[jfurnas]

Hey guys,

I recently purchased a new Cisco 871 router, with the intent of hooking it up to my existing switch. The problem I am having, and hoping I can get some assistance on, is this:

My ISP (Comcast), uses a mac authentication when assigning IP addresses. Because of this, whatever router I hook up requires a mac address spoof. I logged into my cisco via terminal and ran the command mac-address <mac address>, and then logged into SDM to enable the interface. I now have a 'Link' and 'RX' light on the router, however I get not internet signal coming from it when I connect to one of the LAN ports. The documentation for the router is non-existent, and trying to find documentation online on cisco's website is like finding the holy grail.

Also, the 'status' tab of the SDM interface shows that no ip-address is being assigned to the router from the modem.

Could somebody offer me some assistance?

 

[MitchConner]

It's ridiculously easy to find configuration guides for anything with a Cisco badge on it:

https://www.google.co.uk/url?sa=t&r...VLLlRTrNULE3Uj7iSSu3Dw&bvm=bv.109910813,d.d24

It would be worth seeing your config so we can see what's going on if you're stuck.

 

[jfurnas]

I have a bone stock configuration aside from the mac-address being changed on it. I have this same guide that came with it actually now that I am thinking about it, and when I went through it trying to figure out how to set it up, none of the commands matched up and I kept getting command not found errors.

I'm going to print this off and see if it's different than the one that I have.

 

[MitchConner]

If you have an out of the box configuration, it's not going to work. An 871 is not plug and play unfortunately which means you're going to have to configure the router from scratch.

If you get stuck, let me know.

 

[jfurnas]

If you have an out of the box configuration, it's not going to work. An 871 is not plug and play unfortunately which means you're going to have to configure the router from scratch.

If you get stuck, let me know.

This I found out. I am going to look at this guide and see how things go. One thing it doesn't address, is mac-address cloning which I NEED to do or I won't get an IP assigned to it.

Thanks for the document. The ones I kept pulling up all weekend were ones you had to order online.

EDIT: While I have you, let me ask you really quick. What web-interface do you use for administering? I currently have SDM 2.5 (and working) installed on my laptop I am using, as I couldn't get CCP to work (I have windows 10), and I don't feel comfortable having to keep max version of Java at 7 to be able to use the web interface. (I also have a console crossover, but would like interface acess as well)

 

[MitchConner]

If you need to spoof your mac address just do this:

1. Find the mac of your old router (it should be on a sticker on it usually).
2. Log on to the Cisco router and use these commands:

conf t
interface <your wan interface, either ATM or physical) fastethernet 1
mac-address xxxx.xxxx.xxxx
no shut
exi
wri mem

 

[jfurnas]

If you need to spoof your mac address just do this:

1. Find the mac of your old router (it should be on a sticker on it usually).
2. Log on to the Cisco router and use these commands:

conf t
interface <your wan interface, either ATM or physical) fastethernet 1
mac-address xxxx.xxxx.xxxx
no shut
exi
wri mem

Those are the commands I did, except it's one of the mac-addresses on my network that I need to clone. (A desktop PC that I used when I registered). I am going to run into address conflicts though once I power the desktop up when they have the same mac. I am going to have to look at spoofing it on the desktop.

 

[MitchConner]

No, mac addresses are local, so your ISP won't see your PC mac address at all. You need to configure ppp on the router and a lot more things if it's straight out of the box otherwise you're going to be going in circles.

 

[jfurnas]

I'm going to go through the guide, section by section and do the steps listed. I'm fairly knowledgeable with computers, and most networking, but haven't dealt with a cisco product before so i'm not familiar with their setups and the 'manual configuration' that's needed.

 

[MitchConner]

I don't use the GUI mate, i'm CLI only

You'll need to configure the router for http access:

conf t

enable secret techsupportforum

interface fa3
ip address 192.168.0.1 255.255.255.0
no shut
exi

ip http server
ip http authentication local
username jfurnas password techsupportforum.com priv 15
exi
wri mem

make sure your pc has an address in the same subnet (192.168.0.2) and open a web browser and type in http://192.168.0.1 then type your username and password as above.

 

[jfurnas]

So, I spent much of today going through the book, doing what they show in the examples, still with no luck. The documentation is extremely hard to follow. Each example looks like it was taken from a real-world setup, and not an 'example setup', as each step has different ip addresses and ranges. It makes it difficult to know if you should be using the same ip address throughout, or if you should be using different ip addresses, like the manual shows.

How do I print out my configuration, so that I can post it and you can take a look at it? Once I get the thing setup how I need it to, I won't need to touch it again, it's just a matter of getting it to that point.

 

[MitchConner]

Log on to the router via console, enable logging in putty, and type this into the cli:

show run

 

[jfurnas]

Okay, here is the log that was produced from console using putty.

Looking at it, it looks incorrect, hopefully you are able to help.

View attachment cisco_log.txt

 

[MitchConner]

There's barely any config on that mate. Can you let me know what flavour of ppp your current router is using then we can build out your config.

 

[jfurnas]

I'm not sure which version the current one is using. I'm connected via Comcast cable into my netgear router. All I did for setup was plug the wan in, spoof the MAC address and power cycle out of the box.

 

[jfurnas]

Looking at an a couple of articles I read online, Comcast doesn't use PPP, it uses DHCP. I am not sure if you were referring to the local PPP or WAN side, but comcast uses a mac address lookup (why the spoof is required), and DHCP, not ppp.

 

[MitchConner]

Hi mate.

They will use some flavour of layer 2 protocol mate, it's doubtful that a home provider would provide ethernet to your router. You can have a look at the wan configuration on your netgear, it'll tell you there either way.

From my understanding of your description, your Cisco router is sat behind your Netgear router (which will be doing the wan routing) connected to a private IP of 10.10.10.1 (this is a precision guess based on your DHCP config, which doesn't match your interfaces configs). Put these commands into your router please mate, you can copy everything and paste it straight into the cli (obviously not the text between parenthesis):

erase start (this will remove your old startup config)
reload (this will clear the running config)

When the router reloads, copy and paste this whole thing:

conf t
!
interface vlan 1
ip address 192.168.1.2 255.255.255.0
ip nat inside
no shut
exi
!
interface fas1
desc Link to Netgear
10.10.10.2 255.255.255.0
ip nat outside
no shut
exit
!
interface fas2
desc Inside LAN
switchport access vlan 1
switch noneg
no shut
exit
!
ip dhcp pool INSIDE_NETWORK
network 192.168.1.0 255.255.255.0
default-router 192.168.1.2
dns-server 8.8.8.8
domain-name workaholic-studios.net
lease 0 8
ip dhcp excluded-address 192.168.1.2
!
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface fas1 overload
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
no ip domain lookup
!
service password-encryption
!
ip domain-name workaholic-studios.net
!
hostname LAN-ROUTER
!
username admin secret techsupportforums priv 15
!
enable secret techsupportforums.com
!
ip http server
ip http authentication local
!
line vty 0 15
login local
transport input ssh
!
crypto key gener rsa gener mod 2048
!
ip ssh version 2
ip ssh time-out 120
ip ssh authentication-retries 3
exit
wri mem

If any of the commands don't take, post the output when it errors and let me know.

 

[jfurnas]

Actually, the setup you thought is incorrect. Currently, it's setup like this:

My WAN comes into my Netgear Wireless router. It then routes to my wired and wireless devices together.

I want the cisco to be my main router, and the wireless netgear will connect to that as a wireless AP for my wireless devices. The cisco router will then connect to a 24 port cisco switch, which all my wired devices connect to. I hope that makes sense. I will essentially have two routers, but the netgear will be a secondary one used only as a wireless access point.

As far as the protocol, i'm pretty confident it doesn't use PPP. Every group or discussion i've looked at online has indicated (including the official comcast support forums), that they use DHCP and 'straight ethernet'. When you sign up for service, you register your modem with the ISP, and then you register your PC to the modem using it's mac address. That's how it knows what IP to assign to what device on that modem. There is no other authentication that happens. It is a docsis3 modem, but I don't think that has any relevance on the other end.

Here is an article from the official comcast support forums to support it:

DHCP or PPPoE -- which am I supposed to use? - Comcast Help and Support Forums

 

[MitchConner]

Just add these under fas1 then:

no ip address 10.10.10.2 255.255.255.0
ip address negotiated
mac-address 50e5.49c8.0da3

If you need to change the route statement (to match the correct next-hop IP) either:

no ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 0.0.0.0 0.0.0.0 fas1

 

[jfurnas]

Is that in addition to the stuff listed above or in place of?