Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1901
Views
4
Helpful
3
Replies

cisco 881 configuration

kingelka23
Level 1
Level 1

‎06-27-2013 07:09 AM - edited ‎03-07-2019 02:07 PM

Hi l have two network the head office (site A : 192.168.1.0 ) and a small branch with 10 hosts (site B : 192.168.1.0).

i need to grant access to site A ressources, so we decide to buy a CISCO 881 for this remote office.

As you can see below  the Wan interface is configured with ip adress (192.168.1.1 )

The local VLAN have 192.168.2.1 address.

After a telnet on the remote CISCO 881 l can ping all my servers on 192.168.1.0 /24 network.

But when l connect a computer (we can call pc1)  to one of the fastethernet port (0 to 3) l can't ping the remote servers on site A ( but the router can )

Finally after waiting few minutes, the computer (pc1 : 192.168.2.10) can finally reach 192.168.1.0/24 hosts. when a second pc (pc 2 :192.168.2.20 ) is connected , the same issue came : pc2 can just reach the router WAN interface ( 192.168.1.1 ) but we can't ping servers on remote network ( 192.168.1.0 )

without any solution l tried this : l change pc2 IP address and give it pc1 address and also connected it to the same port as pc1

after these changes l can now ping remote ressources on 192.168.1.0/24 but pc1 can't now.

That's my first experience with 800 series router.

On site B l have 6 hosts and what l was trying to do is : connect all my hosts to a simple switch with 8 ethernet ports,  and rely another port of this switch to one of my CISCO 881 fastethernet port ( which belong to VLAN1 by default ). But what l describe before is when the 2 pc are directly connect to  cisco 881 switcports.

Please see my configuration below and tell me about your experience with this material (881)

did i miss something on my configuration or Cisco 881 have any particularity that l don't know ?

Thanks a lot for your assistance

Current configuration : 3046 bytes

!

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Routeur_K

!

boot-start-marker

boot-end-marker

!

!

enable password 7 11291D081E1C2925260F

!

no aaa new-model

!

memory-size iomem 10

!

crypto pki trustpoint TP-self-signed-1752650953

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1752650953

revocation-check none

rsakeypair TP-self-signed-1752650953

!

!

crypto pki certificate chain TP-self-signed-1752650953

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31373532 36353039 3533301E 170D3133 30363231 31393435

  34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37353236

  35303935 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B327 740AE8E1 0EC120E8 7280CC27 CD82DB34 37899D01 C833600F 70F9013F

  C4FA2730 1967D109 61E454E8 E29B155C 53383907 01CA3894 3E0E36BD CB6A6F5A

  DB44B699 765C8312 63033DBD 167B97C0 FA25C9FE C94D8515 7AB8E738 FA78321E

  6C81E1C9 4D3A81A8 D2068751 3E47A1D2 E6CDA1C7 3B272294 8664E321 AB7D18C9

  3DDD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14AA0EF9 8E9086C0 318DC6F1 CC99C9D3 5625CEB9 67301D06

  03551D0E 04160414 AA0EF98E 9086C031 8DC6F1CC 99C9D356 25CEB967 300D0609

  2A864886 F70D0101 05050003 81810075 2A64F629 3FE77867 CBB73C35 B93C0216

  0B594EEF F096BC12 CFC2DC8B 6D1ABB3C 3FFBB024 704082FA EC766AA1 04837B90

  A9566877 855BDB3D EC134AFE E8BAD330 C50D1078 316B7D64 99776507 17C4CDCC

  FCBB8837 11D61371 8DEAE186 B781BAA1 2F5F2F35 C3AC9E9B CDE494D1 5801E89E

  32429237 2382100F 25DF852F CE4C36

        quit

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

!

!

ip dhcp excluded-address 192.168.2.1

!

!

ip name-server 81.91.236.71

ip name-server 81.91.236.72

ip cef

no ipv6 cef

!

!

multilink bundle-name authenticated

license udi pid CISCO881-SEC-K9 sn FCZ1704C032

!

!

username FGCHSJK privilege 15 secret 4 /tX7S/B5iugv6vHRfWliaJnnb0lDLhN410OAwRQa3ZQ

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

description Wan

ip address 192.168.1.10 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

description Lan_Agence

ip address 192.168.2.1 255.255.255.0

no autostate

!

ip forward-protocol nd

ip http server

ip http access-class 1

ip http authentication local

ip http secure-server

!

!

ip route 192.168.1.0 255.255.255.0 192.168.1.100 permanent

ip route 192.168.2.0 255.255.255.0 Vlan1 permanent

!

access-list 1 permit any

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

session-timeout 120

password 7 11291D081E1C2925260F

login

transport input all

!

!

end

Labels:
0 Helpful
3 Replies 3

acampbell
VIP Alumni
VIP Alumni

‎06-27-2013 07:37 AM

Hi,

Can you try ammending both your DHCP scope and your static routing table

conf t

!

ip dhcp excluded-address 192.168.2.1

!

ip dhcp pool DATA-VLAN-1

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 81.91.236.71 81.91.236.72

   domain-name YOURDOMAIN.com

!

no ip route 192.168.1.0 255.255.255.0 192.168.1.100 permanent

no ip route 192.168.2.0 255.255.255.0 Vlan1 permanent

!

ip router 0.0.0.0 0.0.0.0 192.168.1.100 name DEFAULT-ROUTE

!

!

ip dhcp excluded-address 192.168.2.1

!

ip dhcp pool DATA-VLAN-1

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 81.91.236.71 81.91.236.72

   domain-name YOURDOMAIN.com

!

no ip route 192.168.1.0 255.255.255.0 192.168.1.100 permanent

no ip route 192.168.2.0 255.255.255.0 Vlan1 permanent

!

ip router 0.0.0.0 0.0.0.0 192.168.1.100 name DEFAULT-ROUTE

!

end

then Retest

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

kingelka23
Level 1
Level 1
In response to acampbell

‎06-27-2013 08:16 AM

Hi Acampbell

Thanks for your reply

Let's me try and send you the feedback

0 Helpful

kingelka23
Level 1
Level 1
In response to acampbell

‎06-29-2013 12:05 PM

Hi acampbell

i have made all changes you suggest and please see below my new config

Current configuration : 5759 bytes

!

! Last configuration change at 19:56:14 PCTime Mon Jan 2 2006 by XXXXX

! NVRAM config last updated at 19:56:29 PCTime Mon Jan 2 2006 by XXXXX

! NVRAM config last updated at 19:56:29 PCTime Mon Jan 2 2006 by XXXXX

version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname Routeur_K

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200

logging console critical

enable secret 4 /tX7S/B5iugv6vHRfWliaJnnb0lDLhN410OAwRQa3ZQ

!

no aaa new-model

memory-size iomem 10

clock timezone PCTime 1 0

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-4031057318

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4031057318

revocation-check none

rsakeypair TP-self-signed-4031057318

!

!

crypto pki certificate chain TP-self-signed-4031057318

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 34303331 30353733 3138301E 170D3036 30313032 31323030

  34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30333130

  35373331 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100AF8B 2C34EA76 5BA7E102 A3A60B70 7B7725E6 C77ACF89 774A672F 308897DC

  79EB24B8 EAB888F8 5642A0BA 0647F1A2 7AF64F94 5DE7C6AE 7457B569 B67BF3BD

  B8AC6E5E 1F3D6177 7CAC4C8F 98D8263B DD49B8A4 54E990DA 2102484E 763F7FA7

  D5E8625D EF97F98A A0744912 41524C7A 31B16AB4 666E3ECE 332DCBE6 C5F983DA

  572F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 1436F048 E4D8C5B6 934A9612 CB92B4D7 E34FA423 F5301D06

  03551D0E 04160414 36F048E4 D8C5B693 4A9612CB 92B4D7E3 4FA423F5 300D0609

  2A864886 F70D0101 05050003 81810088 85CC53EE FD8FF7DA 6E2C5A31 5D49D7F7

  AAE7F092 9DCD6B4B 7C80E56F 22F8DFEC 439B9C66 56101924 58CDDA36 36B3F5A5

  6535A243 B1C53857 9E947974 755826D0 EC386570 98D8904D AD2AD04D 4FB420AD

  6CB62A06 B06D2854 6DE2355B 73696848 AE6415D9 1BF0FE03 01D0AB8C E5CD0812

  D0122D06 3EF2B27D 9F13F761 13EA96

        quit

no ip source-route

!

ip dhcp excluded-address 192.168.2.1

!

ip dhcp pool ccp-pool

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server  81.91.236.71

domain-name TEST.COM

lease 0 2

!

!

!

ip cef

no ip bootp server

!

!

license udi pid CISCO861-K9 sn FGL162321F6

!

!

username XXXXX privilege 15 secret 4 /tX7S/B5iugv6vHRfWliaJnnb0lDLhN410OAwRQa3ZQ

!

!

ip tcp synwait-time 10

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

description $ES_WAN$

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.2.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip tcp adjust-mss 1452

no autostate

!

ip forward-protocol nd

ip http server

ip http access-class 1

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 192.168.1.100 name default-route

!

logging trap debugging

!

line con 0

login local

line aux 0

line vty 0 4

privilege level 15

password 7 1239011A1B052E2D080E

login local

transport input telnet ssh

!

scheduler interval 500

end

In my Test environement all is OK now !

But still have issue when the physical link with two network is remplace by the radio link in real environement.

My router can reach all ressources on the main site. But l have to do the same action as l describe in my firts post before have a pc from my remote branch (site B) connected.

What do u think about the access-list command l finay delete ?

and what would be the best solution if we use 0.0.0.0 0.0.0.0 FastEthernet4 as default route ?

Can anyone confirm me that l can use the Fe4 (wan interface)  to connect my two network with a radio link ? ( not only use wan interface for internet access ) ?

Thanks and excuse for the delay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card