I have an 861W wireless router that I've just purchased and would like to get working. I'm replacing a router that needs to be rebooted frequently. The configuration of the network is as follows: there's a cable modem which plugs into the wan interface of the old router. The other side of the router is plugged into a switch which connects to several clients. The router is configured for DHCP. This enables all clients to use the internet. This is how I would like the 861W to operate.
Because I can't stop work to configure the 861W, I have the WAN interface (FE4) attached to our network. The old router gives it an ip. I have an ethernet cable coming from a LAN port on the 861W to my machine. This is how I'm configuring it. When I telnet into the 861W, I can ping any machine on our network. I can ping my client machine as well. I cannot ping any other machine on the network from my client machine. I need to be able to access client on the WAN side of the router from a client on the LAN side.
Below is my configuration. Any help would be greatly appreciated.
Current configuration : 5425 bytes
!
! Last configuration change at 20:50:22 CST Sun Feb 28 1993 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 861W
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$fT/U$UBWQYmc.cNTE.aZjnKT5E.
!
no aaa new-model
memory-size iomem 10
clock timezone CST -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-460023439
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-460023439
revocation-check none
rsakeypair TP-self-signed-460023439
!
!
crypto pki certificate chain TP-self-signed-460023439
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363030 32333433 39301E17 0D393330 33303130 30303034
355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3436 30303233
34333930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
D6F6B497 E1786E36 06E42523 99C9621F FFA52A33 8383AF7C 95E30B5B F96710D2
C408B9F1 12384196 83EA2D6E EF19650D 084140E1 A9551E4C D7FFDB4E ED8CA160
6C8975CB B1D577F5 139CA52B A17CD014 70B0DE64 79264CE6 3E54516F 90399B32
F7297A83 1C18C603 0F099E50 823AB88F 507EF241 D25322BB 9E7AD7FF 2FD0172B
02030100 01A37D30 7B300F06 03551D13 0101FF04 05300301 01FF3028 0603551D
11042130 1F821D38 3631572E 73706563 74657269 6E737472 756D656E 74732E6C
6F63616C 301F0603 551D2304 18301680 14C49087 AF886BBB 3D5B1EF7 B33F370F
B22EDD53 5E301D06 03551D0E 04160414 C49087AF 886BBB3D 5B1EF7B3 3F370FB2
2EDD535E 300D0609 2A864886 F70D0101 04050003 81810065 435E79F9 69ADC7B8
3AD08D38 2FE24522 B6E2CACC 13CCC533 05F83E2F D8ADD621 FCD78AB5 579AE83C
DCEDDC30 DB7D70A7 7C395410 47A8EDCC F7072CB2 F158F89C 2194CB42 F1167877
47DC5B21 4C2769C0 2A5514A6 7BFC8AEA 0FFB65F9 4E549E7B A67AF639 AC70E0EC
E26E79CD 0EC26940 65DD3454 417AEBC1 642E0DE8 9FC228
quit
no ip source-route
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 209.18.47.61 209.18.47.62
default-router 10.10.10.1
domain-name specterinstruments.local
lease 0 2
!
!
ip cef
no ip bootp server
ip domain name specterinstruments.local
ip name-server 209.18.47.61
ip name-server 209.18.47.62
!
!
license udi pid CISCO861W-GN-A-K9 sn FTX14208243
!
!
username admin privilege 15 secret 5 $1$nSfP$tGrUQM4cJLbR6x2QhCyCX1
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Because I can't stop work to configure the 861W, I have the WAN interface (FE4) attached to our network. The old router gives it an ip. I have an ethernet cable coming from a LAN port on the 861W to my machine. This is how I'm configuring it. When I telnet into the 861W, I can ping any machine on our network. I can ping my client machine as well. I cannot ping any other machine on the network from my client machine. I need to be able to access client on the WAN side of the router from a client on the LAN side.
Below is my configuration. Any help would be greatly appreciated.
Current configuration : 5425 bytes
!
! Last configuration change at 20:50:22 CST Sun Feb 28 1993 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 861W
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$fT/U$UBWQYmc.cNTE.aZjnKT5E.
!
no aaa new-model
memory-size iomem 10
clock timezone CST -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-460023439
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-460023439
revocation-check none
rsakeypair TP-self-signed-460023439
!
!
crypto pki certificate chain TP-self-signed-460023439
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363030 32333433 39301E17 0D393330 33303130 30303034
355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3436 30303233
34333930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
D6F6B497 E1786E36 06E42523 99C9621F FFA52A33 8383AF7C 95E30B5B F96710D2
C408B9F1 12384196 83EA2D6E EF19650D 084140E1 A9551E4C D7FFDB4E ED8CA160
6C8975CB B1D577F5 139CA52B A17CD014 70B0DE64 79264CE6 3E54516F 90399B32
F7297A83 1C18C603 0F099E50 823AB88F 507EF241 D25322BB 9E7AD7FF 2FD0172B
02030100 01A37D30 7B300F06 03551D13 0101FF04 05300301 01FF3028 0603551D
11042130 1F821D38 3631572E 73706563 74657269 6E737472 756D656E 74732E6C
6F63616C 301F0603 551D2304 18301680 14C49087 AF886BBB 3D5B1EF7 B33F370F
B22EDD53 5E301D06 03551D0E 04160414 C49087AF 886BBB3D 5B1EF7B3 3F370FB2
2EDD535E 300D0609 2A864886 F70D0101 04050003 81810065 435E79F9 69ADC7B8
3AD08D38 2FE24522 B6E2CACC 13CCC533 05F83E2F D8ADD621 FCD78AB5 579AE83C
DCEDDC30 DB7D70A7 7C395410 47A8EDCC F7072CB2 F158F89C 2194CB42 F1167877
47DC5B21 4C2769C0 2A5514A6 7BFC8AEA 0FFB65F9 4E549E7B A67AF639 AC70E0EC
E26E79CD 0EC26940 65DD3454 417AEBC1 642E0DE8 9FC228
quit
no ip source-route
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 209.18.47.61 209.18.47.62
default-router 10.10.10.1
domain-name specterinstruments.local
lease 0 2
!
!
ip cef
no ip bootp server
ip domain name specterinstruments.local
ip name-server 209.18.47.61
ip name-server 209.18.47.62
!
!
license udi pid CISCO861W-GN-A-K9 sn FTX14208243
!
!
username admin privilege 15 secret 5 $1$nSfP$tGrUQM4cJLbR6x2QhCyCX1
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end