cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3097
Views
0
Helpful
18
Replies

Help with basic config of 819 using CP Express please

PricingKernel
Level 1
Level 1

I set up a basic Linksys E2500 with the following information and connected to the internet straight away without a problem:

E2500.jpg

I have spent several hours simply trying to get this basic information into the Cisco 819 using CP Express without success, i.e. I get no internet.  Rather than show my inputs, I'd appreciate some guidance of the correct setup.  I am a novice so I'd rather solve this issue using CP Express just to get connected in the first instance. 

By the way, I have a static IP address, I connected the ethernet cable carrying the internet to the internet port of the E2500 and an ethernet cable from one of the ethernet ports of the E2500 to my PC.  For the 819, I connected the internet cable to the GE WAN 0 port and the PC to one of the FE ports.  Thanks.

1 Accepted Solution

Accepted Solutions

Hi,

just mark the thread as resolved and rate any post you found valuable.

PM me and we'll find a way to test it and see what is not working.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

18 Replies 18

paolo bevilacqua
Hall of Fame
Hall of Fame

CP Express and other GUI often don't work, use CLI for sure results.

OK, I have connected to the router using Putty over the serial port.  I have managed to configure the basic stuff like router name and change username/pwd etc...   However, the user guide is not too helpful regarding configuring the GE WAN and other FE ports.  Can you help there please?  Thanks.

Hi,

Are  you connected via WAN interface to a xDSL modem or modem/router ?

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,  I don't know the exact modem or whether it is a modem/router or just modem but the network is SDSL. Does it matter?  Thanks,Joel

Hi,

if the Linksys router was already connected to this device with the config you posted then this is a modem only and so the config should look like this:

interface vlan 1

ip address 192.168.1.1 255.255.255.0

ip nat inside

exit

no ip dhcp conflict-logging

ip dhcp excluded-address 192.168.1.1 192.168.1.99

ip dhcp excluded-address 192.168.1.150 192.168.1.254

ip dhcp pool mypool

network 192.168.1.0 /24

default-router 192.168.1.1

dns-server 195.129.12.x  135.196.0.x

exit

interface g0/0

ip address 88.211.8.x 255.255.255.x  ----> your WAN static IP

ip nat outside

access-list 99 permit 192.168.1.0 0.0.0.255

ip nat inside source list 99 interface g0/0

ip route 0.0.0.0 0.0.0.0 88.211.8.x  ----> your default-gateway

Try to ping 8.8.8.8  from a host attached to one of the LAN interfaces and if it works then you got done.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Ah, I see.  Sorry, for the confusion then.  The E2500 was just there to test the line and my connection credentials.  It is no longer in the network.  I just want to configure the 819 to work directly from the SDSL cable into its GE WAN 0 port.

Hi,

try what I posted and let us know.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain, I really appreciate your help and patience on this.  Unfortunately, it did not work.  Now, the PC does not even receive an IP address from the router, let alone connect to the internet!  My building IT manager said the router may not work if it has a built-in modem.  Could this really be an issue?

Hi,

could you post following outputs:

- sh ip int br | i Vlan

-sh ip route

-sh int status

Have you connected the host with a straight cable and have you tried releasing/renewing the DHCP address on the host ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

concerning the xdsl stuff then we should do PPPoE on the router:

so here is the part to change

interface G0/0

no ip address

pppoe enable

pppoe-client dial-pool-number 1

no shut

interface Dialer1

ip address 88.211.8.x 255.255.255.x

ip mtu 1492

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

ppp authentication chap callin

ppp chap hostname xxx   --->  your login

ppp chap password xxx  ---> your password

no shut

ip nat inside source list 99 interface dialer1

no ip route 0.0.0.0 0.0.0.0 88.211.8.x 

ip route 0.0.0.0 0.0.0.0 dialer1  ----> your default-gateway

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Morning Alain,

Yes, the router is connected to the host with a striaght through cable (the one supplied by Cisco).  I have tried several times to renew the lease and even manually set the host onto the same subnet as the router and cannot access the router by typing its IP address into a browser.  Here is what I have done so far.  I had to change some of your script to match my interface names etc (my changes in bold) but there is still one command that is not recognised by the CLI - "access-list":

configure

terminal

interface Vlan1

ip address 192.168.1.1 255.255.255.0

ip nat inside

exit

no ip dhcp conflict logging

ip dhcp excluded-address 192.168.1.1 192.168.1.99

ip dhcp excluded-address 192.168.1.150 192.168.1.254

ip dhcp pool mypool

network 192.168.1.0 /24

default-router 192.168.1.1

dns-server 195.129.12.114  135.196.0.6

exit

interface GigabitEthernet0

ip address 88.211.8.xxx 255.255.255.252

ip nat outside

access-list 99 permit 192.168.1.0 0.0.0.255  <=== this line not accepted

ip nat inside source list 99 interface GigabitEthernet0

ip route 0.0.0.0 0.0.0.0 88.211.8.xxw

exit

Is the config saved automatically at this point or do I have to force a save somehow?  Here are the results of the check commands:

- sh ip int br | i Vlan1

Vlan1                      192.168.1.1     YES manual administratively down down

-sh ip route

Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

-sh int status

Port    Name               Status       Vlan       Duplex Speed Type

Fa0                        connected    1          a-full   a-100 10/100BaseTX

Fa1                        disabled     1            auto    auto 10/100BaseTX

Fa2                        disabled     1            auto    auto 10/100BaseTX

Fa3                        disabled     1            auto    auto 10/100BaseTX

When I check the host, the IPv4 autoconfig is 169.254.240.17.

I do not have a username and password and I don't need one to connect (as evidenced by the success in connecting the E2500).  I don't think there is PPPoE.  The building IT manager said I should be able to connect just with the supplied IP address, subnet mask, def gway and DNS servers.  Indeed I can with the E2500.  Should the 819 really be this difficult?  Do you think it is faulty?

Thanks as always for your help!

Hi,

do this:

- interface vlan 1

  no shut

- enable ip routing as it may have  been disabled (from the sh ip route output) with the global configuration command: ip routing  and do a no shut on the G0/0 interface also.

Then you should get a dhcp address on the host.

-concerning the access-list try to  configure it in global config mode so exit out from interface before configuring it

Yes you must save the config with either the wr command or the copy run start command done in privileged mode( # prompt) or in config mode by prefixing with the do keyword.

When you got DHCP going correctly then try to ping 8.8.8.8 from the router and let us know

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Alain, seriously, you rock!  Ping success and I can finally connect to the internet.  For completeness and to help other users, I am pasting the final full config I used here:

configure

terminal

interface Vlan1

no shut

ip address 192.168.1.1 255.255.255.0

ip nat inside

exit

no ip dhcp conflict logging

ip dhcp excluded-address 192.168.1.1 192.168.1.99

ip dhcp excluded-address 192.168.1.150 192.168.1.254

ip dhcp pool mypool

network 192.168.1.0 /24

default-router 192.168.1.1

dns-server 195.129.12.114  135.196.0.6

exit

interface GigabitEthernet0

ip address 88.211.8.xxx 255.255.255.252  ////Static IP address

ip nat outside

exit

access-list 99 permit 192.168.1.0 0.0.0.255

ip nat inside source list 99 interface GigabitEthernet0

ip route 0.0.0.0 0.0.0.0 88.211.8.xxw    ////Default Gateway

exit

ip routing

exit

copy running-config startup-config

CTRL/Z

So now I should be safe to turn the router off and on again and still be configured?

Here are the results of the tests:

- sh ip int br

Interface                  IP-Address      OK? Method Status                Protocol

Cellular0                  unassigned      YES unset  down                  down

FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  administratively down down

FastEthernet2              unassigned      YES unset  administratively down down

FastEthernet3              unassigned      YES unset  administratively down down

GigabitEthernet0           88.211.8.138    YES manual up                    up

NVI0                       unassigned      NO  unset  up                    up

Serial0                    unassigned      YES unset  administratively down down

Vlan1                      192.168.1.1     YES manual up                    up

-sh ip route

Gateway of last resort is 88.211.8.xxw to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 88.211.8.xxw

      88.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        88.211.8.xxv/30 is directly connected, GigabitEthernet0

L        88.211.8.xxx/32 is directly connected, GigabitEthernet0

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.1.0/24 is directly connected, Vlan1

L        192.168.1.1/32 is directly connected, Vlan1

-sh int status

Port    Name               Status       Vlan       Duplex Speed Type

Fa0                        connected    1          a-full   a-100 10/100BaseTX

Fa1                        disabled     1            auto    auto 10/100BaseTX

Fa2                        disabled     1            auto    auto 10/100BaseTX

Fa3                        disabled     1            auto    auto 10/100BaseTX

If I may use you for just a few more things? 

  1. Obviously, I need to enable the other 3 FE ports. 
  2. Also, I would like to ensure that I have the default security set up and I would like to forward a couple of ports (one for VNC and another for SQL).
  3. I'd like to set up a secure WIFI

Can you help me with these too?

Cheers, Joel 

Hi,

I'm happy you made it work 

Now you can reload the router and the config will still be there and working.

for the other things:

1) just connect a host with the correct cable into the port and it will get an IP address from DHCP

2) for port forwarding:  x.x.x.x is the IP address of the internal host listening on the port

  VNC ---> ip nat inside source static tcp x.x.x.x 5900 interface g0/0 5900

                ip nat inside source static tcp x.x.x.x 5800 interface g0/0 5800

SQL --->  ip nat inside source static tcp x.x.x.x 1433 interface g0/0 1433

For the security there are lots of things you can do like:

- disable telnet access and configure ssh instead and use an ACL for restricting the hosts that can ssh into the device:

    http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

- disable cdp on the external interface : no cdp enable on g0/0 interface

- use IOS login enhancements: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_login.html

- configure ZBF( Zone based Firewall): http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml

3)for secure wifi:http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/wireless.html

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/wireless.html

http://www.cisco.com/en/US/docs/routers/access/1800/wireless/configuration/guide/awg.html

If you need any help on one of these tasks just open a new thread and we'll do our best to help you.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco