Argh Help Cisco Config

SiriusB

SiriusB

SiriusB

Soldato
Joined
16 Dec 2005
Posts
14,443
Location
Manchester
Is any one here familiar with Cisco routers? Specifically the 857W or similar?

I have been trying to set this thing up all bloody day and I am getting no where!

I managed to set up a LAN with DHCP IP assign, but I cannot for the life of me get a working Wireless network going. The GUI interface for configuring the WLAN is about as intuitive as a VCR manual in Russian.

Any help would be great because I am going out of my mind here. Cisco's tech support at their website is crap too [all of Ciscos manuals seem to avoid actually explaining anything in detail], so links to clearly laid out config guides would also be appreciated.

EDIT: I should probably explain what I am trying to do:

The office has mostly laptops so a wireless network is a must. However there are a couple of fixed computers and some printers that need to be wired up. I have managed to get a detectable WLAN but it wont assign an IP when I try to connect. I just can't get my head around it at all!

SiriusB
 
Last edited:
Hi thanks for the quick reply.

I have seen that manual but it still isn't very clear. I am fairly certain I set up a WLAN and assigned it to a radio device, because my laptop picked up the signal.

The problem I am having is getting it to assign my laptop an IP using DHCP. I have an idea it might involve VLANs but all this is somewhat new. My only experience is with home routers which have big buttons that say "GO" :p

There has to be a basic step by step guide SOMEWHERE for setting up a cisco router with Wireless. I could kill the person who made this so difficult.

SiriusB
 
If you are still stuck feeling free to add me to msn (in trust), I've got a fair amount of experience with the 877w, and I agree it was a complete female dog to get it up and running. I can provide a working config if you are still stuck.
 
One thing that may catch you out - the switching VLANs are separate to the wireless VLANs, even if they're the same number.

The way they're linked is through the Bridge Virtual Interface (BVI). While you can keep track better if they're same number, they don't have to be.

As an example:
Let's say you've got configured:
For switch VLAN 1, you'll have Interface Vlan 1
For wireless interface dot11radio 0, vlan 10, you'll typically have a sub-interface Interface Dot11radio0.10

To bridge with BVI 3, you configure the above interfaces for bridge-group 3.
This means that switch ports on VLAN 1 and wireless devices attached using whichever SSID you've configured for wireless VLAN 10 are now on the same network.

Check out Slinwagh's link and you'll see they've matched the numbers.
 
OK I am THIS close to launching the router through the nearest window.

I followed the guide linked to earlier in the thread and it still isn't working!

I have managed to create a working WLAN but I am not assigned an IP. I can't seem to connect to the Ethernet ports either as I don't even know what IP the router is using for itself! *sobs*

All I want is to be able to connect the router to a switch which has Ethernet cables for all the PCs/Laptops and also a Wireless LAN for people who don't want to use the LAN. Why oh why does it have to be so hard!? A cheap 50 quid router can do it no problem, why does Cisco have to contrive to send me over the edge!?

If anyone is kind enough to write me the commands and values I need for the above setup I would be eternally greatful. I have been at this too long and it is costing money.

Basic info I want:

Router IP: 192.168.1.1
DHCP IP range: 192.168.1.2 - 192.168.1.254
Excluded IPs: 192.168.1.200 - 192.168.1.205

WLAN with WPA-PSK and IP auto-assign

Decent Firewall settings.

EDIT: I will also need NAT settings :)

Is all that really so hard to ask? :(

SiriusB
 
By default any machine connected to the LAN ports should get an IP via DHCP, and from there you can access the web interface.
If you don't know the router's IP, how the hell are you going to configure it?
 
I have vague memories of configuring a CISCO wireless box, and nothing working until i gave an IP address to and brought up the virtual bridge interface BVI1... Maybe it connected the wireless module with the wired one...

[edit]Its always handy to get the basics working first too - before you try to apply any security features. Just get a connection happening to begin with. [/edit]

M
 
Last edited:
OK all is good!

I found a great guide and little spreadsheet on techreport.com that basically asks you to input the details you want then click GO and it gives you all the commands you need to enter.

I have a WLAN and LAN all speaking to each other. Still working on the ADSL but I think I have that sorted too :D

And yes, I used the console to get in. Luckily one of the laptops here in the office had a 9pin male socket - all the rest either dont have any or have 25pin female.

Cisco's own guide didn't work for me at all. I think perhaps it is aimed more at people who are familiar with Cisco routers and the theory behind setting them up. I mean before meeting this sucker I knew nothing about setting up a bridge between the WLAN and LAN, setting up interfaces and sub-interfaces etc etc etc.

You would think Cisco would have scripts or list of commands for common setups [and if they do, where the hell are they? :p]

Anyhoo, thanks for your help guys. Fingers crossed that the ADSL works when I get chance [too many people using it at the moment - not allowed to fiddle :( :o :D]

SiriusB
 
OK I am lost again :D

ADSL config :(

I almost certain I had it connecting to the internet briefly, then something happened and I have not got it working since. Have retried the settings that worked oh so briefly but with no luck :(

With my current config I have a WLAN and LAN both on vlan 1 and they are bridged in the same bridge group. I have NAT enabled and DHCP.

Anyone have any experience setting up ADSL on a cisco router? Again, cisco's own guide doesn't work :p

Here is my config:

Current configuration : 2948 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname FastroRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxx
enable password 7 xxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
!
resource policy
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool Internal
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 4
!
!
ip cef
ip inspect name MyFW tcp
ip inspect name MyFW udp
!
!
!
username xxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxx
!
!
!
bridge irb
!
!
interface ATM0
no ip address
ip access-group Internet-inbound-ACL in
ip inspect MyFW out
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid Fastro_Office
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2412
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxx
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
bridge 1 route ip
!
line con 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
no modem enable
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
scheduler max-task-time 5000


Any help would be great :)

SiriusB
 
So, is the router's ip 192.168.1.1?

So should that DHCP range be:

ip dhcp excluded-address 192.168.1.2 192.168.1.99 ?

Should this be:

access-list 1 permit 192.168.1.0 0.0.0.255 any

?
 
Hey guys.

OK I finally got the intarweb working :)

Unfortunately for me, due to the really bad weather the internet was regularly dropping out - so basically every time I tried a new config if it didn't work it was probably down to the internet itself being down! :rolleyes:

After I called the ISP they reset the connection and everything worked :)

Now, one last question - has anyone got a good config for setting up a firewall? I have one config that looks like it will do a half decent job [http://www.lanarchitect.net/Articles/Cisco/IOSRouter/index.htm - the parts in red]

but is this enough to provide adequate protection to the office network since it is an Internet-facing router? If not what else should I add?

I would like to note that the Firewall Wizard in the SDM is out of the question, it has managed to screw my config and stop all internet access. Unless I can find a way to get rid I will have to nuke the whole config and do it all from scratch! [easy now I know how but a waste of my time!]

SiriusB
 
You must log in or register to reply here.
Back
Top Bottom