Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1725
Views
8
Helpful
14
Replies

Need Help configuring and discovering router

eddysamson
Level 1
Level 1

‎10-28-2011 12:13 PM - edited ‎03-04-2019 02:05 PM

Hey there-


We are a small business that just bought a Cisco 1921 ISR. I am trying to set it up right now but I cannot get CCP to discover it. I am new to Cisco products and IOS.


The router is currently set up in a test environment with a USB connection to a Win7 PC for console management. I also have the PC connected to gigabit ethernet port 0/1. I am using putty to access the console which I did with no problem for the initial configuration. After that I thought I would be okay to discover the router with CCP using the IP address I specified but then it prompted me for a username/password which I didn't see in the initial configuration.

After this I did some research and found out I needed to set up a few more things so I ran the following commands:

ip http server

ip http secure-server

ip http authentication local

username admin privilege 15 password ********

line vty 0 4

login local

transport input telnet ssh

After this the video I was watching said to go in to CCP and specify the IP address or hostname of the router and use the login info that was just created admin/pw. When I ran the discovery I got the failure message:

Connection to the device could not be established. Either the device is not eachable or the HTTP service is not enabled.

When I run 'show ip interface' I notice 'Router Discovery disabled" is this why it is not working? How can I enable this or what else am I missing here? Am I not connecting to the router correctly?

Any help is much appreciated as I am very much so a newb to all of this.

Oh and just for reference our plan is to have this router set up as a VPN gateway and firewall with 2 WANs for redundancy and connecting to our switch via an HWIC SFP for fiber.

Labels:
0 Helpful
14 Replies 14

Muhammed AKYUZ
Level 1
Level 1

‎10-28-2011 12:47 PM

you should use telnet or ssh yo configure routers instead of http

Sent from Cisco Technical Support iPhone App

0 Helpful

eddysamson
Level 1
Level 1

‎10-28-2011 12:56 PM

Hey thanks for the reply, but is there any way you could be more specific?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to eddysamson

‎10-28-2011 01:02 PM

Hi,

what does sh cdp interface and sh cdp neigh outputs? what does sh ip int br outputs?

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

eddysamson
Level 1
Level 1
In response to eddysamson

‎10-28-2011 01:17 PM

Hey thanks for the reply!

You can see all the reults here:

Also an unrelated question - is GigabitEthernet0/1/0 my HWIC?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to eddysamson

‎10-28-2011 02:32 PM

Hi,

Can you enable cdp on the interface you are trying to connect to with cdp run interface command.

Can you  ping the IP from the machine where CCP is installed , if not make sure your firewall is disabled on Windows 7.

Can you do a telnet 80 from command line on Windows 7 then type some chars and enter  what is it saying?

Alain.

Don't forget to rate helpful posts.
0 Helpful

eddysamson
Level 1
Level 1
In response to eddysamson

‎10-31-2011 07:56 AM

I was able to execute cdp run but it still says router discovery is disable when I do 'show IP interface'. I was able to ping the Win7 computer and from there I was able to ping the router. I was able to telnet in, but only without specifying a port. 80 did not work. Still can not discover the device.

0 Helpful

eddysamson
Level 1
Level 1
In response to eddysamson

‎11-01-2011 10:13 AM

I have configured the router so I can successfully discover it. I am now trying to configure the WAN connection with our ISP. From what I've been reading it seems like I have done everything correctly so far so I am unsure why CCP is throwing me an error message when I try to do a test connection on our WAN interface.

Here is the error message:

"To test connectivity, Cisco CP tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface."

Here is my config:

router#show conf
Using 2608 out of 262136 bytes
!
! Last configuration change at 16:21:15 UTC Tue Nov 1 2011 by admin
! NVRAM config last updated at 16:21:16 UTC Tue Nov 1 2011 by admin
! NVRAM config last updated at 16:21:16 UTC Tue Nov 1 2011 by admin
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 ****

enable password ******

!
no aaa new-model
!
no process cpu extended history
no process cpu autoprofile hog
!
no ipv6 cef
no ip source-route
no ip routing
no ip cef
!
!
ip name-server 204.13.41.10
ip name-server 204.13.41.13
!
multilink bundle-name authenticated

!
username admin privilege 15 secret 5 **********

!
redundancy
!
!
interface Embedded-Service-Engine0/0
no ip address
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 65.183.153.14 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.1.1 255.255.255.0
no ip route-cache
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface GigabitEthernet0/1/0
no ip address
no ip route-cache
shutdown
negotiation auto
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 65.183.153.1
!
access-list 100 remark CCP_ACL Category=1
access-list 100 permit ip any host 65.183.153.14
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password ****

login local
transport input telnet
transport output telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet
transport output telnet ssh
!
scheduler allocate 20000 1000
end

What am I missing?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to eddysamson

‎11-01-2011 10:54 AM

Hi,

1)

no ip routing

no ip cef

You should configure this in global config:

-ip routing

-ip cef

and do this under both Gigabit interfaces:

-ip route cache

2)configure this for connectivity from the LAN to the WAN

access-list 10 permit 192.168.1.0  0.0.0.255

ip nat inside source list 10 interface GigabitEthernet0/0

interface GigabitEthernet0/1

ip nat inside

Regards.

Alain.

Don't forget to rate helpful posts.

eddysamson
Level 1
Level 1
In response to eddysamson

‎11-01-2011 11:52 AM

Thank you for the reply! I ran the commands you suggested but I still see the same failure message when I try to test my connection.


Here is my updated config:

router#sh conf

Using 2477 out of 262136 bytes

!

! Last configuration change at 18:39:31 UTC Tue Nov 1 2011 by admin

! NVRAM config last updated at 18:39:33 UTC Tue Nov 1 2011 by admin

! NVRAM config last updated at 18:39:33 UTC Tue Nov 1 2011 by admin

version 15.1

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 *********

enable password *********

!

no aaa new-model

!

no process cpu extended history

no process cpu autoprofile hog

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

!

!

ip name-server 204.13.41.10

ip name-server 204.13.41.13

!

multilink bundle-name authenticated

!

!

!

username admin privilege 15 secret 5 ******

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

no cdp enable

!

interface GigabitEthernet0/0

description $ETH-WAN$

ip address 65.183.153.14 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

description $ETH-LAN$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface GigabitEthernet0/1/0

no ip address

shutdown

negotiation auto

no cdp enable

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 10 interface GigabitEthernet0/0 overload

!

access-list 10 permit 192.168.1.0 0.0.0.255

!

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

password password3

login local

transport input telnet

transport output telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet

transport output telnet ssh

!

scheduler allocate 20000 1000

end

router#sh conf

Using 2477 out of 262136 bytes

!

! Last configuration change at 18:39:31 UTC Tue Nov 1 2011 by admin

! NVRAM config last updated at 18:39:33 UTC Tue Nov 1 2011 by admin

! NVRAM config last updated at 18:39:33 UTC Tue Nov 1 2011 by admin

version 15.1

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 $1$dH99$vgP3tM6lzi9LPvDJfGSRn1

enable password password2

!

no aaa new-model

!

no process cpu extended history

no process cpu autoprofile hog

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

!

!

ip name-server 204.13.41.10

ip name-server 204.13.41.13

!

multilink bundle-name authenticated

!

!

!

username admin privilege 15 secret 5 *****

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

no cdp enable

!

interface GigabitEthernet0/0

description $ETH-WAN$

ip address 65.183.153.14 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

description $ETH-LAN$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface GigabitEthernet0/1/0

no ip address

shutdown

negotiation auto

no cdp enable

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 10 interface GigabitEthernet0/0 overload

!

access-list 10 permit 192.168.1.0 0.0.0.255

!

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

password **********

login local

transport input telnet

transport output telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet

transport output telnet ssh

!

scheduler allocate 20000 1000

end

Oh and for reference here is my ISP info:

WAN IP: 65.183.153.14

Subnet Mask: 255.255.255.0

Default Gateway: 65.183.153.1

Primary DNS: 204.13.41.10

Secondary DNS: 204.13.41.13

0 Helpful

eddysamson
Level 1
Level 1
In response to eddysamson

‎11-01-2011 12:27 PM

I missed the 'ip route cache' command the first time I ran those commands. I just went in and tried to run it under each interface like you said and it was not a valid command. I did 'ip route ?' and noticed 2 commands that mentioned a cache, flow and policy. Should I use one of those?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to eddysamson

‎11-01-2011 02:07 PM

Hi,

it's ok just reenabling ip cef globally did it but there is a typo here:

interface GigabitEthernet0/0

description $ETH-WAN$

ip address 65.183.153.14 255.255.255.0

ip nat inside      It should be ip nat outside

Can you ping your ISP dns servers from the router with the ping command ?

If so then don't worry about the message from CCP.

Alain.

Don't forget to rate helpful posts.

eddysamson
Level 1
Level 1
In response to cadet alain

‎11-02-2011 07:07 AM

I can ping the DNS now and run the test connection successfully. I had to do 'ip default-gateway 65.183.153.1'


Still don't have an internet connection to my PC, though. Next steps?

0 Helpful

eddysamson
Level 1
Level 1
In response to eddysamson

‎11-02-2011 12:41 PM

I set up DHCP pools and added an ACL to allow all outbound traffic and I can now browse the internet with both workstations I have set up. I think I am okay for now!

Thank you very much for all your help Alain, you were very helpful!

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to eddysamson

‎11-03-2011 01:49 AM

Hi,

the ip default-gateway command is only used when you are not doing routing so in your case it shouldn't be used.

By default you don't need any ACL to permit traffic through the router.

For the dhcp pool if your client were dhcp client then indeed if you had no dedicated dhcp server you had to do this but the

other 2 things you did were not necessary to make it work.

Regards.

Alain.

Don't forget to rate helpful posts and mark the thread as resolved if it is.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents