stevepedwards.com/DebianAdmin linux mint IT admin tips info

Cisco Setup – WiFi LAN and NTP – Full Config + Password Reset + Webpage Access

Because the WiFi setup is so complex and I can't begin to explain it, it's best to give the final working config including the Network Time Protocol settings that worked for me to set the 877s clock by so log files and Internet time is correct.

cisco877#clock set 21:12:20 11 january 2017

cisco877#sh clock
21:13:11.295 London Wed Jan 11 2017

The WiFi LAN sections are cryptic and involved as DHCP, NAT, ssid, encryption, power levels (research what dB is safe/legal in your country! 0dB gives the same bars as my Draytek, so 128 dB may fry your eggs!):

cisco877(config)#interface dot11Radio 0

cisco877(config-if)#antenna gain ?
<-128 - 128> Resultant Antenna Gain in dB

and a bridging interface IP instead of a Vlan2 IP is required if the WiFi is going to connect fully to the other interfaces if it is to be setup without routing protocols, as it cannot be on the same subnet as the LAN (Vlan1).

For these Vlans to communicate also requires other Cisco additions like a helper address to route packets between Vlan1 and BVI2 and not try to exit the default gateway in search of each other. All interfaces have to be set ON remember!! No Shutdown!

As you have a WAN connection, you can get your ISP gateway IP from

sh ip route

C 195.166.130.254 is directly connected, Dialer1

S* 0.0.0.0/0 [1/0] via 195.166.130.254
is directly connected, Dialer1

My original full working config for my unit is below - amend it to suit - some is probably unnecessary, but if it ain't broke, don't fix it..:

!
version 12.4
service nagle
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco877
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxx
enable password 7 xxxx
!
no aaa new-model
clock timezone London 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
clock save interval 8
!
dot11 ssid cisco
vlan 2
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 xxxx
!
dot11 arp-cache optional
no ip source-route
ip cef
!
!
ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.21 192.168.1.254
ip dhcp excluded-address 192.168.1.1 192.168.1.2
ip dhcp excluded-address 192.168.2.1 192.168.2.2
ip dhcp excluded-address 192.168.2.21 192.168.2.254
!
ip dhcp pool CLIENT
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
ip dhcp pool WIFI
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8
!
!
ip name-server 8.8.8.8
ip name-server 212.159.13.49
!
multilink bundle-name authenticated
!
!
bridge irb
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode auto adsl2 adsl2+
!
interface ATM0.1 point-to-point
ip address dhcp
ip nat outside
ip virtual-reassembly
no snmp trap link-status
atm route-bridged ip
atm pppatm link reset
pvc 0/38
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
ip addr inarp
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
description WIFI vlan2
no ip address
no ip route-cache cef
no ip route-cache
no dot11 qos mode
no dot11 extension aironet
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
ssid cisco
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root access-point
rts retries 32
antenna gain 0
world-mode dot11d country GB indoor
no cdp enable
!
interface Dot11Radio0.1
description wireless vlan2
encapsulation dot1Q 2 native
ip nat inside
ip virtual-reassembly
no ip route-cache
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip access-group LAN2WEB in
ip helper-address 192.168.2.1
ip helper-address 192.168.2.255
ip directed-broadcast
ip nat inside
ip nat enable
ip virtual-reassembly
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Vlan2
no ip address
ip access-group LAN2WEB in
ip nat inside
ip nat enable
ip virtual-reassembly
ip route-cache policy
ip route-cache flow
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Dialer1
ip address negotiated previous
ip access-group BLOCKWAN in
ip nat outside
ip nat enable
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
autodetect encapsulation ppp
ppp authentication chap pap callin
ppp chap hostname user@plus.net
ppp chap password 7 xxxx
ppp ipcp wins request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
interface BVI2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.1
ip helper-address 192.168.1.255
ip nat inside
ip virtual-reassembly
!
ip default-gateway <YOUR ISP GW>
ip forward-protocol spanning-tree
ip forward-protocol udp ntp
ip forward-protocol udp 445
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
no ip http secure-server
ip dns server
ip nat pool WIFI 192.168.2.2 192.168.2.20 netmask 255.255.255.0
ip nat pool CLIENT 192.168.1.2 192.168.1.20 netmask 255.255.255.0
ip nat inside source list LAN2WEB interface Dialer1 overload
!
ip access-list extended BLOCKWAN
permit tcp any any established
permit udp any any
permit udp host 91.189.89.198 eq ntp any
deny ip any any
ip access-list extended LAN2WEB
permit ip any any
permit udp any any
permit icmp any any
!
dialer-list 1 protocol ip permit
snmp-server community public RO
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 03145404161F2E435E
login
!
scheduler max-task-time 5000
ntp clock-period 17179101
ntp server 91.189.89.198 prefer
end

As any lines with a hyphen cause fails it seems...all that can be done here is conf t and try to paste it in section by section and see what fails as incomplete, then add line by line for what's missing, bad Cisco!

Again, a reload required.

System configuration has been modified. Save? [yes/no]: yes
Building configuration...
[OK]
Proceed with reload? [confirm] y

See if the SSID is visible on a WIFI phone or laptop:

 

If you have to reset a Cisco device password, usually the Break command or equal, depending on Terminal used, allows the confreg change - see here:

http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/12818-61.html

Introduction

This document provides standard break key sequence combinations for the most common operating systems, and some tips on how to troubleshoot problems.

The Electronic Industries Association leavingcisco.com RS-232 logic level uses +3 to +25 volts to signify a Space (Logic 0) and -3 to -25 volts for a Mark (logic 1). A break signal is when the data line remains in the space condition for a specified duration, usually 100 ms to ½ second. All characters begin with a start bit and end with a stop bit (and also a parity bit or two). The level condition of the start and stop bits is always opposite. So, no character combination can look like the break signal. A break signal enables you to access a ROM Monitor on Cisco IOS® devices when a password recovery is necessary.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Standard Break Key Combinations

SoftwarePlatformOperating SystemTry This
HyperterminalIBM CompatibleWindows XPCtrl-Break
HyperterminalIBM CompatibleWindows 2000Ctrl-Break
HyperterminalIBM CompatibleWindows 98Ctrl-Break
Hyperterminal (version 595160)IBM CompatibleWindows 95Ctrl-F6-Break
KermitSun WorkstationUNIXCtrl-\l
Ctrl-\b
MicroPhone ProIBM CompatibleWindowsCtrl-Break
MinicomIBM CompatibleLinuxCtrl-a f

This means press CtrlA.....(release) then F.

http://www.cisco.com/c/en/us/support/docs/routers/800-series-routers/12065-pswdrec-827.html

Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
Type confreg 0x2142 at the rommon 1> prompt in order to boot from Flash.
This step bypasses the startup configuration where the passwords are stored.
Type reset at the rommon 2> prompt.
The router reboots, but ignores the saved configuration.
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
Type enable at the Router> prompt.
You are in enable mode and should see the Router# prompt.
Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory.
Important: Do not type copy running-config startup-config or write. These commands erase your startup configuration.
Type show running-config.
The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.
Type configure terminal.
The hostname(config)# prompt appears.
Type enable secret <password> in order to change the enable secret password. For example:
hostname(config)#enable secret cisco

Issue the no shutdown command on every interface that you use.
If you issue a show ip interface brief command, every interface that you want to use should display up up.
Type config-register <configuration_register_setting>. Where configuration_register_setting is either the value you recorded in step 2 or 0x2102 . For example:
hostname(config)#config-register 0x2102

Press Ctrl-z or end in order to leave the configuration mode.
The hostname# prompt appears.
Type write memory or copy running-config startup-config in order to commit the changes.

The HTTP server is active and can be accessed via a browser for a wealth of support and setup info:

This is the quickest way to find line stat info e.g. search "speed"

Comments are closed.

Post Navigation