Solved: Re: Router config help

Bodazephyr · ‎10-29-2018

I am new to cisco routing, I took a CCNA course 10 years ago but forgot most I had learned. I am currently relearning and trying to configure an unconfigured router. It is an 891fw router and I am having trouble accessing anything inside OR outside the lan. First what are the basics needed to have a basic working router. Secondly if you can look at my config and let me know what I am missing.

Building configuration...

Current configuration : 2696 bytes
!
! Last configuration change at 10:31:49 GMT Mon Oct 29 2018
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco_891FW
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable password 7 ^*&%%%*&
!
no aaa new-model
clock timezone GMT -8 0
service-module wlan-ap 0 bootimage autonomous
!
!
!
!
!
!

!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool dhcp1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 75.75.75.75 75.75.76.76
!
!
!
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C891FW-A-K9 sn FJC2031L2FA
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
!
!
!
!
bridge irb
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Wlan-GigabitEthernet8
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list nat-list interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
!
!
control-plane
!
bridge 100 protocol ieee
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
logging synchronous
login
transport input all
line vty 5 15
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
!
end

Georg Pauwen · ‎10-29-2018

Hello,

your config is almost complete. I have made a few changes (marked in bold) that should enable your clients to get Internet access:

Building configuration...

Current configuration : 2696 bytes
!
! Last configuration change at 10:31:49 GMT Mon Oct 29 2018
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco_891FW
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable password 7 ^*&%%%*&
!
no aaa new-model
clock timezone GMT -8 0
service-module wlan-ap 0 bootimage autonomous
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool dhcp1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 75.75.75.75 75.75.76.76
!
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C891FW-A-K9 sn FJC2031L2FA
!
crypto isakmp policy 1
!
bridge irb
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Wlan-GigabitEthernet8
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!
access-list 1 permit 192.168.1.0
!
control-plane
!
bridge 100 protocol ieee
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
logging synchronous
login
transport input all
line vty 5 15
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
!
end

View solution in original post

Georg Pauwen · ‎10-29-2018

Hello,

your config is almost complete. I have made a few changes (marked in bold) that should enable your clients to get Internet access:

Building configuration...

Current configuration : 2696 bytes
!
! Last configuration change at 10:31:49 GMT Mon Oct 29 2018
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco_891FW
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable password 7 ^*&%%%*&
!
no aaa new-model
clock timezone GMT -8 0
service-module wlan-ap 0 bootimage autonomous
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool dhcp1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 75.75.75.75 75.75.76.76
!
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C891FW-A-K9 sn FJC2031L2FA
!
crypto isakmp policy 1
!
bridge irb
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Wlan-GigabitEthernet8
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!
access-list 1 permit 192.168.1.0
!
control-plane
!
bridge 100 protocol ieee
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
logging synchronous
login
transport input all
line vty 5 15
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
!
end

Bodazephyr · ‎10-30-2018

Yes! That was it from what i see its had to do with the access list, can you tell me what i did wrong though?

From what i see it was pointing to wrong access list? And something with dhcp

Georg Pauwen · ‎10-30-2018

Hello,

in the original post, you were referring to access list 'nat-acl' which I didn't see in the configuration at all...

Bodazephyr · ‎10-29-2018

I take that back I can ping devices on lan just not out lan. and no internet access

Georg Pauwen · ‎10-29-2018

Did you apply the configuration changes I posted ?

santoshbajimaya · ‎10-29-2018

Hello Bodazephyr,

There is one thing I noticed in your configuration. I don't think you can use VLAN interface for dhcp allocation. Vlan interface are just for management propose. You should configure the dhcp interface to one of the physical interfaces. That must be the problem why you are having problem accessing anything inside or outside the LAN.

Bodazephyr · ‎10-30-2018

Well my dhcp is working and with the other reply i got the internet working. I do like to listen to advice though can anyone confirm im not supposed to use dhcp on the vlan?

Georg Pauwen · ‎10-30-2018

Hello,

DHCP with VLAN interfaces is no problem, actually, it is quite common to use it in that way...

Bodazephyr · ‎10-30-2018

Thank you again Georg!