cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2255
Views
5
Helpful
15
Replies

891fw - Basic Config (DHCP from ISP, WiFi and NAT Overload

djackson11111
Level 1
Level 1

I recent got an 891fw and was look for a basic config for DHCP from my ISP via my GI wan interface, w/ dhcp internal, NAT overload from vlan 1 to the GI wan and dhcp internally. Where can I find something that explains this? I have gone through several tutorials and the best I can get is pinging the outside of the router. 

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Here is a link on how to configure DHCP on the router:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/812-cisco-router-dhcp-config.html

HTH

View solution in original post

15 Replies 15

Reza Sharifi
Hall of Fame
Hall of Fame

Here is a link on how to configure DHCP on the router:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/812-cisco-router-dhcp-config.html

HTH

On a side not, have you got WiFi and NAT working as well ?

No, I do not have WiFi or NAT working as of yet.

Do you have anything regarding the WiFi?

djackson11111
Level 1
Level 1

Hey!!! The DHCP is running smooth and it totally makes sense. Thanks!1

Glad all is working for you and thanks for the rating!

djackson11111
Level 1
Level 1

Any ideas about the NAT overload and WiFi?

Can you post "sh run" from the router and point out what interface is connecting to the provider (Internet) and what interface is internal?

HTH

Building configuration...

 

Current configuration : 3401 bytes

!

! Last configuration change at 19:52:23 UTC Thu May 11 2017 by admin

!

version 15.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname oakland

!

boot-start-marker

boot-end-marker

!

!

security authentication failure rate 10 log

security passwords min-length 6

logging console critical

enable secret 5 $1$i9ud$.

enable password 7

!

aaa new-model

!

!

aaa authentication login local_auth local

!

!

!

!

!

aaa session-id common

service-module wlan-ap 0 bootimage autonomous

!

!

no ip source-route

no ip gratuitous-arps

!

!

!

!

!

!

!

!

 

 

!

ip dhcp excluded-address 172.26.8.1 172.26.8.150

!

ip dhcp pool NET-POOL

 network 172.26.8.0 255.255.255.0

 default-router 172.26.8.1

 dns-server 71.250.0.12 4.2.2.2

 domain-name oakland.local

 lease 8

!

!

!

no ip bootp server

ip domain name oakland.local

ip cef

no ipv6 cef

!

!

!

!

!

multilink bundle-name authenticated

!

isdn switch-type basic-5ess

!

!

!

!

!

!

license udi pid sn

!

!

username admin password 7

!

!

!

!

no cdp run

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

!

!

!

!

!

!

!

!

interface BRI0

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 encapsulation hdlc

 shutdown

 isdn switch-type basic-5ess

 isdn termination multidrop

 isdn point-to-point-setup

!

interface FastEthernet0

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 shutdown

 duplex auto

 speed auto

!

interface GigabitEthernet0

 no ip address

!

interface GigabitEthernet1

 no ip address

!

interface GigabitEthernet2

 no ip address

!

interface GigabitEthernet3

 no ip address

!

interface GigabitEthernet4

 no ip address

!

interface GigabitEthernet5

 no ip address

!

interface GigabitEthernet6

 no ip address

!

interface GigabitEthernet7

 no ip address

!

interface GigabitEthernet8

 ip address dhcp

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 duplex auto

 speed auto

!

interface Wlan-GigabitEthernet8

 no ip address

!

interface wlan-ap0

 no ip address

 shutdown

!

interface Vlan1

 ip address 172.26.8.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

!

interface Async3

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 encapsulation slip

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

!

logging trap debugging

logging facility local2

dialer-list 1 protocol ip permit

!

access-list 100 permit udp any any eq bootpc

!

!

!

control-plane

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

!

!

!

!

!

banner motd ^C Stay OUT ^C

!

line con 0

 login authentication local_auth

 no modem enable

 transport output telnet

line aux 0

 exec-timeout 15 0

 login authentication local_auth

 transport output telnet

line 2 3

 exec-timeout 15 0

 login authentication local_auth

 no activation-character

 no exec

 transport preferred none

 transport input all

 stopbits 1

line vty 0 4

 password 7 105D29091547001F1F243A3B743A27

 login authentication local_auth

 transport input telnet ssh

!

scheduler allocate 20000 1000

!

!

end

 

oakland#Current configuration : 3401 bytes

         ^

 

Assuming inter gi8 is the one that connects to Internet, you need this command under the interface

config 

int gi8

ip nat outside

Assuming vlan1 is the interface serving internal network, you need this command under the vlan interface

config t

int vlan 1

ip nat inside

you also need to configure an access list 

access list 101 permit ip 172.26.8.0 0.0.0.255 any

you also need a NAT statement:

ip nat inside source list 101 interface gi8 overload

Also, here is good doc with an examle on how to configure NAT

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/260-cisco-router-nat-overload.html

HTH

I had attempted to implement settings similar to what you sent me without success until now!! Thanks... It works and makes sense!!! Now all I need is the WiFi so I can replace the old router.

Glad to know that is working too.

Can you provide more info regarding what you are trying to do with WiFi?

I just want agn to all work on vlan 1, if that is the simplest thing to do. I want them to share the same subnet and dhcp. It would be nice to also have a guest network.

Get Outlook for iOS

I was able to configure the wireless but only with WPA. How can I change it to WPA2 so it is not left vulnerable to hackers?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco