Cisco 871 drama

dwtherock

Hey guys, I need some help figuring this out. It doesn't sound too hard but here is the scoop. The 871 I bought off ebay supports a command ip subnet-zero but after typing it, it doesn't show in the the config. I even tftp'd one running-config file into the router and ip subnet-zero commnad still won't show. I suspect something is wrong with the router IOS? Any ideas what I can do before I toss it.

Also how hard is it to obtain an IP address from my cable modem? Doesn't ip dhcp pool 10network and import all, etc etc take care of my dhcp function so my router gets an IP? I exclude one address for the router and that be 10.10.10.1. I do everything from the documentation from Cisco's website. I know I am not a brick.

Anyone? I almost want to pay someone to agree with me here it's that bad. The router was 190.00. Maybe I should have bought from a reputable place. Anyone commenting on this will get one week of free Cisco support from me. Actually, whoever answers this doesn't need my support. LoL I crack myself up.

Thanks though seriously.

DWTheRock

I can copy the config in later. (doing wr erase ...again)...it doesn't look much different than the 857sg_bk.pdf from Cisco's site. All my ACLs are right SDM shows and I can login etc.

The config is below:


!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 871
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3178039196
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3178039196
revocation-check none
rsakeypair TP-self-signed-3178039196
!
!
crypto pki certificate chain TP-self-signed-3178039196
certificate self-signed 01
Lots of numbers here cut for brevity
quit
!
!
username #$%^&* privilege 15 secret 5 #$%^&
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1452
!
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
speed 115200
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

tiersten

dwtherock wrote: »

The 871 I bought off ebay supports a command ip subnet-zero but after typing it, it doesn't show in the the config. I even tftp'd one running-config file into the router and ip subnet-zero commnad still won't show. I suspect something is wrong with the router IOS? Any ideas what I can do before I toss it.

Nothing wrong with the router or IOS. If it is the default setting then it won't show up in the config.

dwtherock wrote: »

Also how hard is it to obtain an IP address from my cable modem? Doesn't ip dhcp pool 10network and import all, etc etc take care of my dhcp function so my router gets an IP?

No. You're just creating a DHCP address pool for the DHCP server inside the router and telling it to get all the other settings from the upstream DHCP server. You still need to set the interface to get its IP address via DHCP using ip address dhcp.

dwtherock

Thanks. Now I remember. if that's default then you won't see it. WOW forgetting the basics here so lost in zone firewalls.

OK here is the updated config below with fa4 set to obtain automatically and still nothing.


!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 871
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip domain name yourdomain.com
ip name-server 24.151.8.210
ip name-server 24.151.8.211
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3178039196
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3178039196
revocation-check none
rsakeypair TP-self-signed-3178039196
!
!
crypto pki certificate chain TP-self-signed-3178039196
certificate self-signed 01
cut for brevity
quit
!
!
username @#$%^& privilege 15 secret 5 $%^&*
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
no modem enable
speed 115200
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end


Are your fingers tapping the table yet?? Mine are.

JavonR

dwtherock wrote: »

Also how hard is it to obtain an IP address from my cable modem?

Woah. Stop right there. Is your fa4 grabbing an external ip address at all?

do a show ip int brief and see if you have an external IP. If you are not grabbing an external IP address it has nothing to do with your pool configuration.

dwtherock

I think I tried that because I was curious too. I am not at the router now but I can try again later.

Also the Fa4 interface goes up and down constantly. Every 10 minutes or every 10 seconds. I too a screen shot and sent it back to the ebay seller. Also I had the WAN setup as per the config above to receive dhcp address and the test you can perform in SDM on interfaces showed everything pass except that it had no ip address. Go figure.

I think I will go back and try two things.

A) try again and do the sh ip interface command

try it dhcp off my other router

C) try it hard coded ip off other router which did work but slow

D) stick it back in the box and spend more money for sth that works

I hope its not a layer 8 problem. The issue between the keyboard and the chair.

JavonR

Definitely try that stuff.. it's worth a shot. However, with the interface going up and down randomly every 10 minutes/seconds it's probably a lemon . Good luck!

phantasm

Here is my Fa4 interface off of my 871. I also have an IPSEC VPN and CBAC configured (SDM was used for CBAC only). I cant post the whole config because the board software complains about it and i don't have the time to go line for line to make it work.

interface FastEthernet4
description WAN Interface
ip address dhcp
ip access-group 101 in
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
no cdp enable
crypto map clientmap

dwtherock

Thanks all

The brick is going back to seller.

tiersten

You tried it in of the other ports?

phantasm

Another thought I had this morning; did you punch a hole in the firewall to allow incoming DHCP packets from your ISP?