcp-config)#exit
united(config)#access-list 1 permit 192.168.1.0 0.0.0.255
united(config)#ip nat inside source list 1 interface FastEthernet4 overload
united(config)#
*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan
ged state to up
united(config)#interface FastEthernet4
united(config-if)#ip address dhcp
united(config-if)#ip tcp adjust-mss 1460
united(config-if)#ip nat outside
united(config-if)#no cdp enable
united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP
united(config)#interface FastEthernet0
united(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0 but will only
have effect when the interface is in a non-trunking mode.
united(config-if)#interface Dot11Radio0
united(config-if)#encryption vlan 1 mode ciphers tkip
united(config-if)#ssid united
united(config-if-ssid)#vlan 1
united(config-if-ssid)#authentication open
united(config-if-ssid)#authentication key-management wpa
united(config-if-ssid)#wpa-psk ascii
united(config-if-ssid)#exit
united(config-if)#channel
% Incomplete command.
united(config-if)#channel 1
united(config-if)#no cdp enable
united(config-if)#no dot11 extension aironet
united(config-if)#exit
united(config)#interface Vlan 1
united(config-if)#description internal Network
united(config-if)#ip nat inside
united(config-if)#ip virtual-reassembly
united(config-if)#bridge-group 1
united(config-if)#bridge-group 1 spanning-disabled
united(config-if)#exit
united(config)#^Z
united#
*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured! //dont understand why
^
% Invalid input detected at '^' marker.
united(config)#interface FastEthernet4
united(config-if)#description WAN interface - TO Internet
united(config-if)#ip address 68.99. 255.255.
united(config-if)#no shutdown
united(config-if)#exit
*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to
up
*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to up
united(config)#^Z
united#
*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface fastethernet0
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet1
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet2
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet3
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#ip inspect name MYFW tcp
united(config)#ip inspect name MYFW udp
united(config)#ip access-list extended internet-inbound-ACL
united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
united(config-ext-nacl)#permit icmp any any echo
united(config-ext-nacl)#permit esp any any
united(config-ext-nacl)#interface FastEthernet4
united(config-if)#ip inspect MYFW out
united(config-if)#ip access-group Internet-inbound-ACL in
united(config-if)#^Z
united#
*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 unassigned YES unset up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface vlan1
united(config-if)#ip address 192.168.1.1 255.255.255.0
united(config-if)#no shhutdown
^
% Invalid input detected at '^' marker.
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 68.99. YES manual up up
Dot11Radio0 unassigned YES TFTP administratively down down
Vlan1 192.168.1.1 YES manual up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
NVI0 unassigned YES unset up up
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#interface Dot11Radio0.1
united(config-subif)#encapsulation dot1Q 1 native
united(config-subif)#no snmp trap link-status
united(config-subif)#bridge-group 1
united(config-subif)#bridge-group 1 subscriber-loop-control
united(config-subif)#bridge-group 1 spanning-disabled
united(config-subif)#bridge-group 1 block-unknown-source
united(config-subif)#no bridge-group 1 source-learning
united(config-subif)#no bridge-group 1 unicast-flooding
united(config-subif)#exit
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.
united(config)#^Z
united#
*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface
FastEthernet0 is up, line protocol is down
Internet protocol processing disabled
FastEthernet1 is up, line protocol is up
Internet protocol processing disabled
FastEthernet2 is up, line protocol is down
Internet protocol processing disabled
FastEthernet3 is up, line protocol is up
Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
Internet address is 68.99./27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is Internet-inbound-ACL
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Outgoing inspection rule is MYFW
Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
Vlan1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Virtual-Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Virtual-Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
NVI0 is up, line protocol is up
Internet protocol processing disabled
united#
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface Dot11Radio0
united(config-if)#no shutdown
united(config-if)#exit
*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta
te to down
*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
united(config)#interface Dot11Radio0.1
united(config-subif)#no shutdown
united(config-subif)#exit
united(config)#int dot0
united(config-if)#no shut
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console
united#
10-22-2012 07:52 PM
Eric,
Please make the following changes:
Add:
Dot11 ssid unitedWireless
Vlan 1
Authentication open
Authentication key-management wpa
Wpa-psk ascii 7 (insert your ssid password here)
Keep the first line here and delete the remaining items under this ssid configuration
Ssid unitedWireless
Remove:
Vlan 1
Authentication open
Authentication key-management wpa
Wpa-psk ascii 7 (password)
Remove:
No dot11 extension Aironet
Under interface vlan 1
Remove:
Ip nat inside
Remove:
Ip route 0.0.0.0 0.0.0.0 dhcp
Add:
Ip access-class 2
Add:
Line con0
Login authentication local_authen
Transport output telnet
Line vty 0 4
Access-class 23 in
Privilege level 15
Authorization exec local_author
Login authentication local_authen
Transport input telnet ssh
Make these changes and see if this does not fix the wireless problem as well as the ISP connectivity issues. Post your updated config once you have been able to make these changes. I also ran across two attachments that helped me as well.
10-23-2012 08:27 AM
not to sound too stupid but how do I "remove" lines? Thanks for the info I will try it today.
10-23-2012 08:43 AM
Eric,
You use the "no" command. For example:
Remove:
no Vlan 1
no Authentication open
no Authentication key-management wpa
no Wpa-psk ascii 7 (password)
Remove:
This one is a bit different, get rid of the word no:
Before:No dot11 extension Aironet
After: dot11 extension aironet
Under interface vlan 1
Remove:
no Ip nat inside
10-23-2012 10:01 AM
is the access-class command wrong? What does this command do? Do i have to put in an IP address?
10-23-2012 10:04 AM
I cannot make the last 3 "adds".
10-23-2012 10:14 AM
My bad on this one:
Ip access-class 2
it should be
ip http access-class 2
Which other ones could you not add?
10-23-2012 10:11 AM
Eric,
No, it is not wrong. You have the following line in your configuration but it is not applied anywhere:
access-list 23 permit 10.10.10.0 0.0.0.15
I'm just applying it to your line vty 0 4 location. It matches the config I sent you.
No IP address is needed. This command restricts vty access to those hosts within the 10.10.10.240 subnet.
If you do not want it at all, then just do a:
no access-list 23 permit 10.10.10.0 0.0.0.15
10-23-2012 11:57 AM
10-23-2012 12:43 PM
Eric,
Copy and paste the following into your router:
ssid unitedWireless
no vlan 1
no authentication open
no authentication key-management wpa
no guest-mode
no wpa-psk ascii 7 xxxxxxxxxxxxxxx (replace with your password)
dot11 ssid unitedWireless
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 xxxxxxxxxxxxxxx (replace with your password)
broadcast-key vlan 1 change 72
interface Dot11Radio0
description Main Wireless Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
interface Vlan1
no ip nat inside
interface BVI1
ip address 10.10.10.1 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
ip forward-protocol nd
ip http authentication local
no aaa authentication login default local
no aaa authorization exec default local
aaa authentication login local_authen local
aaa authorization exec local_author local
line con 0
password 7 14021C0218012E7A767B6760
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
password 7 02130A521F030B701E1D5D4C
authorization exec local_author
login authentication local_authen
transport input telnet ssh
Let me know how this works for you.
Also,
After you get the above changes made, please post the results of:
Sh ip int brief
Sh ip route
And post an updated running config.
Thanks,
10-24-2012 01:05 PM
I am still not getting DNS resolution (i still have to statically assign the DNS servers to each individual computer) and windows 7 computers arent getting access to the internet at all, they keep pulling a 169 address.
10-25-2012 06:06 AM
Type the following commands and paste their outputs here:
Sh ip int brief
Sh ip route
And please post an updated running config with the above changes implemented.
10-22-2012 08:55 AM
Hello,
Thats true, you need to include the dns server on your global config mode and dhcp statement as well.
regards,
Francis
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide