?
Solved

Cisco 831 Configuration

Posted on 2004-11-11
21
Medium Priority
?
1,466 Views
Last Modified: 2012-05-05
Hey, I got a cisco 831 from a friend for free and erased his config. Now,  the E1 interface for the internet can see the internet or my other router and pings are successful. My Fastethernet 1 interface can see my computer and pings are successful. My problem and question is that my computer cannot see the internet.  what are the simple, basic configurations to allow the internet to go through the cisco 831 to the computer and vice versa??

Thanks
0
Comment
Question by:Scott L
  • 10
  • 8
  • 2
  • +1
21 Comments
 
LVL 10

Expert Comment

by:plemieux72
ID: 12562233
There are many reasons for this behavior... but on those routers, I find that the easiest way is to first use CRWS (http://10.10.10.1) or whatever IP address of your inside interface and configure the basics using the GUI.

Then, once you have basic connectivity, you can stop using CRWS and start using the command line for configuration of more advanced features like CBAC etc.

Try resetting to the defaults using CRWS and see what happens.  Let us know.
0
 
LVL 1

Author Comment

by:Scott L
ID: 12562262
sorry, i forgot to mention that the web setup doesnt seem to work.

 I get through the certificate and username/pass part, then it seems to stay at the "loading cisco web setup" page, and when it is checking for the router/ios version/etc, it just keeps checking, running out the progress bar, clearing it and doing it again, over and over.

i had pretty much given up on using that becuase of it, which is why i was doing IOS. However if you know how to fix this prob that would be just as good!

0
 
LVL 1

Expert Comment

by:navinquadros
ID: 12562590
I'm gonna assume the External interface is called Ethernet 0 and the internal interface, connected to the PC is called FastEthernet 0. also I'm assuming your IP addresses are configured right as you can ping:

try the following:
- Go to priviledged mode [Enable mode]
- config t
- int FastEthernet 0
- ip route 0.0.0.0 0.0.0.0 Ethernet 0
- exit
- copy running startup

Now check. You should be able to hit through. Keep me posted!!

Best of luck,
Navin

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 1

Author Comment

by:Scott L
ID: 12562759
well i tried it..no luck on anything different happening though. just in case it helped though, i got my "show config" read out .. here it is:

-------------------------------------------------------------------------------------------------------------------------------------------
Using 1615 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname zion
!
logging buffered 51200 warnings
enable secret 5 $1$EhbY$xAQmOCBd8liMG8eF0R5O8/
enable password bermuda98
!
username scott privilege 15 password 0 bda98
no aaa new-model
ip subnet-zero
no ip routing
ip domain name THEMATRIX
ip host THEREDPILL 192.168.1.1 255.255.0.0
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
ftp-server enable
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$
 ip address 10.10.10.1 255.255.255.0
 no ip route-cache
!
interface Ethernet1
 ip address 192.168.1.100 255.255.255.0
 no ip route-cache
 duplex auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip http server
ip http authentication local
ip http secure-server
!
banner login ^Celcome
Haven't gotten the internet hooked up yet!! ^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 password bda98
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
!
end
---------------------------------------------------------------------------------------------------------------------------------------


one thing that i dont understand fully is the fastethernet 1 and ethernet 0.

 It seems that ethernet 0 encompasses the 4 fastethers if they are to all have the same settings, but can be optionally configured individually for different settings on each.

i havent touched fastether1(the plug that the pc is connected  too) because i can get the ping with just hte e0. .. yeah..but still nothing going through the router..just either side.
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12564824
What is the router plugged into going to the Internet?  Is it a cable modem or DSL modem?  I am asking because your outside interface (e1) has a private IP address of 192.168.1.100.  This is probably wrong and should be a public IP address because routers don't forward private addresses onto the Internet.

So, if that's the case, put the public IP address your ISP gave you on the e1 and turn on NAT.  You should then be good to go.

To turn on NAT, setup an access-list describing the traffic to NAT.  Then a route-map to describe what access list is part of the route-map.  Then apply the route map to the outside interface e1 with a "ip nat inside source route-map" command.

For more details on setting up NAT, see http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Technologies:NAT
0
 
LVL 1

Author Comment

by:Scott L
ID: 12571336
ok..well at the moment it is connected to my gateway router. I left it there becuase it can ping websites, and i get the same  problems with throughput even when the routers external address is set from my isp's dhcp. ill give the nat thing a try, see how it comes out.
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12572074
Well, NAT should only be turned on if you need to translate from a private to a public IP address.  If your 831 is plugged into another router that already does NAT, then you don't turn on NAT on the 831 as well.

So, if I understand correctly, here is how you are setup:

Internal LAN (10.10.10.0/24) ---> 10.10.10.1 Cisco831 192.168.1.100 ---> Second LAN (192.168.1.0/24) ---> 192.168.1.x GatewayRouter x.x.x.x (public IP from ISP DHCP) ---> cable modem or whatever ---> Internet

If so, your 831 needs a route that tells it to what IP address to send traffic with destination IP addresses on the Internet (which is your GatewayRouter's inside IP):
ip route 0.0.0.0 0.0.0.0 192.168.1.x

Try that and see if that works.

0
 
LVL 1

Author Comment

by:Scott L
ID: 12573408
excellent!!  i did the  ip route things (a few different ways and for both directions) and i got connectivity. I can ping websites from behind the cisco router. The only problem is that they have terrible results (20-40%).  I also can't access websites from teh computer itself. Thanks a million!!

Any ideas on how to get a better connection? i woudl imagine somehow if i were in a large business it could fall under QoS, but i doubt that would need tinkering since its just a basic router.


I know the points on this are low..so im gettin more!!
0
 
LVL 1

Author Comment

by:Scott L
ID: 12573458
nevermind...i screwed up. i was pinging the web from teh console terminal, not my pc. in actual fact, there is no connection.

im still getting more points though.
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12574372
Was I correct in what I assumed to be your setup?  
Also, did you verify the TCP/IP settings on your computers?

The computers on the 10.10.10.0/24 network need to have a default gateway of 10.10.10.1.
The computers on the 192.168.1.0/24 network need to have a default gateway of 192.168.1.x

0
 
LVL 2

Expert Comment

by:Miki18
ID: 12575382
Hello.

That problem you had ( display "loading cisco web setup" and not continue ) when you were trying to use "CRWS" on LAN port of your router was JAVA related !
Try installing new java or in my case (on win XP) try deinstalling your current version and use the one in Win XP.
Or maby use another PC for configuration.
When CWRS works first ser router to "DEFAULTS" in advanced configuration. then it will reboot and use default Ip (10.10.10.1) then you can use wizard to establish NAT to your internal router, or conect it directly to internet (CABLE, DSL, ADSL...)

Hope this will help you....
0
 
LVL 1

Author Comment

by:Scott L
ID: 12575868
plemieux..
yup..that was the correct setup. nice diagram to illustrate that too! to simplify things i have gotten the dhcp's to pretty much set the same ips each time. so my pc is always 10.10.10.2 going to router interface e0 with ip 10.10.10.1 and router interface e1 (internet ) being 192.168.1.100 going to gateway router 192.168.1.1, then the cable modem. This is just such a mess..i would think basic connectivity would not be to hard.  just a q about your last  post... exactly which tcp/ip settings on teh computer are you talking about.  I normally knwo how to set comps up for internet, but sometimes there is just one little thing that doesnt get configed that messes the whole thing up!

Miki, alright..ill give that whirl. it sounds promising. i didnt think win xp had a proper java version, but i guess then many users wouldnt be able to setup this  router, and i doubt cisco would do that.  but who knows..im having probs!

talk to ya guys in a bit!!!!
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12575899
I was just talking about the default gateway when I referred to the TCP/IP settings on the computers.

So, on your PC, you should have:
IP 10.10.10.2
SM 255.255.255.0
GW 10.10.10.1

Wait a minute, I just noticed in your config... check your subnet masks.  For now, it would be just easier to use /24 (255.255.255.0) for everything.  Ensure your DHCP hands out /24 masks and make sure both routers all have 255.255.255.0 masks on all interfaces.




0
 
LVL 1

Author Comment

by:Scott L
ID: 12577263
Ok here's the new config, ive been changing things and not updating it here.  Both routers have 255.255.255.0 on all interfaces.


---------------------------------------------
zion#show conf
Using 1678 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname zion
!
logging buffered 51200 warnings
enable secret 5 $1$EhbY$xAQmOCBd8liMG8eF0R5O8/
enable password
!
username scott privilege 15 password 0
no aaa new-model
ip subnet-zero
no ip routing
ip domain name THEMATRIX
ip host THEREDPILL 192.168.1.1 255.255.0.0
ip host MYBOX 10.10.10.2
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
ftp-server enable
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$
 ip address 10.10.10.1 255.255.255.0
 no ip route-cache
!
interface Ethernet1
 ip address 192.168.1.100 255.255.255.0
 no ip route-cache
 duplex auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip http server
ip http authentication local
ip http secure-server
!
banner login ^Celcome
Haven't gotten the internet hooked up yet!! ^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 password
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
!
end
----------------------------------------------
0
 
LVL 1

Author Comment

by:Scott L
ID: 12577309
oh..back up at the NAT info, how exactly to i apply the access list to the route map...im having a lil trouble with that...

thanks
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12577685
Why are you wanting to turn on NAT on the 831?  I suggested that when I thought your 831 needed to translate from private to public IP addresses.  Right now, that's not the case, 10.0.0.0/24 and 192.168.1.0/24 are both PRIVATE.  Your 831 is simply routing, there is no need for NAT.  NAT is being handled by your GatewayRouter (the one directly connected to the Internet).

Now, you have 4 default routes... there should only be one:
ip route 0.0.0.0 0.0.0.0 192.168.1.1

So, remove the others:
no ip route 0.0.0.0 0.0.0.0 Ethernet1
no ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip route 0.0.0.0 0.0.0.0 10.10.10.2

Also, do the following commands to clean up the subnet masks as I previously mentioned:
no ip host THEREDPILL 192.168.1.1 255.255.0.0
ip host THEREDPILL 192.168.1.1 255.255.255.0
ip dhcp pool sdm-pool
 network 10.10.10.0 255.255.255.0
end

Finally, turn on IP routing with the following command:
ip routing

0
 
LVL 2

Expert Comment

by:Miki18
ID: 12578630
If you wil not use CRWS
than use this configuration.

There is no problem if you use NAT (maby usefull if you have access lists in your current gateway)


Delete your configuration
-write erase then reload)

Do not forget to turn on ip routing (it is on by default on routers)
-ip routing

So your configuration should look like this....
It should work.


version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname zion
!
logging buffered 51200 warnings
enable secret 5 $1$EhbY$xAQmOCBd8liMG8eF0R5O8/
enable password
!
username scott privilege 15 password 0
no aaa new-model
ip subnet-zero
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
ftp-server enable
no ftp-server write-enable
!
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip route-cache
 duplex auto

!
interface Ethernet1
 ip address 192.168.1.100 255.255.255.0
 ip nat outside
 no ip route-cache
 duplex auto

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http secure-server
ip nat inside source list 1 interface Ethernet1 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255

ip http server
ip http authentication local
ip http secure-server
!
banner login ^Celcome
It works now :-) ^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 password
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
!
end

I hope this works...
0
 
LVL 10

Accepted Solution

by:
plemieux72 earned 1600 total points
ID: 12579318
Hey Drunkinbda,

I think I found your problem... the GatewayRouter is only aware of the DIRECTLY-CONNECTED networks which are:
1) The Internet
2) The 192.168.1.0/24 network

It has NO IDEA how to reach the 10.10.10.0/24 network since it's not directly connected.  Therefore, you need to add a route on it.

The route should be something like this:
route 10.10.10.0 mask 255.255.255.0 192.168.1.100

It basically tells the GatewayRouter that any traffic it receives that has a destination of 10.10.10.0/24 should be forwarded to 192.168.1.100 which is your 831.  From there, the 831 takes over.

Please try that and let me know.
0
 
LVL 1

Author Comment

by:Scott L
ID: 12580814
EXCELLENT...A CONNECTION!!!! i just gotta fiddle with it a little bit to make sure how and why things are working!! one quick question before i start get points out, if i move the cisco router to be the gateway router(connected to the modem) am i gonna hve to get into a lot more configs with nat and such???

Thanks again guys!!!!!!
0
 
LVL 1

Author Comment

by:Scott L
ID: 12580834
another quicky plemieux
...i assume that i can use the dynamic routing on my gateway router to do the same job that the startic routing does right?
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12580936
Great!  Glad it worked...

To answer your other questions, if you move the 831 to the edge, yes, you will have to reconfigure it and it WILL have to do NAT.  I would then also configure the IOS firewall as well (CBAC) and ensure you harden the rest of the config as best you can.  Any router directly connected to the Internet should be configured as such if you want to prevent worms and other threats on your LAN.  There are great books and online articles on how to harden IOS.  Just do a google search.

Dynamic routing - yes it would do the same job.  However, you never said what kind your other router is and what routing protocol it supports (RIP, OSPF, EIGRP, etc.) and for a small setup like yours, static routing is perfectly fine.

0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question