dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
20354
nigela
join:2003-01-01
uk

nigela

Member

[Config] cisco 837 defaults

Not sure if I am wasting my time with this but its worth a post. I have found a cisco 837 in the rubbish at work ...................its true. I am completely new to cisco although I do have basic networking knowledge.
I cant access the router via CRWS as I dont know what url to use. The one in the manual ("http://10.10.10.1") does not work and the router is not issuing ip addresses so I presume the DHCP server is disabled.
I can hyperlink into the router and gain access but to be honest, I haven't a clue what I am doing with the CLI.
I think that if I can access the CRWS I would understand what is going on and have a chance of re-configuring it.
Is this possible to do?
This has now turned into a personal challenge for me so if anyone can help it would be greatly appreciated but please tell me if I am wasting my time and I will return the router back to where I found it.................the bin.
aryoba
MVM
join:2002-08-22

aryoba

MVM

Here's a start

Do you have Cisco console kit? Can you gain access to CONSOLE port? If yes, this is the 1st step you need to know.

Accessing CONSOLE port:
»www.cisco.com/en/US/prod ··· 019.html

If everything works right, you should get a prompt like this:

Router>

When you do have such display, it means you are now in CLI. The router then is ready to receive commands. You can enter the following commands as a start.

Router>enable

You may be asked to enter a password. If this is the case, you just enter the password. If you don't know the password, then you need to do password recovery. There's a FAQ in this forum on how to do it.

When you pass the password question, you should get something like this display

Router#

This means you are in enable/priviledge mode. To check if CRWS is enable or not, do this:

Router#show running-config

Post the output display and we can go to the next step.
SF18C
Premium Member
join:2002-03-05
Fountain, CO

1 edit

SF18C

Premium Member

If you think its rubish drop me a line at [Removed per poster's request]. I might be able to pony a few $$$ for your trash!
nigela
join:2003-01-01
uk

nigela to aryoba

Member

to aryoba
Aryoba,
I can access the router via the console port and have already completed a password recovery on it.
This is pretty much as far as I have got.
I will post the show running-config tommorrow as the router is still at work and I am at home!

SF18C thanks for the offer but think I will persevere a bit longer....................................As i said, this is now getting personal.
nigela

nigela to aryoba

Member

to aryoba
Ok, heres the output from show running-config:

Router#show running-config
Building configuration...

Current configuration : 980 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip ips po max-events 100
no ftp-server write-enable
--More-
interface Ethernet0
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip classless
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end

Any help greatfully received.
aryoba
MVM
join:2002-08-22

aryoba

MVM

Show version please

Can you as well please post the "show version" (Router#show version)?

Let me ask you this. To which port do you plan your PC connect the router? Ethernet0, FastEthernet1 - 4?

Also, are you willing to learn CLI instead of CRWS? FYI, CLI is more powerful and more flexible than CRWS.

P.S.
The command "no ip http server" disables the CRWS access. To enable it, change the command to "ip http server"
nigela
join:2003-01-01
uk

nigela

Member

Here's the "show version" output:

Router#show version
Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.3(8)T, RELEASE SO
FTWARE (fc2)
Technical Support: »www.cisco.com/techsupport
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Fri 14-May-04 01:53 by eaarmas

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)

Router uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c837-k9o3sy6-mz.123-8.T.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
--More—
»www.cisco.com/wwl/export ··· qrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco C837 (MPC857DSL) processor (revision 0x400) with 44237K/4915K bytes of mem
ory.
Processor board ID AMB08050ML3 (949036743), with hardware revision 0000
CPU rev number 7
1 Ethernet interface
4 FastEthernet interfaces
1 ATM interface
128K bytes of NVRAM.
12288K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2142

Router#

I wanted to connect to FastEthernet 1-4. Please forgive my naivety but what is the Ethernet0?

Yes I would give the CLI a go but I really wanted to see if I could get the router up and running first via CRWS.

If I input the command "ip http server" how do I then save the new configuration?

Also how can I enable the DHCP server within the router as currently it is not issuing ip addresses via the 4 ethernet ports, or is this because they are closed.....?

Please forgive all my questions but I really have no knowledge whatsoever of Cisco products but I am willing to learn.

Thanks again for you help.
aryoba
MVM
join:2002-08-22

aryoba

MVM

Please post saved config

The Ethernet0 is the interface your "show version" showing, though I'm not sure it exists physically ...

You will have the rest of your questions answered later. But 1st, please post "show startup-config" command output.

P.S.:
Show version: display the IOS image currently running
Show running-config: display the running configuration
Show startup-config: display the saved configuration
nigela
join:2003-01-01
uk

nigela

Member

Router#show startup-config
Using 1000 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Nigel
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip ips po max-events 100
no ftp-server write-enable
!
--More—
!
!
interface Ethernet0
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
router rip
--More—
network 10.x.x.x
!
ip classless
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end
aryoba
MVM
join:2002-08-22

aryoba

MVM

How to enable CRWS

Now for a little configuration guide. To make the router work like you wish, you have to configure it properly. As a start, there are two configuration mode: global mode and interface mode.

The global configuration mode is when all commands affect all section of the router performance. The interface configuration mode is when all commands affect only one section, the interface itself and not others.

Back to your issue, the command "ip http server" falls under global configuration mode since CRWS must affect all router performance aspects. Here is how you configure it:

Step 1:
Router>enable (enter privilege mode)

Step 2:
Router#configure terminal (enter global configuration mode from privilege mode, and accepting commands from the terminal - your PC you use to configure the router)

Step 3:
Router(config)#ip http server (enable CRWS since CRWS basically converts the router to be http server and any PC running http browser can be http client as long as there's connection available)

This alone won't enable the CRWS access. As mentioned, your PC can be the http client when there's connection available. In short, you have to turn up all the interfaces available (e0, fa1-4, and ATM0). You have to enter the interface configuration to do such.

Step 4:
Router(config)#interface Ethernet0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface FastEthernet1
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface FastEthernet2
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface FastEthernet3
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface FastEthernet4
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface ATM0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#

Now you have to plug in an Ethernet cable (RJ45 Cat 5 patch cable) to one of the fa interface on one end, and another end to your PC's active NIC. For example, you choose fa1. Then:

Step 5:
Router(config)#interface FastEthernet1 (back to int fa1)
Router(config-if)#ip address 10.10.10.1 255.255.255.0 (set the int to have such ip address with such subnet mask)
Router(config-if)#exit
Router(config)#

Don't forget to save your modified router configuration. You might also want to set your router back to its default.

Step 6:
Router(config)#config-register 0x2102 (set back the default value)
Router(config)#end (end the configuration mode)
Router#copy running-config startup-config (save the modified or current configuration)

Now set your PC to have ip address of 10.10.10.2 with subnet mask 255.255.255.0 and default gateway ip address of 10.0.0.1 to match the router configuration. Open up a web browser (i.e. Internet Explorer, Netscape) to access "http://10.10.10.1". See if you are successful.

Note:
The step 5 may be incorrect. You'll know it when you see it ...
AndrzejS
join:2004-02-05
Poland

AndrzejS to nigela

Member

to nigela

Re: [Config] cisco 837 TOTALY wrong settings

nigela yours :
... "Not sure if I am wasting my time with this but its worth a post.
I have found a cisco 837 in the rubbish at work ...................its true.
I am completely new to cisco although I do have basic networking knowledge"

ya 'much easier call than : search, read, learn'

OTOH you should follow SF18C advice
IMO you can be much,much stonger if you support him.

Explained above cfgs look like after several stange disasters
'alient power' on Cisco router ?
who knows such 'blind experiments' ?

I have exactly the same hrw & sfw:
router 837 with IOS 12.3(8) also ROM is the same
(ISP is diferent)

NONE of explained by nigela are correct :
show run ; show start ; show version
also are far away from default 837 configurations

to simplify next steps advices for nigela
& compare both cfgs your & mine

please find my running-cfg -
BTW it is also far from default for 837
but it is perfectly work.
Also with CRWS & SDM (actualy).

Pay attention only a few data should be re-writed
(eg yours ISP settings; timezone; clock ect)
router's {username} {password}
customer {ISPusername}@{ISPaddress}
customer {ISPpassword}
{DNS_1_address}
{DNS_2_address}
{NTPaddress}

Building configuration...

Current configuration : 7301 bytes
!
! Last configuration change at 18:51:57 WEST Sun Aug 8 2004 by {username}
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 informational
!
username {username} privilege 15 password 7 {removed}
clock timezone WEST 1
clock summer-time WEST recurring last Sun Mar 2:00 last Sun Oct 2:00
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
no ip domain lookup
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description $ETH-LAN$Internal
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
description Call In
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
description External
ip address negotiated
ip access-group 111 in
ip verify unicast source reachable-via rx allow-default allow-self-ping
no ip redirects
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect myfw out
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname {ISPusername}@{ISPaddress}
ppp chap password 7 {ISPpassword}
ppp pap sent-username {ISPusername}@{ISPaddress} password 7 {ISPpassword}
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 1.0.0.0 255.0.0.0 Null0
ip route 2.0.0.0 255.0.0.0 Null0
ip route 5.0.0.0 255.0.0.0 Null0
ip route 7.0.0.0 255.0.0.0 Null0
ip route 23.0.0.0 255.0.0.0 Null0
ip route 27.0.0.0 255.0.0.0 Null0
ip route 31.0.0.0 255.0.0.0 Null0
ip route 36.0.0.0 255.0.0.0 Null0
ip route 37.0.0.0 255.0.0.0 Null0
ip route 39.0.0.0 255.0.0.0 Null0
ip route 41.0.0.0 255.0.0.0 Null0
ip route 42.0.0.0 255.0.0.0 Null0
ip route 49.0.0.0 255.0.0.0 Null0
ip route 50.0.0.0 255.0.0.0 Null0
ip route 73.0.0.0 255.0.0.0 Null0
ip route 74.0.0.0 255.0.0.0 Null0
ip route 75.0.0.0 255.0.0.0 Null0
ip route 76.0.0.0 255.0.0.0 Null0
ip route 77.0.0.0 255.0.0.0 Null0
ip route 78.0.0.0 255.0.0.0 Null0
ip route 79.0.0.0 255.0.0.0 Null0
ip route 89.0.0.0 255.0.0.0 Null0
ip route 90.0.0.0 255.0.0.0 Null0
ip route 91.0.0.0 255.0.0.0 Null0
ip route 92.0.0.0 255.0.0.0 Null0
ip route 93.0.0.0 255.0.0.0 Null0
ip route 94.0.0.0 255.0.0.0 Null0
ip route 95.0.0.0 255.0.0.0 Null0
ip route 96.0.0.0 255.0.0.0 Null0
ip route 97.0.0.0 255.0.0.0 Null0
ip route 98.0.0.0 255.0.0.0 Null0
ip route 99.0.0.0 255.0.0.0 Null0
ip route 100.0.0.0 255.0.0.0 Null0
ip route 101.0.0.0 255.0.0.0 Null0
ip route 102.0.0.0 255.0.0.0 Null0
ip route 103.0.0.0 255.0.0.0 Null0
ip route 104.0.0.0 255.0.0.0 Null0
ip route 105.0.0.0 255.0.0.0 Null0
ip route 106.0.0.0 255.0.0.0 Null0
ip route 107.0.0.0 255.0.0.0 Null0
ip route 108.0.0.0 255.0.0.0 Null0
ip route 109.0.0.0 255.0.0.0 Null0
ip route 110.0.0.0 255.0.0.0 Null0
ip route 111.0.0.0 255.0.0.0 Null0
ip route 112.0.0.0 255.0.0.0 Null0
ip route 113.0.0.0 255.0.0.0 Null0
ip route 114.0.0.0 255.0.0.0 Null0
ip route 115.0.0.0 255.0.0.0 Null0
ip route 116.0.0.0 255.0.0.0 Null0
ip route 117.0.0.0 255.0.0.0 Null0
ip route 118.0.0.0 255.0.0.0 Null0
ip route 119.0.0.0 255.0.0.0 Null0
ip route 120.0.0.0 255.0.0.0 Null0
ip route 121.0.0.0 255.0.0.0 Null0
ip route 122.0.0.0 255.0.0.0 Null0
ip route 123.0.0.0 255.0.0.0 Null0
ip route 124.0.0.0 255.0.0.0 Null0
ip route 125.0.0.0 255.0.0.0 Null0
ip route 126.0.0.0 255.0.0.0 Null0
ip route 127.0.0.0 255.0.0.0 Null0
ip route 169.254.0.0 255.255.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 173.0.0.0 255.0.0.0 Null0
ip route 174.0.0.0 255.0.0.0 Null0
ip route 175.0.0.0 255.0.0.0 Null0
ip route 176.0.0.0 255.0.0.0 Null0
ip route 177.0.0.0 255.0.0.0 Null0
ip route 178.0.0.0 255.0.0.0 Null0
ip route 179.0.0.0 255.0.0.0 Null0
ip route 180.0.0.0 255.0.0.0 Null0
ip route 181.0.0.0 255.0.0.0 Null0
ip route 182.0.0.0 255.0.0.0 Null0
ip route 183.0.0.0 255.0.0.0 Null0
ip route 184.0.0.0 255.0.0.0 Null0
ip route 185.0.0.0 255.0.0.0 Null0
ip route 186.0.0.0 255.0.0.0 Null0
ip route 187.0.0.0 255.0.0.0 Null0
ip route 189.0.0.0 255.0.0.0 Null0
ip route 190.0.0.0 255.0.0.0 Null0
ip route 192.0.2.0 255.255.255.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
ip route 197.0.0.0 255.0.0.0 Null0
ip route 223.0.0.0 255.0.0.0 Null0
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
!
!
access-list 23 remark vty Permit private network
access-list 23 remark SDM_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 102 remark Translation
access-list 102 remark SDM_ACL Category=18
access-list 102 deny tcp any any range 135 139
access-list 102 deny udp any any range 135 netbios-ss
access-list 102 deny tcp any range 135 139 any
access-list 102 deny udp any range 135 netbios-ss any
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 111 permit udp host {NTPaddress} any eq ntp
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any time-exceeded
access-list 111 permit udp host {DNS_1_address} eq domain any gt 1023
access-list 111 permit udp host {DNS_2_address} eq domain any gt 1023
access-list 111 permit tcp any any eq 1723
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any traceroute
access-list 111 deny icmp any any
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any any eq 10000
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
privilege level 15
login local
length 0
transport preferred none
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
sntp server {NTPaddress} version 3
end
AndrzejS

AndrzejS to nigela

Member

to nigela

Re: How to find cisco 837 defaults cfg(s)

Avaiable for c837 default cfgs were checked by me:
the simplest is in SDM means file \SDM-V12\sdmconfig-83x.cfg
than in CRWS means file \CRWS-V33BN28\ConfigExp.cfg
also in CRWS means file \CRWS-V33BN28\ConfigExp_806.cfg
above need re-work for optimalisation.

So I recomend for 'unresponsively' c837 with IOS 12.3(8)T
from 'AutoSecure' freature avaiable in mentioned IOS.
»www.cisco.com/univercd/c ··· p1027129
use 'auto secure config' example
exactly
»www.cisco.com/univercd/c ··· p1027584
IMO it can be the easiest way to CPR router(s)
IMVHO any supported devices
BTW in mentioned the AutoSecureCfg "acl might not be up to date"
means for SHURE should be updated :
so follow "Visit »www.iana.org/assignments ··· ss-space for update list"
than " (last updated 03 August 2004) "

one can find in advance :
mentioned c837 is 'all in one device'
ADSLmodem+Router+FW+4LANswitch; ram48MB(max); flash12MB(upg to24MB)
with IOS 12.3(8)T supported 'roll-back' of the AutoSecureCfg
so one can easy back to previouce cfg.
nigela
join:2003-01-01
uk

nigela to aryoba

Member

to aryoba

Re: How to enable CRWS

Aryoba,

Thanks for the response. I have just followed all of your steps to the letter, everything went fine until I tried to assign the ip address and subnet in step 5.
Once I pressed [return] after line
Router(config-if)#ip address 10.10.10.1 255.255.255.0
I received the response:
ip address may not be configured on L2 links

any ideas?

Below is my current startup-config output after saving the changes you recommend.

Router#show startup-config
Using 917 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip ips po max-events 100
no ftp-server write-enable
!
--More—

!
interface Ethernet0
no ip address
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip classless
!
ip http server
no ip http secure-server
!
!
--More—
!
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end
aryoba
MVM
join:2002-08-22

1 edit

aryoba

MVM

Do you know why you failed?

Yeah (just like I expected) ....

I already knew that you might fail to assign IP address and the subnet mask on int fa1-4. That is why I put a note at the end of the message ....

Now please connect the Ethernet cable to e0 (Ethernet 0) instead of the one of the fas. Assign the IP address and the subnet on int e0 instead. Then try to redo the step 5 and see what happen ...

Btw, do you know why you failed to assign the IP address and the subnet mask on the int fa1?
michaelr7
join:2004-03-26
Tucson, AZ

1 edit

michaelr7

Member

quote:
Now please connect the Ethernet cable to e0 (Ethernet 0) instead of the one of the fas.
Unless the design of the 837 has changed recently there is one ethernet interface on it, ethernet0. Ethernet0 has a 4 port switch so you see 4 RJ45 connectors on the back of the router for Ethernet0. The "Fastethernets" are actually the ports on the switch. Having each appear as an interface allows you to specify duplex and speed (10/100 mbps) for each port.

All IP related configuration is applied to the ethernet0 interface. I do not recall if you have to manually enter the no shut command for each of the 4 ports (FastEthernet1 - 4) or if it is done automatically when a cable is plugged in.
michaelr7

michaelr7 to aryoba

Member

to aryoba
quote:
Now please connect the Ethernet cable to e0 (Ethernet 0) instead of the one of the fas. Assign the IP address and the subnet on int e0 instead. Then try to redo the step 5 and see what happen ...
Plug the ethernet into any one of the 4 ethernet ports on the router and assign the IP address and subnet mask to interface ethernet0.
nigela
join:2003-01-01
uk

nigela

Member

Re: [Config] cisco 837 defaults

Excellent, I have got into the web based setup by assigning the ip and subnet to int e0. Left ethernet lead in the 1st of the 4 ethernet ports as recommended by michaelr and I have success.

Sorry, dont know why I couldn't assign the ip and subnet to FA1.

I could now take the easy route and configure via the web but if you guys are still prepared to spend the time I wouldn't mind trying to configure via CLI.

Next thing I would like to do is enable dhcp server on the 4 ethernet ports.

Going out for the day now hence the brief post but I will do more upon my return.

Thanks again guys for your time
aryoba
MVM
join:2002-08-22

aryoba

MVM

DHCP on layer-2 ports

nigela,

Do you remember the error message you saw (ip address may not be configured on L2 links)? As michaelr mentioned, the int fa1-4 are obviously layer-2 interface. Therefore, you can only assign IP address on the VLAN interface that maintain them.

As to enable DHCP server on the int fa1-4, the command should be something like this:

ip dhcp pool CLIENT
network 10.10.11.0 255.255.255.0
default-router 10.10.11.1
dns-server 1.1.1.2 1.1.1.3

which the "default router" is the VLAN IP address.
nigela
join:2003-01-01
uk

nigela

Member

Sorry for the absence, been a bit tied up for a few days.

I have got to admit, I succummed and set up the dhcp and username/password via CRWS, got the router connected and working ok.

I did a "shields up" security test via grc.com and it came back ok except that
a. The the router is responding to pings on the wan interface and
b. Port 139 (netbios) is showing closed. All other ports are showing "stealth".

I did a search on this forum for "stealth" and from that added the lines

"no ip redirects"
"no ip unreachables"

to Ethernet0

This has not sorted the ping problems but I guess this is because the config is showing:

access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable

Are the following lines the reason that the port 139 is visible from the wan?

access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm

These are really my only two issues now with the router.

Another question, how do I remove lines form the config? i.e.
"no ip redirects"
"no ip unreachables"

Any help greatfully received.

Current startup config below.

Router#show startup-config
Using 3435 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 **************
!
username Router password 0 *******
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 10.10.10.1
!
--More—
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
no ip mroute-cache
hold-queue 100 out
!
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ************
ppp chap password 0 ***********
ppp pap sent-username ****************
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
!
!
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
Ignatio
Premium Member
join:2003-03-14
Unionville, CT

Ignatio

Premium Member

Re: Ping responses

Re: your ping issue...

I think that this line...

access-list 111 permit icmp any any echo

...is what is making your router respond to pings.

If you remove that, I think you will no longer respond to external pings.
Note: leave the "echo-reply" line - that way you can still ping things and get replies back
AndrzejS
join:2004-02-05
Poland

AndrzejS to nigela

Member

to nigela

Re: NETBIOS & 139 & line(s) remove

OK 'almost defaul' c837cfg

! needed only for NETBIOS services
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
! means open 137&138 udp respectively
!
! needed only for VPN &|or tuneling as below
access-list 111 permit tcp any any eq 139
access-list 111 permit esp any any
access-list 111 permit gre any any
access-list 111 permit udp any any eq isakmp

BTW eg remove line(s) & much more
Router#terminal length 0

so
'Use a terminal emulation program to back up and restore a configuration'
from
'Capturing Text Output from Hyperterminal'
»www.cisco.com/en/US/prod ··· #em-prog

or
thx I_Route, Premium,VIP, 2003-09-19, Loc:Merrimack, NH
his thread
Forums » Hardware By Brand » Cisco » Cool CISCO telminal program/config editor
»Cool CISCO telminal program/config editor

Telconi Terminal 09a for Microsoft Windows (zip file, about 1 MB)
To use: Download and unzip the file and click on telconi.exe.
No installation required.
The archive also contains documentation (PDF).
Quick Download Links
Windows (98, NT4.0, 2000, XP) Telconi Terminal v0.9a
»www.telconi.com/download ··· ni09.zip
The current version (0.9a) will expire on the 20th of September 2004.