Dear Fellow Members I desperately require Major Help.
I bought a cisco877w router to get to grips with a cisco product boy how wrong was I.
I popped in the ciscosdm cd and followed the cisco express setup wizard this was pretty straight forward and within 5 mins I had internet up and running, the wireless was a whole different ball game all together and the wireless sdm config manager was rubbish. with the help of Michaelr somehow I managed to get the wireless up and running with WPA via command line.
The router has been up and running for a few months but not without problems. the most frustrating is that about every 5 days I need to connect via telnet and run a RELOAD to reboot the router in order to get the net up again. when this happens I look at the logs but there is not much to go on and I then run a test which is always successful. which than means a dreaded relaod to get the net up.
TEST Result.
Router Details
Attribute Value
Router Model 877W
Image Name c870-advipservicesk9-mz.124-9.T.bin
IOS Version 12.4(9)T
Hostname ocme-router
Interface Details
Attribute Value
Interface ATM0.1
IP address xx.xxx.xxx.xx
Description
Test Activity Summary
Activity Status
Checking interface status... Up
Checking for DNS settings... Successful
Checking interface IP address.. Successful
Checking exit interface... Successful
Pinging to destination host... Successful
Test Activity Details
Activity Status
Checking interface status... Up
Interface physical status :Up
Line protocol status :Up
Checking for DNS settings... Successful
DNS lookup set :Yes
Statically configured DNS servers : 212.104.130.9 212.104.130.65
Dynamically imported DNS servers :None
Checking interface IP address.. Successful
Interface IP address :xx.xxx.xxx.xx
Interface IP address Type :Static
Checking exit interface... Successful
Exit interface found ialer0
Exit interface found ialer0
Pinging to destination host... Successful
Destination pinged to :212.104.130.9
Size of the ping packet (in bytes) :100
Timeout interval :2
Number of ping packets sent to the destination address :5
Ping reply validated :No
Fragmentation allowed on ping packet :No
Destination pinged to :212.104.130.65
Size of the ping packet (in bytes) :100
Timeout interval :2
Number of ping packets sent to the destination address :5
Ping reply validated :No
Fragmentation allowed on ping packet :No
MY CONFIG
Building configuration...
Current configuration : 7455 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ocme-router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$t8Sl$zUHhaZeCu.1Iyj0Fw5jKj/
!
no aaa new-model
!
resource policy
!
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 212.104.130.9 212.104.130.65
default-router 10.10.10.1
domain-name overclockme.com
lease 7
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name overclockme.com
ip name-server 212.104.130.9
ip name-server 212.104.130.65
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip ips sdf location flash://128MB.sdf autosave
ip ips notify SDEE
!
!
crypto pki trustpoint TP-self-signed-970880312
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-970880312
revocation-check none
rsakeypair TP-self-signed-970880312
!
!
crypto pki certificate chain TP-self-signed-970880312
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39373038 38303331 32301E17 0D303730 35313431 32333235
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3937 30383830
33313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
DC8A271A ED697234 B35E16EE E560F7FC 172D28B1 2DB5A660 597024DF 490EEDD6
04B42AA1 F533AF74 58DFFF5B 22A6C98E E5EDB923 3ADD7C47 F9A7D202 8A95AF50
24218359 524304A5 7B656F3A AF08CE69 4348127B B89FE832 BCA75DF2 731C3E39
D7793845 7C057F25 0DE6B3DB AF446833 54277745 EAF9FAC9 4503BD46 6D382A03
02030100 01A37B30 79300F06 03551D13 0101FF04 05300301 01FF3026 0603551D
11041F30 1D821B6F 636D652D 726F7574 65722E6F 76657263 6C6F636B 6D652E63
6F6D301F 0603551D 23041830 16801417 21CE6D45 13B4C708 3D42F4EF C510A654
787BB830 1D060355 1D0E0416 04141721 CE6D4513 B4C7083D 42F4EFC5 10A65478
7BB8300D 06092A86 4886F70D 01010405 00038181 00A3CBF0 5C712D43 BBCA96AD
F602F90D 87E2A29A C0007603 4E982CE4 0D1A5B48 F5C12851 1E4B05E9 6371843E
A90A8CF2 45E1A85B F03B227B CDD07FC0 076EF120 19E07CDD 84730160 3756B4EC
23D20B3B B172F2D3 69DE5276 FA20419D BC1BA228 37800D56 22027D44 484719FB
DFABB143 429AE29D 2FCFF697 E1A7F30C 4C176FAE F8
quit
username ciscosdm privilege 15 secret 5 $1$Ho9H$SCHg3OqejATTIzDfhBOcc/
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid OCME
authentication open
authentication key-management wpa
wpa-psk ascii 7 1216061A170805172924
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
ip address xx.xxx.xxx.xx 255.255.255.252
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxx@adsl.eclipse.co.uk
ppp chap password 7 04560A10003345421C
ppp pap sent-username xxxxxxxx@adsl.eclipse.co.uk password 7 09414F1F16171E1E1E
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip xx.xxx.xxx.xx 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 212.104.130.65 eq domain any
access-list 101 permit udp host 212.104.130.9 eq domain any
access-list 101 permit udp host 212.104.130.65 eq domain host xx.xxx.xxx.xx
access-list 101 permit udp host 212.104.130.9 eq domain host xx.xxx.xxx.xx
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host xx.xxx.xxx.xx echo-reply
access-list 101 permit icmp any host xx.xxx.xxx.xx time-exceeded
access-list 101 permit icmp any host xx.xxx.xxx.xx unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Please Please Please
Any Help would be greatly Appreciated
Many Thanks
HarpZ
I bought a cisco877w router to get to grips with a cisco product boy how wrong was I.
I popped in the ciscosdm cd and followed the cisco express setup wizard this was pretty straight forward and within 5 mins I had internet up and running, the wireless was a whole different ball game all together and the wireless sdm config manager was rubbish. with the help of Michaelr somehow I managed to get the wireless up and running with WPA via command line.
The router has been up and running for a few months but not without problems. the most frustrating is that about every 5 days I need to connect via telnet and run a RELOAD to reboot the router in order to get the net up again. when this happens I look at the logs but there is not much to go on and I then run a test which is always successful. which than means a dreaded relaod to get the net up.
TEST Result.
Router Details
Attribute Value
Router Model 877W
Image Name c870-advipservicesk9-mz.124-9.T.bin
IOS Version 12.4(9)T
Hostname ocme-router
Interface Details
Attribute Value
Interface ATM0.1
IP address xx.xxx.xxx.xx
Description
Test Activity Summary
Activity Status
Checking interface status... Up
Checking for DNS settings... Successful
Checking interface IP address.. Successful
Checking exit interface... Successful
Pinging to destination host... Successful
Test Activity Details
Activity Status
Checking interface status... Up
Interface physical status :Up
Line protocol status :Up
Checking for DNS settings... Successful
DNS lookup set :Yes
Statically configured DNS servers : 212.104.130.9 212.104.130.65
Dynamically imported DNS servers :None
Checking interface IP address.. Successful
Interface IP address :xx.xxx.xxx.xx
Interface IP address Type :Static
Checking exit interface... Successful
Exit interface found ialer0
Exit interface found ialer0
Pinging to destination host... Successful
Destination pinged to :212.104.130.9
Size of the ping packet (in bytes) :100
Timeout interval :2
Number of ping packets sent to the destination address :5
Ping reply validated :No
Fragmentation allowed on ping packet :No
Destination pinged to :212.104.130.65
Size of the ping packet (in bytes) :100
Timeout interval :2
Number of ping packets sent to the destination address :5
Ping reply validated :No
Fragmentation allowed on ping packet :No
MY CONFIG
Building configuration...
Current configuration : 7455 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ocme-router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$t8Sl$zUHhaZeCu.1Iyj0Fw5jKj/
!
no aaa new-model
!
resource policy
!
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 212.104.130.9 212.104.130.65
default-router 10.10.10.1
domain-name overclockme.com
lease 7
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name overclockme.com
ip name-server 212.104.130.9
ip name-server 212.104.130.65
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip ips sdf location flash://128MB.sdf autosave
ip ips notify SDEE
!
!
crypto pki trustpoint TP-self-signed-970880312
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-970880312
revocation-check none
rsakeypair TP-self-signed-970880312
!
!
crypto pki certificate chain TP-self-signed-970880312
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39373038 38303331 32301E17 0D303730 35313431 32333235
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3937 30383830
33313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
DC8A271A ED697234 B35E16EE E560F7FC 172D28B1 2DB5A660 597024DF 490EEDD6
04B42AA1 F533AF74 58DFFF5B 22A6C98E E5EDB923 3ADD7C47 F9A7D202 8A95AF50
24218359 524304A5 7B656F3A AF08CE69 4348127B B89FE832 BCA75DF2 731C3E39
D7793845 7C057F25 0DE6B3DB AF446833 54277745 EAF9FAC9 4503BD46 6D382A03
02030100 01A37B30 79300F06 03551D13 0101FF04 05300301 01FF3026 0603551D
11041F30 1D821B6F 636D652D 726F7574 65722E6F 76657263 6C6F636B 6D652E63
6F6D301F 0603551D 23041830 16801417 21CE6D45 13B4C708 3D42F4EF C510A654
787BB830 1D060355 1D0E0416 04141721 CE6D4513 B4C7083D 42F4EFC5 10A65478
7BB8300D 06092A86 4886F70D 01010405 00038181 00A3CBF0 5C712D43 BBCA96AD
F602F90D 87E2A29A C0007603 4E982CE4 0D1A5B48 F5C12851 1E4B05E9 6371843E
A90A8CF2 45E1A85B F03B227B CDD07FC0 076EF120 19E07CDD 84730160 3756B4EC
23D20B3B B172F2D3 69DE5276 FA20419D BC1BA228 37800D56 22027D44 484719FB
DFABB143 429AE29D 2FCFF697 E1A7F30C 4C176FAE F8
quit
username ciscosdm privilege 15 secret 5 $1$Ho9H$SCHg3OqejATTIzDfhBOcc/
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid OCME
authentication open
authentication key-management wpa
wpa-psk ascii 7 1216061A170805172924
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
ip address xx.xxx.xxx.xx 255.255.255.252
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxx@adsl.eclipse.co.uk
ppp chap password 7 04560A10003345421C
ppp pap sent-username xxxxxxxx@adsl.eclipse.co.uk password 7 09414F1F16171E1E1E
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip xx.xxx.xxx.xx 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 212.104.130.65 eq domain any
access-list 101 permit udp host 212.104.130.9 eq domain any
access-list 101 permit udp host 212.104.130.65 eq domain host xx.xxx.xxx.xx
access-list 101 permit udp host 212.104.130.9 eq domain host xx.xxx.xxx.xx
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host xx.xxx.xxx.xx echo-reply
access-list 101 permit icmp any host xx.xxx.xxx.xx time-exceeded
access-list 101 permit icmp any host xx.xxx.xxx.xx unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Please Please Please
Any Help would be greatly Appreciated
Many Thanks
HarpZ