Cisco 857 - i cant get it to work.

babyface uk · 6 Jan 2009 at 11:59

Hi Peeps,

Got a Cisco 857 router for work and could not get it working there so i took it home for another go and still cant get it to work.

I do the first time setup as per the guide entering what i think is correct, eg. user name / password, vci/vpi, domain name server etc.... but then i cant access the internet with that router.
Now im in over my head i think as my previoues experiance of routers is home netgear jobbys but I cant see any other options to change that would help.

Does anyone have a stock set of settings i can copy for the router please.

thanks

Babyface

pdw8 · 6 Jan 2009 at 13:01

Do a search of this forum and you will find quite a few posts with full configs on. You need to use the CLI really though.

Skidilliplop · 6 Jan 2009 at 16:45

I wouldn't bother with the initial config wizard thing. Just console into it and set it up that way. It's fairly easy and there are some good how2's on the web. Chances are if you've entered all the info and it still doesn't work it's not set up for NAT or there's no default route configured. with cisco's they are litterally blank you need to tell it how to do everything.

babyface uk · 7 Jan 2009 at 07:53

Skidilliplop said:
I wouldn't bother with the initial config wizard thing. Just console into it and set it up that way. It's fairly easy and there are some good how2's on the web. Chances are if you've entered all the info and it still doesn't work it's not set up for NAT or there's no default route configured. with cisco's they are litterally blank you need to tell it how to do everything.

And now for the noob Q, how would one "Console into it"

Ta

Chief Wiggum · 7 Jan 2009 at 07:58

there should be a blue serial cable in the box.
Connect that to your PC via a serial port (9pin) and use your chosen hyper-terminal type program.
Set it to com port (might be 1 or 2) and baud rate 9800, with no flow control and hit enter - should give you command-line. TBH though, you can do it all through th SDM which is the gui, you need to use the nat wizard and the routing screen to set a default route out of the dialler

PistolPete · 7 Jan 2009 at 12:41

If you are not familiar with IOS and configs then I'd suggest doing it all through SDM.

m_cozzy · 7 Jan 2009 at 22:13

Yes. The sdm on the later models is superb. Certainly I haven't even touched the cli since upgrading my 837 to an 877.
However its still extremely complex compared to a consumer grade device. As mentioned it may be that it has connected but a nat or access rule is not yet in place to allow browsing.

babyface uk · 9 Jan 2009 at 12:08

is there anything I can post to help you guys diag what the smeg im doing wrong, tried to config NAT via SDM and its the problem that im not sure what im doing, help...........

Babyface

Chief Wiggum · 9 Jan 2009 at 13:31

ok, through the SDM, click Configure at the top and then interfaces, on the tab, click edit interface / connection.

Should show your ADSL interface (ATM1), does it show an IP address?
x.x.x.x(dhcp) and status UP

If not, that's your first issue

If that's ok, go to the NAT tab and click basic NAT and launch task - follow the wizard and ensure that your ATM1 interface is outside (connects to internet) and your local lan (prob BVI1) is Inside

Then once done, go to the routing tab and there shouldn't be anything under Static Routing in the top window - click Add:
Tick the make this the default route (this should add 0.0.0.0 to both prefix and mask boxes)
under forwarding (next hop) chose interface ATM1 and tick permanent route.

Click ok and send the commands to the router (don't save at this point so you can back it out by switching it off and on again).

That should be it

babyface uk · 9 Jan 2009 at 13:52

under interface/connection i have...

atm0 - no ip address, no other details
atm0,2 - no ip address, but does show the details i have entered eg user name / p/w, vpi/vci etc...
fast ethernet 0 to 3
vlan1

so i assume i have no ip address

Chief Wiggum · 9 Jan 2009 at 14:31

hmm, ok - is one of the ATM interfaces showing a green tick next to it, or do the both have red crosses next to them?

Under the additional tasks tab, click config management and then confi editor - agree to the terms, this should show a copy of the config on the router, look for ATM0 or atm 0/2 you should see your settings under it, does it have IP DHCP negotiate under one of them - if you can copy and paste the ATM settings here (minus the username and password, that would be good

teaboy5 · 9 Jan 2009 at 19:55

just copy and paste the entire running config.

Here is mine for example, which should help you

Router#sh run
Building configuration...

Current configuration : 5412 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5
enable password 7
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp excluded-address 192.168.0.21 192.168.0.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
domain-name 192.168.0.10
default-router 192.168.0.10
dns-server 212.139.132.43
!
!
ip tcp synwait-time 10
no ip bootp server
ip name-server 212.139.132.43
ip ssh time-out 60
ip ssh authentication-retries 2
login on-failure
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-546218257
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-546218257
revocation-check none
rsakeypair TP-self-signed-546218257
!
!
crypto pki certificate chain TP-self-signed-546218257
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35343632 31383235 37301E17 0D303831 31313931 34343731
385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3534 36323138
32353730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
DE64BBD9 96E46071 6D3D0061 36268A45 D3F4BE0C 2211AD7B 1A8465ED 1F1CF59D
11C558F2 CBFD45C7 7FA3C3EF 0763EDBB 6CA9ECCD ABE061B5 092DC127 6B41216E
268D483B 55405A82 3E7824DD 7F6DFDAC 03D69494 EBCB217E 554B2511 EF30B94F
89A3C91F 43D319CC 822C2998 5ED6C0BE 33D3413B 1C9EE9A1 25A8F2AF 3D5A49C3
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820652 6F757465 72301F06 03551D23 04183016 80148FC7 57F4BB40
C66654AE 8BD5C2C9 4CE21677 4E47301D 0603551D 0E041604 148FC757 F4BB40C6
6654AE8B D5C2C94C E216774E 47300D06 092A8648 86F70D01 01040500 03818100
575633D5 AB8ADCBB BBDC4840 8542D717 757064C2 11CE44EB 926C8C6C EFB4231E
AC58044E E989517B DBA0AC80 686256A1 06535452 430CEFDD 485C3956 1BC49BD9
F052292D D3C89F9C 388A4687 3B4F68B8 909597F4 C6626A9F 91B54FD5 6DF88E14
EE14F3B8 FD54EF50 AA4FDEC7 70F54644 D5A00CF4 2649C7D1 3E949C2F 9D600FC7
quit
!
!
username admin privilege 15 password 7
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
pvc 0/38
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.0.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname
ppp chap password 7
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 120 life 86400 requests 1000
ip nat inside source list 100 interface Dialer0 overload
!
logging trap debugging
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 deny icmp any any echo
access-list 100 permit ip any any
access-list 101 remark VTY Access-class list
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 deny ip any any
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 101 in
password 7
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end