Hi Martin

FE0 - To goes to our switch

FE1 - Wireless AP

FE2-FE3 are free along with FE4 WAN

As for "I would assume the 881 is currently routing multiple networks?"not 100% sure about what you mean here. 

Sorry very new to Cisco routers. I do know the Cisco router IP is 192.168.2.1 & DHCP is on but excludes 192.168.2.1 - .10

We currently use this equipment in a portable setup for search & rescue so most times we don't have internet access and is only used to support printers & laptops and our own file server. But would be nice it we could have the internet in there also when available. 

Thanks

Jeremy

Ok, that helps but without seeing the config (remove sensitive information, if you do this) it's hard to provide a solution.

The purpose of a router is to route between multiple networks, so I imagine your AP may be on another network?

Martin

Martin is quite right to request additional information. We can say in general that it is quite possible for the Cisco 881 to connect to another router where the other router would supply connectivity to the Internet. On the 881 you would need a default route which specifies the other router as the next hop. One of the routers will need to perform address translation for traffic going to the Internet. Not knowing much about the other router it is difficult to say whether it would be better to translate on the 881 or on the other router. The other router is probably already performing address translation for its own connected devices. If it is easy to include the addresses from the 881 for translation it would be better to do the translation of the device connected to the Internet. But if that turns out to be challenging it could be done on the 881.

HTH

Rick

Sorry been on leave for bit & then away out of coverage.

Have had a play around today and managed to get it working but not sure if it is correct.

Here is the conf 

Current configuration : 3434 bytes
!
! Last configuration change at 04:14:58 UTC Fri Mar 30 2018 by Root
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO-RT1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-2980640430
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2980640430
revocation-check none
rsakeypair TP-self-signed-2980640430
!
!
crypto pki certificate chain TP-self-signed-2980640430
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393830 36343034 3330301E 170D3138 30333330 30303530
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39383036
34303433 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AAD6 9B49FA62 8FB2DE49 0C3922DE 49CB75AE C9344B59 18845CAA BB631B61
4D1BD90C 7FBE1D9C A9F5D663 86A057B2 52BA652B C2322B81 C821AC63 917341DE
15B4E40C 2EF7C8DE 7AEC601D 51A58027 33BD9B53 DE35B332 4125C5AA 8CAC4A22
5186EDD8 EAF36068 528E58F7 969CE77A 5B65C605 36C32030 6812208C BC70CDC7
A3D50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14293EEB C9363DD7 26236E1B 6BE3C3EE 3D6729CC 26301D06
03551D0E 04160414 293EEBC9 363DD726 236E1B6B E3C3EE3D 6729CC26 300D0609
2A864886 F70D0101 05050003 8181001E 334BA3F4 E30E3763 F0AFDCCA 56BDCA9E
ADAA2666 BE54D0E5 11A83259 BA08C3F4 97C97F2C 65458D37 E6A27162 7794624A
6BDD2723 B79C02C8 C2D07620 34FDDFD6 E7F01D6F 33B64886 3290234D 8598763D
5CB142AF E4D9799F 825E7BB7 CE00CA8D 303115C9 A5E00E41 80C4F395 14AAD4A7
965E3DEA 6FB9B594 86DCA3D8 E024F9
quit
!
!
!
!

!
ip dhcp excluded-address 192.168.1.1 192.168.1.30
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.20.230 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.20.1
!
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
!
control-plane
!
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
end

I have looked through the config and it looks ok to me. It does accomplish the tasks that we identified as important (having a default route and having address translation). If you say that it is working, then I think that you are to be congratulated.

There are a few things that I note that you might want to clean up. They do not impact the main functionality of the router but it would be nice to clean them up.

1) you have a couple of things that use access-class 23. These are attempting to control access to the router using access list 23. But access list 23 does not exist in the config. You should either remove these references to access-class or you should configure access list 23 and specify what IP addresses are allowed to access the router.

2) you have configured line con 0 and the vty lines with login local. This attempts to authenticate login attempts using a locally configured user ID and password. But there is no locally configured user ID. You should either configure a user ID and password or you should remove login local from the config.

HTH

Rick

Hi Rick

Thanks for the quick reply, Hopefully getting close now :)

Once again thanks heaps for helping out this is very new area for me.

Cheers

Jeremy

Current configuration : 3319 bytes
!
! Last configuration change at 01:21:29 UTC Sat Mar 31 2018 by Root
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO-RT1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-2980640430
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2980640430
revocation-check none
rsakeypair TP-self-signed-2980640430
!
!
crypto pki certificate chain TP-self-signed-2980640430
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393830 36343034 3330301E 170D3138 30333330 30303530
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39383036
34303433 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AAD6 9B49FA62 8FB2DE49 0C3922DE 49CB75AE C9344B59 18845CAA BB631B61
4D1BD90C 7FBE1D9C A9F5D663 86A057B2 52BA652B C2322B81 C821AC63 917341DE
15B4E40C 2EF7C8DE 7AEC601D 51A58027 33BD9B53 DE35B332 4125C5AA 8CAC4A22
5186EDD8 EAF36068 528E58F7 969CE77A 5B65C605 36C32030 6812208C BC70CDC7
A3D50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14293EEB C9363DD7 26236E1B 6BE3C3EE 3D6729CC 26301D06
03551D0E 04160414 293EEBC9 363DD726 236E1B6B E3C3EE3D 6729CC26 300D0609
2A864886 F70D0101 05050003 8181001E 334BA3F4 E30E3763 F0AFDCCA 56BDCA9E
ADAA2666 BE54D0E5 11A83259 BA08C3F4 97C97F2C 65458D37 E6A27162 7794624A
6BDD2723 B79C02C8 C2D07620 34FDDFD6 E7F01D6F 33B64886 3290234D 8598763D
5CB142AF E4D9799F 825E7BB7 CE00CA8D 303115C9 A5E00E41 80C4F395 14AAD4A7
965E3DEA 6FB9B594 86DCA3D8 E024F9
quit
!
!
!
!

!
ip dhcp excluded-address 192.168.1.1 192.168.1.30
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn FGL1811259M
!
!
username Root privilege 15 secret 4 twwyxD3wCNadHmljMGu8W6tP20O5XYsNCMgXjHXg6Vc
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.20.230 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.20.1
!
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
!
control-plane
!
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
!
end

Jeremy

Yes I believe that it is getting very close. I see that you removed the access-class from both sets of vty lines. But you missed this one

ip http access-class 23

It is not a big deal (unless you intend to try to use the GUI interface to access this router). But I would suggest that you remove it. Otherwise I believe that the config is quite acceptable.

HTH

Rick

 unintended duplicate removed