How to Configure Cisco 800 Series Router Configuration for Internet Access

Written By Harris Andrea

The Cisco 800 series routers are part of the “Branch Office” category, used mainly for SOHO purposes or for connecting remote branch offices to a central location. They are “fixed hardware configuration” devices, meaning that they don’t have any plug-in hardware slots for inserting additional interfaces to the device (all the interfaces are fixed).

All the 800 series models come with a 4-port 10/100 managed switch used for connecting the internal LAN computers, and with an IOS software that supports security features including the Firewall set.

The main difference of each model is the WAN interface. All models that end with “1” in the model number (i.e 851, 861, 871, 881, 891) have a 10/100 Fast Ethernet interface as a WAN port.

The other models have an xDSL type WAN port (i.e ADSL, G.SHDL, VDSL2). Also, all models have the option of a WiFi Radio interface (the model number ends with a “W”, e.g 851W, 857W, 861W etc).

In this post I will describe a basic configuration scenario for connecting a Cisco 800 router for Internet access. I will use a model with an Ethernet WAN interface (such as 851, 861, 871, etc) since those models are the most popular.

Something to have in mind for all 800 series routers, the four LAN interfaces (FE0 up to FE3) are Layer2 switch interfaces that are assigned by default to Vlan1.

This means that you can not assign an IP address directly to the LAN interfaces. The IP address for the LAN-facing side of the router is assigned under “interface Vlan1”.

On the other hand, the WAN interface (FE4) is a normal Layer3 router port, which means you can assign an IP address directly on the interface (“interface FastEthernet4”).

MORE READING: Lan-to-Lan IPSEC VPN Between Cisco Routers - Configuration Example

I will describe three basic scenarios which are frequently encountered in real networks.

Scenario 1: WAN IP address of router is assigned dynamically by the ISP. LAN IP addresses assigned dynamically from the router to the internal PCs.
Scenario 2: WAN IP address of router is static. LAN IP addresses assigned dynamically from the router.
Scenario 3: WAN IP address of router is static. An internal LAN Web Server exists. The router performs a static Port NAT (port redirection) to forward traffic from Internet towards the internal Web Server.

Table of Contents

Scenario 1:

Configuration:

The following is the basic configuration needed for the simple scenario above.

configure terminal

enable secret somesecretpassword

! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36

! Do not assign addresses 1 to 30
ip dhcp excluded-address 192.168.1.1 192.168.1.30

! This is the LAN facing interface of the 800 router. Used as gateway for PCs
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

! Interfaces FE0 to FE3 are Layer 2 interfaces
interface FastEthernet0
no shut
interface FastEthernet1
no shut

interface FastEthernet2
no shut

interface FastEthernet3
no shut

! This is the WAN interface getting address via DHCP from the ISP
interface FastEthernet 4
no shut
ip address dhcp
ip nat outside

! Configure NAT. All internal hosts will be nated on the WAN interface
ip nat inside source list 1 interface fastethernet4 overload
access-list 1 permit 192.168.1.0 0.0.0.255

ip route 0.0.0.0 0.0.0.0 fastethernet4

line vty 0 4
password somestrongpassword

Scenario 2:

Configuration:

This is the same configuration as scenario 1 except that the WAN IP address is static and also the default gateway of our ISP is known.

MORE READING: Configuring High Availability using HSRP and Boolean Object Tracking

The only difference from the configuration above is on the WAN interface and on default route:

! This is the WAN interface with static IP

interface FastEthernet 4
no shut
ip address 100.100.100.1 255.255.255.0
ip nat outside

ip route 0.0.0.0 0.0.0.0 100.100.100.2

Scenario 3:

Configuration:

Here the WAN address is static and we have also an internal Web Server for which we need to allow HTTP access from Internet. To do this we must configure a static NAT with port redirection. Traffic that comes towards our WAN public address 100.100.100.1 on port 80 will be redirected by the router to the internal Web Server at address 192.168.1.10 on port 80.

configure terminal

enable secret somesecretpassword

! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36

! Do not assign addresses 1 to 30
ip dhcp excluded-address 192.168.1.1 192.168.1.30

! This is the LAN facing interface of the 800 router. Used as gateway for PCs
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

! Interfaces FE0 to FE3 are Layer 2 interfaces
interface FastEthernet0
no shut

interface FastEthernet1
no shut

interface FastEthernet2
no shut

interface FastEthernet3
no shut

! This is the WAN interface with static IP
interface FastEthernet 4
no shut
ip address 100.100.100.1 255.255.255.0
ip nat outside

! Configure NAT. All internal hosts will be nated on the WAN interface
ip nat inside source list 1 interface fastethernet4 overload
access-list 1 permit 192.168.1.0 0.0.0.255

! Configure static NAT for port redirection
ip nat inside source static tcp 192.168.1.10 80 100.100.100.1 80 extendable

ip route 0.0.0.0 0.0.0.0 100.100.100.2

line vty 0 4
password somestrongpassword

DOWNLOAD ARTICLE AS PDF FILE

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

Talent Hondo says

February 24, 2011 at 8:14 am

the tutorials are good & helpfull especially can u please email me more updates & tutorials on CISCO products. I am studying CCNA your updates helps me to coup up with the rapid growth & changes in technology
Aaron says

March 21, 2011 at 4:38 pm

What if you have a Linksys router connected to the WAN port, and on the same subnet? How should NAT/DHCP be configured so that clients on the switch ports receive internet?

|MODEM| —> |Linksys| —> |Cisco 851w|

I can ping the internet IP, Linksys gateway, and Linksys clients, but I clients on the Cisco router are unable to connect to the internet.
Blog Admin says

March 21, 2011 at 7:30 pm

Since the Linksys router will be doing the NAT translation of the private IP addresses, you can have the Cisco 851 to work as normal router (without any NAT). The Linksys router should have a static route for the internal network to be pointing to the WAN interface of Cisco.
Aaron says

March 22, 2011 at 3:26 am

Alright I am starting from scratch.. I am using only one static host off VLAN1 which I am able to ping the Linksys gateway, but I cannot ping Linksys hosts or my internet address. However, the Cisco router can ping all hosts including my internet, and any Linksys hosts are able to ping my static host off VLAN1. What am I doing wrong? Please let me know if I can configure DHCP still as it was not assigning my VLAN1 hosts any IP addresses.

Linksys Routing Table
Destination LAN IP—Subnet Mask—Gateway—Interface
0.0.0.0 0.0.0.0 internet gw WAN
98.222.68.0 255.255.252.0 internet ip WAN
192.168.1.0 255.255.255.0 192.168.1.1 LAN
192.168.2.0 255.255.255.0 192.168.1.2 LAN

Building configuration…

Current configuration : 913 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco851w
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
!
!
ip cef
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end
Ray says

March 31, 2011 at 1:32 am

Greetings, thank you for the posts, they are extremely helpful. I have an 851W and have configured it as shown below. I can PING all interfaces and the internet when consoled into the router, and the PCs on the LAN can PING the GW (192.168.1.1/24), the PCs can even ping the IP adders of the WAN port (FE4) in the router. However, the PCs cannot PING beyond FE4, that is, cannot PING anything on the Internet. What have I done wrong? Thank you in advance for your help.

Router#sh run
Building configuration…

Current configuration : 1331 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 #################################
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.30
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 4.2.2.2
!
!
ip cef
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 permit 0.0.0.0 255.255.255.0
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ########################
login
!
!
end
Blog Admin says

April 1, 2011 at 9:06 am

Ray,

Change the access-list 1 to be as below:

access-list 1 permit 192.168.1.0
Esso says

April 5, 2011 at 7:32 pm

Why u r using subnet mask in access-list command,
wild card mask should be used instead of – right ?
Blog Admin says

April 6, 2011 at 1:58 pm

Esso,

You are right. I have corrected the mistake.
wendell says

April 19, 2012 at 4:20 pm

hi i am in this situation that i have static ip’s on my Vlan1 but also i want to have private addresses mentioned above.. is there a way i can assign Vlan 1 for public, and add vlan 2 for my private lan? thanks
popoymaster says

April 20, 2012 at 1:54 am

hi,

we just received router 881 router from our ISP for our 10meg pop, i am just a bit concern since they provided us with static ip’s for our lan connection, is there a way i can create something like 192.168.1.0 network on the other interfaces? i know what you assign in the Int VLAN 1 would be the lan.

intervlan perhaps?

thanks
Blog Admin says

April 21, 2012 at 12:13 pm

Hello,

Yes you can assign another vlan to a second interface of the router and put another subnet on it. This is like having a router with three interfaces, one WAN and two internal interfaces.
Scott says

May 4, 2012 at 2:22 pm

Hi:

I configured nating as shown in your example of the topolory with the webserver and the problem that we are having is that all incoming HTTP requests are answered by the embedded webserver in the eouter not my the actual websrver on the inside. I had an engineer from Cisco work almost 2 hours this last Tuesday and could not resolve this issue. I’d appreciate any thoughts that you’d care to share!
Blog Admin says

May 4, 2012 at 7:11 pm

Scott,

I understand what you mean. You have two options:

1) disable the http server on the router
2) change the port number that the internal server is listening from 80 to something else.
JL says

May 11, 2012 at 8:14 pm

Hello, I had to face a beginning from scrap and your notes have been extremely useful, since I have to go to zero conf in order to recover lost admin password at a 871W. I’ve been almost successfull: I can access the device via wireless, but I don’t see any at Internet. This is the running configuration:

Building configuration…

Current configuration : 2846 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mpsw
!
boot-start-marker
boot-end-marker
!
enable secret 5 ###################################
enable password ###################################
!
username ########## privilege 15 secret 5 ###################################
aaa new-model
!
!
aaa group server radius rad_eap
server 192.169.1.100 auth-port 1812 acct-port 1813
!
aaa authentication login eap-methods group rad_eap
aaa session-id common
ip subnet-zero
no ip routing
no ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.30
ip dhcp excluded-address 192.169.1.100 192.169.1.254
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1 255.255.255.0
dns-server 100.100.100.36
!
ip dhcp pool mpsw-isr
import all
network 192.169.1.0 255.255.255.0
!
!
no ftp-server write-enable
!
!
!
!
!
bridge irb
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
shutdown
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
speed auto
half-duplex
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 0 AB01CDE234FABC5678DEFAB901 transmit-key
encryption mode wep mandatory
!
ssid mpsw
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface BVI1
ip address 192.169.1.100 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
radius-server local
nas 192.169.1.100 key 0 ########
user ······ nthash 7 040A2E512E73156F5A4D5733375854257209770911667A4B54355025730C790602
user ······ nthash 7 01445120795D5F2B76686C513A5C33375F5E577E7E7D7D6663773225455423000A
!
radius-server host 192.169.1.100 auth-port 1812 acct-port 1813 key ########
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password ##########
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end

I’ve tried everithing I know (not that much :-), HELP!

Thanks in advance, José Luis
Blog Admin says

May 12, 2012 at 4:02 am

Hello,

The configuration looks ok. Try to find out what is the IP address and default gateway you are receiving on the WAN interface (fasteth4). Run “show ip route” and see the routing table of the device. From there see the default gateway IP and try to ping it from the router.
JL says

May 12, 2012 at 10:02 pm

Hello,

I’ll try this, thanks a lot!
JL says

May 14, 2012 at 7:52 pm

Hello, I’ve tried this, working in the router I can access the gateway IP, I can ping others IPs, but no way from the workstation (neother from WiFi conn nor RJ45 connection). Thanks!
Jose Luis says

May 15, 2012 at 9:29 pm

Hello, though I see the default gateway, and I can ping it, there’s still no connection neither from wifi connections nor RJ45 connections.
Mike chisina says

October 1, 2012 at 11:42 am

Thanks for info.

i have one problem,

Everything is working except that user in the inside network can not ping the static natted ip address 41.220.25.185 but can access on 192.168.0.200.

May you assist me please why its not?

find the following router configs:

Current configuration : 859 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname mtcrouter
!
ip ssh version 1
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 41.220.25.38 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.0.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.0.200 41.220.25.185
ip classless
ip route 0.0.0.0 0.0.0.0 41.220.25.37
ip route 192.168.0.0 255.255.0.0 41.220.25.37
ip route 41.220.25.184 255.255.255.248 FastEthernet0/1
!
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
!
!
!
!
line con 0
line vty 0 4
login

!
!
!
end
Blog Admin says

October 1, 2012 at 12:39 pm

You can’t ping the statically nated IP
joe says

February 19, 2013 at 6:47 am

Hi,
I am having trouble configuring my 871W router. To start, I just want to be able to connect to my ISP via cable modem. Any help is greatly appreciated. Here is a my running-config:

Current configuration : 1501 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$BaCj$chtFRt9G/WF5Xccr1kFIn0
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.30
!
ip dhcp pool dpool1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 167.206.245.130 167.206.245.129
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 24.184.200.1 255.255.248.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router rip
version 2
network 24.0.0.0
network 192.168.1.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 24.184.200.1
ip route 0.0.0.0 0.0.0.0 dhcp
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password SKYe!
login
!
scheduler max-task-time 5000
end

Router#
Blog Admin says

February 19, 2013 at 8:12 am

Everything looks correct. The only gray area is the routing table.

Do a “show ip route” on the router to see what’s going on with the routing table.

Why do you use RIP? If you just want internet access then only a default route is enough. Find out from your ISP which is the IP of your default gateway and then configure a default route only:

ip route 0.0.0.0 0.0.0.0 [default gateway IP]
Mike says

November 15, 2016 at 8:48 am

Hello. I have cisco 891 router and it was configured with scenario 1. But I have no internet connection on my PC. Here is my configuration. Please help me. Thank you.
Building configuration…

Current configuration : 3283 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-881160496
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-881160496
revocation-check none
rsakeypair TP-self-signed-881160496
!
!
crypto pki certificate chain TP-self-signed-881160496
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38383131 36303439 36301E17 0D313631 31313530 38303834
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3838 31313630
34393630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
8B81D4F8 8FE73055 EAD369D2 6DAFA601 08F91619 79B1CBA4 1CA66A04 8F4F8231
B2485485 FE3C2543 22C9F956 4471496D F27C6189 E66562E8 2D3F6585 5BBA9394
934513B7 037777C3 88767D61 7AB895F6 FE24058F 6D39B0C9 73457E41 29E218A0
D35182E2 ABB8729E 6FE38E02 DFA5C308 385C6253 E2B7FF64 7F83375C 71A5898B
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014AE BEC935F7 D28CE9B2 A2CB5F72 BA0B039E D5D76230 1D060355
1D0E0416 0414AEBE C935F7D2 8CE9B2A2 CB5F72BA 0B039ED5 D762300D 06092A86
4886F70D 01010505 00038181 0037B7E5 DCAB3BFE 88A686C5 8D478E89 8086DCF9
EBD1DC8F 27F23DC1 2F641974 30B3BB79 D5EA695A A795F99F 597DC6A9 2DD22FB5
398BC9A3 BB25CAAC A4262D03 8A6C0B14 F9D7007D 9318ED9B 785F2757 B4CB9CF3
2306A425 BE56D77B DBE382D0 37402708 E7A689BF C5C6C0D5 BF21ABE0 7D7986AE
59F50974 7F89FE72 34ABA811 F0
quit
ip cef
!
!
!
!

!
!
ip dhcp pool vlan1pool
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.1.1
!
!
!
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO891-K9 sn FCZ1747C1E8
!
!
username vsz privilege 15 password 0 xxxxxx
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
!
access-list 1 permit 192.168.3.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line 1
modem InOut
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
password 12mar84qW
login local
transport input telnet ssh
!
!
end
Harris Andrea says

November 16, 2016 at 2:15 pm

The Router’s DHCP Server assigns DNS address “dns-server 192.168.1.1” which might not be a valid DNS server. Make sure this is the DNS of your ISP for example or maybe something like Google DNS (8.8.8.8)

Harris
carlos says

August 4, 2018 at 1:03 pm

! Configure NAT. All internal hosts will be nated on the WAN interface
ip nat inside source list 1 interface fastethernet4 overload
access-list 1 permit 192.168.1.0 0.0.0.255

Replacing route works for me!
ip route 0.0.0.0 0.0.0.0 dhcp
akajiaku nwabekee says

March 26, 2019 at 10:38 am

please can someone help me out, i have done all the necessary configuration but still can access internet.

MEOGL(config)#do show run
Building configuration…

Current configuration : 2180 bytes
!
! Last configuration change at 09:59:15 UTC Tue Mar 26 2019
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MEOGL
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$ROe6$wMgypgh6DkjBnNs/7NXfF0
enable password [email protected]
!
no aaa new-model
memory-size iomem 10
!
!
!
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.100
!
ip dhcp pool mypool
network 10.0.0.0 255.192.0.0
default-router 10.0.0.1
dns-server 10.0.0.3 4.2.2.2
domain-name mastersenergy.com
lease 7
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ1804C3SL
!
!
!
spanning-tree portfast bpduguard
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 500
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 500
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 500
no ip address
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 500
no ip address
spanning-tree portfast
!
interface FastEthernet4
ip address 41.76.81.203 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan500
ip address 10.0.0.1 255.192.0.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source list 500 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 41.76.81.201
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 192.168.0.0 255.255.255.0 10.0.0.0
!
ip access-list extended masters
permit ip 10.0.0.0 0.0.0.255 any
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.192.255
access-list 23 permit 10.0.0.0 0.0.192.255
access-list 23 permit 10.0.0.0 0.255.255.255
access-list 23 permit 10.0.0.0 0.0.0.255
access-list 23 permit 9.0.0.0 240.255.255.255
access-list 100 permit ip 10.0.0.0 0.0.192.255 any
!
snmp-server community n RO
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password [email protected]
login
transport input all
!
!
end
Harris Andrea says

March 26, 2019 at 11:02 am

1) From the router itself, can you reach (ping) the default gateway (41.76.81.201) ?
2) you are assigning a DNS IP of 10.0.0.3 . Is this an actual DNS server?
3) remove this configuration line “ip nat inside source list 500 interface FastEthernet4 overload”
4) from a computer can you ping the router? (10.0.0.1) ?
GiuCO says

June 20, 2020 at 12:32 pm

Hello
I’m trying to configure a Cisco 881 router, I tried the first method with dhcp pool but I don’t have internet access (No network access).

In Windows network diagnostics I get: windows can’t communicate with the device or resource (Primary DNS server)

The Network scheme is:
Internet provider modem/router -> Cisco Router -> PC

Current configuration : 1603 bytes
!
! Last configuration change at 12:11:06 UTC Sat Jun 20 2020
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GiuCoRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 ce/xYbRQjfXDKk/FM4yYqj7ZRMdL/qyrKixkhzU5fm6
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.30
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C881G+7-K9 sn FCZ164490U4
!
!
username GiuCO privilege 15 secret 4 ce/xYbRQjfXDKk/FM4yYqj7ZRMdL/qyrKixkhzU5fm6
!
!
!
!
controller Cellular 0
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Cellular0
no ip address
encapsulation slip
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 3
no exec
line vty 0 4
Harris Andrea says

June 20, 2020 at 1:25 pm

Can you check if the Cisco router has received IP address on its WAN interface (FastEthernet4) ? Also, maybe the ISP router is assigning IPs to the Cisco in the same range as the internal LAN ?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How to Configure Cisco 800 Series Router Configuration for Internet Access

Scenario 1:

Scenario 2:

Scenario 3:

DOWNLOAD ARTICLE AS PDF FILE

Related Posts

Download Free Cisco Commands Cheat Sheets

About Harris Andrea

Comments

Leave a Reply

About Networks Training

Amazon Disclosure

Search

BLOGROLL