Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Basic 861 interfaces configuration

Hello and thanks in advance for the help.

I have a Cisco 861 and am trying to configure a very basic LAN setup. I have a lot of experience with an 1841 router and am used to working with subinterfaces and connected the router to a separate switch to separate vlan traffic and what not...

The 861 has 1 WAN port, Fa4, and 4 switchports, Fa0-3.

Now, all I am trying to do is establish a LAN segment with PAT. I have the WAN interface working good. I have a static IP and the default route is set... I can ping addresses on the internet. I also have the vty lines setup with SSH and all is working.

Now the LAN configuration is the part I can't seem to figure out. I tried adding an IP to VLAN 1 and doing an extended ping from the address I assigned to the vlan, no success...

Honestly, I'm not sure how to configure the LAN on this at all. I've taken some unsuccessful configuration guesses, but I thought it would be much more time efficient to have someone explain how to configure an ISR router with an embedded switch. I actually have an 1841 in house that has a 4 port switch connected to an addin slot... that I have never been able to use... I assume because I have the same problem understand how it is supposed to be used.

I have read through the configuration guides for the 860 series.. and wasn't able to find much help. I figure I need either to configure the vlans properly or configure a loopback interface... Thanks for the help!

Reza Sharifi
Hall of Fame Expert

Hi James,

How many vlans are you planning to deploy?

Do you have a switch/hub sitting behind this router?

Cab you post "sh run" and sh ver?


cadet alain


suppose you have a PC in vlan 10 on port f1/0 then the config would be:

int vlan 10

ip address x.x.x.x y.y.y.y

no sh

int f1/1

switchport mode access

switchport access vlan 10



Don't forget to rate helpful posts.

Thank you for the replies.

My initial idea was to deploy 2 vlans, SERVERS and LAN, with intervlan routing so the networks can communicate. Here is the configuration as it stands right now. This is totally cut down to only the essentials and one vlan. The IOS image appears to be limited to only 2 vlans and since vlan 1 cannot be deleted, I believe that I must use it and then configure a second vlan. This configuration current will not allow an extended ping from the inside address of vlan 1 on the router. A standard ping to the net works.

Edit: I only have a few devices to connect to the network at the moment, so I was going to use the switchports built into the router for switching.

Lab#sho ver

Cisco IOS Software, C860 Software (C860-UNIVERSALK9-M), Version 12.4(20)T5, RELEASE SOFTWARE (fc2)

Technical Support:

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Mon 08-Mar-10 17:36 by prod_rel_team

ROM: System Bootstrap, Version 12.4(15r)XZ5, RELEASE SOFTWARE (fc1)

Lab uptime is 3 hours, 33 minutes

System returned to ROM by reload

System image file is "flash:c860-universalk9-mz.124-20.T5.bin"

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco 861 (MPC8300) processor (revision 0x100) with 249856K/12288K bytes of memory.

Processor board ID FTX141482E3

5 FastEthernet interfaces

256K bytes of non-volatile configuration memory.

126000K bytes of ATA CompactFlash (Read/Write)

License Information for 'c860-data'

    License Level: advsecurity   Type: Permanent

    Next reboot license Level: advsecurity

Configuration register is 0x2102

Lab#sho run

Building configuration...

Current configuration : 1323 bytes


version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption


hostname Areas_Micros_Lab





logging message-counter syslog

enable secret 5 *****


no aaa new-model



ip source-route



ip cef

no ip domain lookup

ip domain name xxxxx.local

ip name-server

ip name-server

ip name-server

ip name-server





username ***** privilege 15 secret 5 *****





log config







interface FastEthernet0


interface FastEthernet1


interface FastEthernet2


interface FastEthernet3


interface FastEthernet4

ip address 207.x.x.x

ip nat outside

ip virtual-reassembly

duplex auto

speed auto


interface Vlan1

ip address

ip nat inside

ip virtual-reassembly


ip forward-protocol nd

ip route 207.x.x.x

no ip http server

no ip http secure-server


ip nat inside source list 10 interface FastEthernet4 overload


access-list 10 permit





line con 0

no modem enable

line aux 0

line vty 0 4

login local

transport input ssh


scheduler max-task-time 5000



This is what I am trying to do with the pings...


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms


Protocol [ip]:

Target IP address:

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface:

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

Packet sent with a source address of


Success rate is 0 percent (0/5)



access-list 10 permit 

How the IOS let you configure this? the wildcard mask is not good it must be

do a sh ip int br | exc unna to verify int vlan1 is up/up change the wildcard in the ACL and then try again

if it still doesn't work then do debug ip nat and try again.

By the way for your extended ping you can do : ping source



Don't forget to rate helpful posts.

Hi Alain,

The wildcard mask is, which is correct.

As Alain noted, can you try ping source or ping source vlan1


Thanks for the tip on the extended ping... much easier.

The ACL was and is configured correctly. I'm not sure what you mean about the wildcard mask... it is both in the configuration, and as listed on your reply.

When I do a sho ip bri, vlan 1 is up/down...

So, given that information, I was able to make it work! I knew the problem/answer was simple...

I didn't have any devices connected to the switchports on the router. Therefore, Vlan1 did not come up... which caused the pings from the inside interface were failing.

Oh man I wish I would have realized that yesterday... Thank you to those that helped!