API tools faq
paste
Advertisement
xtiansimon

Unfinished Step-By-Step Minimum 871w Conf for CCP 2.7

xtiansimon
Feb 18th, 2014
1,579
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.88 KB | None | 0 0
raw download clone embed print report
  1. [Unfinished] Step-By-Step Minimum 871w Conf for CCP 2.7
  2.  
  3. ---
  4. NOTE: This assumes the current conf is factory default. See, link [9] for instructions to reset router.
  5.  
  6. 1) Customize hostname [1],
  7. My device name is TooterTurtle
  8. router(config)#hostname TooterTurtle
  9.  
  10. 2) Add some best practice commands [2],
  11. TooterTurtle(config)#no ip domain lookup
  12. TooterTurtle(config)#no logging console
  13.  
  14. 3) Checking the 871w's device interface names,
  15. TooterTurtle#show ip interface brief
  16. Interface IP-Address OK? Method Status Protocol
  17. FastEthernet0 unassigned YES unset up up
  18. FastEthernet1 unassigned YES unset up down
  19. FastEthernet2 unassigned YES unset up down
  20. FastEthernet3 unassigned YES unset up down
  21. FastEthernet4 unassigned YES unset administratively down down
  22. Dot11Radio0 unassigned YES unset administratively down down
  23. Vlan1 unassigned YES unset up up
  24.  
  25. 4) Configure basic configuration requirements for CCP 2.7 [3],
  26. The CCP Release notes list the basic configuration required to use CCP; however, in my experience this was insufficient for device discovery. Nevertheless, these are all necessary conf settings.
  27. TooterTurtle#conf t
  28. TooterTurtle(config)#ip http server
  29. TooterTurtle(config)#ip http authentication local
  30. TooterTurtle(config)#line vty 0 4 // THis is shown in the url as "0 15";
  31. TooterTurtle(config-line)#login local
  32. TooterTurtle(config-line)#transport input telnet
  33. TooterTurtle(config-line)#transport output telnet
  34. TooterTurtle(config-line)#exit
  35. TooterTurtle(config)#username admin privilege 15 secret xxxxxxxx
  36. TooterTurtle(config)#write mem
  37.  
  38. 5) Try CCP.
  39. To try CCP at this stage there are a few steps to follow in CCP.
  40. 5.1) Run application as admin
  41.  
  42. 5.2) Create new community. My community is named, MrWizardsWorld
  43.  
  44. 5.3) From menu Application >> Setup New Device -> Setup Wizard.
  45. Settings for this 871 only work with vlan. Select device vlan and enter the network address you've chosen for your internal network here, plus the user and password from step #4.
  46.  
  47. 5.4) My settings command preview:
  48. conf t
  49. username admin privilege 15 secret 0 *****
  50. interface Vlan1
  51. ip address 192.168.10.1 255.255.255.0
  52. no shutdown
  53. exit
  54. ip http server
  55. ip http authentication local
  56. ip http timeout-policy idle 60 life 86400 requests 10000
  57. line vty 0 4
  58. login local
  59. transport input telnet
  60. exit
  61. exit
  62.  
  63. 5.5) Also, check the option boxes.
  64. YES - Backup current running configuration on the device flash
  65. YES - Add this device to the CCP's currently selected community
  66.  
  67. 5.6) Discovery = Failed
  68. The above settings were sufficient to complete the wizard procedure; however, once finished and back at the main screen (Home >> Community View or Home >> Dashboard, depending on how you navigate the application) device discovery fails.
  69.  
  70. 6) Troubleshooting from CCP User's Guide
  71. 6.1) There are several Java settings to check. see "Cisco CP Configuration Requirements" p.122
  72. 6.2) Go to page 129 and table 2-7 for more troubleshooting tips:
  73. "Connection to the device could not be established. Either the device is not reachable or the HTTP service is not enabled on the device."
  74.  
  75. This error message is displayed in one of the following conditions:
  76. - The CLI ip route <x.x.x.x> <x.x.x.x> <x.x.x.x> is missing in the configuration.
  77.  
  78. From this How-to [4] there may be a disconnect between the wizard setup of vlan1 and this requirement
  79.  
  80. "Notice that you cannot configure IP addresses under the “interface FastEthernet0? up to “interface FastEthernet3? ports. Those ports are Layer 2 switch ports and will inherit the IP address you assign under “interface Vlan1?."
  81.  
  82. 6.3) Add ip route line from [5]
  83. TooterTurtle(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet4
  84.  
  85. 6.4) Enable routing [6]
  86. "...ip routing command...turns on the routing process."
  87.  
  88. TooterTurtle(config)#ip routing
  89.  
  90. 6.5) p355 #show ip route [Note. This output does not change substantially between a successful and unsuccessful conf]
  91. TooterTurtle#show ip route
  92. Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
  93. D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
  94. N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
  95. E1 - OSPF external type 1, E2 - OSPF external type 2
  96. i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
  97. ia - IS-IS inter area, * - candidate default, U - per-user static route
  98. o - ODR, P - periodic downloaded static route
  99. Gateway of last resort is not set
  100. C 192.168.10.0/24 is directly connected, Vlan1
  101.  
  102. 7.) Continue with another CLI How-To: "CISCO 871W configuration for Small Offices"
  103. As stated in my OP, this is not the configuration I want for my network. I'm only using it because the instructions do create a successful conf. What's strange is the difference between the stated requirements in #4 above and all that is included in #7 below. I believe there must be some smaller configuration, one without bridging, or dhcp, perhaps? Right now this is it. The headers listed here are from that document (mostly) and in the order presented on that site.
  104.  
  105. 7.1) Skip "Creating Vlans",
  106. You shouldn't need to create vlan1 because its a necessary default for 871w, because FE0-FE3 are L2 and will not accept ip statement directly. Certainly, if your conf doesn't have Vlan1, you will need to create it. Following this step, the other important part of these instructions is the assignment of a "name" property to Vlan1 which is used throughout the How-To.
  107.  
  108. If you're a noob like me, then attempting to set this property you may encounter the following problems. The CLI complains about using the vlan database. I found a forum post Rosetta explaining how to configure the vlan name property [7] in the preferred manner; however, changing the name of the default vlan is not supported [8]. Going forward, when comparing these instructions with the How-To site you will find where the author used the given name for their vlan config, I simply used vlan1.
  109.  
  110. 7.2) Skip "Services, security and logging configurations required",
  111. This isn't necessary for CCP.
  112.  
  113. 7.3) Skip Authentication, Authorization and Accounting",
  114. In a previous attempt CCP generated a connection error about managing users with aaa.
  115.  
  116. 7.4) Do "Others configurations required"
  117. TooterTurtle#conf t
  118. TooterTurtle(config)#no ip source-route
  119. TooterTurtle(config)#no ip gratuitous-arps
  120. TooterTurtle(config)#no ip bootp server
  121. /** already set ip routing **/
  122. TooterTurtle(config)#ip cef
  123. TooterTurtle(config)#ip domain name Tooter
  124. TooterTurtle(config)#bridge irb
  125. TooterTurtle(config)#no cdp run
  126. TooterTurtle(config)#exit
  127.  
  128. 7.5) Skip "Configuring Radio and SSID`s",
  129. The How-To seems to over extend this header, since several non-wifi related commands are sub-headers of this section.
  130.  
  131. 7.6) Fast Forward "At this part, we will configure the VLAN’s",
  132. TooterTurtle(config)#int vlan 1
  133. TooterTurtle(config-if)#no ip address
  134. TooterTurtle(config-if)#no ip redirects
  135. TooterTurtle(config-if)#no ip unreachable
  136. TooterTurtle(config-if)#no ip proxy-arp
  137. TooterTurtle(config-if)#ip nat inside
  138. TooterTurtle(config-if)#ip virtual-reassembly
  139. TooterTurtle(config-if)#bridge-group 1
  140. TooterTurtle(config-if)#exit
  141.  
  142. [Skip vlan 20 config.
  143. NOTE: Actually, what I'm skipping is the How-To's Vlan10/GUEST settings. Instead I'm implementing Vlan20/INTERNAL as Vlan1.]
  144.  
  145. 7.7) Do "“A BVI (Bridge Group Virtual Interface) is a routed interface...",
  146. TooterTurtle(config)#conf t
  147. TooterTurtle(config-if)#ip address 192.168.10.1 255.255.255.0
  148. TooterTurtle(config-if)#ip nat inside
  149. TooterTurtle(config-if)#ip virtual-reassembly
  150. TooterTurtle(config-if)#exit
  151.  
  152. [The next sub-section, "Now we define a default route. Here we will set our default gateway" was already made above. Ping test fails.]
  153.  
  154. 7.8) Do "Now, we will configure ours permission lists and bridge protocols",
  155. TooterTurtle(config)#ip nat inside source list 101 interface FastEthernet4 overload
  156. TooterTurtle(config)#ip nat inside source list 102 interface FastEthernet4 overload
  157. TooterTurtle(config)#access-list 100 permit udp any any eq bootpc
  158. TooterTurtle(config)#access-list 101 permit ip 192.168.10.0 0.0.0.255 any
  159. TooterTurtle(config)#access-list 102 permit 10 10.0.0.0 0.0.0.255 any
  160. TooterTurtle(config)#ip access-list extended vlan1
  161. TooterTurtle(config-etc-nacl)#deny ip 10.0.0.0 0.0.0.255 any
  162. TooterTurtle(config-etc-nacl)#permit ip any any
  163. TooterTurtle(config-etc-nacl)#exit
  164.  
  165. TooterTurtle(config)#bridge 1 protocol ieee
  166. TooterTurtle(config)#bridge 1 route ip
  167.  
  168. 7.9) Do "Next step is configure ours dhcp and excluded dhcp"
  169. TooterTurtle(config)#ip dns server
  170. TooterTurtle(config)#ip dhcp pool vlan1
  171. TooterTurtle(dhcp-config)#import all
  172. TooterTurtle(dhcp-config)#network 192.168.10.0 255.255.255.0
  173. TooterTurtle(dhcp-config)#dns-server 192.168.10.1
  174. TooterTurtle(dhcp-config)#default-router 192.168.10.1
  175. TooterTurtle(dhcp-config)#domain-name INTERNAL
  176. TooterTurtle(dhcp-config)#exit
  177. TooterTurtle(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10
  178. TooterTurtle(config)#ip dhcp excluded-address 10.0.0.1 10.0.0.10
  179.  
  180. [UPDATE: This config was sufficient to access the internet, but DNS will not work. Add the global config command, "ip domain-lookup" [11]. It seems missing from the How-To.]
  181.  
  182. 7.10) Do "Finalizing the main configuration, we will configure our WAN port"
  183. TooterTurtle(config)#int FastEthernet4
  184. TooterTurtle(config-if)#ip address dhcp
  185. TooterTurtle(config-if)#ip verify unicast source reachable-via rx allow-default 100
  186. TooterTurtle(config-if)#no ip redirects
  187. TooterTurtle(config-if)#no ip unreachables
  188. TooterTurtle(config-if)#no ip proxy-arp
  189. TooterTurtle(config-if)#ip nat outside
  190. TooterTurtle(config-if)#ip virtual-reassembly
  191. TooterTurtle(config-if)#speed auto
  192. TooterTurtle(config-if)#full-duplex
  193. TooterTurtle(config-if)#exit
  194.  
  195. 7.11) Do "After doing all configurations, turn the interfaces..."
  196. TooterTurtle(config)#int FastEthernet0
  197. TooterTurtle(config-if)#no shutdown
  198. TooterTurtle(config-if)#switchport access vlan 1
  199. TooterTurtle(config-if)#exit
  200. TooterTurtle(config)#int FastEthernet4
  201. TooterTurtle(config-if)#no shutdown
  202. TooterTurtle(config-if)#exit
  203. TooterTurtle(config)#int vlan 1
  204. TooterTurtle(config-if)#no shutdown
  205. TooterTurtle(config-if)#exit
  206.  
  207. [That's it! The 871 is now pingable!]
  208.  
  209. 8) One final Gotcha.
  210. From the CCP Users Guide, p135. Starting with "Create a New Interface"
  211. Step 1 Click Configure > Interface Management > Interface and Connections.
  212.  
  213. I get an application error: Security Exception
  214. Missing required Permissions manifest attribute in main jar:
  215. http://127.0.0.1:8600/Counterpoint/ssdm-cp-1.1.jar
  216.  
  217. 8.1) A quick search of the internet finds an easy fix [10]
  218. In Control Panel >> Java >>
  219. Set security to medium
  220.  
  221.  
  222. --- LINKS
  223. [1]: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2689140485]
  224.  
  225. [2]: http://windowsitpro.com/networking/9-steps-setting-cisco-router
  226.  
  227. [3]: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_configuration_professional/v2_7/rlsnts/ccp_v27_rel_notes.html#wp46103
  228.  
  229. [4]: http://ciscorouterswitch.over-blog.com/article-cisco-871-interfaces-and-basic-configuration-80487118.html
  230.  
  231. [5]: http://www.xiitec.com/blog/2013/04/29/cisco-871w-configuration-for-small-offices/
  232.  
  233. [6]: Cisco Networking All-In-One For Dummies (2011). P356
  234.  
  235. [7]: http://www.techexams.net/forums/ccna-ccent/11287-configuring-vlans-use-vlan-database.html
  236.  
  237. [8]: http://certificationchat.com/forum/cisco-associate-forums/ccna/1867-default-v-lan-1
  238. https://learningnetwork.cisco.com/thread/58474
  239.  
  240. [9]: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-123-mainline/46509-factory-default.html
  241.  
  242. [10]: https://community.oracle.com/thread/2620082
  243.  
  244. [11]: https://supportforums.cisco.com/thread/139095
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!