Networks·41,393 discussions

Cisco 881 config help

Locked

I am trying to configure a Cisco 881 router to have multiple vlans and share the internet connection.

I’m a noob with this stuff and i’m stuck.
this is what i have so far.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password cisco
!
no aaa new-model
!
!
ip source-route
ip dhcp excluded-address 192.168.9.1
ip dhcp excluded-address 192.168.10.1 192.168.10.99
ip dhcp excluded-address 192.168.10.201 192.168.10.254
ip dhcp excluded-address 192.168.11.1 192.168.11.99
ip dhcp excluded-address 192.168.11.201 192.168.11.254
ip dhcp excluded-address 192.168.12.1 192.168.12.99
ip dhcp excluded-address 192.168.12.201 192.168.12.254
!
ip dhcp pool vlan2
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.9.1
!
ip dhcp pool vlan3
import all
network 192.168.11.0 255.255.255.0
default-router 192.168.9.1
!
ip dhcp pool vlan4
import all
network 192.168.12.0 255.255.255.0
default-router 192.168.9.1
!
!
ip cef
!
!
!
!
username name privilege 15 secret 5 $1$P4qP$h1hBpRrCmd2ZfOk/g9/yX0
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
description Blank LAN
!
interface FastEthernet1
description Lawson LAN
switchport access vlan 2
!
interface FastEthernet2
description Ivey LAN
switchport access vlan 3
!
interface FastEthernet3
description Katz LAN
switchport access vlan 4
!
interface FastEthernet4
description WAN
ip address 192.168.9.1 255.255.255.0
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
ip address 192.168.11.1 255.255.255.0
!
interface Vlan4
ip address 192.168.12.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
banner login ^CThis is a secure system. Authorized Personnel Only!^C
!
line con 0
password console
logging synchronous
login
no modem enable
line aux 0
password backdoor
login
line vty 0 4
password telnet
login
!
scheduler max-task-time 5000
end

Topic

Clarifications

In reply to Cisco 881 config help

Clarifications

RE: Cisco 881 config help

In reply to Cisco 881 config help

You have a good configuration down so far, but you are missing a few things.

1) The default gateways on your DHCP scope should be the IP Addresses of the VLAN they belong to, so below is how it should be configured
ip dhcp pool vlan2
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
ip dhcp pool vlan3
import all
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
!
ip dhcp pool vlan4
import all
network 192.168.12.0 255.255.255.0
default-router 192.168.12.1

Now you also need a nat rule, here is what I suggest

First – Create the ACL’s
Access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.12.0 0.0.0.255

Second – Apply the ACLs to the NAT rule
ip nat inside source list 1 FastEthernet4 overload

Third – Tell the router which interfaces are
IP NAT INSIDE (all VLANS)
and
IP NAT OUTSIDE (FastEthernet4)

Finally, you need a route to the outside (gateway of last resort)
that would be (depending on if your outside IP is given out via DHCP)
ip route 0.0.0.0 0.0.0.0 FastEthernet4
OR
ip route 0.0.0.0 0.0.0.0 DHCP

If you have any further questions feel free to message me!

Thanks,
MIke

Cisco 881 config help

In reply to RE: Cisco 881 config help

Thank you for you insight.
I’ve add the configurations you have suggested. I am getting “% Incomplete command.” on the third step about adding IP NAT INSIDE (all Vlans) and IP NAT OUTSIDE (fastethernet4).
Could you explain. I’ve tried the ? approach to figure it out myself, but I’m stuck again.
Thanks

Cisco 881 config help

In reply to RE: Cisco 881 config help

@ tecmj198
Never mind. I got the configurations to work through step 3. I’m not sure about the 4th.
The fa04(wan) connects to the cable modem. I’m assuming its dhcp, but how can i be sure.
Can i use both configurations to get it to work.
Thanks

RE: Cisco 881 config help

In reply to Cisco 881 config help

I use my 881W through my cable modem. You have to tell int Fa4 that he is getting an address through DHCP. THat command under Fa0/4 is
ip address DHCP
Then you can use either IP route statement. I used the following;
ip route 0.0.0.0 0.0.0.0 DHCP

Also, one mistake that I made, make sure in global config you type IP DOMAIN LOOKUP (i forget if there is a – between domain and lookup, but IP D? will help you out.

Let me konw how it works out!

forgot something

In reply to RE: Cisco 881 config help

You might want to start Cisco Configuration Professional and see about setting up a firewall as well. The GUI will walk you through everything you need.

and I would change your VTY and CON passwords, as we all saw them 🙂

Cisco Configuration Professional

In reply to forgot something

Thank you again for the assist.
I will try to get that config running right now.

As for Cisco Configuration Professional, I?ve tried it numerous times, never could get it to discover the device. Maybe I was missing something like the correct ip/hostname.. or username & passwords.

RE: Cisco Configuration Professional

In reply to Cisco Configuration Professional

You are most welcome!

all you are missing is the following lines you need to add in global config

IP HTTP SERVER
IP HTTP AUTHENTICATION LOCAL

The first command tells it to beable accept HTTP messages and the second, tells the authentication to go to the local database (which you have a user created already).

Incase you dont know, the user(s) who will be accessing CCP or SDM need to have a priv level of 15, which your user account has, if it needed it this is the command you put into global config

username priv 15 secret

If you need any further help please dont hesitate to ask.

Cisco 881 config help

In reply to RE: Cisco 881 config help

Everything is working; vlans are giving out address, internet access. Thanks tecmjl

one thing i may have forgot to explain in detail is that i was hoping to keep the networks (vlans, IPs) separate from each other.

i’m assuming this can be done with access list. I’m just not understanding how its done. At the moment, pings are getting through to each network.

Any help would be appreciative.

RE: Cisco 881 config help

In reply to Cisco 881 config help

Yes you can do it with ACLs. If you understand how ACLs work, then blocking access shouldnt be a problem. You can do it by network or by host.

If you want help, let me know what you are looking to do and I will help you out.

Mike

ACL list help

In reply to RE: Cisco 881 config help

I would like to limit access from each network (or vlans). so vlan1 should not be able to access vlan 2 and vlan 3… by access i mean ping… or i may not be understanding how this all works.
an so on, vlan 2 should not have access to vlan 1 or vlan 3. and vlan 3 should not have access to vlan 1 or vlan 2.

example would be to keep each network visible to only that network ip .10 or .11 or .12

i’ve tried creating access-lists to permit then deny others, but didn’t work. I even upgraded access-list to 101 but still didn’t work. And now also, i can’t get out to the internet..

Thanks so much for your input.

RE: ACL list help

In reply to ACL list help

Can you elaborate more?

you only want to block pings or all interVLAN access?

limit access

In reply to ACL list help

I want to block all traffic from each vlan network. example: i have two workstations connected to the router on different fastethernet ports (vlans/networks) .10.100 & .12.100

If I share a folder on .12.100 workstation. I do no want .10.100 network to get access to this folder (or ping reply or any other communication…) by using the run box and typing \\192.168.12.100

the ultimate goal is to have three separate networks running through this router without communication to the others

New Help

In reply to Cisco 881 config help

WE have a client with an 881 and it does something we are not used to seeing. The router rejects all public traffic from Monster.com and its supported sites such as usajobs.gov. All other port 80 web site traffic is processed normally.

Not sure what to show, but we do have the entire script which is probably not necessary. What happens is that it sees the site but states that this site requires a password. The site does not require passwords or any other log in information to access avaialble jobs.

Related question

In reply to Cisco 881 config help

I used this walkthrough and my CCNA notes to configure my 881 to work with a Trendnet DSL router, but now I have switched ISP’s and I need to get it to work with a pppoe connection and a Dlink DSL modem. None of the online guides have helped me so far because the 881 router is missing a pppoe option in the vpdn-group configuration option. Any help would be great.

[Author]

Replies