It's an Cisco 877W-G-E-K9. (It has a POTS RJ11-connection on the back)

The ISP-modem forwards all ports to 192.168.254.2.

How do I configure the cisco to act as a router behind this modem?

Hi,

Use one of the FE port to connect to the ISP modem's RJ45 port and configure a point-to-point address.

877(config)#int f0

877(config-if)#no switchport

877(config-if)#ip address IP_ADDRESS 255.255.255.252

877(config)#int vlan 1

877(config-if)#ip address INTERNAL_ADDRESS

877(config)#ip route 0.0.0.0 0.0.0.0 ISP_MODEM_IP

Sent from Cisco Technical Support iPhone App

Hi,

It's not working for me.

The ISP-modem has ip 192.168.254.1 and there is no DHCP configured on this device. All port are forwarded to 192.168.254.2 (This must be the cisco router)

I have a default configuration in my cisco877.

Internal network of cisco = 10.10.10.1 with DHCP.

No dialer configured yet, also NAT is not configured.

Do you have some kind of template which I can use? Maybe from there I can configure the cisco correctly.

hi,

you can start from here. it basically covers everything especially what you're looking for (PPP, NAT and VPN).

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/857sg_bk.pdf

Hi,

Below you will find my running config. The connection with the ISP modem on Interface F0 does not work.

When i'm using command "No switchport" it says "invalid command"

My static IP-address on F0 must be 192.168.254.2 255.255.255.0

Running Config:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$Zw/5$a5r6xtBQsVR40v27N1uBP/
!
no aaa new-model
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2535400162
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2535400162
 revocation-check none
 rsakeypair TP-self-signed-2535400162
!
!
crypto pki certificate chain TP-self-signed-2535400162
 certificate self-signed 01
  30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32353335 34303031 3632301E 170D3032 30333031 30303133 
  33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35333534 
  30303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100DF7C 6A798BD1 CBC85030 5932EF76 5BD8F854 A227ACFE BA27F5D4 FABD7336 
  7BDBD52D 60AB26D5 BAB4E5CB DDD81C7F AA145FD1 F6E5D76B 57C43B3E 4A6160DF 
  E71D6EAE AFAAD933 1F5E7073 654BC9FB 0F5D55F5 5EB88BFD A73D12E2 4E4EC369 
  A6AFC55E D80E611E 78F2F201 26E53B90 E5C9AF75 8630A3A3 9D5424F2 26DD8FFE 
  5E6B0203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 
  551D1104 0E300C82 0A555253 49393052 54522E30 1F060355 1D230418 30168014 
  4B9B9F77 812300EB 4A57682E FA8B3906 EF68139B 301D0603 551D0E04 1604144B 
  9B9F7781 2300EB4A 57682EFA 8B3906EF 68139B30 0D06092A 864886F7 0D010104 
  05000381 81003002 AD380ED7 46E79FD5 4BE38820 827453A4 94FEDF40 3D39D664 
  2EBEFC90 55ECBF6D BC6A8158 FF9BDA69 0C553D50 08A75F24 87A67A82 8F52C846 
  E3B2B451 2B0CE940 B5CB5C49 FA85DAA6 769155CE BB814984 0C27D414 36AA1CCF 
  A738FDA1 71100188 7B97EA4F E07BD35E 183E1C62 659286CF E8695FCD 7C797858 
  55898CFF 79C2
   quit
dot11 syslog
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1 
   dns-server 195.238.2.21 195.238.2.22
!
!
ip cef
no ip bootp server
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
username admin privilege 15 secret 5 $1$j4JQ$3Dm.WJbnkheQ4meFbu/
! 
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
no ip ftp passive
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
 description WAN_Link
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.0.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet0 overload
!
logging trap debugging
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

hi,

sorry, it should be "no switchport access vlan" command. see below.

877(config-if)#no switchport access vlan 

877(config-if)#ip address ?

  A.B.C.D  IP address

  dhcp     IP Address negotiated via DHCP

  pool     IP Address autoconfigured from a local DHCP pool

please rate if helpful. thanks!

Hi,

you should change this

ip route 0.0.0.0 0.0.0.0 FastEthernet0

to

ip route 0.0.0.0 0.0.0.0 192.168.1.254

and make the f0 interface a routed port with the command from john and assign it an ip address in the same range as the modem/router

I suppose this is a Belgacom BBox from the  the DNS servers you configured on the router in your dhcp pool?

So the modem/router LAN ip must be in the 192.168.1.0 /24 if you didn't change anything and it should be a DHCP server for this LAN by default.

Regards.

Alain

Hi Alain,

The modem from Belgacom is an Speedtouch 787 (Business DSL)

The IP of this modem is 192.168.254.1 and has no DHCP configured. All the ports are forwarded in this modem to 192.168.254.2.

It is ok that I must set a static IP address(192.168.254.2) on the F0 interface?

Hi,

yes you can and the static route will be then:

ip route 0.0.0.0 0.0.0.0 192.168.254.1  on Cisco router

Regards.

Alain

Thanks.

When setting an ip address on the F0 interface i get the error:

IP addresses may not be configured on L2 links FastEthernet0 (See screenshot attached to this post)

Hi,

My apologies again. 877 FE ports are Layer 2 only by default. Try configuring as below:

877(config)#vlan 10

877(config)#int vlan 10

877(config-if)#ip add 192.168.254.2 255.255.254.0

877(config-if)#int f0

877(config-if)#switchport access vlan 10

Sent from Cisco Technical Support iPhone App

Hi,

I did everything described above. But I cannot get internet through the F0-interface.

Below you will find my recent running config.

p.s.: I've change the subnet 192.168.254.x tot 192.168.2.x, because i'm testing the router in my network. When done it will be placed in the 192.168.254.x subnet.

My ISP modem had the ip-address 192.168.2.254

!
ip dhcp pool sdm-pool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1 
   dns-server 192.168.2.254 
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description WAN_Link
switchport access vlan 10
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
interface Vlan10
ip address 192.168.2.2 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.254
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet0 overload
!

hi,

could you try the below:

int vlan 10

ip nat out

no ip nat inside source list 101 interface FastEthernet0 overload

ip nat inside source list 101 interface vlan 10 overload