07-02-2013 02:42 PM - edited 03-07-2019 02:12 PM
So I purchased a Cisco 871W SOHO router for my home. I thought I had it all configured and ready to go until I connected it to my broadband modem. The issue is the WAN interface receives its IP from my ISP no problem. My wired workstation also receives an IP from my ISP and not the DHCP pool I set up. Wireless clients are receiving the correct IP from the pool. Could someone take a look at my config and see where I went wrong?
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.07.02 17:02:58 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 4643 bytes
!
! Last configuration change at 08:43:28 EST Sat Feb 2 2013 by admin
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
clock timezone EST -5 0
clock summer-time EDT recurring
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-911360573
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-911360573
revocation-check none
rsakeypair TP-self-signed-911360573
!
!
crypto pki certificate chain TP-self-signed-911360573
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39313133 36303537 33301E17 0D313330 32303231 33343331
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3931 31333630
35373330 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C52C05D4 083DC8B9 671E45FD DCDC64A9 8B133EC9 D2FB2049 688BB51D A73EA0CA
270A9ADF F6C45429 18A19FEA FBB6DAA5 3F4135B5 92C858C1 E20F8DA5 46AB0513
F4C09455 8840DEA4 C4D1FE71 849A5E66 E42222E6 90410594 81712006 E7775254
984F4296 76758EFC FEA8BADA 8D67F418 1363C6C9 97EFE1AE 4436474D 73ABF031
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014C7 47249603 0708F01A D4ADF637 DE09A6E8 CB6DB730 1D060355
1D0E0416 0414C747 24960307 08F01AD4 ADF637DE 09A6E8CB 6DB7300D 06092A86
4886F70D 01010505 00038181 0035375C EFAA6E5A 964C4D00 FC8B4046 B902F128
16409420 BB20EBA6 46773E7F D7F142F2 83EE7699 14A507A5 89596453 CCACB109
18794B04 3A349180 D83A7DA7 206B01DA 6C17F148 AA91BA05 D6D3D2AA 2464233A
0CEBEE81 7DB3605E 0B711CF4 0E9CD1E1 BA15F715 F3DA2FE4 5C85E87C 282C3C6C
2D70C2E4 F276CA6A 19834618 82
quit
dot11 syslog
!
dot11 ssid [my ssid]
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 094E5B001A0E100712
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.49
!
ip dhcp pool DHCP-POOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 secret 4 Q3ixttsveGEmBIULtVu7zqaBEoCuhrE8Ko.6zJO0wok
!
!
!
!
!
!
bridge irb
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip nat outside
ip virtual-reassembly in
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
description WAN-CONNECTION
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
bridge-group 1
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid [my ssid]
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
rts threshold 2312
!
interface Dot11Radio0.1
description Wireless VLAN 1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description INTERNAL-NETWORK
ip nat inside
ip virtual-reassembly in
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description INTERNAL BRIDGE WIRED-TO-WIRELESS
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
exec-timeout 5 0
login local
no modem enable
transport output all
line aux 0
exec-timeout 5 0
login local
transport input telnet ssh
transport output all
line vty 0 4
exec-timeout 5 0
privilege level 15
login local
transport input telnet ssh
transport output all
!
end
Solved! Go to Solution.
07-02-2013 06:00 PM
Hi Brian,
I don't think you need any bridge group configuration under your WAN interface. Try taking that out as below and check
interface FastEthernet4
no bridge-group 1
Also which port you are using to connect the wired client?
Regards
Najaf
Please rate when applicable or helpful !!!
07-02-2013 06:00 PM
Hi Brian,
I don't think you need any bridge group configuration under your WAN interface. Try taking that out as below and check
interface FastEthernet4
no bridge-group 1
Also which port you are using to connect the wired client?
Regards
Najaf
Please rate when applicable or helpful !!!
07-03-2013 05:15 AM
Thanks Najaf! I will give that a try tonight.
I was connecting my workstation into FastEthernet1.
I will report back when I know more.
Brian
01-31-2014 06:29 AM
For persons who are new to the Cisco 871W, I will post my configuration here. When I bought this router, I was tired of the same crappy consumer grade routers dieing on me all the time. Since this router has been online, I have had zero issues. Thanks Najaf for yor help! This configuration has a basic firewall setup, some crypto to implement a VPN at a later date, and WPA2 security for 802.11g. GOOD LUCK!
Building configuration...
Current configuration : 7944 bytes
!
! Last configuration change at 15:15:06 EST Sat Jan 25 2014 by admin
! NVRAM config last updated at 15:15:07 EST Sat Jan 25 2014 by admin
! NVRAM config last updated at 15:15:07 EST Sat Jan 25 2014 by admin
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HOSTNAME OF YOUR ROUTER
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
!
no aaa new-model
!
clock timezone EST -5 0
clock summer-time EDT recurring
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-911360573
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-911360573
revocation-check none
rsakeypair TP-self-signed-911360573
!
!
crypto pki certificate chain TP-self-signed-911360573
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39313133 36303537 33301E17 0D313330 32303231 33343331
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3931 31333630
35373330 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C52C05D4 083DC8B9 671E45FD DCDC64A9 8B133EC9 D2FB2049 688BB51D A73EA0CA
270A9ADF F6C45429 18A19FEA FBB6DAA5 3F4135B5 92C858C1 E20F8DA5 46AB0513
F4C09455 8840DEA4 C4D1FE71 849A5E66 E42222E6 90410594 81712006 E7775254
984F4296 76758EFC FEA8BADA 8D67F418 1363C6C9 97EFE1AE 4436474D 73ABF031
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014C7 47249603 0708F01A D4ADF637 DE09A6E8 CB6DB730 1D060355
1D0E0416 0414C747 24960307 08F01AD4 ADF637DE 09A6E8CB 6DB7300D 06092A86
4886F70D 01010505 00038181 0035375C EFAA6E5A 964C4D00 FC8B4046 B902F128
16409420 BB20EBA6 46773E7F D7F142F2 83EE7699 14A507A5 89596453 CCACB109
18794B04 3A349180 D83A7DA7 206B01DA 6C17F148 AA91BA05 D6D3D2AA 2464233A
0CEBEE81 7DB3605E 0B711CF4 0E9CD1E1 BA15F715 F3DA2FE4 5C85E87C 282C3C6C
2D70C2E4 F276CA6A 19834618 82
quit
dot11 syslog
!
dot11 ssid YOUR SSID NAME
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii YOUR WIRELESS PASSWORD
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.49
!
ip dhcp pool DHCP-POOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
lease 30
!
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 secret YOUR ROUTER MANAGEMENT PASSWORD
!
!
!
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
match protocol sip
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
!
bridge irb
!
!
!
interface Loopback0
description $FW_INSIDE$
ip address 1.1.1.1 255.255.255.255
ip nat outside
ip virtual-reassembly in
zone-member security in-zone
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
description WAN-CONNECTION$FW_OUTSIDE$
ip address dhcp
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
broadcast-key vlan 1 change 30
!
!
ssid YOUR WIRELESS SSID
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437 YOUR 802.11g FREQUENCY (2437 IS CHANNEL 6)
station-role root
rts threshold 2312
!
interface Dot11Radio0.1
description WIRELESS VLAN 1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip virtual-reassembly in
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
exec-timeout 5 0
login local
no modem enable
transport output all
line aux 0
exec-timeout 5 0
login local
transport input telnet ssh
transport output all
line vty 0 4
exec-timeout 5 0
privilege level 15
login local
transport input telnet ssh
transport output all
!
ntp server 3.north-america.pool.ntp.org
ntp server 1.north-america.pool.ntp.org
ntp server 0.north-america.pool.ntp.org prefer
ntp server 2.north-america.pool.ntp.org
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide