6 Replies Latest reply: Jul 2, 2013 9:42 PM by christopher RSS

    Basic Config for 877 ADSL Router

    Crady

      Hi.
      I'm not sure if this is the right place to post this, but I couldn't find any other forum that fits better.
      If this is the wrong place to post feel free to move my post to the proper location.
      If you don't offer this type of help, can you please point me in the right direction?

       

      I need help configuring my Cisco 877 ADSL router. I've tried reading guides and such but I just don't get it to work. Current config is set up via SDM (and doesn't work).
      What I need is a simple config which gives all machines on the lan (192.168.0.x) internet access. I've found lots of PPPoA configs but my ISP (Telia Sweden) doesn't use that. They use enet encap.
      There is no login or password needed for my internet access. My other linksys router is configured as follows:

       

      RFC 2684 Bridged
      Multiplex: LLC
      QoS: UBR
      VC: VPI:8, VCI:35
      DSL Modulation: Multimode
      Dynamic IP
      Dynamic DNS

       

      The config I want:
      Router LAN IP 192.168.0.1
      Dynamic WAN IP
      Dynamic WAN DNS
      LAN DHCP adresses 192.168.0.10-192.168.0.99 (192.168.0.1-192.168.0.9 should still have internet access

       

      I don't need any unneccesary services at all. As long as I get a basic running config I can experiment with it myself and just revert if I mess things up. This way I can start learning configuring the device via the console.

      Please comment as much as possible so that I know what the config does.

       


      My current messy config:
      (Feel free to comment, cut, paste, add whatever you want. Since I don't understand much of the config. I see that i have two ATM interfaces, I don't know why, feel free to remove one if it's not needed.)

       

      *****************************************

       

      !This is the running config of the router: 192.168.0.1
      !----------------------------------------------------------------------------
      !version 15.1
      no service pad
      service tcp-keepalives-in
      service tcp-keepalives-out
      service timestamps debug datetime msec localtime show-timezone
      service timestamps log datetime msec localtime show-timezone
      service password-encryption
      service sequence-numbers
      !
      hostname cisco
      !
      boot-start-marker
      boot-end-marker
      !
      logging buffered 51200
      logging console critical
      enable secret 5 [REMOVED]
      !
      no aaa new-model
      clock timezone PCTime 0
      !
      crypto pki trustpoint TP-self-signed-4060347716
      enrollment selfsigned
      subject-name cn=IOS-Self-Signed-Certificate-4060347716
      revocation-check none
      rsakeypair TP-self-signed-4060347716
      !
      !
      crypto pki certificate chain TP-self-signed-4060347716
      certificate self-signed 01
        [REMOVED]
            quit
      dot11 syslog
      no ip source-route
      no ip dhcp use vrf connected
      ip dhcp excluded-address 192.168.0.1 192.168.0.32
      ip dhcp excluded-address 192.168.0.41 192.168.0.254
      !
      ip dhcp pool sdm-pool1
         import all
         network 192.168.0.0 255.255.255.0
         dns-server 195.67.199.21 195.67.199.22
         default-router 192.168.0.1
      !
      !
      ip cef
      no ip bootp server
      ip domain name localdomain
      ip name-server 195.67.199.21
      ip name-server 195.67.199.22
      !
      !
      !
      !
      archive
      log config
        hidekeys
      username admin privilege 15 secret 5 [REMOVED]
      !
      !
      ip tcp synwait-time 10
      ip ssh time-out 60
      ip ssh authentication-retries 2
      !
      !
      !
      !
      !
      !
      !
      interface ATM0
      no ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip flow ingress
      no atm ilmi-keepalive
      !
      interface ATM0.1 point-to-point
      description $ES_WAN$$FW_OUTSIDE$
      ip address dhcp
      ip flow ingress
      ip nat outside
      ip virtual-reassembly
      pvc 8/35
        encapsulation aal5snap
      !
      !
      interface FastEthernet0
      !
      interface FastEthernet1
      !
      interface FastEthernet2
      !
      interface FastEthernet3
      !
      interface Vlan1
      description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
      ip address 192.168.0.1 255.255.255.0
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip flow ingress
      ip nat inside
      ip virtual-reassembly
      ip tcp adjust-mss 1452
      !
      ip forward-protocol nd
      ip http server
      ip http access-class 23
      ip http authentication local
      ip http secure-server
      ip http timeout-policy idle 60 life 86400 requests 10000
      !
      ip nat inside source static tcp 192.168.0.2 3389 interface ATM0.1 3389
      ip nat inside source list 1 interface ATM0.1 overload
      ip route 78.70.116.0 255.255.255.0 ATM0 permanent
      ip route 192.168.0.0 255.255.255.0 Vlan1 permanent
      !
      logging trap debugging
      access-list 1 remark INSIDE_IF=Vlan1
      access-list 1 remark SDM_ACL Category=2
      access-list 1 permit 192.168.0.0 0.0.0.255
      no cdp run

       

      !
      !
      !
      !
      control-plane
      !
      banner exec ^C
      % Password expiration warning.
      -----------------------------------------------------------------------
      Cisco Router and Security Device Manager (SDM) is installed on this device
      -----------------------------------------------------------------------
      ^C
      banner login ^CAuthorized access only!
      Disconnect IMMEDIATELY if you are not an authorized user!^C
      !
      line con 0
      login local
      no modem enable
      transport output telnet
      line aux 0
      login local
      transport output telnet
      line vty 0 4
      exec-timeout 120 0
      privilege level 15
      login local
      length 0
      transport input telnet ssh
      !
      scheduler max-task-time 5000
      scheduler allocate 4000 1000
      scheduler interval 500
      end

       

      *************************************

       

      Any help is greatly appreciated.

        • 1. Re: Basic Config for 877 ADSL Router
          Farzad Cheema

          I think I know what you are talking about as some of my remote branches in Scandi use 877 Routers. 877 config is different in all three countries (Denmark, Sweden and Norway) but as you asked, I am pasting my Swedish config below. Hopefully this would help you. I am not 100 % sure that my ISP is the same as yours but looks like I am using a similar config which doesn't require a password etc.

           

          Please note in Sweden you need to configure "interface ATM0.35 point-to-point" subinterface and you can't use the traditional Dialer interface. Also I have noticed that I get static IPs from ISP, but in your case you need to use the "dhcp" option as per the config below.

           

          I have left comments in BOLD after important commands:

          --------------------------------------------------------------------------

           

          hostname Router
          !
          boot-start-marker
          boot-end-marker
          !

          This would exclude first 10 IPs from your subnet
          ip dhcp excluded-address 192.168.0.1 192.168.0.10   
          !

          Here is your DHCP pool which will assign addresses

          Don't worry about mask, its a valid mask

          ip dhcp pool MYPOOL                                              
             network 192.168.0.0 255.255.255.0                        
             default-router 192.168.0.1
             dns-server 192.168.0.1
          !
          dot11 syslog
          ip cef
          !
          no ip domain lookup
          !
          multilink bundle-name authenticated
          !
          archive
          log config
            hidekeys

          ATM interface commands

          !

          interface ATM0                                                              
          no ip address
          no atm ilmi-keepalive
          dsl operating-mode auto
          You need this sub interface with no password

          !

          interface ATM0.35 point-to-point                                   
          ip address dhcp
          pvc 8/35
            encapsulation aal5snap
          !
          interface FastEthernet0
          !
          interface FastEthernet1
          !
          interface FastEthernet2
          !
          interface FastEthernet3
          !

          Vlan 1 is local subnet configured on your router

          interface Vlan1                                                         
          ip address 192.168.0.1 255.255.255.0
          ip mtu 1360
          ip tcp adjust-mss 1320
          !
          ip forward-protocol nd

          Default route to ISP

          ip route 0.0.0.0 0.0.0.0 ATM0.35                                 
          !
          ip dns server

          This command will enable your internet (it uses an ACL called NAT below)

          ip nat inside source list NAT interface ATM0.35 overload
          !
          ip access-list extended NAT
          permit ip 192.168.0.1 0.0.0.255 any

          !
          no cdp run
          !
          control-plane
          !
          line con 0
          no modem enable
          line aux 0
          line vty 0 4
          exec-timeout 120 0
          transport input all
          transport output all
          !
          scheduler max-task-time 5000
          sntp broadcast client
          !
          end

          • 2. Re: Basic Config for 877 ADSL Router
            Crady

            When I copy this config I get this error:

             

            --------------------------------

            multilink bundle-name authenticated
            ^
            % Invalid input detected at '^' marker.

            ----------------------------------

            So I removed that part.

             

            also I get an error about applying the following line to the ios image

             

            access-list 1 permit 192.168.0.1 0.0.0.255 any

            so I changed that to:

            access-list 1 permit 192.168.0.0 0.0.0.255

            and that fixed it.

            what is the difference between these 2 lines?

             

            Also, after I reset the router I get the following message. None of this was displayed before the reset.

             

            -----------------------------------

            SETUP: new interface NVI0 placed in "shutdown" state

             


            Press RETURN to get started!

             


            *Mar  1 00:00:10.822: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized
            *Mar  1 00:00:11.562: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled
            *Mar  1 00:00:12.882: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
            *Mar  1 00:00:13.214: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down
            *Mar  1 00:00:14.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
            *Mar  1 00:00:46.770: %SYS-5-CONFIG_I: Configured from memory by console
            *Jan  3 22:06:37.080: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
            *Jan  3 22:06:37.752: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down
            *Jan  3 22:06:38.668: %SYS-5-RESTART: System restarted --
            Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)
            Technical Support: http://www.cisco.com/techsupport
            Copyright (c) 1986-2010 by Cisco Systems, Inc.
            Compiled Mon 22-Mar-10 07:23 by prod_rel_team
            *Jan  3 22:06:38.668: %SNMP-5-COLDSTART: SNMP agent on host cisco877 is undergoing a cold start
            *Jan  3 22:06:38.740: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down
            *Jan  3 22:06:38.760: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
            *Jan  3 22:06:38.760: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
            *Jan  3 22:06:38.816: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down
            *Jan  3 22:06:38.888: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to up
            *Jan  3 22:06:38.892: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to up
            *Jan  3 22:06:38.896: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to up
            *Jan  3 22:06:39.880: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
            *Jan  3 22:06:39.888: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down
            *Jan  3 22:06:39.892: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down
            *Jan  3 22:06:39.896: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down
            *Jan  3 22:07:09.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

            --------------------------------

             

            And I can also see that the current software installed on the router is C870-ADVSECURITYK9-M. I do not have Annex-M support on my connection. Will it work with Annex-A aswell or do I have to update the software on the router?

             

            Thanks!

            • 3. Re: Basic Config for 877 ADSL Router
              Farzad Cheema

              Don't worry about multi bundle comamnd, just ignore that.

               

              Also remove access-list 1 and add the access-list I told you.It's a named acl and when you type the first line, it will change your prompt and then copy and paste the second line.

               

              (conf)#ip access-list extended NAT
              (conf)# permit ip 192.168.0.1 0.0.0.255 any

               

               

              Also type these commands:

               

              conf t#

              (conf)#int vlan 1

              (conf)#no shut

              (conf)#int atm0

              (conf)#no shut

              (conf)#int fas 1

              (conf)#no shut

              (conf)#int fas 2

              (conf)#no shut

              (conf)#int fas 3

              (conf)#no shut

              (conf)#int fas 4

              (conf)#no shut

              (conf)#end

              #wr

               

              And you are good to go.

              • 5. Re: Basic Config for 877 ADSL Router
                VV

                877 Bridge Config

                 

                !
                version 12.3
                no service pad
                service timestamps debug datetime msec localtime
                service timestamps log datetime msec localtime
                service password-encryption
                !
                hostname PureBridge
                !
                boot-start-marker
                boot-end-marker
                !
                enable secret YOUR PASSWORD
                !
                no aaa new-model
                !
                resource manager
                !
                clock timezone ACST 9 30
                clock summer-time ACST recurring last Sun Oct 2:00 last Sun Mar 2:00
                ip subnet-zero
                no ip source-route
                !
                !
                no ip dhcp use vrf connected
                !
                !
                no ip cef
                ip domain name modem.local
                no ip ips deny-action ips-interface
                !
                no ftp-server write-enable
                !
                !
                username admin password YOUR PASSWORD
                !
                !
                !
                bridge irb
                !
                !
                interface Vlan1
                description --- Ethernet  ---
                no ip address
                bridge-group 1
                hold-queue 100 out
                !
                interface ATM0
                description --- ADSL to ISP ---
                no ip address
                ip virtual-reassembly
                no ip route-cac
                no ip mroute-cache
                no ip proxy-arp
                no atm ilmi-keepalive
                bundle-enable
                dsl operating-mode itu-dmt
                bridge-group 1
                hold-queue 224 in
                pvc 8/35
                encapsulation aal5snap
                protocol ip inarp
                !
                !
                interface FastEthernet1
                no ip address
                duplex auto
                speed auto
                !
                interface FastEthernet2
                no ip address
                duplex auto
                speed auto
                !
                interface FastEthernet3
                no ip address
                duplex auto
                speed auto
                !
                interface FastEthernet4
                no ip address
                duplex auto
                speed auto
                !
                interface BVI1
                description --- Bridging Interface ---
                no ip address
                !
                ip classless
                !
                no ip http server
                no ip http secure-server
                !
                control-plane
                !
                bridge 1 protocol ieee
                bridge 1 route ip
                !
                line con 0
                no modem enable
                terminal-type vt100
                length 25
                transport preferred all
                transport output all
                stopbits 1
                line aux 0
                transport preferred all
                transport output all
                line vty 0 4
                login local
                terminal-type vt100
                length 25
                transport preferred all
                transport input telnet
                transport output all
                !
                scheduler max-task-time 5000
                end

                • 6. Re: Basic Config for 877 ADSL Router
                  christopher

                  Dear Furzaad Chima

                   

                  I have read your post and the config I need, maybe quite close to your's but I cannot get it up.

                   

                  I am using Cisco 877 router for a static IP address from my telco.

                  IP: 58.185.226.122

                  Subnet: 255.255.255.252

                  Gateway: 58.185.226.123

                  VPI: 8

                  VCI: 35

                   

                  I need to configure DHCP for this router. Which part of the script should I change?