Hi All,
Having problem seting up Cisco 871 software 12.3 router for internet use at my office.
Here is the setup.
We have broadband provided by phone line. I have adsl modem in bridge mode.
So here is what i did for cisco box:
1.Because it is not a first time i am doing this i have reseted my router to factory defaults.
2.Gave router name, configured enable secret and password.
3.Because 4 ports on the router are level 2 (figured this out recently
, i am creating vlan 172
config t
int vlan 172
ip address 172.20.20.100 255.255.255.0
no shutdown
4. Configured F0 interface to be switch port mode access. And switchport access vlan 172.
config t
int f0
switchport mode access
switchport access vlan 172
no shutdown
So now i have f0 int on vlan 172. and i can ping ip 172.20.20.100
5.Configured Https access to router
ip http server
ip http secure-server
ip http authentication local
Created a user account with privilege level 15.
username username privilege 15 password 0 password
Configured SSH and Telnet for local login and privilege level 15:
line vty 0 4
privilege level 15
login local
transport input telnet
transport input telnet ssh
Enabled local logging to support the log monitoring function:
logging buffered 51200 warning
copy run start
reload
Have access now with Cisco Professional
6. Confiured my laptop with static ip address of 172.20.20.102, gateway is cisco 172.20.20.100. DNS is isp. Opened Cisco Professional the look of it is the same as Cisco SDM.
7. Went in to Intefaces and Connections.
Selected Create New Connection, Ethernet (PPOE or Unencapsulated Routing).
Enabled PPOE Encapsulation
Under ip address section selected Easy IP (IP Negotiated) because this is reuirement form ISP, as gateways are redundant.
Selecet Chap and PAP Authentication type as i am not sure which is ISP using.
Next i selected Default static route, and selected "use this interface as forwarding interface", and selected PAT option and choose VLAN172 as to be translated.
these wre comands sent to router after step 7
access-list 1 remark INSIDE_IF=Vlan172
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.20.0 0.0.0.255
interface Vlan172
ip tcp adjust-mss 1412
ip nat inside
exit
interface Dialer0
exit
default interface Dialer0
interface Dialer0
ip mtu 1452
no shutdown
ip address negotiated
ip nat outside
dialer pool 1
dialer-group 1
encapsulation ppp
dialer idle-timeout 120
dialer fast-idle 20
ppp authentication chap pap callin
ppp pap sent-username eircom@eircom.net password 0 **********
ppp chap hostname eircom@eircom.net
ppp chap password 0 **********
exit
interface FastEthernet4
description $ETH-WAN$
no shutdown
pppoe-client dial-pool-number 1
exit
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 1
dialer-list 1 protocol ip permit
After this step i have PPP light coming up on my router, so it is connected to ISP.
if i run SH IP INT Dialer 0
Internet address is **.46.***.**/32
Broadcast address is 255.255.255.255
Address determined by IPCP
MTU is 1452 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
So i can notice in begining internet address is given to my router.
But if i try to ping any public ip address or do trace route it keeps timing out.
Here is my router runing config:
Building configuration...
Current configuration : 3472 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NIS-Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$dy8e$2E26INghms91ckeV0vTeK/
enable password ***
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1774761845
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1774761845
revocation-check none
rsakeypair TP-self-signed-1774761845
!
!
crypto pki certificate chain TP-self-signed-1774761845
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373734 37363138 3435301E 170D3039 30363132 30313334
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37373437
36313834 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CF52 90FA4F8A 7A831727 878FDD35 2334B07B FDB39D99 6D629F82 F42FB9B9
B7C2986B 2DB1220E E20EEC09 A9B6BB73 0CD2C4AC 4943B3DD 04BF7846 568E1265
EE69E373 5ABDDA58 F9CBD05F 43C5F4D3 2E420688 D88F23CF CA9312D2 8DD90D07
FA94664F 47501C28 D6E00C5D F16FEEC0 2D0FB77F 2AC202D1 BF50D57B AE0D967C
F6690203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A4E4953 2D526F75 74657230 1F060355 1D230418 30168014
C9E39292 716AB4E0 96D6F8EC 522355C5 EBD0A0B1 301D0603 551D0E04 160414C9
E3929271 6AB4E096 D6F8EC52 2355C5EB D0A0B130 0D06092A 864886F7 0D010104
05000381 81006E7A 52C396F2 9C82DF84 B90753C2 4FF574AA 408DE6F9 5C7E7250
A94C3E58 AAB8236F 8F42E9F4 C4CACE21 28C8B329 C3B5B26A 92CAD21F 88C081C3
A420D661 222D4144 9CB9D3C5 FB85F71C C03E7E17 B8DAF65D 34291E29 9CDCA1F5
62891740 BEAC2B81 D8669C9E 20E7D000 616D34FE 6958D230 DEFE3AA4 0E66D984
651ABF2F C459
quit
dot11 syslog
no ip routing
no ip cef
!
!
!
!
!
username admin privilege 15 password 0 *******
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
switchport access vlan 172
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
description $ETH-WAN$
no ip address
no ip route-cache
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan172
ip address 172.20.20.100 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname eircom@eircom.net
ppp chap password 0 ******
ppp pap sent-username eircom@eircom.net password 0 *****
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan172
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.20.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password *****
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
So my question is what i am missing as i am getting furstrated here after playing with this for 3 days, and googling every thing i could think of.
Why i am not getting on to internet ? even without dns ? Why cant i ping any public address?
Any suggestions will be appresiated !!
Thanks in advance for your time !
Having problem seting up Cisco 871 software 12.3 router for internet use at my office.
Here is the setup.
We have broadband provided by phone line. I have adsl modem in bridge mode.
So here is what i did for cisco box:
1.Because it is not a first time i am doing this i have reseted my router to factory defaults.
2.Gave router name, configured enable secret and password.
3.Because 4 ports on the router are level 2 (figured this out recently
, i am creating vlan 172config t
int vlan 172
ip address 172.20.20.100 255.255.255.0
no shutdown
4. Configured F0 interface to be switch port mode access. And switchport access vlan 172.
config t
int f0
switchport mode access
switchport access vlan 172
no shutdown
So now i have f0 int on vlan 172. and i can ping ip 172.20.20.100
5.Configured Https access to router
ip http server
ip http secure-server
ip http authentication local
Created a user account with privilege level 15.
username username privilege 15 password 0 password
Configured SSH and Telnet for local login and privilege level 15:
line vty 0 4
privilege level 15
login local
transport input telnet
transport input telnet ssh
Enabled local logging to support the log monitoring function:
logging buffered 51200 warning
copy run start
reload
Have access now with Cisco Professional
6. Confiured my laptop with static ip address of 172.20.20.102, gateway is cisco 172.20.20.100. DNS is isp. Opened Cisco Professional the look of it is the same as Cisco SDM.
7. Went in to Intefaces and Connections.
Selected Create New Connection, Ethernet (PPOE or Unencapsulated Routing).
Enabled PPOE Encapsulation
Under ip address section selected Easy IP (IP Negotiated) because this is reuirement form ISP, as gateways are redundant.
Selecet Chap and PAP Authentication type as i am not sure which is ISP using.
Next i selected Default static route, and selected "use this interface as forwarding interface", and selected PAT option and choose VLAN172 as to be translated.
these wre comands sent to router after step 7
access-list 1 remark INSIDE_IF=Vlan172
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.20.0 0.0.0.255
interface Vlan172
ip tcp adjust-mss 1412
ip nat inside
exit
interface Dialer0
exit
default interface Dialer0
interface Dialer0
ip mtu 1452
no shutdown
ip address negotiated
ip nat outside
dialer pool 1
dialer-group 1
encapsulation ppp
dialer idle-timeout 120
dialer fast-idle 20
ppp authentication chap pap callin
ppp pap sent-username eircom@eircom.net password 0 **********
ppp chap hostname eircom@eircom.net
ppp chap password 0 **********
exit
interface FastEthernet4
description $ETH-WAN$
no shutdown
pppoe-client dial-pool-number 1
exit
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 1
dialer-list 1 protocol ip permit
After this step i have PPP light coming up on my router, so it is connected to ISP.
if i run SH IP INT Dialer 0
Internet address is **.46.***.**/32
Broadcast address is 255.255.255.255
Address determined by IPCP
MTU is 1452 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
So i can notice in begining internet address is given to my router.
But if i try to ping any public ip address or do trace route it keeps timing out.
Here is my router runing config:
Building configuration...
Current configuration : 3472 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NIS-Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$dy8e$2E26INghms91ckeV0vTeK/
enable password ***
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1774761845
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1774761845
revocation-check none
rsakeypair TP-self-signed-1774761845
!
!
crypto pki certificate chain TP-self-signed-1774761845
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373734 37363138 3435301E 170D3039 30363132 30313334
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37373437
36313834 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CF52 90FA4F8A 7A831727 878FDD35 2334B07B FDB39D99 6D629F82 F42FB9B9
B7C2986B 2DB1220E E20EEC09 A9B6BB73 0CD2C4AC 4943B3DD 04BF7846 568E1265
EE69E373 5ABDDA58 F9CBD05F 43C5F4D3 2E420688 D88F23CF CA9312D2 8DD90D07
FA94664F 47501C28 D6E00C5D F16FEEC0 2D0FB77F 2AC202D1 BF50D57B AE0D967C
F6690203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A4E4953 2D526F75 74657230 1F060355 1D230418 30168014
C9E39292 716AB4E0 96D6F8EC 522355C5 EBD0A0B1 301D0603 551D0E04 160414C9
E3929271 6AB4E096 D6F8EC52 2355C5EB D0A0B130 0D06092A 864886F7 0D010104
05000381 81006E7A 52C396F2 9C82DF84 B90753C2 4FF574AA 408DE6F9 5C7E7250
A94C3E58 AAB8236F 8F42E9F4 C4CACE21 28C8B329 C3B5B26A 92CAD21F 88C081C3
A420D661 222D4144 9CB9D3C5 FB85F71C C03E7E17 B8DAF65D 34291E29 9CDCA1F5
62891740 BEAC2B81 D8669C9E 20E7D000 616D34FE 6958D230 DEFE3AA4 0E66D984
651ABF2F C459
quit
dot11 syslog
no ip routing
no ip cef
!
!
!
!
!
username admin privilege 15 password 0 *******
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
switchport access vlan 172
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
description $ETH-WAN$
no ip address
no ip route-cache
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan172
ip address 172.20.20.100 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname eircom@eircom.net
ppp chap password 0 ******
ppp pap sent-username eircom@eircom.net password 0 *****
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan172
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.20.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password *****
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
So my question is what i am missing as i am getting furstrated here after playing with this for 3 days, and googling every thing i could think of.
Why i am not getting on to internet ? even without dns ? Why cant i ping any public address?
Any suggestions will be appresiated !!
Thanks in advance for your time !