Cisco 871 router help

Joined
Dec 12, 2004
Messages
584
I just got new Cisco 871 broadband router, im using Cox cable. This router has 1 WAN interface which is fast Ethernet connected to my cable modem. Im kinda new to the cisco command line or cisco routers. Previously i had to many problems with Dlink and Linksys router so I deiced to switch to Cisco. How do I enable the router to be dhcp client, since my ISP is DHCP. I need my router to get an address from the ISP.
 
I don't know the 871's specifically, but the command is "ip address dhcp client-id interfacename" You'd do this after enable, config terminal, and interface.

Routername# enable
Routername# config t
Rourtername(config)# int ethernet0
Routername(config-if)# ip address dhcp client-id ethernet0

and don't for get to do a "copy run start"
 
I have the same router. As mentioned "ip add dhcp" will get the job done under FastEthernet 4.

Do you have the firewall / IPS configured?

What version of IOS are you running on it?
 
Since you are a new to Cisco I would highly recommend installing SDM on the router and using the GUI for a lot of these configurations. It is also a great way to learn as you can use SDM to configure the device and use the CLI to view what commands were used...
 
PHUNBALL said:
Since you are a new to Cisco I would highly recommend installing SDM on the router and using the GUI for a lot of these configurations. It is also a great way to learn as you can use SDM to configure the device and use the CLI to view what commands were used...

To take this a little further you can change the SDM settings so that you can preview all the commands before they are pushed to the router. I prefer this method as SDM tends to overdo some of the configurations / comments. You can then cancel the configuration and configure it by hand on the router yourself using the CLI.
 
The 871 router should have come with the SDM by default. Bring up the router in a web interface.
 
mike2323 said:
The 871 router should have come with the SDM by default. Bring up the router in a web interface.
I can't get in to the web interface, it just stops when you try to use the SDM express after tying the IP of the route with a web browser. It says java "notinited." I try mozilla and IE don't work.


Anyway I config my router WAN port as dhcp, it has an ip address from my isp.
the problem is now I can't get my lan ports to connect to the internet. My main rig is connected to ethernet fe0, which is the lan ports on the router. Im using static by the way for local. I also can't set int fastethernet0 an ip address, gives me a message "% IP addresses my not be configure on L2 links" wtf? I brought the interface up by typing "no shut"
but I can't get an ip on this. By the way my computer is connected to fastethernet0.

Then there is something about vlan, i try do the following... router(config) int vlan 1
router(config-if) ip address 192.168.1.1 255.255.255.0
no shut
what ever this is is up.
then i go to my networking connection and enter the gateway as 192.168.1.1, mask 255.255.255.0, then IP 192.168.1.2
I can ping my gateway, ping the ip of the WAN interface IP, but can't ping any where out
Which means I can't get online.
But what vlan1 interface is anyway. Back of my router I have fastethernet0-3 are switch ports or lan. WAN interface is fastethernet4.
 
Arch said:
I have the same router. As mentioned "ip add dhcp" will get the job done under FastEthernet 4.

Do you have the firewall / IPS configured?

What version of IOS are you running on it?
yea that work and now I have an ip from Cox
I don't have no hardware firewall
my setup follows
cable modem> router> pc my pc has zonealarm firewall which has nothing to do.
But I need to get online from fastethernet0, look at the post before this one.
 
If you can ping your WAN interface in command prompt on your computer then you may need to setup a default route to the outside world through your router.

ip route 0.0.0.0 0.0.0.0 F5
 
Actually, when you're using dhcp on FastEthernet4 you don't need to add the default route, that isn't going to do you any good.

To be honest, you're in a bit over your head with this one. Its a good opportunity to learn a few things though. Here's a few tips:

1. The router doesn't provide dhcp by default to your clients, you have to configure that. The following will do that for you:

ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.255
ip dhcp pool data
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
lease 0 8
!

2. The router can act as a DNS proxy for you. As such, your PC sends its DNS requests to the router and it sends it to your ISP's DNS server. To turn that on you need to add:

ip dns server

3. Interface FastEthernet 0 - 3 are switchports, not router ports. This means you cannot configure IP addresses on them. You need to instead configure IP addresses on the VLAN interfaces. You said you already configured 192.168.1.1 on VLAN 1. This is what you need to do.

4. You can't go anywhere to the outside world because the router won't do NAT by default. You need to configure this. The following will do that for you:

interface Vlan1
ip nat inside
!
interface FastEthernet4
ip nat outside
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip nat inside source list 1 interface FastEthernet4 overload
!

The above should at least get you online.

Note, the router is inheriently insecure out of the box. You need to do things like configuring passwords, enabling the firewall, locking down telnet, etc if you don't want people owning your router.
 
One last thing. I know how to put password on telnet and the en or console mode . \
Mainly i need to know how to block pinging or ICMP from the internet on my wan interface
 
What you need to configure at this point is the IOS firewall aka CBAC. This can get very complicated so I'll just show you some basics.

First, you should configure a bunch of stuff on FastEthernet 4. If you could actually run SDM and do the security audit it would tell you to add these items:

interface FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip virtual-reassembly
ip route-cache flow
load-interval 30
no cdp enable
!

For the firewall, the first thing is to create an ACL that blocks all traffic coming back into FastEthernet 4. You need to make a few exceptions, such as DNS queries and the DHCP request from your router. This ACL will do that:

ip access-list extended firewall
permit udp any eq domain any
permit udp any eq bootps any eq bootpc
deny ip any any log
!

Then, you need to apply this to FastEthernet4 to stop all inbound traffic from hitting your router:

interface FastEthernet4
ip access-group firewall in
!

Now, you might be wondering why in the world you would want to stop all IP traffic from coming back in. This is because with the IOS firewall you can dynamically poke holes in that ACL using inspect statements. We'll configure a few basic ones:

ip inspect log drop-pkt
ip inspect name firewall icmp
ip inspect name firewall tcp
ip inspect name firewall udp

With the above the router will inspect, and poke holes in the ACL, for all TCP, UDP, and ICMP traffic. You need ICMP if you want to be able to ping devices on the internet. Then you need to apply this to FastEthernet 4:

interface FastEthernet4
ip inspect firewall out
!

Note, you may need to add things to the firewall ACL if the inspections aren't poking the necessary holes. I've found that I don't need to add anything for what I do.
 
Hello Every one,
i am new to router devices.can any one plz help me out in configuring my router 871 for pppoA protocol with dynamic ip address.


i have set up router for static ip address.but i dont know how to configure it for pppoA.

All your efforts are appreciated.

Thanks

Bharat.
 
What are you using to do the configuration? The command line or the SDM GUI interface? If you're using the command line could you please post a the output from "show run" so we can get an idea of what you currently have configured. We'll need to know that to get you where you need to go.

When you say PPPoA do you mean PPPoE? What type of connection do you have?
 
Thanks for yr reply.

i have done the setting .

can you plz let me know does this router support to configure ppoA not pppoE...?

if yes.how to configure it on this router.plz let me know.

Thanks for yr time and valuable support.

Thanks,
Bharat.
 
I can't help you until you answer the questions I asked you in my previous post.
 
bharatp80 said:
Thanks for yr reply.

i have done the setting .

can you plz let me know does this router support to configure ppoA not pppoE...?

if yes.how to configure it on this router.plz let me know.

Thanks for yr time and valuable support.

Thanks,
Bharat.
yea, whats your router model, and what internet connection you are using?
 
Hello Every one,

Is Url filtering the correct way to block internet web sites in conjuction with cisco 871 router with advanced IP Service IOS?

or is there any other way to block the web sites?

plz let me know

Thanks for yr all efforts and yr time.

Thanks,
Bharat.
 
Back
Top