12-17-2011 12:09 PM - edited 03-07-2019 03:56 AM
This Cisco 800 series has been "handed" to me to get configured...
I am having issues ussing CCP to connect to the device, I am getting"Connection to the device could not be established. Either the device is not reachable or the HTTP/HTTPS service is not enabled on the device."
I know I saved some wrong configuration but having a tough time figuring out where. Can someone point out to a cisco newb where I am going wrong?
I have checked off the following troubleshooting and can't find where I made my mistake.
Any help with the proper commands would be greatly appreciated!
881W#show config
Using 5319 out of 262136 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 14:54:38 PCTime Sat Dec 17 2011
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 881W
!
boot-start-marker
boot system flash c880data-universalk9-mz.151-3.T2.bin
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 $1$0IZb$gTe9qzmC2khcz4q7t1H1r0
!
no aaa new-model
memory-size iomem 10
--More-- clock timezone PCTime -5 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-542214224
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-542214224
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-542214224
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
ip source-route
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
--More-- !
!
ip cef
no ip domain lookup
ip domain name Masternet
no ipv6 cef
!
!
license udi pid CISCO881W-GN-A-K9 sn FTX152401DC
!
!
username ***** privilege 15 secret 5 $1$FJ5H$buqflzYdL8pf9wOuZE8wm/
!
!
!
!
!
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
--More-- match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
--More-- class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
!
zone security out-zone
--More-- zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
--More-- description $ES_WAN$
no ip address
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description Bellsouth WAN$FW_INSIDE$$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
ip tcp adjust-mss 1412
!
interface Dialer0
--More-- description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *******
ppp chap password 0 ********
ppp pap sent-username ******** password 0 ********
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 10
--by bytes
cache-timeout 3000000
--More-- !
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
logging esm config
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 91 permit any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any source-quench
access-list 110 permit icmp any any packet-too-big
access-list 110 permit icmp any any time-exceeded
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
banner login ^CYou are using a network that logs all users activities. If you are not authorized disconnect now.^C
--More-- !
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
ntp update-calendar
ntp server 24.56.178.140 source Wlan-GigabitEthernet0
ntp server 64.90.182.55 prefer source Wlan-GigabitEthernet0
end
Solved! Go to Solution.
12-19-2011 10:01 AM
Thanks so much!
12-19-2011 07:54 AM
Richard:
I will answer your last question first, I do get a response from CCP, I am running version 2.6. When I launch it, it works fine. Then once I do a discovery of the 800 it doesn't connect. The tracert is the most telling it looks like. I have to admit I haven't given much thought to why I am getting the results. I did in the past try a telnet to port 22 and it won't connect either.
Windows IP Configuration
Ethernet adapter Masternet:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.122
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Ethernet adapter Cisco:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.10.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 10.10.10.1
Here is the tracert results:
C:\Users\Jason>tracert 10.10.10.1
Tracing route to 10.10.10.1 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * ^C
12-19-2011 08:04 AM
Hi,
take a look at my previous post , this is a ZBF config problem.
Regards.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide