The Cisco 800 series routers are part of the “Branch Office” category, used mainly for SOHO purposes or for connecting remote branch offices to a central location. They are “fixed hardware configuration” devices, meaning that they don’t have any plug-in hardware slots for inserting additional interfaces to the device (all the interfaces are fixed).

All the 800 series models come with a 4-port 10/100 managed switch used for connecting the internal LAN computers, and with an IOS software that supports security features including the Firewall set. The main difference of each model is the WAN interface. All models that end with “1” in the model number (i.e 851, 861, 871, 881, 891) have a 10/100 Fast Ethernet interface as a WAN port. The other models have an xDSL type WAN port (i.e ADSL, G.SHDL, VDSL2). Also, all models have the option of a WiFi Radio interface (the model number ends with a “W”, e.g 851W, 857W, 861W etc).

In this post I will describe a basic configuration scenario for connecting a Cisco 800 router for Internet access. I will use a model with an Ethernet WAN interface (such as 851, 861, 871, etc) since those models are the most popular.

Something to have in mind for all 800 series routers, the four LAN interfaces (FE0 up to FE3) are Layer2 switch interfaces that are assigned by default to Vlan1. This means that you can not assign an IP address directly to the LAN interfaces. The IP address for the LAN-facing side of the router is assigned under “interface Vlan1”. On the other hand, the WAN interface (FE4) is a normal Layer3 router port, which means you can assign an IP address directly on the interface (“interface FastEthernet4”).

I will describe three basic scenarios which are frequently encountered in real networks.

1. Scenario 1: WAN IP address of router is assigned dynamically by the ISP. LAN IP addresses assigned dynamically from the router to the internal PCs.
2. Scenario 2: WAN IP address of router is static. LAN IP addresses assigned dynamically from the router.
3. Scenario 3: WAN IP address of router is static. An internal LAN Web Server exists. The router performs a static Port NAT (port redirection) to forward traffic from Internet towards the internal Web Server.

Scenario 1:

Configuration:

The following is the basic configuration needed for the simple scenario above.

configure terminal

enable secret somesecretpassword

! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36

! Do not assign addresses 1 to 30
ip dhcp excluded-address 192.168.1.1 192.168.1.30

! This is the LAN facing interface of the 800 router. Used as gateway for PCs
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

! Interfaces FE0 to FE3 are Layer 2 interfaces
interface FastEthernet0
no shut
interface FastEthernet1
no shut

interface FastEthernet2
no shut

interface FastEthernet3
no shut

! This is the WAN interface getting address via DHCP from the ISP
interface FastEthernet 4
no shut
ip address dhcp
ip nat outside

! Configure NAT. All internal hosts will be nated on the WAN interface
ip nat inside source list 1 interface fastethernet4 overload
access-list 1 permit 192.168.1.0 0.0.0.255

ip route 0.0.0.0 0.0.0.0 fastethernet4

line vty 0 4
password somestrongpassword

Scenario 2:

Configuration:

This is the same configuration as scenario 1 except that the WAN IP address is static and also the default gateway of our ISP is known.

The only difference from the configuration above is on the WAN interface and on default route:

! This is the WAN interface with static IP

interface FastEthernet 4
no shut
ip address 100.100.100.1 255.255.255.0
ip nat outside

ip route 0.0.0.0 0.0.0.0 100.100.100.2

Scenario 3:

Configuration:

Here the WAN address is static and we have also an internal Web Server for which we need to allow HTTP access from Internet. To do this we must configure a static NAT with port redirection. Traffic that comes towards our WAN public address 100.100.100.1 on port 80 will be redirected by the router to the internal Web Server at address 192.168.1.10 on port 80.

configure terminal

enable secret somesecretpassword

! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36

! Do not assign addresses 1 to 30
ip dhcp excluded-address 192.168.1.1 192.168.1.30

! This is the LAN facing interface of the 800 router. Used as gateway for PCs
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

! Interfaces FE0 to FE3 are Layer 2 interfaces
interface FastEthernet0
no shut

interface FastEthernet1
no shut

interface FastEthernet2
no shut

interface FastEthernet3
no shut

! This is the WAN interface with static IP
interface FastEthernet 4
no shut
ip address 100.100.100.1 255.255.255.0
ip nat outside

! Configure NAT. All internal hosts will be nated on the WAN interface
ip nat inside source list 1 interface fastethernet4 overload
access-list 1 permit 192.168.1.0 0.0.0.255

! Configure static NAT for port redirection
ip nat inside source static tcp 192.168.1.10 80 100.100.100.1 80 extendable

ip route 0.0.0.0 0.0.0.0 100.100.100.2

line vty 0 4
password somestrongpassword

One of the most frequent problems encountered from users of DSL internet connectivity (especially PPPoE DSL service) is when they experience incomplete connections or unreliable data transfers when they communicate with internet servers. A prominent example is when a user accesses a web site and some times it works and some times does not. All these problems occur mainly because of MTU (Maximum Transmission Unit) and MSS (Maximum Segment Size) values that need to be adjusted on the customer’s broadband DSL router connecting the office to the ISP.
 
In this example we will consider a Cisco 800 series broadband router (e.g 850, 870 etc) connected with a DSL line using PPPoE protocol (you can find out if you are using such a connectivity method from your ISP. It is a very common DSL access method in USA and the rest of the world also).  

Before going any further, let’s put down some numbers regarding packet sizes:

• Normal Ethernet packets have an MTU value of 1500
• PPP protocol uses 8 bytes header size
• IP Header is 20 bytes
• TCP Header is 20 bytes

 
So, an Ethernet connected device (PC computer, Web Server etc) by default will send traffic with maximum 1500 bytes (1500 includes all headers plus data).

A broadband Cisco 800 router working with PPPoE DSL connectivity has two interfaces connected: One virtual WAN “Dialer” interface facing the ISP (attached on the physical FastEthernet 4 port) and one internal “Vlan 1” interface facing the LAN network (see the post here for an example how to configure PPPoE http://www.networkstraining.com/configuring-pppoe-for-cisco-router-520-and-for-850-870/ ).

We need to adjust two values (one for MTU and one for MSS) on each router interface (dialer and vlan1). On the Dialer interface (WAN interface) we need to adjust the MTU value to 1500-8 = 1492 in order to accommodate the 8-bytes PPP header size. On the Vlan1 interface we need to adjust the MSS value to 1500-8-20-20 = 1452 bytes (this is 1500 minus the PPP, TCP, and IP headers). So, always remember that to obtain the MSS value you need to subtract the TCP and IP headers as well. Let’s see a configuration snapshot below:

Cisco800(config)# interface dialer 1
Cisco800(config-if)# ip mtu 1492
Cisco800(config-if)# exit

Cisco800(config)# interface vlan 1
Cisco800(config-if)# ip tcp adjust-mss 1452

If you still experience problems with web traffic access, then you can still reduce the MSS value lower than 1452 (some people suggest lowering this value to 1412).

DHCP stands for Dynamic Host Configuration Protocol. Basically it’s a mechanism which assigns IP addresses to computers dynamically. Usually DHCP is a service running on a server machine in the network in order to assign dynamic IP addresses to hosts. All Cisco 800 series models have the ability to work as DHCP servers, thus assigning addresses to the internal LAN hosts. Without a DHCP server in the network, you would have to assign IP addresses manually to each host. These manually assigned addresses are also called “static IP addresses”.

In this post I will show you how to configure a Cisco 851 or 871 router to work as DHCP server. The same configuration applies for other 800 series models as well.

Router> enable

Router# config t

! define an IP address pool name and range
Router(config)# ip dhcp pool LANPOOL

! define a network range for the addresses that will be assigned
Router(dhcp-config)# network 192.168.1.0 255.255.255.0

! define a dns name to assign to clients
Router(dhcp-config)# domain-name mycompany.com

! define a default gateway for the clients
Router(dhcp-config)# default-router 192.168.1.1

! define the dns server for the clients
Router(dhcp-config)# dns-server 100.100.100.1

! define a WINS server if you have one
Router(dhcp-config)# netbios-name-server 192.168.1.2
Router(dhcp-config)# exit

!The following addresses will not be given out to clients
Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10

Cisco manufactures routers for all markets, ranging from SOHO up to large service provider models. The Cisco Router 800 series belongs to the lowest SOHO end. The most popular models in the 800 series are the 850 and 870 broadband access models which come with different types of WAN broadband interfaces (the difference between 850 and 870 is that the 870 models have higher throughput, support 10 VPN tunnels instead of 5 and also support VLANs with the proper IOS version). The 851 and 871 are equipped with a 10/100 Ethernet WAN interface which means that your ISP should provide you with a broadband modem offering an Ethernet connection towards the customer.

I’m getting a lot of questions about the interfaces of 851/871 routers and how they are arranged. I hope this post will clarify some things. The figure below shows the back panel of Cisco Router 851/871.

Ports FE0 up to FE3 under the LAN group can be used to connect internal computers or maybe to an internal switch to expand the number of internal ports (see points 1,2 in the figure above). These ports are actually Layer 2 switch ports, and not regular Layer 3 router ports. They are assigned by default to VLAN 1. You can create more VLANs and assign each port to a different VLAN (870 series), thus creating extra segmentation for your internal LAN. You can not configure IP addresses directly on the interface ports. The IP address must be configured on the Interface VLAN 1 (we will see example below).

Port FE4 is the WAN interface which must be connected to the ISP DSL broadband modem (see point 3 in the figure above). This port is a normal Layer 3 router port, which means you can configure IP address directly on the interface port.

Default Configuration for 851 – 871 Router

The Cisco 851 and 871 routers come with some preconfigured parameters (IP addresses etc) which might be in conflict with your current network topology. What I suggest is to erase the factory’s default startup configuration before you begin configuring your router for the first time. This allows you to start with a clean state and configure the router with all the features you need and leave off any that you don’t want. Connect with a console cable and after you get a command prompt execute the following:

Router> enable
Router# erase start

After you confirm the command, all the default configuration will be deleted. Power off the router device and then power on again. You will get a prompt as below:

Would you like to enter the initial configuration dialog [yes/no]

Type no and press Enter. This will give you a command prompt (Router>) and you are ready to configure your router from scratch.

Type show run to see the current configuration which looks like the following:

(some output omitted)

interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface FastEthernet4
no ip address
duplex auto
speed auto

interface Vlan1
no ip address

Initial Interface Configuration

From the above output you can see that FE0 up to FE3 are shutdown and also there are no IP addresses configured to any ports. You need first to enable FE0 to FE4 and then configure IP address under the “interface Vlan 1” and also under the “interface FastEthernet4” port. Notice that you CAN NOT configure IP addresses under the “interface FastEthernet0″ up to “interface FastEthernet3″ ports. Those ports are Layer 2 switch ports and will inherit the IP address you assign under “interface Vlan1″.

Example:

Assume that the internal LAN has IP network range 192.168.10.0/24. Also, our ISP has assigned us a static public IP address of  200.200.200.1 . Let’s see the interface configuration below:

Router(config)# interface fastethernet 0
Router(config-int)# no shutdown
Router(config-int)# exit

Router(config)# interface fastethernet 1
Router(config-int)# no shutdown
Router(config-int)# exit

Router(config)# interface fastethernet 2
Router(config-int)# no shutdown
Router(config-int)# exit

Router(config)# interface fastethernet 3
Router(config-int)# no shutdown
Router(config-int)# exit

Router(config)# interface fastethernet 4
Router(config-int)# no shutdown
Router(config-int)# ip address 200.200.200.1 255.255.255.252
Router(config-int)# exit

Router(config)# interface vlan1
Router(config-int)# no shutdown
Router(config-int)# ip address 192.168.10.1 255.255.255.0
Router(config-int)# exit

Notice that we configured IP addresses only to fastethernet 4 and vlan1. By default, interfaces fastethernet 0 to 3 are assigned to VLAN1 so anything you connect to those interfaces (internal LAN hosts) will belong to vlan1 network range 192.168.10.0/24 and they must have as default gateway the address 192.168.10.1.