Discussion on:
View:
Show:
Do you have experience with the Cisco 851 router? If so, what were your impressions? Share your feedback about the information in this article as well as your opinion of the CLI Configuration Worksheet, which you can download from http://downloads.techrepublic.com.com/abstract.aspx?docid=256394.
My Cisco 871W experience?
Well my experience regarding CISCO was? NONE! Never worked with CLI, but I was adviced to select CISCO to replace some old outdated Routers from Symantec (The could?nt handle the bandwith, and they couldn?t handle all the special wishes to VLAN, WiFi ect..)
Our Compnay have a central site connected to the internet though a 8 Mb/s (actually a 10 Mb/s, but the other 2 Mbit are separated into a dedicated 2 Mb/s VoIP MPLS VPN) though the 8 mbit connection a Cisco 1812W maintains connection to 12 Cisco 871W working as Department / ConstructionSite - Routers.
At every Site there is 2 LAN ports Bridged with a Wireless LAN wich are VPN site-2-site conneted to the central LAN. And 2 other Ports on a different Local LAN segment deperated from the ?Corporate LAN? for guest Access ect. The Guest Lan is likewise bridged with at Guest Wifi LAN. ? So customers can revice a WPA PassCode to access the Internet at our sites.
Basically I would say that I?ll take some time for a Cisco-CLI-Virgin, despite the comfort of Cisco SDM (Secure Device Manager ? A GUI to visually configure the router.). Regardless of the SDM, its almost 100% sure that you have to examine the CLI, to locate bugs that the SDM doesn?t catch.
All of my external sites have Static IP delivered by DHCP, and I only jyst recently discovered that the ?reset configuration? could be altered the meet My needs. Wich means that if the router needs to be reset, If I accedenly locks my self out (Router management access restriction) the Local Users can be instructed to insert paperclip in reset hole, and restart Router holding the clip inserted in 10 seconds. It also means that when a worksite changes, and the router goes to another site, I only have to change the IP adresse in my central Router (1812W) and Its up-and running again.
Generaly I like them. But the manuals located on the web and the internal webserver are a bit limited, and are mainly concentrated on the CLI and to explain
?what-am-I-looking-at, not ?how-can-I-use-it?..
The SDM needs to be praised!! ? the SDM v. 2.3.1 have section enabling the ability to cut and paste parts of the configuration directly in-to a window? Pretty Cool when you need to restore a previously saved backup. Just Paste the Backup Config to a window and hit the ?Replace? button, and the Router replaces the Config, and reboots (well ? once every 3 or 4 times you have to make sure I actually does so, and if not: repeat. - Just make a ping for the router and If it disapears, it booting!!
Now I only have one major problem the GuestWiFi authentication is done by inserting a WPA code in the router, (which mean that I have to be contacted to make it happened) but I would really LOVE it, if I had a central Website where my coworkers could click on a button and recive a timelimited code for Wireless Access on specific Routers. Or maybye a local Website running on the ROuter where an account could login an open an guest account for 2 days or 1 week ect...
The access to the Corporate VPN-LAN ssid (VPN-Site2Site) is made in such a way tha the individual Routers makes a RADIUS Authorization request to my AD, and thereby allows users having ?Dial-In? enabled in my AD, access to WiFI. (that took time to make!!)
Im running the IOS : advipservices9-mz.123-8YI2.bin image on the 871W boxes, and the c181x-advipservicesk9-mz.124-2.T2.bin on my 1812..
I would recommend the 871W, but do spend some time to play with router before hooking up the business though it.
For testing I had the 871W running the central site (10 Site-2-Site), with out any problems for 2 days.
Other great tools for Cisco Backups for a lot of boxes at he same time, which are a must-have is Kiwi CatTool: It will perform configuration backups of many devices at the same time, issue commands via Telnet or SSH to many devices at once, change all your network device passwords in one go. And a whole lot more.. go grab a freewarecopy at http://www.kiwisyslog.com/products.php (limited 2 1 thread, the ?Engineer Single install? version have 10 threads, and can only be running in one instance on the local LAN segment (broadcast Range). But it just what you need If you need the roll back the box to an old configuration.
Well my experience regarding CISCO was? NONE! Never worked with CLI, but I was adviced to select CISCO to replace some old outdated Routers from Symantec (The could?nt handle the bandwith, and they couldn?t handle all the special wishes to VLAN, WiFi ect..)
Our Compnay have a central site connected to the internet though a 8 Mb/s (actually a 10 Mb/s, but the other 2 Mbit are separated into a dedicated 2 Mb/s VoIP MPLS VPN) though the 8 mbit connection a Cisco 1812W maintains connection to 12 Cisco 871W working as Department / ConstructionSite - Routers.
At every Site there is 2 LAN ports Bridged with a Wireless LAN wich are VPN site-2-site conneted to the central LAN. And 2 other Ports on a different Local LAN segment deperated from the ?Corporate LAN? for guest Access ect. The Guest Lan is likewise bridged with at Guest Wifi LAN. ? So customers can revice a WPA PassCode to access the Internet at our sites.
Basically I would say that I?ll take some time for a Cisco-CLI-Virgin, despite the comfort of Cisco SDM (Secure Device Manager ? A GUI to visually configure the router.). Regardless of the SDM, its almost 100% sure that you have to examine the CLI, to locate bugs that the SDM doesn?t catch.
All of my external sites have Static IP delivered by DHCP, and I only jyst recently discovered that the ?reset configuration? could be altered the meet My needs. Wich means that if the router needs to be reset, If I accedenly locks my self out (Router management access restriction) the Local Users can be instructed to insert paperclip in reset hole, and restart Router holding the clip inserted in 10 seconds. It also means that when a worksite changes, and the router goes to another site, I only have to change the IP adresse in my central Router (1812W) and Its up-and running again.
Generaly I like them. But the manuals located on the web and the internal webserver are a bit limited, and are mainly concentrated on the CLI and to explain
?what-am-I-looking-at, not ?how-can-I-use-it?..
The SDM needs to be praised!! ? the SDM v. 2.3.1 have section enabling the ability to cut and paste parts of the configuration directly in-to a window? Pretty Cool when you need to restore a previously saved backup. Just Paste the Backup Config to a window and hit the ?Replace? button, and the Router replaces the Config, and reboots (well ? once every 3 or 4 times you have to make sure I actually does so, and if not: repeat. - Just make a ping for the router and If it disapears, it booting!!
Now I only have one major problem the GuestWiFi authentication is done by inserting a WPA code in the router, (which mean that I have to be contacted to make it happened) but I would really LOVE it, if I had a central Website where my coworkers could click on a button and recive a timelimited code for Wireless Access on specific Routers. Or maybye a local Website running on the ROuter where an account could login an open an guest account for 2 days or 1 week ect...
The access to the Corporate VPN-LAN ssid (VPN-Site2Site) is made in such a way tha the individual Routers makes a RADIUS Authorization request to my AD, and thereby allows users having ?Dial-In? enabled in my AD, access to WiFI. (that took time to make!!)
Im running the IOS : advipservices9-mz.123-8YI2.bin image on the 871W boxes, and the c181x-advipservicesk9-mz.124-2.T2.bin on my 1812..
I would recommend the 871W, but do spend some time to play with router before hooking up the business though it.
For testing I had the 871W running the central site (10 Site-2-Site), with out any problems for 2 days.
Other great tools for Cisco Backups for a lot of boxes at he same time, which are a must-have is Kiwi CatTool: It will perform configuration backups of many devices at the same time, issue commands via Telnet or SSH to many devices at once, change all your network device passwords in one go. And a whole lot more.. go grab a freewarecopy at http://www.kiwisyslog.com/products.php (limited 2 1 thread, the ?Engineer Single install? version have 10 threads, and can only be running in one instance on the local LAN segment (broadcast Range). But it just what you need If you need the roll back the box to an old configuration.
anyone have a good config that will allow port forwarding to lan ip server, std stuff, dns, smtp, http, etc on a Cisco 851W?
haven't seen any that work.
Thanks
haven't seen any that work.
Thanks
Hope this is in an acceptable forum, this is my current experience with the router.
Admin, if this is in the wrong place could you move it please?
Router is a 871w purchased a while back. Calling Cisco for help is akin to pulling your own teeth with rusty pliers. They are almost Microsoft! >:-(
The reason this all started is that I had had the box sitting around for a while without using it, mainly because I had had headaches with the pervious SDM and couldn't get the box to ping or much of anything else. I couldn't load the sdm because it didn't have enough memory (so the error message said). I got a memory stick to try and alleviate this problem and I decided to work on it again since there was a newer SDM out there. I booted the box and it said that there was no bootable image in flash:/ like I have read about here. I have tried to deal with this with the memory installed and removed with the same results.
With the stick installed it shows 196608 for the memory.
I have tried two different IOS levels:
c870-advsecurityk9-mz.123-14.YT1.bin
and
c870-advsecurityk9-mz.124-11.T1.bin
On each I have gone through the configuration template. On each I have tried to save at Router# using copy run start and also write and write memory. It thinks for a second then shows OK. No error messages. if I do a reload it seems to hold the configuration. If I do a power down restart the system is back to the starting point with nothing that I configured saved.
the and... part
Do I need to upgrade the ROMmon from the 12.3(8)YI to get this to work or would it matter?
Which IOS should I be using? I'm pretty sure I can get one from the guys I bought the box from.
How do I get back to being able to use the SDM since I can't get an IP configured on the switch because it is a L2? I do want to try using the SDM first so I can determine that it was my ignorance and not something physically wrong with the box.
Anybody else had this happen?
I didn't post the configuration because until I can get it to save it doesn't matter.
I have been reading these articles and pouding on this box for 3 or 4 days with no results except frustration with Cisco (the Microsoft of the router hardware world).
If there is an answer here I have not found it. I apologize if this ends up being redundant in some manner.
And one more thing. When I look at the nvram directory I get this:
Directory of nvram:/
120 -rw- 3956 startup-config
121 ---- 1920 private-config
122 -rw- 3956 underlying-config
1 ---- 34 persistent-data
2 -rw- 580 IOS-Self-Sig#3701.cer
3 -rw- 0 ifIndex-table
4 -rw- 580 IOS-Self-Sig#3702.cer
5 -rw- 580 IOS-Self-Sig#3703.cer
6 -rw- 590 IOS-Self-Sig#3704.cer
7 -rw- 580 IOS-Self-Sig#3705.cer
8 -rw- 580 IOS-Self-Sig#3706.cer
9 -rw- 580 IOS-Self-Sig#3707.cer
10 -rw- 579 IOS-Self-Sig#1.cer
11 -rw- 579 IOS-Self-Sig#2.cer
12 -rw- 579 IOS-Self-Sig#3.cer
13 -rw- 579 IOS-Self-Sig#4.cer
131072 bytes total (111832 bytes free)
Shouldn't the startup-config be marked as executable? as in rwx?
I'm losing hair fast here.
TIA for your help,
rlj
Admin, if this is in the wrong place could you move it please?
Router is a 871w purchased a while back. Calling Cisco for help is akin to pulling your own teeth with rusty pliers. They are almost Microsoft! >:-(
The reason this all started is that I had had the box sitting around for a while without using it, mainly because I had had headaches with the pervious SDM and couldn't get the box to ping or much of anything else. I couldn't load the sdm because it didn't have enough memory (so the error message said). I got a memory stick to try and alleviate this problem and I decided to work on it again since there was a newer SDM out there. I booted the box and it said that there was no bootable image in flash:/ like I have read about here. I have tried to deal with this with the memory installed and removed with the same results.
With the stick installed it shows 196608 for the memory.
I have tried two different IOS levels:
c870-advsecurityk9-mz.123-14.YT1.bin
and
c870-advsecurityk9-mz.124-11.T1.bin
On each I have gone through the configuration template. On each I have tried to save at Router# using copy run start and also write and write memory. It thinks for a second then shows OK. No error messages. if I do a reload it seems to hold the configuration. If I do a power down restart the system is back to the starting point with nothing that I configured saved.
the and... part
Do I need to upgrade the ROMmon from the 12.3(8)YI to get this to work or would it matter?
Which IOS should I be using? I'm pretty sure I can get one from the guys I bought the box from.
How do I get back to being able to use the SDM since I can't get an IP configured on the switch because it is a L2? I do want to try using the SDM first so I can determine that it was my ignorance and not something physically wrong with the box.
Anybody else had this happen?
I didn't post the configuration because until I can get it to save it doesn't matter.
I have been reading these articles and pouding on this box for 3 or 4 days with no results except frustration with Cisco (the Microsoft of the router hardware world).
If there is an answer here I have not found it. I apologize if this ends up being redundant in some manner.
And one more thing. When I look at the nvram directory I get this:
Directory of nvram:/
120 -rw- 3956 startup-config
121 ---- 1920 private-config
122 -rw- 3956 underlying-config
1 ---- 34 persistent-data
2 -rw- 580 IOS-Self-Sig#3701.cer
3 -rw- 0 ifIndex-table
4 -rw- 580 IOS-Self-Sig#3702.cer
5 -rw- 580 IOS-Self-Sig#3703.cer
6 -rw- 590 IOS-Self-Sig#3704.cer
7 -rw- 580 IOS-Self-Sig#3705.cer
8 -rw- 580 IOS-Self-Sig#3706.cer
9 -rw- 580 IOS-Self-Sig#3707.cer
10 -rw- 579 IOS-Self-Sig#1.cer
11 -rw- 579 IOS-Self-Sig#2.cer
12 -rw- 579 IOS-Self-Sig#3.cer
13 -rw- 579 IOS-Self-Sig#4.cer
131072 bytes total (111832 bytes free)
Shouldn't the startup-config be marked as executable? as in rwx?
I'm losing hair fast here.
TIA for your help,
rlj
it was indeed waving to nvram, however, in rommon it was set to boot to image 2 (default)and for what ever reason that didn't work. I changed it to 3 and it worked.
Now back the configuration battle.
Thanks for your help.
Now back the configuration battle.
Thanks for your help.
I have teh non wireless version 871. I should be able to simple delete the wireless portions and use the rest of the configs correct?
secondly do you have one of these templates for an aironet 1200's?
secondly do you have one of these templates for an aironet 1200's?
Yes, you can just strip the radio interface portion.
Read this guide. Aironet 1200 template included.
http://blogs.techrepublic.com.com/Ou/?p=404
Read this guide. Aironet 1200 template included.
http://blogs.techrepublic.com.com/Ou/?p=404
Can point me in the right direction to setup 857w with pppoe ?
I have followed your tutorial to the letter, I believe, and my Wireless Client is dropping 50% of all packets. The Router can ping externally w/o packet loss. I am using the Guest Vlan, but dhcp is assigning address from the Internal Vlan..? Any ideas? Any Help... anyone.
Thanks in advance
Scott B.
Thanks in advance
Scott B.
Is there a way to configure the Cisco 851W as an access point
only. I have 1 sitting around, and I want to create a small
wireless LAN at our site. My thought was to set up the 851W
as an access point and connect to one of our switches.
Thanks,
Greg
only. I have 1 sitting around, and I want to create a small
wireless LAN at our site. My thought was to set up the 851W
as an access point and connect to one of our switches.
Thanks,
Greg
I have configured my 851w exactly according to the template provided and most of the functionality seems to be great. I am, however having a small problem with my Guest WLAN.
It seems that while one computer can connect wirelessly to this interface, if a 2nd computer attempts to establish a wireless connection, that computer will continuously drop the connection to the wireless network.
I'm not seeing anything in either the template or either computer's wireless NIC settings/config that might indicate why this would be occurring. any thoughts or suggestions would be much appreciated.Thanks!
It seems that while one computer can connect wirelessly to this interface, if a 2nd computer attempts to establish a wireless connection, that computer will continuously drop the connection to the wireless network.
I'm not seeing anything in either the template or either computer's wireless NIC settings/config that might indicate why this would be occurring. any thoughts or suggestions would be much appreciated.Thanks!
how would this be configured to run on ipv6? i think Cisco specks the 871 to operate with it.
You could configure the LAN to use IPv6 and then translate it to IPv4. Are you actually trying to do this? It isn't easy to do on the client side.
I work for a value added reseller and most of the routers I have been involved with are the older 800 series and the SOHO routers. With those I just needed to work with physical interfaces, or, with the SOHOs interface E0 which was the virtual interface for the physical interfaces on the back.
I just got in my first 857W last week and it is a whole new world. I had your 871 article which was a great help, but, as you mentioned, things do not quite work the same. It took me the better part of three days working out how to get the wired and wireless lans to talk to each other and to the dialer. I would probably would not have made it without the help of your template or a call to Cisco. I was only comfortable using one wireless lan; had I read this article the open and private wireless lans might have been a better solution. To late now the router is at a customer across the state.
I like the new virtual interface setups, but they are very different from the old SOHOs.
I just got in my first 857W last week and it is a whole new world. I had your 871 article which was a great help, but, as you mentioned, things do not quite work the same. It took me the better part of three days working out how to get the wired and wireless lans to talk to each other and to the dialer. I would probably would not have made it without the help of your template or a call to Cisco. I was only comfortable using one wireless lan; had I read this article the open and private wireless lans might have been a better solution. To late now the router is at a customer across the state.
I like the new virtual interface setups, but they are very different from the old SOHOs.
I made a mistake on the original 871W template and we've posted a new version of it. Please download it again. Sorry about that.
I'm glad this is helping you.
I'm glad this is helping you.
So if I'm a total Cisco newb, and want a router for my home to interface with the cable modem, would I benefit at all from the 871W versus the 851W?
Thanks,
B
Thanks,
B
If you want to run VLANs on the switch or QoS, you'll need the 871.
This is a great article, however, it doesn't explain how to do a setup for any type of broadband connection except for PPPoE. I have a cable modem. How would I configure that?
DHCP and Static IP template due next week. I have the templates but I haven't tested them in the field yet. If you send me a private message, I can email you the template if you want to beta test it.
I'm converting my SOHO (4 workstations) from a workgroup to a domain with a dedicated file/print sever running Windows SBS 2003. I currently run the CLI template for a cable modem. My question is: How do I adjust my router configuration to allow a static IP for my server? Any suggestions or comments are apprciated.
I don't know what I am doing wrong but when I press the relace button I can't find the info I entered in the variables sheet. So if I can not see it how can I copy/paste it.
You don't look for the output in the variable's tab/sheet. A brand new sheet is created every time you press the replace button.
I have had my router for over a year and the support with Cisco has expired. I just picked up a new laptop for my wife for Xmas and now I need to enable the wireless on the router. I entered almost all the commands pertaining to the Dot11Radio from the excel work sheet. I can connect to the SSID but I do not get an IP address assigned to me and then Windows XP says I have limited connectivity to the network and I have internet access.
Here is a copy of my config (minus the passwords) I couldn't get it all to copy into notepad, but I think all the important stuff is there. Also if there are any other reccomendations you would make please let me know I will be happy to consider implementing them.
Building configuration...
Current configuration : 5356 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname $A\/aGe_|)r@G0/\/
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$S/
!
username Moonspell privilege 15 secret 5 $1$a.n/
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
ip subnet-zero
no ip source-route
ip dhcp excluded-address 10.10.0.1 10.10.2.0
ip dhcp excluded-address 10.10.3.101 10.10.255.254
!
ip dhcp pool sdm-pool
import all
network 10.10.0.0 255.255.0.0
default-router 10.10.1.1
lease 10 2
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name darksun.wrld
no ftp-server write-enable
!
crypto pki trustpoint tti
revocation-check crl
rsakeypair tti
!
interface Null0
no ip unreachables
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
encryption vlan 1 mode ciphers tkip
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.1.1 255.255.0.0
Here is a copy of my config (minus the passwords) I couldn't get it all to copy into notepad, but I think all the important stuff is there. Also if there are any other reccomendations you would make please let me know I will be happy to consider implementing them.
Building configuration...
Current configuration : 5356 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname $A\/aGe_|)r@G0/\/
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$S/
!
username Moonspell privilege 15 secret 5 $1$a.n/
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
ip subnet-zero
no ip source-route
ip dhcp excluded-address 10.10.0.1 10.10.2.0
ip dhcp excluded-address 10.10.3.101 10.10.255.254
!
ip dhcp pool sdm-pool
import all
network 10.10.0.0 255.255.0.0
default-router 10.10.1.1
lease 10 2
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name darksun.wrld
no ftp-server write-enable
!
crypto pki trustpoint tti
revocation-check crl
rsakeypair tti
!
interface Null0
no ip unreachables
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
encryption vlan 1 mode ciphers tkip
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.1.1 255.255.0.0
You can't just take some components and not others without understanding how the CLI configuration works.
You have a situation where your Wireless LAN is bridged to VLAN1 which is a completely different subnet than the IPs you're handing out with your DHCP pool.
ip dhcp pool sdm-pool
network 10.10.0.0 255.255.0.0
interface Vlan1
ip address 10.10.1.1 255.255.0.0
See how these don't match?
I would highly recommend that you copy the entire configuration and not just bits and pieces of it. Then you can modify the configuration from there after you get the network working.
You have a situation where your Wireless LAN is bridged to VLAN1 which is a completely different subnet than the IPs you're handing out with your DHCP pool.
ip dhcp pool sdm-pool
network 10.10.0.0 255.255.0.0
interface Vlan1
ip address 10.10.1.1 255.255.0.0
See how these don't match?
I would highly recommend that you copy the entire configuration and not just bits and pieces of it. Then you can modify the configuration from there after you get the network working.
I configured 851w with your template, connecting to GuestWlan but no IP given. Any ideas? The other vlan works great.
I am trying to get something very similar set up as your config here. The problem I am having is that the internal network (InternalWLAN in your example) is WPA and the GuestNet is WEP (this is so that older devices I have can have a seperate VLAN for their use of WEP). I want all my PC's etc to use the WPA WLAN, and my Tivo, Game adapter, etc to use the WEP WLAN, and create the necessary ACL's to secure the WEP net from the WPA and internal.
That being said, the problem I have is that I CAN connect to the WPA network with no problems, even with the SSID not being broadcast. When I pull up NetStumbler, it works (although until I associate, the SSID is hidden). The WEP network is not being shown, though, and the MAC of that interface is showing up as 00000000, no SSID, and I cannot connect to it at all.
Here is my config, if you could take a look, it would be a huge help, thanks! (there are other smatterings in the config that are works in progress, so bear with me)
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Sun 19-Nov-06 03:57 by prod_rel_team
Config:
[snip]
interface FastEthernet4
description WAN port
ip address dhcp
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers wep128
!
encryption mode ciphers tkip wep128
!
ssid ferrari
vlan 20
authentication open
guest-mode
!
ssid flashpoint
vlan 10
authentication open
authentication key-management wpa
wpa-psk ascii 7 01120A01430A080B725E
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan10
description Trusted LAN segment
no ip address
ip virtual-reassembly
bridge-group 10
bridge-group 10 spanning-disabled
!
interface Vlan20
description Untrused Wireless Segment
no ip address
ip virtual-reassembly
bridge-group 20
bridge-group 20 spanning-disabled
!
interface Dialer0
no ip address
!
interface BVI20
description Bridge to Guest Network
ip address 10.10.3.1 255.255.255.0
ip virtual-reassembly
!
interface BVI10
description Bridge to Trusted Wireless Network
ip address 10.10.2.1 255.255.255.0
ip virtual-reassembly
!
[snip]
Any and all help would be appreciated!
Thanks,
Bob
That being said, the problem I have is that I CAN connect to the WPA network with no problems, even with the SSID not being broadcast. When I pull up NetStumbler, it works (although until I associate, the SSID is hidden). The WEP network is not being shown, though, and the MAC of that interface is showing up as 00000000, no SSID, and I cannot connect to it at all.
Here is my config, if you could take a look, it would be a huge help, thanks! (there are other smatterings in the config that are works in progress, so bear with me)
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Sun 19-Nov-06 03:57 by prod_rel_team
Config:
[snip]
interface FastEthernet4
description WAN port
ip address dhcp
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers wep128
!
encryption mode ciphers tkip wep128
!
ssid ferrari
vlan 20
authentication open
guest-mode
!
ssid flashpoint
vlan 10
authentication open
authentication key-management wpa
wpa-psk ascii 7 01120A01430A080B725E
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan10
description Trusted LAN segment
no ip address
ip virtual-reassembly
bridge-group 10
bridge-group 10 spanning-disabled
!
interface Vlan20
description Untrused Wireless Segment
no ip address
ip virtual-reassembly
bridge-group 20
bridge-group 20 spanning-disabled
!
interface Dialer0
no ip address
!
interface BVI20
description Bridge to Guest Network
ip address 10.10.3.1 255.255.255.0
ip virtual-reassembly
!
interface BVI10
description Bridge to Trusted Wireless Network
ip address 10.10.2.1 255.255.255.0
ip virtual-reassembly
!
[snip]
Any and all help would be appreciated!
Thanks,
Bob
Cisco Aironet APs already support multi-broadcast SSIDs and they've done so for a year now or more. You'll have wait till the 800 series supports multi-broadcast SSIDs.
This is why I get so irritated by people who keep suggesting that hidden SSIDs are more secure when they're not more secure. You'll just cause a lot of problems and not get any more security.
I would suggest that you make your WEP network the broadcast SSID since most WPA devices can at least tolerate hidden SSIDs. The fact that devices are still being sold with WEP only is a crying shame.
This is why I get so irritated by people who keep suggesting that hidden SSIDs are more secure when they're not more secure. You'll just cause a lot of problems and not get any more security.
I would suggest that you make your WEP network the broadcast SSID since most WPA devices can at least tolerate hidden SSIDs. The fact that devices are still being sold with WEP only is a crying shame.
I only need one to broadcast, and the WEP ssid is the one that is set to guest-mode (see the posted config). The problem is in the WEP configuration, and the assignment of IP's. So, I have been working on this, and can use the non-broadcast WPA network with no problems at all. I cannot associate with and cannot get an IP on the second VLAN.
That being said, I have a few questions (sorry!)
1) Does the ISR platform support multiple DHCP servers running, one for each VLAN? I added Fa3 to the same VLAN as the WEP SSID BVI20, and neither can get an address, but VLAN10 can get an address no problem.
2) I absolutely agree it is a shame that stuff sells as WEP only, but I am stuck with what I am stuck with, unless I run a physical port to the third floor from the basement - a MAJOR feat.
3) I just upgraded to c870-advipservicesk9-mz.124-11.T1.bin to enable the IPS support... but the latest SDM won't configure the IPS (LOL!). Guess I will have to do all that from the CLI.
Comments are appreciated!
Thanks,
Bob
That being said, I have a few questions (sorry!)
1) Does the ISR platform support multiple DHCP servers running, one for each VLAN? I added Fa3 to the same VLAN as the WEP SSID BVI20, and neither can get an address, but VLAN10 can get an address no problem.
2) I absolutely agree it is a shame that stuff sells as WEP only, but I am stuck with what I am stuck with, unless I run a physical port to the third floor from the basement - a MAJOR feat.
3) I just upgraded to c870-advipservicesk9-mz.124-11.T1.bin to enable the IPS support... but the latest SDM won't configure the IPS (LOL!). Guess I will have to do all that from the CLI.
Comments are appreciated!
Thanks,
Bob
Just create a new scope for it with a subnet that matches the Interface.
The 871W template for static IP configures the router to ask the ISP for the DNS Server Addresses. How would I change the template to set 2 static DNS Servers?
Edit...forget I asked the question. I just read the post on configuring DHCP and it explained what to do. Thanks anyway.
Edit...forget I asked the question. I just read the post on configuring DHCP and it explained what to do. Thanks anyway.
I am able to connect through interface ports and through internal wlan, but am unable to retieve an address from guest wlan. I followed the dhcp template and am able to ping guest gateway
The ACL blocks it from pinging the Internal LAN but should allow it to ping the Internet. You might need to save the config and reload the router.
Have you resolved your issue yet? If so I am interested in the resolution. I have the same problem, configured 851w with template, connecting to GuestWlan but no IP given.
I can ping my desktop from my wireless laptop but i cant ping the laptop from the desktop or the router, laptop wont even ping its own ip. Everything else works fine
ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Kaine#ping 192.168.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Kaine#ping 192.168.1.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.101, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Kaine#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
I am using the dhcp template
ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Kaine#ping 192.168.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Kaine#ping 192.168.1.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.101, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Kaine#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
I am using the dhcp template
krmaxwell81@.., have you resolved your issue yet. I have a 851w and followed the template, I connect and get authenticated but no IP is given? Anyone have this issue resolved?
Hi, Thanks for the top quality article. Having just received a Cisco 857W from Telstra (Australia) for broadband this tutorial is fantastic!
I have a very similar setup already running on my 857W, but I can't get the wireless computers to ping or connect to any other wireless computers. Wireless to wired connections are okay (and vice-versa), as are wireless to the router and internet.
My question is - will implementing this config allow wireless hosts to ping each other, and see each other in the network neighborhood (XP and Vista machines).
Many thanks!
Trav
I have a very similar setup already running on my 857W, but I can't get the wireless computers to ping or connect to any other wireless computers. Wireless to wired connections are okay (and vice-versa), as are wireless to the router and internet.
My question is - will implementing this config allow wireless hosts to ping each other, and see each other in the network neighborhood (XP and Vista machines).
Many thanks!
Trav
It should work if you follow it exactly or only make changes you understand.
Before you do this though, make sure you backup your current configuation.
Before you do this though, make sure you backup your current configuation.
Were you able to get this issue resolved??
I have the exact same issue, being that any wireless device on the internal network cannot ping/browse any other wireless device on the internal network..
Any suggestions???
I have the exact same issue, being that any wireless device on the internal network cannot ping/browse any other wireless device on the internal network..
Any suggestions???
Tried this on the 877W with no joy, stripped out additional VLAN as it doesn't support it, anyone else got this working on this router?
Thanx for the config, works flawlessly. The only thing that i am curois about is that, just for kicks I went to the web config page and noticed that under firewall, it says that it is disabled. I tried running the Cisco SDM and it also shows the firewall as not configured. However when I try to configure it or turn it on, it doesn't quite work.
I was wondering if this is because it's already setup tru CLI and therefore the web based config is just not seeing it...or is the firewall really not setup with this config?
I was wondering if this is because it's already setup tru CLI and therefore the web based config is just not seeing it...or is the firewall really not setup with this config?
I've been asking for months for some assistance on
getting NAT and firewall working with this configuration.
Once you fire off the auto configuration of the firewall or
try to turn on the nat forwarding, the rest of the
configuration breaks. I know its because I dont know what
I am doing, but I thought that was why I was here. I found
that you can do this, goto SDM and do a audit, it will try
to turn on all kinds of protection (I find most will mess the
configuration up making it useless), however, dont
activate any of the features that it suggests, but at the
end, there is a add firewall to outside interface. Click on
activate this, that will turn your firewall on the outside
interface, doing 2 things. The most important being that
you can actually look at the firewall and make changes
(before doing this, SDM reports the firewall isn't on and
starts flipping EVERYthing into a default, which destroys
the rest of the config you did with this excel sheet), but
after you turn just the firewall on the outside interface,
you can now click on the firewall icon in SDM and start to
try to add rules, and mess around.
I unfortunately tried to add port forwarding NAT entries
via IOS command line, and for the life of my cant get it
working. Maybe some one who already has worked with
this configuration and learned how to add NAT and
firewall can help, but I haven't found them. I've posted this
config all over and haven't gotten much in the last 4
months or so..
good luck
getting NAT and firewall working with this configuration.
Once you fire off the auto configuration of the firewall or
try to turn on the nat forwarding, the rest of the
configuration breaks. I know its because I dont know what
I am doing, but I thought that was why I was here. I found
that you can do this, goto SDM and do a audit, it will try
to turn on all kinds of protection (I find most will mess the
configuration up making it useless), however, dont
activate any of the features that it suggests, but at the
end, there is a add firewall to outside interface. Click on
activate this, that will turn your firewall on the outside
interface, doing 2 things. The most important being that
you can actually look at the firewall and make changes
(before doing this, SDM reports the firewall isn't on and
starts flipping EVERYthing into a default, which destroys
the rest of the config you did with this excel sheet), but
after you turn just the firewall on the outside interface,
you can now click on the firewall icon in SDM and start to
try to add rules, and mess around.
I unfortunately tried to add port forwarding NAT entries
via IOS command line, and for the life of my cant get it
working. Maybe some one who already has worked with
this configuration and learned how to add NAT and
firewall can help, but I haven't found them. I've posted this
config all over and haven't gotten much in the last 4
months or so..
good luck
The template works great!!
What is the best setup to decrease the Signal Strength of 851W? If I set the CCK and OFDM transmitter power to 7 dBm, is that considered lowest signal strength or is there a recommended setting?
What is the best setup to decrease the Signal Strength of 851W? If I set the CCK and OFDM transmitter power to 7 dBm, is that considered lowest signal strength or is there a recommended setting?
I have been using the spreadsheet to setup my Cisco 851W. The only difference is I want 1 wireless LAN instead of 2 so I have made the needed changes (I think). Also I havnt got to the Firewall part yet.
My wired connectivity works great! The problem is when I use my laptop to connect to the Wireless LAN I am unable to pull an IP address. I turned on "debug ip dhcp server events" and there doesn't even seem to be any kind of a request for an IP coming in. I tried statically assigning an IP to my laptop but I was unable to ping the default gateway. Does anybody have any ideas?
Here is my running config:
Current configuration : 3606 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LM-router
!
boot-start-marker
boot-end-marker
!
enable secret 5 --[OMITTED]--
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.10
!
ip dhcp pool internal-pool
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 68.2.16.25
lease 7
!
!
ip cef
no ip domain lookup
!
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid LM-WLAN
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 --[OMITTED]--
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2437
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router rip
version 2
redistribute connected
redistribute static
network 192.168.100.0
!
ip classless
!
no ip http server
no ip http secure-server
ip nat pool PAT 68.228.199.228 68.228.199.228 netmask 255.255.255.0
ip nat inside source list 20 pool PAT overload
!
access-list 20 permit 192.168.100.0 0.0.0.255
!
control-plane
!
bridge 1 route ip
banner motd ^C
Lord Mueller's Personal Router/Network
^C
!
line con 0
password 7 --[OMITTED]--
login
no modem enable
line aux 0
password 7 --[OMITTED]--
line vty 0 4
password 7 --[OMITTED]--
login
!
scheduler max-task-time 5000
ntp server 64.254.132.24
end
My wired connectivity works great! The problem is when I use my laptop to connect to the Wireless LAN I am unable to pull an IP address. I turned on "debug ip dhcp server events" and there doesn't even seem to be any kind of a request for an IP coming in. I tried statically assigning an IP to my laptop but I was unable to ping the default gateway. Does anybody have any ideas?
Here is my running config:
Current configuration : 3606 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LM-router
!
boot-start-marker
boot-end-marker
!
enable secret 5 --[OMITTED]--
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.10
!
ip dhcp pool internal-pool
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 68.2.16.25
lease 7
!
!
ip cef
no ip domain lookup
!
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid LM-WLAN
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 --[OMITTED]--
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2437
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router rip
version 2
redistribute connected
redistribute static
network 192.168.100.0
!
ip classless
!
no ip http server
no ip http secure-server
ip nat pool PAT 68.228.199.228 68.228.199.228 netmask 255.255.255.0
ip nat inside source list 20 pool PAT overload
!
access-list 20 permit 192.168.100.0 0.0.0.255
!
control-plane
!
bridge 1 route ip
banner motd ^C
Lord Mueller's Personal Router/Network
^C
!
line con 0
password 7 --[OMITTED]--
login
no modem enable
line aux 0
password 7 --[OMITTED]--
line vty 0 4
password 7 --[OMITTED]--
login
!
scheduler max-task-time 5000
ntp server 64.254.132.24
end
How do you configure a subinterface? I'm got a 2924 switch (fa 0/1) connected to fa1 on my 871; I can see each device if I do a "sh cdp neighbors/detail" but I can't ping either device...
Jay
Jay
I'd like to use the same config except with a free hotspot.
Any chance of getting this config?
Any chance of getting this config?
I've got an 871w with the latest adv. IP svcs IOS.
I changed the primary IP range to 192.168.0/24 and the guest-net to 192.168.1/24. I don't know if that makes a difference.
My router gives me an IP address and things appear to be working OK, but I can't ssh or http to 192.168.0.1. I can ping it.
Any ideas?
Thanks!
I changed the primary IP range to 192.168.0/24 and the guest-net to 192.168.1/24. I don't know if that makes a difference.
My router gives me an IP address and things appear to be working OK, but I can't ssh or http to 192.168.0.1. I can ping it.
Any ideas?
Thanks!
Thank you for this information. I was able to get my 851W up and running using the Static template.
Once I installed the template generated config, I still had to use the Cisco SDM webpage utility to add the Route and the WAN ip. I didn't know how to do this via CLI. For some reason it did not install using the template.
Then, I had to add my own DNS servers to the ip dhcp pool VlAN20 by using the DNS-Server x.x.x.x x.x.x.x command in the CLI. Because, when I would connect with a wireless laptop, it flat out would not find google until I added the DHCP DNS-SERVER to the config.
I struggled for two days trying to get this to work until I found this template and it really helped, even though it was not a cut and paste solution for me.
Once I installed the template generated config, I still had to use the Cisco SDM webpage utility to add the Route and the WAN ip. I didn't know how to do this via CLI. For some reason it did not install using the template.
Then, I had to add my own DNS servers to the ip dhcp pool VlAN20 by using the DNS-Server x.x.x.x x.x.x.x command in the CLI. Because, when I would connect with a wireless laptop, it flat out would not find google until I added the DHCP DNS-SERVER to the config.
I struggled for two days trying to get this to work until I found this template and it really helped, even though it was not a cut and paste solution for me.
And use my internal DHCP server on the Internal LAN (both LAN and WAN) by just deleting the DHCP portion related to the Internal NET?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
