Connect Cisco 891 to isp

Hello
Im having some problems lately with our new site network configuration.
We have there new Cisco 891 router and from isp we have Zyxel P-660HN-T1A router/modem as isp connection termination and one public ip from isp.
Problem is, how to setup router for this to work with zyxell? we want to use GRE tunnels to create site to site vpn, but im completly lost.
Should zyxell be in routing/bridge mode?
Any thoughts please?
Thx

If you use the Zyxel as a router, the public IP is on that device and is NATed to a private transfer-network that you have between the Zyxel and your 891.
For best flexibility, you should use a "DSL-Modem" in front of the router. With that the public IP is on your cisco 891 and you can use the whole features that your 891 offers.
Based on the Web-Description of the P660HN-T1A, the "Modem-Mode" is not supported on that device. I would try to get a different device that offers that flexibility.

Similar Messages

Cisco 891 not getting IP address with DHCP with latest IOS

Hi,
I have a few Cisco 891 routers that are configured as DHCP clients on the WAN interface.
For some reason when I boot the router with a late IOS, the router is not receiving an address.
It works just as expected with the older IOSes.
Any ideas of what changed?
This is how the interface is configured:
interface FastEthernet8
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no cdp enable
This IOS does not work:
c890-universalk9-mz.154-3.M2.bin
While these do work:
c890-universalk9-mz.150-1.M7.bin
c890-universalk9-mz.151-2.T2.bin
c890-universalk9-mz.152-1.T1.bin
Doing a "show ip interface brief" shows that FastEthernet8 is unassigned with the affected IOS.
With the older IOSes there is an IP address.
I had to downgrade two routers due to this issue, and did not have plenty of time to troubleshoot.
Both of the routers are connected to DSL from the same ISP...
Anyone seen anything like this before?

Add another one to the list.
I have a MacBookPro3,1 that connects to WIFI no problem. It used to connect to ethernet when I originally bought it, however I've been using WIFI exclusively for the past 2 years.
Recently I had a need to connect via ethernet and it wouldn't work at home (apple airport router). I next tried connecting via ethernet at a friends house using a linksys WRT54G, no dice either. I have the computer in the lab today (University Network) and I get the same error. 3 different locations, 3 different routers, all same problem. It used to connect to home and university networks ethernet right away.
IP address assigned is 169.xxx.xxx.xxx - subnet - 255.255.0.0
no other info. It's showing up as connecting to the network, but unable to communicate with DHCP. It does work if I enter all of the information in manually.
At first I thought I had messed something up in networking preferences as I tend to play around with things alot. However I did a complete system format, and fresh install of OSX Lion and I still have the same problem, without any of my meddling around to confuse things.
What gives?

Web Filtering on a Cisco 891 Router

I am looking for a new method of filtering our internet. We currently have 1200+ sites utilizing cisco 891 and 891w routers for their external connection to the internet. Our current method of filtering them is utilizing whitelisting for http(80) traffic and a acl with an ip list for https(443) traffic. We also have specific https websites proxied that utilize akamia servers. This method is very difficult to maintain on our large scale. Is there a better method of doing this on the router to filter both http and https traffic via URL that does not invlove allowing all 443 or 80 traffic out?

Anthony,
Yes it does https inspection and the portal also block based on categories (Social Networking, Gamblin; to tell a few samples), IP address and domain name.
Get in touch with your Cisco Account Team or Cisco Partner/Reseller and get an evalution.
HTH
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
http://www.cisco.com/web/partners/tools/pdihd.html

Cisco 891-W Wireless Issues

Hello Cisco,
hopefully someone with more expertise with the Cisco 891-W router can help me figure out my configuration issues? Right now I have the wired part of the 891-W working fine with my cable modem on VLAN1. But it's another story with my VLAN4 (wireless side). I've been working on this all week and am hoping some fresh eyes can catch what's wrong with my config.   Currently, my laptop will see the SSID of the Wi-Fi (891W-WiFi) but when I try to connect I get an 169.254.180.251 IP?   Not sure if it's the DHCP or some kind of bridging with the AP module with the correct VLAN settings with my configuration?  I'll post my config below for both the router and AP.  Thank you to anyone that can give me some insight!
I've attached the configs just in case this post was too messy to read with all the configurations.
891W_Router#sh run
Building configuration...
Current configuration : 4826 bytes
! Last configuration change at 21:49:24 UTC Fri Apr 24 2015
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
hostname 891W_Router
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
no logging on
enable secret 5 $1$3JJJ$6wL98gGvGJQ0ot1xChXJt1
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1853469223
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1853469223
revocation-check none
ip source-route
ip dhcp excluded-address 192.168.99.1
ip dhcp excluded-address 192.168.100.1
ip dhcp pool Vlan4
   network 192.168.100.0 255.255.255.0
   default-router 192.168.100.1
   dns-server 8.8.8.8
ip dhcp pool Vlan1
   network 192.168.99.0 255.255.255.0
   default-router 192.168.99.1
   dns-server 192.168.0.1
ip cef
no ip domain lookup
ip name-server 209.18.47.61
ip name-server 209.18.47.62
ip inspect log drop-pkt
no ipv6 cef
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
license udi pid CISCO891W-AGN-A-K9 sn FTX15130301
username dvd privilege 15 secret 5 $1$qHnY$pMyIf18Av.AS2ne0cxXle/
username cisco password 7 01100F175804
bridge irb
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
no ip address
duplex auto
speed auto
interface GigabitEthernet0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 10.10.10.10 255.255.255.255
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 4
switchport mode trunk
interface Vlan1
description Internal LAN
ip address 192.168.99.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan4
description Wi-Fi Users
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Async1
no ip address
encapsulation slip
interface GMPLS8
no ip address
no fair-queue
no keepalive
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0 overload
ip nat inside source list 2 interface Wlan-GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
logging esm config
access-list 1 permit 192.168.99.0 0.0.0.255
access-list 2 permit 192.168.100.0 0.0.0.255
control-plane
bridge 1 protocol ieee
bridge 1 route ip
line con 0
exec-timeout 0 0
password 7 020D0A5409040A2243401A160912
logging synchronous
login
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
password 7 130E191D090E013C3F3D
login
transport input all
end
AP Configuration:
891W_Router#
891W_Router#service-module wlan-ap 0 session
Trying 10.10.10.10, 2002 ... Open
Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt
ap#sh run
Building configuration...
Current configuration : 1976 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname ap
enable secret 5 $1$bW7h$C2mBp2TNgGbgkgj2fQHDa.
no aaa new-model
dot11 syslog
dot11 ssid 891W-WIFi
dot11 ssid 891W-WiFi
   vlan 4
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 cisco891
username cisco privilege 15 secret 5 $1$yIzh$7/j0K1xcYbT99mP4hX3ZU/
username dvd password 0 kmob
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 4 mode ciphers aes-ccm tkip
ssid 891W-WiFi
antenna gain 0
station-role root
interface Dot11Radio0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface
connecting AP with the host router
no ip address
no ip route-cache
interface GigabitEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp
no ip route-cache
ip default-gateway 192.168.100.1
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end

Hi,
Leo is right and it should come as part of the kit when you order "800-IL-PM-4"
Full Kit should include:
Internal PoE module
48v PoE power cube
Power cord for the power cube
(2) standoffs with two notches
(1) standoff with one notch
(3) screws
http://www.cisco.com/c/en/us/td/docs/routers/access/800/860-880-890/hardware/installation/memory/880FRU.html#wp45561
If for some reason you did not get it or it fails and you need a new one you can use part number "ADP-80LB". I dont think Cisco will sell you this as a standalone item so you may have to look on Ebay, PChub or google to find a place that sells it.
Good luck!

Connect Cisco Process Orchestrator in IAC 4.0

During the execution of the 'Connect Cisco Process Orchestrator' task in the Day 0 Wizard, many miss out on the underlying note to
'Start all other agents'   Please start all other agents 2 minutes after executing connect Cisco Process Orchestrator
thus resulting in errors in the configuration of the HTTP/WS adapter based agents, in particular the ones that communicate with CPO.
The way this service works is the following:
The requestor is prompted with a form to populate related info (hostname, port, URL, credentials, etc.)
Upon ‘submit order’ the request will use the ‘REX Set HTTP Agent Properties’ to configured all the agents that need to communicate with CPO (it modifies their outbound properties).
Once all the agents are configured, the service will pause until ‘start all other agents’ is ordered. Only then will the last step of onboarding CPO take place, where it will communicate with CPO to configure the respective targets, etc. and finalize the request.
If you are still on task ‘Connect Cisco Process Orchestrator’, then you should be able to observer in PSC, Service Link > View Transactions the progress of the request.
The highlighted task should be in a 'waiting' state, before you execute 'Start All Other Agents'
In the event you have not been patient or have not read the instructions (like myself), the following is the process to get you back on track ...
Manually:                           Stop all the agents apart from the ones starting with ‘REX’
Manuall or Wizard Step 1:   Start DB Agent (Agent Name: Insert Default Parameters & Portal Page Assignment to OU)
Manuall or Wizard Step 1:   Start nsAPI Agent (Agent Name: Retrieve OU ID on Name)
Wizard Step 2:                   Connect Cisco Process Orchestrator AND WAIT/ monitor that all configurations are complete before proceeding to the next step 
Regards,
Dimitris

up

Video over ip with cisco 891

Hello,
We used to communicate with our office in Vietnam by using a video conference terminal (polycom HDX 7000)
We just used H.323 protocol, without any gatekeeper, and called the other endpoint terminal with just the IP address.
Few days ago, we changed our internet access router with a cisco 891.
It's now impossible to etablish call with our video conference system.
I configured NAT to redirect specific ports, but it still doesn't work.
Maybe there is something special to configure on this router ?
I disabled the firewall, but no change !
Anyone can tell me if there is a service to activate/desactivate, or antything else, to use H.323 protocol this way ?
Thanks a lot
[sorry for my poor english]

Thanks a lot.
I disabled h323 ip nat service with "no ip nat service H323" and then I was able to etablish a call.
But there was still a little problem, I was able to send audio and video but I was unable to received it.
I had to select "NAT is not compatible with H323" on my Polycom terminal.
Now all is OK, thanks.

We recently switched ISPs. To connect to the new ISP our Airport Extreme has to be in bridge mode. Now our Nintendo Wii won't connect to the Airport. Is it an issue with bridge mode that is causing this?

We recently switched ISPs. To connect to the new ISP our Airport Extreme has to be in bridge mode. Now our Nintendo Wii won't connect to the Airport. Is it an issue with bridge mode that is causing this? We're running two Macs wirelessly with no problems. And the Wii did connect before the switch.

Hello and thanks for the reply. I gave this a try, turned off Airport on one of the computers and tried the Wii again. Still no connection. I should say that we're also running an old G4 (wired) off the Airport as well, with no problems. I've tried many things to make the Wii to work, including power cycling the Airport, turning off the security settings in the Airport, resetting the Airport to it's default and redoing the network, resetting the network setting on the Wii (several times), moved the Airport closer to the Wii, all with no luck. The Wii "sees" the Airport but won't connect to it. I'm at a loss for anything else to try, so any help is appreciated.

Macbook Pro won't connect to internet, says ISP has failed.

For months I have not been able to connect to my internet at home from my MacBook Pro. I have tried restarting the router many times. All of my other devices, as well as my roommates' devices connect to the internet. My wifi icon at the top says that it has connected but that the ISP has failed when I refer to the diagnostics. I've tried countless troubleshooting articles and none have worked so far. Any suggestions?

Im going to answer my own question. Problem Fixed! After I was on the phone for over an hour with a senior advisor we found the problem was with the download or the instilation. He had me Shut Down Computer and hold down Command and R then press power button hold this down until the recovery window pops up. Then reinstall mountain lion os system. this does not wipe out documents, photos and apps like windows does. I didnt know this since Im new to MacBooks. Hopefully this may help someone else.
PS I beleive In order to do this you need to be plugged into your router to have internet access. They had me do this. This will take about an hour but now Im up and running.

Can you Connect Cisco switch modules for to N2K?

I have not seen anything about connecting Cisco Switch modules for Blade Chassis to fex. Does anybody now if you can do that?
thank you.

thank you Lucien.
I think you got a right name for N2Ks, a NIC card extender. In my opion N2K should be able to support Blade switches. Not every company has just rack mount servers, most enviroment is mixed. In my case, I run out ports on N5K, but plenty available on N2K. I want add two more blade centers with gig switch modules in them. now I have to buy a N5K!!!. I'm sure Cisco can make N2K to support switches too.

ASA Redundant/Dual Connections to the SAME ISP

Is it possible to connect two ports on an ASA to the same ISP for physical port redundancy? I know it's possible to connect to two different ISPs with different subnets, but in this case it would be the same ISP, same subnet. I'm expecting the answer to be 'no' and that I'd have to bring up a 'cold spare' interface should the primary interface go down. The ASA model is either 5520 or 5512-X, and I'd have to go get the software versions if anyone would like that information.

You can't give two ports an IP from the same subnet in the same context no.
But you could either -
1) use etherchannel
or
2) use the redundant interface feature where you use two ports but only one is active and if it fails the other takes over with the same IP address
Jon

What is maximuam site to site connection cisco router 2821

Hi, i want to setup multiple site to site connection, between my headoffice and remote offices.
on HeadOffice, i've cisco router 2821, with IOS model:
c2800nm-adventerprisek9-mz.124-20.T.bin
There is no extra hardware module on this router, and i want to know the number>
What i've found on internet, is that is support up to 10 Cisco VPN Clients, but i've already tested it with 14 simultanious users, so i'm in doubt.
let me know

Duplicate posts. :P
GO here: https://supportforums.cisco.com/discussion/12135781/what-maximuam-site-site-connection-cisco-router-2821

Can one Cisco IPS 4360 connect to two different ISP circuits?

Hi,
Currently our network has two circuits from two different ISPs, with two firewalls in the middle of the ISPs and the corporation internal network. We are thinking of purchasing a Cisco IPS 4360 and put the device between the ISPs and the two firewalls.
We would like the traffic coming to/from ASA1 still use the circuit from ISP1, and ASA2 still use the circuit from ISP2. Is this possible? Can the 4360 route the traffic as we want?
I drew a draft picture of this issue. Please have a look at the attachment.
Thank you!
Regards,
Jacky

Hi,
Yes, You can deploy your IPS as your plan. Please see the below link.
http://www.cisco.com/c/en/us/solutions/enterprise/validated-design-program/networking_solutions_products_genericcontent0900aecd80601e22.html
Regards
Parosh

Tell me how to connect cisco 2505 and Asmi52

my network structure would be like this ,
ISP-------->RAD modem(asmi52)---------->cisco 2505
RAD modem has E1/T1, 10/100 eth and V.35 port support ,
cisco 2505 has eth & serial port support
now tell me what devices and cable will required to connect 2 mbps leased line connection .
Thanks
sumit

Do you know what the wi-fi connection indicator looks like, which will appear in the iPad's status bar when connected via an avaialble wi-fi network vs the 3G or E for EDGE indicator available in the iPad's status bar when connected to your carrier's 3G or EDGE network?
To join an avaialble wi-fi network, on your iPad go to Settings > Wi-Fi.
Make sure wi-fi is on followed by selecting the avaialble wi-fi network listed below that you want to join.
Message was edited by: Allan Sampson

Cisco DMVPN Spoke ISP Redundancy

Hi Dears,
I want to configure DMVPN on cisco routers. I want to configure dual ISP at spoke's. ADSL link is primary and 3g is backup and configure dmvpn.
How i configure in HUB and Spoke sites? I want to use Eigrp protocol.

Hi Teymur,
You can configure a single tunnel interface on the spoke, primary hub and the secondary hub for dual hub and dual isp on spoke.
Use EEM script for failover between your ISP connections and can configure both hubs on the same tunnel interface.
Introduce delay on the secondary hub tunnel interface so that it is less preferred.
Spoke Tunnel configuration :
interface Tunnel0
bandwidth 1000
ip address 10.10.0.12 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.10.0.1 172.16.1.1
ip nhrp map 10.10.0.2 172.16.1.2
ip nhrp network-id 100000
ip nhrp holdtime 300
ip nhrp nhs 10.10.0.1 <---- Primary Hub
ip nhrp nhs 10.10.0.2 <---- Secondary Hub
delay 1000
tunnel source Ethernet0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
Primary Hub
interface Tunnel0
ip address 10.10.0.1 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
no ip split-horizon eigrp 1
delay 1000
tunnel source Ethernet0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
Secondary Hub
interface Tunnel0
ip address 10.10.0.2 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
no ip split-horizon eigrp 1
delay 1500 <--- Increase the delay so that the routes learnt from this is less prefered
tunnel source Ethernet0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
For Dual ISP failover on Spoke :
Configure tracking with IP SLA monitor. Then use EEM script to change the source and route of the tunnel when the track fails.
If Ethernet0/0 is the primary WAN interface and Ethernet0/1 is the backup then you can use the below template.
track 1 ip sla 1 reachability
ip sla 1
icmp-echo <Primary Next-hop IP> source-interface Ethernet0/0
threshold 3000
timeout 3000
frequency 3
ip sla schedule 1 life forever start-time now
ip sla responder
event manager applet Failto-secondary-tunnel
event track 1 state down
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface tunnel0"
action 1.3 cli command "shut"
action 1.4 cli command "tunnel source Ethernet0/1"
action 1.5 cli command "no shut"
action 1.6 cli command "exit"
action 1.7 cli command "ip route 0.0.0.0 0.0.0.0 <backup next-hop ip>"
action 1.8 cli command "ip route 0.0.0.0 0.0.0.0 <Primary next-hop ip> 10"
action 1.9 cli command "end"
event manager applet Comeback-primary-tunnel
event track 1 state up
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface tunnel0"
action 1.3 cli command "shut"
action 1.4 cli command "tunnel source Ethernet0/0"
action 1.5 cli command "no shut"
action 1.6 cli command "exit"
action 1.7 cli command "ip route 0.0.0.0 0.0.0.0 <Primary next-hop ip>"
action 1.8 cli command "ip route 0.0.0.0 0.0.0.0 backup next-hop ip> 10"
action 1.9 cli command "end"
Hope that helps

Connecting Cisco VPN client v5 to asa 5505

I am having problem configuring remote vpn between ASA5505 and Cisco VPN client v5. I can successfully establish connection between ASA and Vpn client and receive IP address from ASA. VPN client statistics windows shows that packets are send and encrypted but none of the packets is Received/Decrypted.
Can not ping asa 5505
Any ideas on what I have missed?

Your NAT configuration is incomplete, enter the following commands to your configuration:
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
nat (inside) 0 access-list nonat
This tells the ASA that the traffic destined for the VPN Client should not be NATted and should be sent directly to the client via the VPN Tunnel!
Please rate if the post helps!
Regards,
Michael

Connect Cisco 891 to isp

Similar Messages

Maybe you are looking for