Solved: Configuring the 891F Router for Internet -LAN to WAN Access

plckidd · ‎02-18-2022

Hi, I am trying to configure this 891F router for internet access.

- I have the Ethernet cable from my modem going to Gi8 port on the router.

- I am only using 2 LAN ports (Gi1 going to a switch & Gi5 for a network monitor device)

- From the Console port, I can ping 8.8.8.8 and other internet IP's

- I can ping my switch (192.168.1.239)

- My VLAN appears to be configured as (1 default and the status is Active. Displaying all 8 ports)

I have tried basic router configuration for internet access.

What am I missing?

Georg Pauwen · ‎02-18-2022

Hello,

this is most likely what the configuration should look like:

hostname yourname
!
logging buffered 51200 warnings
!
username cisco privilege 15 secret 0 cisco
username cisco privilege 15 one-time secret 0 cisco
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
no ip domain lookup
ip domain-name yourdomain.com
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip nat inside
ip tcp adjust-mss 1452
!
ip http server
ip http access-class 23
ip http secure-server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!
ip nat inside source list 1 interface GigabitEthernet8 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
no cdp run
!
line con 0
login local
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
transport input telnet ssh
!
end

View solution in original post

plckidd · ‎02-18-2022

This is my current configuration in the 891F router:

Using 3068 out of 262136 bytes! The default startup configuration file for Cisco Configuration Professional (Cisco CP)
! DO NOT modify this file; it is required by Cisco CP as is for factory defaults
! Version 1.0
!
hostname yourname
!
logging buffered 51200 warnings
!
username cisco privilege 15 secret 0 cisco
username cisco privilege 15 one-time secret 0 cisco
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
no ip domain lookup
ip domain-name yourdomain.com
!
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip tcp adjust-mss 1452
!
ip http server
ip http access-class 23
ip http secure-server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
banner exec ^
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^
banner login ^
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^
!
no cdp run
!
!
line con 0
login local
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
transport input telnet ssh
!
! End of Cisco CP default config file
end
Router891F#

Georg Pauwen · ‎02-18-2022

Hello,

you posted a partial configuration (routing/NAT/WAN interface are missing) so it is difficult to see.

Post the full running configuration (sh run).

plckidd · ‎02-18-2022

Hi, sorry about that. I am fairly new to this. Here is the full config:

Router891F#sh run
Building configuration...

Current configuration : 6367 bytes
!
! Last configuration change at 15:13:03 UTC Fri Feb 18 2022 by cisco
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router891F
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 $1$J/Mb$yzA/GmghSWMMsH5WF/MCZ.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2208840803
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2208840803
revocation-check none
rsakeypair TP-self-signed-2208840803
!
!
crypto pki certificate chain TP-self-signed-2208840803
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323038 38343038 3033301E 170D3232 30323137 31363534
32395A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32303838
34303830 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B22D A5D0118E C9592328 2F227835 3B55E2CE E361A669 A9C2671D 13EA652B
1BC5C3CF 4BAC6C85 2ECF821C F5CA782E D5E823B8 D8DF1B4F 0621CD83 0E444B86
CBC67752 7985DC1E ADC15C1F 6C72F09D 8B0FE6B0 E6A5F1BF CDF7C22A 21AAE2BB
BBE65417 906B1877 E6CE0146 B5901DE7 65F0718D F5E41812 FB3524DF 32B5E5FE
EC5D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 148DCFA2 6DC9A28F 9EF91681 24F72AFD 49B2092B 84301D06
03551D0E 04160414 8DCFA26D C9A28F9E F9168124 F72AFD49 B2092B84 300D0609
2A864886 F70D0101 05050003 818100A3 4FC7D483 D438EA50 51223CDA 72303428
AC77E206 64C3C486 90B199DE 84A14111 4353A327 98319BAC 85C307BE 999C5667
72CD8D15 6C451EFF 83999B2A 74299DAB C6D6CB05 E837C3D5 40CD1ED7 B18F0CA4
6ECF49A0 A60F4FF3 2C2DBB59 BA49549A 6814264F 8BEE2BED 8899BB65 5EA469E7
9CBDA7FE CD332B5A A8CE142A 912E63
quit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.30
ip dhcp excluded-address 192.168.1.1 192.168.1.8
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
!
!
!
!
!
!
!
!
license udi pid C891F-K9 sn FCZ193794FU
!
!
username cisco privilege 15 secret 5 $1$NfV2$ZDDnBsjOqxqlkCdSY7CRj/
!
redundancy
!
!
!
!
no cdp run
!
!
!
!
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
spanning-tree portfast
!
interface GigabitEthernet1
no ip address
spanning-tree portfast
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
spanning-tree portfast
!
interface GigabitEthernet8
ip address dhcp
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan10
ip address 192.168.2.254 255.255.255.0
!
interface Async3
no ip address
encapsulation slip
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.239
ip route 0.0.0.0 0.0.0.0 dhcp
!
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login local
no modem enable
line aux 0
line 3
speed 115200
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
!
!
!
!
!
!
end

Router891F#

Georg Pauwen · ‎02-19-2022

Hello,

here is what the configuration should look like:

Current configuration : 6367 bytes
!
! Last configuration change at 15:13:03 UTC Fri Feb 18 2022 by cisco
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router891F
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$J/Mb$yzA/GmghSWMMsH5WF/MCZ.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2208840803
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2208840803
revocation-check none
rsakeypair TP-self-signed-2208840803
!
!
crypto pki certificate chain TP-self-signed-2208840803
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323038 38343038 3033301E 170D3232 30323137 31363534
32395A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32303838
34303830 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B22D A5D0118E C9592328 2F227835 3B55E2CE E361A669 A9C2671D 13EA652B
1BC5C3CF 4BAC6C85 2ECF821C F5CA782E D5E823B8 D8DF1B4F 0621CD83 0E444B86
CBC67752 7985DC1E ADC15C1F 6C72F09D 8B0FE6B0 E6A5F1BF CDF7C22A 21AAE2BB
BBE65417 906B1877 E6CE0146 B5901DE7 65F0718D F5E41812 FB3524DF 32B5E5FE
EC5D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 148DCFA2 6DC9A28F 9EF91681 24F72AFD 49B2092B 84301D06
03551D0E 04160414 8DCFA26D C9A28F9E F9168124 F72AFD49 B2092B84 300D0609
2A864886 F70D0101 05050003 818100A3 4FC7D483 D438EA50 51223CDA 72303428
AC77E206 64C3C486 90B199DE 84A14111 4353A327 98319BAC 85C307BE 999C5667
72CD8D15 6C451EFF 83999B2A 74299DAB C6D6CB05 E837C3D5 40CD1ED7 B18F0CA4
6ECF49A0 A60F4FF3 2C2DBB59 BA49549A 6814264F 8BEE2BED 8899BB65 5EA469E7
9CBDA7FE CD332B5A A8CE142A 912E63
quit
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.30
ip dhcp excluded-address 192.168.1.1 192.168.1.8
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
!
license udi pid C891F-K9 sn FCZ193794FU
!
username cisco privilege 15 secret 5 $1$NfV2$ZDDnBsjOqxqlkCdSY7CRj/
!
redundancy
!
no cdp run
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
spanning-tree portfast
!
interface GigabitEthernet1
no ip address
spanning-tree portfast
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
spanning-tree portfast
!
interface GigabitEthernet8
ip address dhcp
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan10
ip address 192.168.2.254 255.255.255.0
!
interface Async3
no ip address
encapsulation slip
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
--> ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
--> ip nat inside source list 1 interface GigabitEthernet8 overload
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login local
no modem enable
line aux 0
line 3
speed 115200
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Georg Pauwen · ‎02-18-2022

Hello,

this is most likely what the configuration should look like:

hostname yourname
!
logging buffered 51200 warnings
!
username cisco privilege 15 secret 0 cisco
username cisco privilege 15 one-time secret 0 cisco
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
no ip domain lookup
ip domain-name yourdomain.com
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip nat inside
ip tcp adjust-mss 1452
!
ip http server
ip http access-class 23
ip http secure-server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!
ip nat inside source list 1 interface GigabitEthernet8 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
no cdp run
!
line con 0
login local
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
transport input telnet ssh
!
end