Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with 837 Config.

I have a Cisco 837 (brand new) I am trying to set it up via the CRWS but all it does is just sit there tell me that it is 'Checking the Model, the IOS and the Features' and that's it! It doesn't go any further. I've tried it with IE and Firefox and left it for many hours, but still no change.

Where do i go from here? Many thanks.

16 REPLIES
Red

Re: Help with 837 Config.

Are you using Windows XP by any chance? I believe there are issues with it (due to missing Java Virtual Machine).

You will need Java Plug-in 1.4.2_05 or later, or Java Virtual Machine (JVM) 5.0.0.3810

New Member

Re: Help with 837 Config.

Yep, I'm using XP. I visited Java.com and downloaded the latest JRE and that fixed it for me, but it is still very flakey. I did manage to get the 837 configured but have a few questions.

I am just a beginner with all this stuff, but I did a 'show running config' and noticed that there are 2 default usernames setup in the router. Kanaan and something else and they have something to do with level15. How can I delete these accounts?

VIP Purple

Re: Help with 837 Config.

Hello,

as CRWS appears to be rather buggy, SDM is a replacement for CRWS. Go to www.cisco.com/go/sdm and download it there.

As an alternative, and if you are using IE6, you might want to install the Microsoft Virtual Machine, you can download it at www.craftof.com/VirtualMachine.asp, uncheck the Sun Java VM in IE6.

HTH,

GP

New Member

Re: Help with 837 Config.

Thanks for your help GP. I'll take a look at SDM. I grabbed MS JVM from your site as well, I've been looking for that for a while.

Thanks again.

New Member

Re: Help with 837 Config.

I downloaded SDM and tried it but to no avail. I'm hoping someone can help walk me through setting up this 837 from the CLI. I have been able to test the login ID and password for the ISP as well as the phone line, so I know all that is OK.

I have all the details I need, I just don't know the commands to set it all up.

Many thanks in advance.

Silver

Re: Help with 837 Config.

Try this for size:

!

version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname

!

boot-start-marker

boot-end-marker

!

enable secret

no aaa new-model

!

resource manager

!

ip subnet-zero

!

!

no ip dhcp use vrf connected

!

!

ip cef

no ip domain lookup

no ip bootp server

ip inspect name internet-out tcp

ip inspect name internet-out udp

ip inspect name internet-out icmp

no ip ips deny-action ips-interface

!

no ftp-server write-enable

!

!

interface Ethernet0

ip address

ip access-group internet-out in

ip nat inside

ip virtual-reassembly

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

no ip mroute-cache

atm vc-per-vp 64

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.3 point-to-point

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

interface Dialer1

description OUTSIDE

ip address

ip access-group internet-in in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect internet-out out

ip virtual-reassembly

encapsulation ppp

no ip route-cache cef

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname

ppp chap password 7

ppp pap sent-username password 7

crypto map mymap

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no ip http server

no ip http secure-server

!

ip nat inside source interface Dialer1 overload

!

!

ip access-list extended internet-in

deny ip 10.0.1.0 0.0.0.255 any log

deny ip 0.0.0.0 0.255.255.255 any log

deny ip 127.0.0.0 0.255.255.255 any log

deny ip 10.0.0.0 0.255.255.255 any log

deny ip 192.168.0.0 0.0.255.255 any log

deny ip 172.16.0.0 0.15.255.255 any log

deny ip 192.0.2.0 0.0.0.255 any log

deny ip 169.254.0.0 0.0.255.255 any log

permit icmp any host echo

permit icmp any host echo-reply

deny ip any any log

!

!

!

control-plane

!

!

line con 0

password

logging synchronous

login

no modem enable

transport preferred none

transport output none

line aux 0

exec-timeout 0 1

login

no exec

transport preferred none

transport output all

line vty 0 4

password

logging synchronous

login

transport preferred none

transport input telnet ssh

transport output none

!

scheduler max-task-time 5000

end

Rgds

Paddy

New Member

Re: Help with 837 Config.

Thanks Paddy, that all looks very thorough from what I can tell with my limited knowledge.

I've noticed you've added this comment in several places. We don't have an external IP address it is handed out to us (DHCP). Do I need to make any changes because of this?

Also, I am not really very fluent with the CLI, at what point do I start inputting this code?

And, I'd like to reset the router to its' defaults, how can do that?

With many thanks.

Silver

Re: Help with 837 Config.

Yes, if you get your IP address via dhcp then change the bit that says

dialer 1

ip address

to

dialer 1

ip address dhcp

To reset the router type in "erase start-up config" and then reload "reload" the router.

Before you paste the config to the router, i think you need to add "end" just after the last command on the dialer interface 1 which is "crypto map mymap" This takes the router out of interface mode (config-if#) so the remainder of the config will be recognised.

i.e.

crypto map mymap

---> add "end" here

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

...remainder of config

HTH

Paddy

Hall of Fame Super Silver

Re: Help with 837 Config.

Paddy

I think you do not want "end" where you indicated it. First "end" will take him all the way out of the config and the remaining commands will not be recognized. Perhaps you might want "exit" which will back up a level (from interface mode to global mode) instead of "end". And actually you do not need either of them. The parser is pretty smart and if it is in some configuration mode and sees a global command (like ip classless) it will automatically go into global config mode and process the command correctly (without requiring the exit command).

HTH

Rick

New Member

Re: Help with 837 Config.

Thank you all so much for your help.

So do I use an End or an Exit or nothing? Also, I saw Paddy mention about copying the commands into the router. Is it possible to in some way, 'cut and paste' or FTP/TFTP the commands into the router instead of inputting them one line at a time?

With many thanks.

Hall of Fame Super Silver

Re: Help with 837 Config.

Matt

As I said in my previous post, using end where Paddy indicated would be a mistake and would take you completely out of config mode. It would work just find with either exit or nothing. I believe that for those of us who like things to be precise and exactly right the choice of exit will be what we choose (in essence Paddy's point was that if you are in interface mode and want to enter a global config command you would exit interface mode and enter the command in global config mode. Others of us who prize efficiency and want to eliminate extraneous things would say that exit is not required and to go from interface commands directly to global commands will work just fine. Both points of view are factually correct. Which one you prefer is a matter of personal choice.

To address your other point:

you can type the commands in one at a time - and this will work. But there are several alternatives which are more efficient:

- you can type the commands into a file and then select all, copy from the file, and go to a window where you have a terminal session to the router, and paste into the terminal session. All of the commands will be copied, pasted, and the config will be efficiently updated.

- you can type the commands into a file, put the file into an appropriate directory of a tftp server, and do copy tftp running-config on the router (this will prompt you for some parameters such as the address of the tftp server and the name of the file) and will use tftp transfer from the file and update the running config (in a very efficient way). I believe that it is also possible to do the same kind of thing and to use ftp to transfer the commands rather than using tftp.

HTH

Rick

New Member

Re: Help with 837 Config.

Thanks for the clarification Rick, I do appreciate everyones help here.

With regards to changing the '' bit, what do I do with these lines as our IP is DHCP assigned?

- permit icmp any host echo

- permit icmp any host echo-reply

What should I replace with?

Many thanks,

Matt.

Silver

Re: Help with 837 Config.

Matt/Rick,

Appologies, i actually mean't "exit", i even tested it as i was writing the post on a router so not sure why i added "end" to the post!

Regardless if it works without this then all the better.

Good luck

Paddy

New Member

Re: Help with 837 Config.

No problem Paddy.

By the way, I asked just before, with regards to changing the '' bit, what do I do with these lines as our IP is DHCP assigned?

- permit icmp any host echo

- permit icmp any host echo-reply

What should I replace with?

Many thanks,

Matt.

Hall of Fame Super Silver

Re: Help with 837 Config.

Matt

Paddy's suggestion is effective in situations where the external IP is static and known. If it is dynamic then you would need to change the host and specify some subnet. The question then becomes what subnet to use in the access list? Perhaps your provider can tell you what is the beginning and ending of the pool from which it assigns addresses. If the provider can not (or does not) tell you that, then if you watch what addresses are assigned (over some period of time) you can approximate what range of addresses to put into the access list.

HTH

Rick

New Member

Re: Help with 837 Config.

If i am thinking about this correctly. I would think that you could safely use:

permit icmp any any

I dont think the destination address really matters if you only have 1 ip address. There is no way for the router to know your inside address because you are nat'ing. You probably have only 1 address on the outside interface that is public. So you can make the destination addresse any address you want.

This wouldnt work so well if you have a block of addresses routed to it, but since you are using dhcp you can use the "any" command for your destination.

If i am mistaken, please correct me.

257
Views
3
Helpful
16
Replies
CreatePlease login to create content