Solved: 2821 LAN Ports 0/0 and 0/1 are in down mode

La1Impala · ‎08-08-2016

Hi new to routers. I just purchased a 2821 and from using the console cable I received this info below. I would like to use SDM to configure the router. I believe I use port 0/0 and a crossover cable to a laptop or straight through cat5 to a hub or switch. Then I suppose I will use port 0/0 and 0/1 for the internal and external networks after config. BTW which port will be internal and external?

Router>
Router>
Router>
Router>where
% No connections open
Router>

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.

Initializing memory for ECC
....
c2821 platform with 1048576 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC enabled

Readonly ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xcb80

program load complete, entry point: 0x8000f000, size: 0x4061b68
Self decompressing the image : #################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################## [OK]

Smart Init is enabled
smart init is sizing iomem
ID            MEMORY_REQ                 TYPE
0003E8          0X00474800 C2821 Mainboard
                0X00264050 Onboard VPN
                0X000021B8 Onboard USB
                0X002C29F0 public buffer pools
                0X00211000 public particle pools
-----------------------------------------------
TOTAL:          0X00BAE3F8

If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 12Mb.
Using 1 percent iomem. [12Mb/1024Mb]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_SNA-M), Version 15.1(
3)T4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 24-May-12 01:38 by prod_rel_team

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Installed image archive
Cisco 2821 (revision 52.57) with 1036288K/12288K bytes of memory.
Processor board ID FTX1323A06Y
2 Gigabit Ethernet interfaces
1 Serial interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
250880K bytes of ATA CompactFlash (Read/Write)

SETUP: new interface Serial0/0/0 placed in "shutdown" state
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!By default, the following "voice service voip"         !!
!!sub-command is enabled:                                !!
!!   ip address trusted authenticate                     !!
!!                                                       !!
!!The command enables the ip address authentication      !!
!!on incoming H.323 or SIP trunk calls for toll fraud    !!
!!prevention supports.                                   !!
!!                                                       !!
!!Please use "show ip address trusted list" command      !!
!!to display a list of valid ip addresses for incoming   !!
!!H.323 or SIP trunk calls.                              !!
!!                                                       !!
!!Additional valid ip addresses can be added via the     !!
!!following command line:                                !!
!! voice service voip                                   !!
!!   ip address trusted list                             !!
!!    ipv4 <ipv4-address> [<ipv4 network-mask>]          !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Press RETURN to get started!

*Aug 7 19:15:14.887: SERVICE_MODULE(Serial0/0/0): self test finished: Passed
*Aug 7 19:15:31.635: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Initialized
*Aug 7 19:15:31.643: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Enabled
*Aug 7 19:15:33.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0
, changed state to up
*Aug 7 19:15:33.271: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed stat
e to up
*Aug 7 19:15:33.271: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed stat
e to up
*Aug 7 19:15:33.271: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to do
wn
*Aug 7 19:15:34.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0/0, changed state to down
*Aug 7 19:15:34.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0/1, changed state to down
*Aug 7 19:15:34.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/
0, changed state to down
*Aug 7 19:15:35.791: %SYS-5-CONFIG_I: Configured from memory by console
*Aug 7 19:15:37.731: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed sta
te to administratively down
*Aug 7 19:15:37.739: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed sta
te to administratively down
*Aug 7 19:15:37.791: %LINK-5-CHANGED: Interface Serial0/0/0, changed state to a
dministratively down
*Aug 7 19:15:40.631: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_SNA-M), Version 15.1(
3)T4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 24-May-12 01:38 by prod_rel_team
*Aug 7 19:15:40.635: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
*Aug 7 19:15:41.059: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Aug 7 19:15:41.059: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Aug 7 19:15:41.059: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Aug 7 19:15:41.059: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
Router>

Router con0 is now available

Press RETURN to get started.

Mark Malone · ‎08-22-2016

I don't use the GUI so taking a guess looking at it I would say its where you default route would be set to send traffic outbound

in CLI you usually set a default route so all traffic that's isn't specifically set knows where to go to break out of local network to the wan

you can achieve this by ip address or by pointing it at the wan interface as the exit

ip route 0.0.0.0 0.0.0.0.0 142.1.1.18 (say modem ip address)

or

ip route 0.0.0.0 0.0.0.0.0 g0/1 (wan interface)

.................................................................................

so

prefix 0.0.0.0

mask 0.0.0.0

tick the box for default route

going by your earlier choice your wan is g0/1 or opther choice there underneath set the modem ip address public internet address locally

leave the distance as 1 and then tick make this permanent

..................................................................................................................

Just so your aware even though you have now set an internet route and you should be able to ping say 8.8.8.8 for Google from your router , you will need to setup NAT so LAN devices can speak to the internet

View solution in original post

Mark Malone · ‎08-08-2016

Hi

if your going to use SDM on a 2800 you will still need to configure either a dhcp pool or a static ip address so the router can be accessed from pc as dhcp is off by default on 2800

You should be able to use straight through direct to g0/0 or g0/1 as interfaces are now MDIX ,once your router port and pc are on same subnet you should be able to http to it from browser on laptop , you may need to enable https in cli but http should be on by default , it doesn't matter about port internal/external there both l3 capable only but usually people use the G0/0 as the lan port and G0/1 as wan if not using serial which is doubtful these days as wan port

By default, the DHCP server is turned off on the Cisco 28xx series routers.

http://www.cisco.com/c/en/us/td/docs/routers/access/2800/software/configuration/guide/2800swgd/2800over.html

La1Impala · ‎08-08-2016

Hi. Thanks for the reply. I guess I need to clarify what I really need to know. Ethernet ports 0/0 and 0/1 are in down mode. Do not have any "G" ports. If you look at what I copied from the console. When I plug a cat5 cable into 0/0 or 0/1 the associated LESs do not flicker. If I leave the cable in and restart the LEDs will flicker til it says the ports are in down mode. Apparently there is a static ip associated with the router just to connect for config of 10.10.10.1. I had to give the laptop I was connecting to it with a static ip. It would not connect b/c the port is in down mode. I am also using a switch.

Richard Burts · ‎08-08-2016

Part of what is shown in the console output that you posted is that both Gig0/0 and 0/1 are administratively shut down. You need to get on the console, get into privilege mode, then get into config mode, and then for one or both of the interfaces you need to enter the command

no shutdown (which is frequently abbreviated to no shut)

This will make one or both of the interfaces available. Your console output shows the boot process but does not show whether there is any configuration on those interfaces. Perhaps when you get into privilege mode on the router you could do show run and post the output of that command.

HTH

Rick

HTH

Rick

Mark Malone · ‎08-09-2016

Hi

Apparently there is a static ip associated with the router just to connect for config of 10.10.10.1.

This is definitely the case for the smaller routers like some 800 series and even UC type devices like UC500s that are CCP configuration professional or CCA configuration assistant ready its set with that ip or dhcp but 2800s should be blank out of the box no ip ready I didn't think from what I remember anyway maybe they have changed it recently , you may have to configure an ip address or a dhcp pool so you can access it through GUI

CCP

If you want to start with a factory default configuration that is designed to support Cisco CP, you can use the procedure in this section. The factory default configuration includes all the commands necessary to support Cisco CP and configures an Ethernet interface with the IP address 10.10.10.1.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_configuration_professional/guides/CiscoCPqsg.html

As Richard has noted if you post the show run it will confirm exactly and we can assist from there

La1Impala · ‎08-13-2016

what should I use SDM or CP or are they different ?

for the console

do I use

enable

configure terminal

Here it is

Router#show run
Building configuration...

Current configuration : 933 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX1323A06Y
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Router#

Mark Malone · ‎08-15-2016

Hi

so as you can see unfortunately this is not prepared directly for SDM there is no interface currently configured with an ip address that you can http(GUI) to

The next thing you need to check is SDM even installed on your router to use it

SDM would have files generally stored in the flash area of the device called sdmconfig

Can you check with this command please to see whats currently stored in your router , just type dir and hit return and please post what you see

If SDM is not already in flash you will have to get it if you really want to use it , this extract below explains quickly in steps how to set it up

*************************************************************************************

https://www.fir3net.com/Routers/Cisco/how-to-enable-sdm-on-your-router.html

SDM (Security Device Manager) allows you to configure and manage your router via the use of a GUI. Please find the steps below :

Download the SDM-Vxx.zip file from Cisco's website.
Ensure that you have the sdmconfig*.cfg file within your routers flash for your version of router. You can confirm this by using the command `show flash`.
If it is not then copy it from the SDM zip file previously mentioned.
Run the setup.exe from the zip. You can either install the SDM software on the router, local machine or both. It is advised to install this locally for performance reasons.
Now run the following commands on your router.

router(config)# username [password] secret [password] privilege 15
router(config)# ip http server
router(config)# ip http secure-server
router(config)# no ip http server
router(config)# ip http authentication local

Tip : Be sure to turn of your popup blocker within your Browser.
Tip : Ensure that IE is configured as your default browser.
Tip : When you are in the SDM GUI go to "Edit Preference's | Preview Commands before delivering router". Check this tick box to allow you to see commands before sending them to the router.

******************************************************************************************

Regarding SDM or CCP im not the best to advise I haven't use either really only tested them I use cli only where I can , CCP though is the replacement for SDM and does contain more features seemingly

here is the guide for CCP from Cisco , install and run etc so you can take a look and decide

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_configuration_professional/v2_5/guides/getting_start/ccp_gsg/intro.html

La1Impala · ‎08-15-2016

I have SDM on the router b/c I get this at the end

Router con0 is now available

Press RETURN to get started

I have gone in and configured both GE 0/0 and 0/1

GE 0/0 I configured for DHCP and I plugged it into my DSL modem and it acquires an IP address. GE 0/1 I configured the ip address of 10.10.10.1 255.0.0.0.

the notebook I am using I set a static ip of 10.10.10.3 255.0.0.0 . I can ping 10.10.10.1 and I get replies. when I plug 10.10.10.1 into the browser I get search page can not be opened. I will try running the commands you posted

Mark Malone · ‎08-16-2016

Yes you need to have the http commands and user/pass for the GUI or you wont get a webpage

if its still not working after please post the show run

La1Impala · ‎08-16-2016

Iwill post show run when I return tonight, what is the user/password for the gui ...cisco/cisco , I am just typing in 10.10.10.1 into the browser , I am not getting the prompt for the user name or password, using windows 7 and I think ie 11

Mark Malone · ‎08-16-2016

the username and password should be what you configure it in the cli , secret is the password encrypted .....

username [password] secret [password] privilege 15

if you can ping 10.10.10.1 and your on the same range etc locally and http is set correctly you should be able to http to it

http://10.10.10.1 or https if configured

if its not working after that try diff browser like firefox or chrome and then send on the config

if your only going to use http which is unsecure , remove this from the cli no ip http server and make sure it just has ip http server instead

La1Impala · ‎08-20-2016

I finally connected with SDM, Tried Cisco CP, kept getting Java errors for both that they were a risk ( short version) would not let me proceed, I even entered http://127.0.0.1:8600 in the access list for ver 8 java. . I loaded java 6.5 and then accepted all the warnings when I ran SDM. I tried Cisco cp, and it froze half way through. I suppose the choices are to remove sdm off the router and use the CLI or keep a few older laptops with win7 or xp and down level vers of java

La1Impala · ‎08-21-2016

hi trying to configure routing using ge 0/0 for the WAN 0/1 for the LAN, Have the LAN 10.10.10.1 255.0.0.0 I Configured 0/0 to be a DHCP Client the address it received I used. I turned off DHCP and used the static ip of 192.168.1.45 and I think 255.255.255.0

How should I fill this in, I cant figure if destination means LAN or WAN

Mark Malone · ‎08-22-2016