Questions

Problems configuring Cisco 877w Router

+
0 Votes
Locked

Problems configuring Cisco 877w Router

corlanb
Hi all, I am new to Cisco and the CLI in particular. I recently acquired the 877w router for home office use. I was hoping to try and get it running using SDM but it seems the CLI is still needed. Total newbie to this stuff...I've managed to cobble together a functioning config thanks to a great Excel tool posted in the forums here, thanks very much for that! However I seem to have a few issues still:

First each morning I lose internet connectivity, it seems the DNS stops functioning. I have to power cycle the router and then it works again.

Second in the CLI I am getting the following recurring errors:
*Mar 2 06:41:23.419: *** Not encrypted dot1x packet from 0019.1dff.02c7 has bee
n discarded
*Mar 2 06:41:23.419: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0019.1dff
.02c7 Associated SSID[T Home] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
*Mar 2 06:41:33.975: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0019.1dff.02c7 Reason: Sending station has left the BSS SSID[T Home]


Here is my running config (apologies in advance), if anyone knows where I went wrong or what commands I need to fix I would greatly appreciate it. Thanks.

Using 5406 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone MDT -7
clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1833490412
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1833490412
revocation-check none
rsakeypair TP-self-signed-1833490412
!
crypto pki certificate chain TP-self-signed-1833490412
certificate self-signed 01 nvram:IOS-Self-Sig#9.cer
dot11 syslog
!
dot11 ssid Work Remote
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 <WPAkeyhere>
!
dot11 ssid T Home
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 <WPAkeyhere>
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.224
default-router 10.10.10.1
dns-server 76.10.191.198 76.10.191.199
lease 0 2
!
ip dhcp pool Internal-net
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 76.10.191.198 76.10.191.199
domain-name domain1
lease 4
!
ip dhcp pool VLAN20
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 76.10.191.198 76.10.191.199
domain-name domain2
lease 4
!
!
ip inspect name MYFW tcp
ip inspect name MYFW udp
ip domain name yourdomain.com
ip name-server 76.10.191.198
ip name-server 76.10.191.199
!
!
!
username <me> privilege 15 secret 5 $1$D85L$p05dp6uRqKoZe6HiBObaF0
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/33
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid Work Remote
!
ssid T Home
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2462
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest wireless LAN - routed WLAN
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Vlan1
description Internal Network
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
ip address 76.10.188.115 255.255.255.0
ip access-group Internet-inbound-ACL in
ip mtu 1452
ip inspect MYFW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname <pppoe username>
ppp chap password 0 <pppoe password>
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 1
no cdp run
!
!
!
control-plane
!
bridge 1 route ip
banner login ^CC
-----------------------------------------------------------------------
Banner Message
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
  • +
    0 Votes
    career

    Before blaming the router, are you sure this just isn't the ISP dropping the connection due to idle timeout?

    Also can you explain why DNS isn't working? Are you using the router for DNS, or an internal server, or your ISPs?

    One thing I'd recommend is setting the clock on router, so you can tell exactly when events are happening. This should work:

    #ntp server bigben.cac.washington.edu

    +
    0 Votes
    corlanb

    I did call the ISP and they do see the errors on the port but they say it's related to my end and the config. The reason I suspect the router (more specifically, the current config) is that it was working OK up until I rewrote the config to get the wireless working. And I stay connected to the 'net, VPN stays locked, VoIP phone works, email comes through, etc. Just can't get to the www's. Ping google.com fails, ping 74.125.45.100 works a-ok.

    It's been suggested I might have a memory issue on the router. Tested yesterday, unplugged all the network connections and then did a reload. Came back 9 hours later and added one connection and it's been fine all day...but after 8 hours of use I lose connection again. Not sure if this confirms the memory issue or if this rules it out?? So confused...

    Also try to set the time using SDM but I think it gets lost everytime I use the reload command? And I don't know how to check logs from CLI, only the SDM works but again the logs seem to clear everytime I reload? Not sure if there is a better way to kickstart the router after 8 hrs of use other than the reload command, to preserve time setting and logs?

    Thanks for your help, sorry I'm such a newbie with this.

    +
    0 Votes
    chris.benecke

    if you think it could be the ammount of memory available on the device have a look at the SDM on the main page that you come to when you load SDM in the left hand window at the top it will tell you how much RAM and NVRAM you have available at the time.

    ram is obviously memory where the image is stored while its running on the device

    the NVRAM which is Flash ram is where the actual IOS CLI software is stored its also where your config file is stored so that it doesnt get lost when you reboot.

    +
    0 Votes
    corlanb

    Here is the memory usage:
    Available/Total Memory...62/128 MB
    Available/Total FLASH...2/24MB

    Do you think this will cause a problem in the future that I'm so close on my flash mem??

    Anyway, the good news is I seem to have solved the problem. I disconnected a Cisco VoIP phone that was not configured (constantly "registering"), and I have been solid for 2-days now. My new challenge is to configure the VPN in the router for that phone but for now I will just enjoy the router working as it should! Thanks everyone for your help with this problem!

    +
    0 Votes
    chris.benecke

    sorry guys the edit button didnt work properly on the last post

  • +
    0 Votes
    career

    Before blaming the router, are you sure this just isn't the ISP dropping the connection due to idle timeout?

    Also can you explain why DNS isn't working? Are you using the router for DNS, or an internal server, or your ISPs?

    One thing I'd recommend is setting the clock on router, so you can tell exactly when events are happening. This should work:

    #ntp server bigben.cac.washington.edu

    +
    0 Votes
    corlanb

    I did call the ISP and they do see the errors on the port but they say it's related to my end and the config. The reason I suspect the router (more specifically, the current config) is that it was working OK up until I rewrote the config to get the wireless working. And I stay connected to the 'net, VPN stays locked, VoIP phone works, email comes through, etc. Just can't get to the www's. Ping google.com fails, ping 74.125.45.100 works a-ok.

    It's been suggested I might have a memory issue on the router. Tested yesterday, unplugged all the network connections and then did a reload. Came back 9 hours later and added one connection and it's been fine all day...but after 8 hours of use I lose connection again. Not sure if this confirms the memory issue or if this rules it out?? So confused...

    Also try to set the time using SDM but I think it gets lost everytime I use the reload command? And I don't know how to check logs from CLI, only the SDM works but again the logs seem to clear everytime I reload? Not sure if there is a better way to kickstart the router after 8 hrs of use other than the reload command, to preserve time setting and logs?

    Thanks for your help, sorry I'm such a newbie with this.

    +
    0 Votes
    chris.benecke

    if you think it could be the ammount of memory available on the device have a look at the SDM on the main page that you come to when you load SDM in the left hand window at the top it will tell you how much RAM and NVRAM you have available at the time.

    ram is obviously memory where the image is stored while its running on the device

    the NVRAM which is Flash ram is where the actual IOS CLI software is stored its also where your config file is stored so that it doesnt get lost when you reboot.

    +
    0 Votes
    corlanb

    Here is the memory usage:
    Available/Total Memory...62/128 MB
    Available/Total FLASH...2/24MB

    Do you think this will cause a problem in the future that I'm so close on my flash mem??

    Anyway, the good news is I seem to have solved the problem. I disconnected a Cisco VoIP phone that was not configured (constantly "registering"), and I have been solid for 2-days now. My new challenge is to configure the VPN in the router for that phone but for now I will just enjoy the router working as it should! Thanks everyone for your help with this problem!

    +
    0 Votes
    chris.benecke

    sorry guys the edit button didnt work properly on the last post