I have the router as listed in the title. However upon inserting the ethernet cable it does not establish a connection between the router and pc, and continually has "acquiring network connection" or similar as the status on the computer until it goes to limited connection status.

I have tried setting a static ip address, however I still cannot seem to access the router at it's default address as well as other suggested addresses I have found on the internet.

I purchased it off someone else, who will not give me any support and said that it was working fine on his network. It did not come with a manual, although I have found some information similar on the net to help, but have not come at a solution. I have tried multiple computers.

Default address for this router is 10.10.10.1 as found on cisco website.

Would appreciate any help.

The obvious stuff:
Verify you're not cabled into the console port;
make sure the configured subnet matches with the router.

If that doesn't work, use your terminal of choice (putty, hyperterminal, etc) to access it via console, to find out if the unit has bricked.

Thanks jdabbs.

The obvious stuff:
Verify you're not cabled into the console port;
make sure the configured subnet matches with the router.

Not plugged in console port.
Pretty sure the subnet is right when I try manually configuring the ip.
I plugged it in this time and got assigned an "automatic private address" with the computers ip the same as the gateway. Can't access the router though.

I tried pinging the range of ip addresses that the router might be in (while on a static ip) if it's not at the default ip, but no response.

If that doesn't work, use your terminal of choice (putty, hyperterminal, etc) to access it via console, to find out if the unit has bricked.

Do I need a special cable to plug into the console port? And can I just plug it into my computers' network adapter on the other end? (Edit: Assuming you access the console via the console port?)

I found a console cable here, is this what I need? http://www.trademe.co.nz/Computers/Cables/Networking/auction-171266997.htm

If you're certain about the IP/subnet, ok.

A console cable was included as an accessory, but since you're getting it second hand, you probably wouldn't have gotten it. It's a Serial to RJ-45 cable, on eBay you can get one for less than $4 shipped (http://cgi.ebay.com/NEW-Blue-Console-Cable-for-Cisco-Device-RJ45-to-DB9_W0QQitemZ250284537190QQihZ015QQcategoryZ64047Q QssPageNameZWDVWQQrdZ1QQcmdZViewItem) (USA).

I'd try switching to another of the LAN ports just to rule out that it isn't just a bad port. Additionally, I'd ask the seller (assuming previous owner) if he reset the device before giving it to you. It looks like this device is IOS based; if it is even possible to perform a reset, there is a possibility that a reset would delete the config instead of just overwriting it with a default one.

Edit: That's the correct cable.

I've tried different ports on the router.
He said he wiped the config, but I'm not sure if that's the same as a reset?
If he wiped the config and that means that it deleted the config, does that mean I'll have to configure it from scratch?

I don't know for certain. With "real" Cisco routers (IOS-based), erasing the config leaves you at setup mode w/ no config. This is a very silly decision to implement on a consumer device. The inclusion of a console port and IOS does indicate this is a plausible scenario. Without being able to check by consoling in, it's hard to say.

Ok. I'll get back to you once I've got the console cable. The seller said he could provide me with one which I will pick up later today. Thanks for your help.

Edit: Where can I find out how to use the console on the router? etc. I think all I need to do is perhaps set up DHCP so that I can get an address when I plug in my computer, and anything else that needs to be configured. I think it has a web interface I could use from there. If it doesn't it could be a bit more complicated.

Configuring an interface shouldn't be too difficult. If you post your config, I'll provide the commands for copy/paste usage.

Cisco devices require the following parameters: 9600 (baud) 8 (data bits) N(o parity) 1 (stop bit). If you reboot the device while a session has been established, the boot progress will be displayed.

Once you're in and the device is ready:

You'll be prompted to enter setup mode or hit enter to access user mode.
Assuming no setup mode and no console password in place:

enable
show run
*copy the data down to paste here. redact passwords and/or hashes, if present*

Since my internet connection was down while I was switching isps, I tried configuring it myself using the initial setup. However, although the setup went through fine and saved, and although I can still access the router ok in console, it now comes up with these error messages in the terminal while using it:


%Error opening tftp://255.255.255.255/home-confg (Timed out)
*Mar 1 00:08:55.743: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/home-confg) failed
%Error opening tftp://255.255.255.255/home.cfg (Timed out)
*Mar 1 00:09:33.747: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/home.cfg) failed

Should I reset the router back to default settings before continuing? How do I do that?

Here is the config:

home#show run
Building configuration...

Current configuration : 1028 bytes
!
version 12.3
service config
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname home
!
boot-start-marker
boot-end-marker
!
enable secret {----}
enable password {----}
!
ip subnet-zero
no ip routing
!
!
no aaa new-model
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.0.0
no ip route-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
ip classless
ip http server
no ip http secure-server
!
!
snmp-server community public RO
snmp-server enable traps tty
!
control-plane
!
!
line con 0
exec-timeout 0 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password {0----------}
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end

This is the config after I did the initial setup

The TFTP error message is the router unsuccessfully attempting to grab a config.

By "using initial setup", are you referring to setup mode, or the web-based config?
If the former, you should be able to access the web-based one now by connecting to the LAN port, using a static IP of 10.10.10.2 w/ subnet mask of 255.255.0.0. I'd take a look at what utilities are offered there first before rebuilding the config.

Ok, I accessed the web interface, reset to defaults, built the config, and then set up the settings in the web interface.

I get an IP address with my ISP, but I can't actually access the internet at all. Strange. Any ideas?

First thing I'd check is whether you're still using the static IP, which doesn't have a gateway configured. If that's not the case, post the config to see how/if routing is configured.

Static IP? For the adsl or for my ethernet connection?
I am getting the address for my computer via dhcp now, and adsl connection is getting a dynamic address as well.

Here's my config:

Building configuration...

Current configuration : 3267 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname {---------}
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret {------------}
enable password {----------------}
!
ip subnet-zero
no ip routing
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.0.0 255.255.0.0
default-router 10.10.10.1
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.0.0
ip nat inside
no ip route-cache
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no ip mroute-cache
atm vc-per-vp 128
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname {----@---------}
ppp chap hostname {----@---------}
ppp chap password {---------------}
ppp pap sent-username {-----@----------}
password {---------------}
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
!
!
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
password {------------------}
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end

Thanks again for your help jdabbs.

I'll be away for a few days. I'll check again here when I'm back.

I'm actually still here until the end of the day (about 6-7 hours) if you want to suggest something jdabbs. Thanks.

Ah, ok. I'll grab a bite to eat, but I'll be around for most of tonight as well.

I've yet to come across DSL in the field so I can't do a true comparison, but I think with a bit of prodding the problem will be revealed.

Looks like routing is handled via a static route out Dialer0; sh ip route should confirm this. NAT also looks good. To find out if it's a routing issue, can you:

from the router:
ping 4.2.2.2
from PC command prompt:
ping the dynamic IP assigned by your ISP (should be bound to Dialer1),
tracert 4.2.2.2.

I don't know how your router is handling DNS: is it passing your ISPs DNS server IPs to the client via DHCP, or is it acting as an intermediary?

sh ip route reveals:

Default gateway is not set

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

It looks like some of the routing table output is missing. No S or C routes were reported?

Dialer1 is configured as the static route ip route 0.0.0.0 0.0.0.0 Dialer1, is it not reported as such because the interface is down? sh ip int b displays ths info.

I actually didn't have the phone cable plugged in or anything.

I tried to access the web interface, but while I can access the router, it doesn't seem to be able to load the web interface, takes a long time looking for IOS settings etc., but then says that it cannot communicate with the router, although I got that far OK.

I would do a reset again, but not sure how to do that via the console.

It does come up with:

%NAT: Error activating CNBAR on the interface Ethernet0
þNAT: Error activating CNBAR on the interface Dialer1

during boot, not sure if that's related or not. Seems suspicious to me...

sh ip int b comes up with:

Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM down down

Dialer1 unassigned YES NVRAM up up

Ethernet0 10.10.10.1 YES NVRAM up up

Virtual-Access1 unassigned YES unset up up

I don't know how your router is handling DNS: is it passing your ISPs DNS server IPs to the client via DHCP, or is it acting as an intermediary?

I'm not sure, what's the difference? I've got some idea, but it would help to explain.

Heading off now, I'll check back here in about 3-4 days.

DNS:
Imagine for a moment that your ISP's DNS server is 4.2.2.2 (Verizon). If your router was acting as an intermediary, the client would receive a DHCP lease with the router itself as the DNS server. If DNS info was just passed along, the client would receive a lease with a DNS server of 4.2.2.2. The reason I asked was because of wishful thinking on my part--there was a possibility that the router was configured correctly (previously stated it was able to obtain a dynamic IP) and that the client just needed a little tweaking.

Deleting the config:
There are two configs: the one in use residing in memory (running-config), and the one in NVRAM (startup-config). Performing an erase start in enable mode deletes the stored one, and power cycling the device immediately afterward gets rid of the one in memory.

NAT:
That may be a sign of a larger problem, but as NAT maps private IPs+ports to public, it is possible that if there is no public IP to map to, error messages may be generated. This is increasingly likely upon initial bootup.

And to clarify, are you using a config generated by setup mode, or one provided by the web interface/software CD?

OK. I wiped the config. Tried doing setup again, but still can't access web setup. Doesn't even assign me an ip address.

Either I could do a manual configure or maybe there is something that needs to be fixed for me to connect to the router through ethernet.

I did the intial setup through the console, and the rest in the web interface. The same this time after wiping it, setup the ethernet, but now don't get assigned an ip.

OK, it mysteriously started working again. Although I did wipe the config and try to manually set it up using the online guide on the cisco website. Not sure what got it going.

Now I have done some basic configuration manually, and the rest using the web interface to set up the ATM interface, etc.

But I still can't connect to the internet. Strangely, when I go to do a test in the troubleshooting section of the web setup, it passes successfully. It tests the dsl sync and pings the isp. So maybe I need to ring my isp about it? What do you think? I have tried another pc connected to the network which also can't access the internet, but can access the router, just like this computer.

At least I can access the web interface now...

Can you post the config and sh ip route output?

show ip route:

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

118.0.0.0/32 is subnetted, 1 subnets
C 118.90.101.209 is directly connected, Dialer1
58.0.0.0/32 is subnetted, 1 subnets
C 58.28.15.31 is directly connected, Dialer1
10.0.0.0/16 is subnetted, 1 subnets
C 10.10.0.0 is directly connected, Ethernet0
S* 0.0.0.0/0 is directly connected, Dialer1
C 200.200.0.0/16 is directly connected, Loopback0

show run:

Building configuration...

Current configuration : 3259 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname kurma
!
boot-start-marker
boot-end-marker
!
logging buffered informational
enable secret ---
!
username kurma password ---------------
username CRWS_Prem privilege 15 password -------------
ip subnet-zero
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.0.0 255.255.0.0
default-router 10.10.10.1
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
!
!
no crypto isakmp enable
!
!
!
interface Loopback0
ip address 200.200.100.1 255.255.0.0
ip nat outside
!
interface Ethernet0
ip address 10.10.10.1 255.255.0.0
ip access-group 122 out
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 128
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address dhcp
encapsulation ppp
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ---------
ppp chap password --------
ppp pap sent-username ------ password --------
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list WORD interface Dialer1 overload
!
!
access-list 111 permit tcp any any eq telnet
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any log
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
exec-timeout 120 0
login
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end

When I was connected the firewall did block an ip a couple of times:

*Mar 1 17:03:30.967: %SEC-6-IPACCESSLOGP: list 111 denied tcp 61.164.126.104(23
) -> 118.90.101.209(11000), 2 packets

Static route looks good.

Things that immediately strike me as wrong:
loopback0 assigned public IP;
loopback0 assigned NAT outside.

Not as bad things:
Don't see the need for two dialer interfaces.
DHCP lease is set to only two hours.

conf t
int loopback0
no ip nat outside
no ip address
Ctrl-Z

Once that's done, post show ip nat statistics

If you can try pinging from your PC 10.10.10.1, your WAN IP, and 4.2.2.2 and report results, that'd be cool too.

Oh, and looks like access list 111 is a hindrance. And do you really need to filter outbound LAN traffic? Let's at least get basic functionality before we start blocking traffic.

conf t
int dialer1
no ip access-group 111 in
int ethernet0
no ip access-group 122 out
Ctrl-Z

OK, so when I entered no ip nat outside, I got:
%NAT: Error activating CNBAR on the interface Loopback0

All the other commands went through fine. I remember getting the error somewhere in the past, maybe it was on bootup.

show ip nat statistics:

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Dialer1
Inside interfaces:
Ethernet0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 2
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list WORD interface Dialer1 refcount 0

I'll do the pings after I've posted this, as I only have one line.

OK I've done the commands for access lists.

I'll switch the connection to the soho97 now and try the pings. Report back here soon.

Update: ping to router address and wan address was successful, but ping to 4.2.2.2 was unsuccessful.

Here was the sh ip route output when I was just connected:

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

118.0.0.0/32 is subnetted, 1 subnets
C 118.90.72.36 is directly connected, Dialer1
58.0.0.0/32 is subnetted, 1 subnets
C 58.28.15.31 is directly connected, Dialer1
10.0.0.0/16 is subnetted, 1 subnets
C 10.10.0.0 is directly connected, Ethernet0
S* 0.0.0.0/0 is directly connected, Dialer1

OK, so when I entered no ip nat outside, I got:
%NAT: Error activating CNBAR on the interface Loopback0

That's ok--I believe the change took regardless, sh run can confirm.

I should have caught this earlier, but NAT is still messed up as well. NAT is relying on a nonexistent list ("WORD") to tell it what traffic to translate. Let's fix that:

conf t
ip nat inside source list 10 interface Dialer1 overload
access-list 10 permit 10.10.0.0 0.0.255.255
Ctrl-Z

Check pings and NAT again?

Ah hah... It's working.
Ping to 4.2.2.2 went through, and now I'm posting this through the cisco router.

Thanks for your helps jdabbs. What was the problem? Something in the NAT configuration?

Ah hah... It's working.
Ping to 4.2.2.2 went through, and now I'm posting this through the cisco router.

Thanks for your helps jdabbs. What was the problem? Something in the NAT configuration?

Now that we have the luxury of hindsight:

first config:
no DHCP
no NAT
no routes configured
no dialer interface/configuration

second config:
ACL 111 overly restrictive: would allow ping back through, and netbios (the last thing you want from the Internet), but web surfing would be impossible). That wouldn't have stopped the routing table from being populated. Not sure what caused the instability problem.

third config:
Similar to second config, but with the addition that NAT was mapped to the wrong interface, and not actively translating traffic (thanks to "WORD" group).

There's a bit of cruft left in your config (like the ACLs), but they're not going to impact operation. They can be removed by no access-list xxx, where xxx is the ACL in question. What you do need to do is save your config to NVRAM, that's done by copy run start. From there you can make changes, and if something breaks, just reboot. I think a DHCP lease of only two hours would get aggravating, I believe it's
conf t
ip dhcp pool CLIENT
lease 7 0
Ctrl-Z

for a week-long lease.

I'm glad you stuck it out to the end. I certainly learned a lot from the experience--my comfort zone w/ IOS is much narrower than I realized. Fortunately things did work out for the best, even if it did take a week.

OK.

I've since worked out the online installation manual a bit more, found here: http://www.cisco.com/en/US/docs/routers/access/800/820/software/configuration/guide/Preface.html

I can see what I missed before. When I configured the router manually last time I started from the Basic Router Configuration section, whereas I should have started at the section beforehand, which contained some of the commands I missed.

There's a bit of cruft left in your config (like the ACLs), but they're not going to impact operation. They can be removed by no access-list xxx, where xxx is the ACL in question.

Which access lists need to be removed?

Which access lists need to be removed?
None of them need to go, but you won't get much use out of 111 and 122.