cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5467
Views
0
Helpful
46
Replies

config for new router

itsmetaso
Level 1
Level 1

I bought a new router I am having trouble configuring.  I am including the config for the new router and the old router that I am currently using.  I replaced my ip address with 99.999.999.99.  I would appreciate any help as to what I am doing wrong I'm not that familiar with networking.

NEW ROUTER
Building configuration...

Current configuration : 4963 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco861
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-525585330
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-525585330
revocation-check none
rsakeypair TP-self-signed-525585330
!
!
crypto pki certificate chain TP-self-signed-525585330
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35323535 38353333 30301E17 0D393330 33303130 30303034
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4363 72746966 69636174 652D3532 35353835
  33333020 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  9DD3F71D 66FBCBCA 77E853E1 641EB2BE 4A6D97A7 8169081D 8423A7F7 FA3CEF93
  256CE7FC DA15A0DD 8042E40D D90D1DD4 AC666956 533D7B83 5F32D9FD 585F1278
  1718C435 78FE255F CCEE3005 B4422AAA B1AC8317 15BC1BDF 99ECF344 96D69FFD
  EF7CBAC4 94CFD8E9 35A166F4 3B223A84 EDD7642E 0191DCFD 775B8D31 84F7612F
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821763 6973636F 3836312E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 16801471 9DE4ECA9 60650E3F EDA2A0E1 70881C03 964D0830
  1D060355 1D0E0416 0414719D E4ECA060 650E3FED A2A0E170 881C0396 4D08300D
  06092A86 4886F70D 01010405 00038181 00300F37 1DE53839 D5161E12 1B973CAF
  1543141D 77C6B1F7 B8C25FD9 C11D2724 5840F1AF 260B2C44 2367171A D155254A
  7563F1FC ACFE1A85 879D7E56 0DE86DDD 6050D9B2 6CE318B8 CDB31C79 61FC4DC9
  DA080F14 5123D58B 9B47A66A 1DFD173F E5FF8924 B75A2535 2C2F0575 5E665E61
  4D099519 4C7A1875 E979C4B8 C5E64B53 28
   quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
license udi pid CISCO861-K9 sn FTX151500JL
!
!
username admin privilege 15 secret 5 $1$T0..$OCK4MPkiofZWFy.h43X0k1
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 99.999.999.99 255.255.255.252
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 172.30.254.240 255.255.0.0
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run

!
control-plane
!
alias exec sr show run
alias exec s show ip int br
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE 
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

cisco861#

OLD ROUTER

show running-config
Building configuration...

Current configuration : 3810 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nmm831
!
logging monitor errors
enable secret 5 FAKECHARACTERS
enable password FAKECHARACTERS
!
username admin privilege 15 secret 5 FAKECHARACTERS
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip domain lookup
!
!
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
description Internal Lan$ETH-LAN$$FW_INSIDE$
ip address 172.30.254.240 255.255.0.0
ip access-group 104 in
ip access-group sdm_ethernet0_out out
ip nat inside
!
interface Ethernet1
description ISP$FW_OUTSIDE$
ip address 99.999.999.99 255.255.255.252
ip access-group 105 in
ip access-group sdm_ethernet1_out out
ip verify unicast reverse-path
ip nat outside
duplex auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip nat inside source list 100 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 99.999.999.98 permanent
ip route 10.4.2.0 255.255.255.0 172.30.254.3
ip route 172.29.0.0 255.255.0.0 172.30.254.254 permanent
ip route 172.31.0.0 255.255.0.0 172.30.254.252 permanent
ip http server
ip http authentication local
ip http secure-server
!
!
ip access-list extended sdm_ethernet0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_ethernet1_out
remark SDM_ACL Category=1
permit ip any any
logging facility local1
logging 172.30.1.3
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 96.56.206.0 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 172.29.254.0 0.0.0.255 any
access-list 101 permit icmp any host 96.56.206.2 echo-reply
access-list 101 permit icmp any host 96.56.206.2 time-exceeded
access-list 101 permit icmp any host 96.56.206.2 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip any any log
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip 99.999.999.97 0.0.0.3 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit icmp any any
access-list 105 permit ip any any
access-list 105 deny   ip any any log
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password FAKECHARACTERS
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
end

nmm831#

46 Replies 46

hi dude, what is the problem ? What do you want to do ?

Sent from Cisco Technical Support iPad App

When I plugged in the new router my internet doesnt work.  I issued the reload command to reboot after i finished the config and it still didnt work.

First, what kind of router is this?

Some routers have specified interfaces for the WAN and for the LAN and the LAN interfaces will not work for WAN.

New Router is a Cisco 861.

Please check the NAT

You need to implement NAT

conf t

interface FastEthernet4

ip nat outside

interface ethernet 0

ip nat inside

ip nat inside source list 100 interface fast 4 overload

# create acl for NAT

conf t

access-list 100 permit ip 172.30.254.240 0.0.255.255 any

configure the default route

ip route 0.0.0.0 0.0.0.0 99.999.999.98  (your default gateway).

Hope this helps .

thanks.

for the ip nat inside command i do not have an interface ethernet 0.  do i just use fast ethernet 0?  the router wouldn't let me assign an ip address initially to fast ethernet 0 so i assigned it to vlan1.

Hi Adrian,

ther is no such thing as IP Address like this 99.999.999.99. Please check this wikipedia for more info,

http://en.wikipedia.org/wiki/IP_address

I agree with Adrian Brunhuber,you have to implement the same NAT rules and ACLs on the new router.

Yes, apply the ip nat inside on the vlan interface. You can also test if nat is working issuing the folosing command
ping 8.8.8.8 source vlan 1  (ping 8.8.8.8 with the source adress of your vlan 1 so you cand verify nat)

I tried the new router today and i got destination host 172.30.254.240 unreachable.  I copied the old config to the new config line by line.  not sure where i'm making the mistake.

any sugestions?

Jason Dance
Level 1
Level 1

Taso, could you please post the updated config of the 861 router?

thanks

sr
Building configuration...

Current configuration : 7564 bytes
!
! Last configuration change at 02:59:29 UTC Thu Mar 4 1993 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco861
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-535585330
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-535585330
revocation-check none
rsakeypair TP-self-signed-535585330
!
!
crypto pki certificate chain TP-self-signed-535585330
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35323535 38353333 30301E17 0D393330 33303130 30303034
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D3365 72746966 69636174 652D3532 35353835
  33333030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  9DD3F71D 66FBCBCA 77E853E1 641EB2BE 4A6D97A7 8169081D 8423A7F7 FA3CEF93
  256CE7FC DA15A0DD 8042E40D D90s1DD4 AC666956 533D7B83 5F32D9FD 585F1278
  1718C435 78FE255F CCEE3005 B4522AAA B1AC8317 15BC1BDF 99ECF344 96D69FFD
  EF7CBAC4 94CFD8E9 35A166F4 3B223A84 EDD7642E 0191DCFD 775B8D31 84F7612F
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821763 6973636F 3836312E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 16801471 9DE4ECA0 6065033F EDA2A0E1 70881C03 964D0830
  1D060355 1D0E0416 0414719D E4ECA060 650E3FED A2A0E170 881C0396 4D08300D
  06092A86 4886F70D 01010405 00038181 00300F37 1DEf3839 D5161E12 1B973CAF
  1543141D 77C6B1F7 B8C25FD9 C11D2724 5840F1AF 260B2C44 2367171A D155254A
  7563F1FC ACFE1A85 879D7E56 0DE86DDD 6050D9B2 6CE318B8 CDB31C79 61FC4DC9
  DA080F14 5123D58B 9B47A66A 1DFD173F E5FF8924 B75A2535 2C2F0575 5E665E61
  4D099519 4C7A1875 E979C4B8 C5E64B53 28
   quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
license udi pid CISCO861-K9 sn FTX151500JL
!
!
username admin privilege 15 secret 5 $1$T0..$OCxxxxxxxxxfZWFy.h43X0k1
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 99.999.999.99 255.255.255.252
ip access-group 105 in
ip access-group sdm_ethernet1_out out
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 172.30.254.240 255.255.0.0
ip access-group 104 in
ip access-group sdm_ethernet0_out out
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 99.999.999.98 permanent
ip route 10.4.2.0 255.255.255.0 172.30.254.3
ip route 172.29.0.0 255.255.0.0 172.30.254.254 permanent
ip route 172.31.0.0 255.255.0.0 172.30.254.252 permanent
!
ip access-list extended sdm_ethernet0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_ethernet1_out
remark SDM_ACL Category=1
permit ip any any
!
logging facility local1
logging 172.30.1.3
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 96.56.206.0 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 172.29.254.0 0.0.0.255 any
access-list 101 permit icmp any host 96.56.206.2 echo-reply
access-list 101 permit icmp any host 96.56.206.2 time-exceeded
access-list 101 permit icmp any host 96.56.206.2 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip any any log
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip 99.999.999.97 0.0.0.3 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit icmp any any
access-list 105 permit ip any any
access-list 105 deny   ip any any log
no cdp run

!
control-plane
!
alias exec sr show run
alias exec s show ip int br
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE 
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username   privilege 15 secret 0
no username cisco

Replace and with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

cisco861#

On the router enable "debug ip nat" and try browse something.  Do you get any output from the debug logging?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco