Questions

I am having a problem setting up a Cisco 871W Router.

Tags:
+
0 Votes
Locked

I am having a problem setting up a Cisco 871W Router.

ericjgrenier
I am having a problem setting up a Cisco 871W Router. I cannot get connected to the internet. I warn you that I am somewhat of a newbie at this so I apologize if I say or have done or will do anything stupid. I have gone through what I believe are the correct steps to set this up yet I am having no luck. Below you will see my hyper terminal session and all of the steps that I took (i have edited out my public IP and passwords). I really hope someone can send me on the right path. I also cannot log into the router via the web interface (any help with that would be greatly appreciated). Thank you


Booting flash:/c870-advsecurityk9-mz.124-4.T8.bin
Self decompressing the image : #################################################
########################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706


Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
Image text-base: 0x8002008C, data-base: 0x813FEFCC


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of mem
ory.
Processor board ID FHK121021J4
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)


--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n


Press RETURN to get started!


*Mar 1 00:00:06.875: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Initialized
*Mar 1 00:00:06.879: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State change
d to: Enabled sslinit fn

*Mar 1 00:00:09.079: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*Mar 1 00:00:09.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to down
*Mar 1 00:00:10.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to up
*Ma
Router>
Router>r 1 00:00:11.607: USB init complete.
*Mar 1 00:01:00.263: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Mar 1 00:01:01.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to down
*Mar 1 00:01:02.255: %LINK-5-CHANGED: Interface FastEthernet4, changed state to
administratively down
*May 23 16:27:33.399: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, REL
EASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
*May 23 16:27:33.399: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:33.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*May 23 16:27:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha
nged state to up
*May 23 16:27:34.979: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to
up
*May 23 16:27:34.987: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to
up
*May 23 16:27:34.991: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to
up
*May 23 16:27:34.995: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to
up
*May 23 16:27:35.143: %LINK-5-CHANGED: Interface Virtual-Dot11Radio0, changed st
ate to administratively down
*May 23 16:27:35.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et3, changed state to up
*May 23 16:27:35.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et2, changed state to down
*May 23 16:27:35.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et1, changed state to up
*May 23 16:27:35.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0, changed state to down
*May 23 16:27:36.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Do
t11Radio0, changed state to down
Router>enable
Router#vlan data
Router(vlan)#vlan 10 name Internal-LAN
Vlan can not be added. Maximum number of 1 vlan(s) in the database.

Router(vlan)#enable
^
% Invalid input detected at '^' marker.

Router(vlan)#exit
APPLY completed.
Exiting....


Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#hostname

united(config)#enable secret
united(config)#enable password


united(config)#enable password


united(config)#aaa new-model
united(config)#aaa authentication login default local
united(config)#aaa authorization exec default local
united(config)#aaa session-id common
united(config)#ip http server
united(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

united(config)#
*May 23 16:32:20.987: %SSH-5-ENABLED: SSH 1.99 has been enabled
*May 23 16:32:22.531: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri
te memory" to save new certificatewrite memory


united(config)#^Z
united#
*May 23 16:33:10.367: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#line con 0
united(config-line)#password
united(config-line)#line vty 0 4
united(config-line)#password
united(config-line)#exit
united(config)#line vty 0 4
united(config-line)#exit
united(config)#ip domain name united
united(config)#no ip domain lookup
united(config)#username united privilege 15 password
united(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.99
united(config)#service dhcp
united(config)#ip dhcp pool VLAN10
united(dhcp-config)#exit
united(config)#ip dhcp pool internal-net
united(dhcp-config)#network 192.168.1.0 255.255.255.0
united(dhcp-config)#default-router 192.168.1.1
united(dhcp-config)#import all
united(dhcp-config)#domain-name
united(dhcp-config)#lease 4
united(dhcp-config)#exit
united(config)#access-list 1 permit 192.168.1.0 0.0.0.255
united(config)#ip nat inside source list 1 interface FastEthernet4 overload
united(config)#
*May 23 16:40:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan
ged state to up
united(config)#interface FastEthernet4
united(config-if)#ip address dhcp
united(config-if)#ip tcp adjust-mss 1460
united(config-if)#ip nat outside
united(config-if)#no cdp enable
united(config-if)#ip route 0.0.0.0 0.0.0.0 DHCP
united(config)#interface FastEthernet0
united(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0 but will only
have effect when the interface is in a non-trunking mode.
united(config-if)#interface Dot11Radio0
united(config-if)#encryption vlan 1 mode ciphers tkip
united(config-if)#ssid united
united(config-if-ssid)#vlan 1
united(config-if-ssid)#authentication open
united(config-if-ssid)#authentication key-management wpa
united(config-if-ssid)#wpa-psk ascii
united(config-if-ssid)#exit
united(config-if)#channel
% Incomplete command.

united(config-if)#channel 1
united(config-if)#no cdp enable
united(config-if)#no dot11 extension aironet
united(config-if)#exit
united(config)#interface Vlan 1
united(config-if)#description internal Network
united(config-if)#ip nat inside
united(config-if)#ip virtual-reassembly

united(config-if)#bridge-group 1


united(config-if)#bridge-group 1 spanning-disabled
united(config-if)#exit
united(config)#^Z
united#
*May 23 16:48:31.203: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.


united(config)#interface BVI1
Integrated Routing and Bridging is not configured! //dont understand why
^
% Invalid input detected at '^' marker.


united(config)#interface FastEthernet4
united(config-if)#description WAN interface - TO Internet

united(config-if)#ip address 68.99. 255.255.
united(config-if)#no shutdown
united(config-if)#exit
*May 23 16:57:47.571: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to
up
*May 23 16:57:48.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et4, changed state to up
united(config)#^Z
united#
*May 23 16:57:58.151: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface fastethernet0
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet1
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet2
united(config-if)#no shutdown
united(config-if)#exit
united(config)#interface fastethernet3
united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:09:47.119: %SYS-5-CONFIG_I: Configured from console by console
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#ip inspect name MYFW tcp
united(config)#ip inspect name MYFW udp
united(config)#ip access-list extended internet-inbound-ACL
united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
united(config-ext-nacl)#permit icmp any any echo
united(config-ext-nacl)#permit esp any any
united(config-ext-nacl)#interface FastEthernet4
united(config-if)#ip inspect MYFW out
united(config-if)#ip access-group Internet-inbound-ACL in
united(config-if)#^Z
united#
*May 23 17:14:26.635: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 unassigned YES unset up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface vlan1
united(config-if)#ip address 192.168.1.1 255.255.255.0
united(config-if)#no shhutdown
^
% Invalid input detected at '^' marker.

united(config-if)#no shutdown
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:15:37.887: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

FastEthernet4 68.99. YES manual up up

Dot11Radio0 unassigned YES TFTP administratively down down

Vlan1 192.168.1.1 YES manual up up

Virtual-Dot11Radio0 unassigned YES TFTP administratively down down

NVI0 unassigned YES unset up up

united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.

united(config)#interface Dot11Radio0.1


united(config-subif)#encapsulation dot1Q 1 native
united(config-subif)#no snmp trap link-status


united(config-subif)#bridge-group 1
united(config-subif)#bridge-group 1 subscriber-loop-control
united(config-subif)#bridge-group 1 spanning-disabled
united(config-subif)#bridge-group 1 block-unknown-source
united(config-subif)#no bridge-group 1 source-learning
united(config-subif)#no bridge-group 1 unicast-flooding
united(config-subif)#exit
united(config)#interface BVI1
Integrated Routing and Bridging is not configured!
^
% Invalid input detected at '^' marker.

united(config)#^Z
united#
*May 23 17:23:17.099: %SYS-5-CONFIG_I: Configured from console by console
united#sh ip interface
FastEthernet0 is up, line protocol is down
Internet protocol processing disabled
FastEthernet1 is up, line protocol is up
Internet protocol processing disabled
FastEthernet2 is up, line protocol is down
Internet protocol processing disabled
FastEthernet3 is up, line protocol is up
Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
Internet address is 68.99./27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is Internet-inbound-ACL
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Outgoing inspection rule is MYFW
Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
Vlan1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Virtual-Dot11Radio0 is administratively down, line protocol is down
Internet protocol processing disabled
Virtual-Dot11Radio0.1 is administratively down, line protocol is down
Internet protocol processing disabled
NVI0 is up, line protocol is up
Internet protocol processing disabled
united#
united#config t
Enter configuration commands, one per line. End with CNTL/Z.
united(config)#interface Dot11Radio0
united(config-if)#no shutdown
united(config-if)#exit
*May 23 17:25:43.779: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*May 23 17:25:43.783: %LINK-3-UPDOWN: Interface Virtual-Dot11Radio0, changed sta
te to down
*May 23 17:25:44.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
united(config)#interface Dot11Radio0.1
united(config-subif)#no shutdown
united(config-subif)#exit
united(config)#int dot0
united(config-if)#no shut
united(config-if)#exit
united(config)#^Z
united#
*May 23 17:26:46.275: %SYS-5-CONFIG_I: Configured from console by console
united#
  • +
    0 Votes

    There does appear to be some errors in the syntax though or the correct input was not entered. I made a list of what might be at fault.

    1) Either you or the administrators had configured the wrong date; unless this was edited. This would conflict with a number of services that are dependent on time sychronization. In this case where you are not able to access the Internet, the DHCP leasing process might not allot the correct time for IP address assignment. If the time on the computer you are using to access the internet is skewed, even a second, the IP address lease would not be offered by your DHCP server, being it was not updated.

    2) If the router is not RFC 1542 compliant it will not be able to route DHCP packets to other routers on to clients connected to the router on one of the FastEthernet links. You may want to replace it or set up a DHCP Relay Agent on a separate server assuming you use Windows for the service.

    At the beginning of the printout of the session; it reads,

    "Router(vlan)#vlan 10 name Internal-LAN
    Vlan can not be added. Maximum number of 1 vlan(s) in the database."

    3) If VLAN10 is the network segment that the DHCP server is located on VLAN10 as in what it reads in the 'united' router setup output;

    "united(config)#ip dhcp pool VLAN10"

    if this is true, a DHCP server on VLAN10 could not assign addresses because the only vlan in your database is vlan1.

    4) Another thing is that vlan1 appears to be on is administratively up, its statically configured right. but NAT is configured
    "united(config)#interface Vlan 1
    united(config-if)#description internal Network
    united(config-if)#ip nat inside
    united(config-if)#ip virtual-reassembly"
    If the router was set up as a DHCP relay agent, NAT would be overridden outbound, private addresses are not routable across the internet and DHCP is not on the right vlan

    5) Also IF "Internet protocol processing disabled" as in what the setup printout reads, IP addresses could not be used.

    6) The configuration stored can't be updated if
    "Virtual-Dot11Radio0 unassigned YES TFTP administratively down down"

    7) If you are trying to access it remotely either from the private network on another segment, or across the internet you haven't set it up for https, ssh, or telnet. If any traffic using these services and their ports are not permitted, they are explicitly denied ( I think )
    "united(config)#ip inspect name MYFW tcp
    united(config)#ip inspect name MYFW udp
    united(config)#ip access-list extended internet-inbound-ACL
    united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
    united(config-ext-nacl)#permit icmp any any echo
    united(config-ext-nacl)#permit esp any any"

    It also says Inbound access list is not set

    +
    0 Votes

    7) If you are trying to access it remotely either from the private network on another segment, or across the internet you haven't set it up for https, ssh, or telnet. If any traffic using these services and their ports are not permitted, they are explicitly denied ( I think )
    "united(config)#ip inspect name MYFW tcp
    united(config)#ip inspect name MYFW udp
    united(config)#ip access-list extended internet-inbound-ACL
    united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
    united(config-ext-nacl)#permit icmp any any echo
    united(config-ext-nacl)#permit esp any any"

    It also says Inbound access list is not set

  • +
    0 Votes

    There does appear to be some errors in the syntax though or the correct input was not entered. I made a list of what might be at fault.

    1) Either you or the administrators had configured the wrong date; unless this was edited. This would conflict with a number of services that are dependent on time sychronization. In this case where you are not able to access the Internet, the DHCP leasing process might not allot the correct time for IP address assignment. If the time on the computer you are using to access the internet is skewed, even a second, the IP address lease would not be offered by your DHCP server, being it was not updated.

    2) If the router is not RFC 1542 compliant it will not be able to route DHCP packets to other routers on to clients connected to the router on one of the FastEthernet links. You may want to replace it or set up a DHCP Relay Agent on a separate server assuming you use Windows for the service.

    At the beginning of the printout of the session; it reads,

    "Router(vlan)#vlan 10 name Internal-LAN
    Vlan can not be added. Maximum number of 1 vlan(s) in the database."

    3) If VLAN10 is the network segment that the DHCP server is located on VLAN10 as in what it reads in the 'united' router setup output;

    "united(config)#ip dhcp pool VLAN10"

    if this is true, a DHCP server on VLAN10 could not assign addresses because the only vlan in your database is vlan1.

    4) Another thing is that vlan1 appears to be on is administratively up, its statically configured right. but NAT is configured
    "united(config)#interface Vlan 1
    united(config-if)#description internal Network
    united(config-if)#ip nat inside
    united(config-if)#ip virtual-reassembly"
    If the router was set up as a DHCP relay agent, NAT would be overridden outbound, private addresses are not routable across the internet and DHCP is not on the right vlan

    5) Also IF "Internet protocol processing disabled" as in what the setup printout reads, IP addresses could not be used.

    6) The configuration stored can't be updated if
    "Virtual-Dot11Radio0 unassigned YES TFTP administratively down down"

    7) If you are trying to access it remotely either from the private network on another segment, or across the internet you haven't set it up for https, ssh, or telnet. If any traffic using these services and their ports are not permitted, they are explicitly denied ( I think )
    "united(config)#ip inspect name MYFW tcp
    united(config)#ip inspect name MYFW udp
    united(config)#ip access-list extended internet-inbound-ACL
    united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
    united(config-ext-nacl)#permit icmp any any echo
    united(config-ext-nacl)#permit esp any any"

    It also says Inbound access list is not set

    +
    0 Votes

    7) If you are trying to access it remotely either from the private network on another segment, or across the internet you haven't set it up for https, ssh, or telnet. If any traffic using these services and their ports are not permitted, they are explicitly denied ( I think )
    "united(config)#ip inspect name MYFW tcp
    united(config)#ip inspect name MYFW udp
    united(config)#ip access-list extended internet-inbound-ACL
    united(config-ext-nacl)#permit udp any eq bootps any eq bootpc
    united(config-ext-nacl)#permit icmp any any echo
    united(config-ext-nacl)#permit esp any any"

    It also says Inbound access list is not set