Cisco 831 3

[thetdz]

Bought a new Cisco 831 but I don't know how to configure.
I can't connect to CRWS at 10.10.10.1. Can't connect to internet (broadband modem).

I need to configure it for home use with more 2 computers attached on it. I have access to console interface thought putty.

ip settings from Netgear FVS114:
IP Address 85.139.xxx.xxx
Subnet Mask 255.255.254.0
Default Gateway 85.139.xxx.xxx
DHCP Server 212.113.164.25
DNS Server 212.113.164.26
212.113.164.27
Lease Obtained Sat, 2000-01-01 00:00:28
Lease Expires Sat, 2000-01-01 02:00:28

Please help

Thanks

 

[addiction]

Thanks for the tips, I knew it was something similar but just couldn't get the exact syntax down. I'm picking a lot of cisco stuff just in this post alone. As a newbie, just the act of cracking into the console of the 831 and gain access to it got me excited, and getting the 831 to the point where it was usable was ecstatic. And I did everything on the 831 mainly due to your "hold-my-hand" instructions, in one single post,..unbelievale, you must have seen many cisco questions because you sure anticipated the scenario and what users might ask. I should thank the orig poster Thetdz too since he was the one who made this post.
=========================

Now if you don't mind, I have a few questions for you.

Would you take a look at my "sh run". (apparently, "sh run" did list my DHCP pool name as "CLIENT". I just wasn't aware of it! The "pool" and ACL concepts are totally new to me.)


Router#sh run
Building configuration...

Current configuration : 4500 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 2 log
logging buffered 64000 debugging
enable password ******
!
username ***** privilege 15 secret 5 $1$70GB$LJ5UL93uhbkyBxwuG
username CRWS_Venky privilege 15 password 0 $1$W1fA$o1oSEpa2125609562
no aaa new-model
ip subnet-zero
no ip source-route
ip name-server 66.51.205.100
ip name-server 4.2.2.2
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.150 192.168.1.254
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.21
!
ip dhcp pool CLIENT
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 66.51.205.100 4.2.2.2
domain-name dslextreme.com
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit po max-events 100

Router#ice timestamps log datetime msec
^
% Invalid input detected at '^' marker.

Router#sh run
Building configuration...

Current configuration : 4500 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 2 log
logging buffered 64000 debugging
enable password cisco831
!
username webadmin privilege 15 secret 5 $1$70GB$LYJ5ULP93tuhbkyHBxwuG1
username CRWS_Venky privilege 15 password 0 $1$W1fA$o1oSEpa2125609562
no aaa new-model
ip subnet-zero
no ip source-route
ip name-server 66.51.205.100
ip name-server 4.2.2.2
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.150 192.168.1.254
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.21
!
ip dhcp pool CLIENT
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 66.51.205.100 4.2.2.2
domain-name dslextreme.com
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.1.1-255.255.255.0
ip address 192.168.1.1 255.255.255.0
ip access-group 122 out
ip nat inside
no cdp enable
hold-queue 32 in
!
interface Ethernet1
ip address dhcp client-id Ethernet1
ip access-group 103 in
ip mtu 1492
ip nat outside
ip inspect myfw out
ip tcp adjust-mss 1452
duplex auto
no cdp enable
!
ip classless
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.2 21 interface Ethernet1 21
ip nat inside source static tcp 192.168.1.2 3389 interface Ethernet1 3389
ip nat inside source static tcp 192.168.1.2 15900 interface Ethernet1 15900
ip nat inside source static tcp 192.168.1.2 34129 interface Ethernet1 34129
ip nat inside source static udp 192.168.1.21 5061 interface Ethernet1 5061
ip nat inside source static udp 192.168.1.21 5060 interface Ethernet1 5060
!
!
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 deny ip 10.0.0.0 0.255.255.255 any log
access-list 103 deny ip 172.16.0.0 0.15.255.255 any log
access-list 103 deny ip 192.168.0.0 0.0.255.255 any log
access-list 103 deny ip 127.0.0.0 0.255.255.255 any log
access-list 103 deny ip 224.0.0.0 7.255.255.255 any log
access-list 103 deny ip host 0.0.0.0 any log
access-list 103 deny ip 255.0.0.0 0.255.255.255 any log
access-list 103 permit ip any any
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq 3389
access-list 111 permit tcp any any eq 15900
access-list 111 permit tcp any any eq 34129
access-list 111 permit udp any any eq 5061
access-list 111 permit udp any any eq 5060
access-list 111 permit tcp any any eq telnet
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
no cdp run
!
control-plane
!
!
line con 0
password cisco831
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
exec-timeout 120 0
password cisco831
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end


QUESTIONS:
==================================

1)

Does my config look ok and "safe" I've pretty much mimicked what you've posted in here for Paublo. I

2)

I asteriked (*****) out my username & password above.
But what/who is this user listed below me?
"CRWS_Venky privilege 15 password 0"
Is this the "console" user? I sure didn't create any CRWS_Venky user. And right now, I'm able to telnet (regular telnet using DOS cmd in XP) into the 831 from the WAN side. Is safe at all? or should I use some sort of "more secured & encrypted" telneting way?


3)

I'm currently running IOS 12.3(7)T. There are newer IOS for the 831. I've gone to here

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

to do a IOS comparison. Select search by "Platform", then select "Compare Images" tab. I see that there are 2 major releases for the 831, and within each major release, there are many "Release Number". Here's what I see that I think are what I might need/want to upgrade to...:

Major release 1 (T version):

IOS 12.4(15)T4 IP/FW 3DES
IOS 12.4(15)T4 IP/FW/PLUS 3DES

Major release 2 (non-T version):

IOS 12.4(19) IP/FW 3DES
IOS 12.4(19) IP/FW/PLUS 3DES

Seems like the T release has more features than the non-T. And the IP/FW/PLUS variety has more features than the IP/FW variety.

Between the T and the non-T releases, seems like the non-T has 3 features unique to it, namely:

- IGMP Version 3
- Large Scale Dial Out (LSDO) VRF Aware
- NAT - Scalability for Stateful NAT

The T release has a load of features not found in non-T, things like:

- AAA call trace, CLI stop
- CNS stuff
- Easy VNP stuff
- some DHCP stuff
- NAT Sip session stuff
...etc..

Between the IP/FW/PLUS and IP/FW, the IP/FW/PLUS has much more features dealing with
- BGP
- IPv6
-NBAR,
- NSF
- OSPF
- QoS
- RSVP
....etc...

My question is, which IOS version should I use if i'm the following:

- a home user with 4 PCs
- would like a firewall
- would like to VPN into my home network (if possible)
- I do have a Voip box
- use bit torrent
- would like to experiment/learn IOS commands/concept down the road, but if putting a larger IOS image on the router would SLOW the router down, then I rather not install a larger image for the sake of experimenting/learning.

My current IOS version is 12.3(7)T, so I know for a fact that the T version will work for me. But to be honest, I don't completely comprehend 10% of the list of features in any IOS version. I can read the mini-discription associated with each feature, and have an idea what they are after googling it up, but I can't say I fully understand them.

So Burt, if you could, would you make a quick recommendation as to what IOS version I should use? My 831 has 64 mb RAM and 16 mb flash, so I believe it can run all of the different IOS versions.

4)

When it comes to the actual uploading the newer IOS, I plan to follow these instructions from Cisco.

http://www.cisco.com/en/US/products...stallation_guide09186a00803e4727.html#wp56359

..in the "Task 2: Install a Supported Cisco IOS Image" section.
Is this the correct instruction set for me Burt? Do you have any pointers/warnings for the steps at Cisco?
And will I lose all my settings when upgrading the IOS? (I would like to think not!).


Sorry for asking a bunch of newbie questions, but I wanna get up and running with the latest IOS,..while taking my time to learn the details of IOS as I go along.

 

[addiction]

oops!

Looks like I posted two outputs of "sh run". The first set of output is incomplete, the second set of output is complete, and apparently with my username and password too, hehe..

(Can't seem to edit my post so I'm postng this)

 

[burtsbees]

1)Safe, except for what you addressed with telnetting in---this brings me to
2)router>en
router#conf t
router(config)#line vty 0 4
router(config-line)#transport input ssh
router(config-line)#exit
router(config)#ip domain-name local
router(config)#crypto key generate rsa
Then answer the questions...
router(config)#end
router#wr
Then download PuTTy (free) and install to a machine that you want to use to remote in with. Once you have set up a VPN, this is the safest way, but ssh version 2 is pretty safe---version 1 (1024 bit key encryption) is good enough.

3)IOS costs $$$---the one you have should work for all that you want to do.

Burt

 

[burtsbees]

By the way---someone else must have set up a username before you...

Burt

 

[burtsbees]

Is this the same router as thetdz???

Burt

 

[addiction]

Yes I have the same router as thetdz.

I was able to successfully generate a 1024-bit RSA key following your directions above. So this is done. Now I'll go check out Putty like you said.

You may be right in that somebody must have setup a username before me. This router was used in a corporate office and then was given to me. That's all I know of its history. Now... how do I delete (or create) a username?

I know a guy who is in IT and he has an account with Cisco and in fact he has already downloaded all the IOS images mentioned above already! I just haven't gain enough knowledge to know what to do with them yet lol. So $$$ is not an issue for me. Reason I was thinking of upgrading IOS is becase I was thinking the "newer" versions of most softwares usually have some kinda bug fixes or security fixes, that was my main thought for upgrading. But if you think my current IOS version is ok, I'll stick with it.

 

[burtsbees]

In that case, might as well upgrade to the latest and greatest!
router>en
router#conf t
router(config)#no username CRWS_Venky

Burt

 

[addiction]

Thanks, I was able to delte the unknown user, might as well since I do'nt know its password!

Alright, I'm gonna proceed to save my running config to a file and then upgrade IOS and reload the config.

Wish me luck! but I'll probably be back here crying for help soon!. lol

 

[addiction]

and burt I really appreciate your time! if you ever need an ios image, let me know, if i can help i'll do it!

 

[addiction]

I think I've finally doomed myself. I went to load ios image 12.4(15)T5. I loaded it ok, rebooted the router ok... or so i thought! It went to the rommon1> prompt, so I did

rommon1>confreg 2142
rommon2>reset

router rebooted, comes up showing the latest IOS i've just installed, and then it freaked out.. giving an message saying "initialize..insufficient memory". Well it appears that I only have 48mb SDRAM instead of previously thought 64mb SDRAM. So it looks like I'm doomed?? or is this still savable? sigh..

This router has 32mb RAM onboard, and a 16mb RAM stick, making it 48mb. According to Cisco, this router can max out at 64mb RAM, so that mean I should be able to buy another 32mb stick to replace my 16mb stick. Problem is, I've looked on the net and it doesn't look like any seller is carrying any 32mb RAM module for the cisco 831. None! Plenty of sellers selling the 16mb version, but no 32mb. Major bummer! I wonder if I could just buy any 32mb 100-pin SDRAM DIMM and put it in the router?? or does this usually have to be a "special" RAM? This truely sucks. Lesson learned!

Burt, you have any suggestions at this point?

 

[burtsbees]

Yes--looks like some of the 831's came with 64MB onboard, but yours is the earlier model. The funny thing is that the image previously on it, c831-k9o3sy6-mz.124-12c.bin, requires 64MB DRAM...
rommon1>set
IP_ADDRESS=(fill in the blank)
IP_SUBNET_MASK=(fill in the blank)
DEFAULT_GATEWAY=(fill in the blank)
TFTP_SERVER=(fill in the blank)
TFTP_FILE=(fill in the blank)
rommon2>tftpdnld -u

Burt

 

[addiction]

Here is what I did:

1) tried to reload a smaller "T" ios image using "tftpdnld" (without parameter -u), and the image did load successfully. Then I did this,

rommon1>confreg 2142
rommon1>reset

which rebooted the router, then I get error message,

"boot: cannot determine first file name on device "flash:"ê"

which makes the router to loop with the same error

2) so I power-cycled router, do ctrl-break, and try to load a non-T image, but this time use "tftpdnld -u" (with the "u" parameter):

here's the screen:

[COLOR=green]

System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
TAC Support: [URL unfurl="true"]http://www.cisco.com/tac[/URL]
Copyright (c) 2002 by cisco Systems, Inc.
C800/SOHO series (Board ID: 29-129) platform with 49152 Kbytes of main memory

boot: cannot determine first file name on device "flash:"ê
System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
TAC Support: [URL unfurl="true"]http://www.cisco.com/tac[/URL]
Copyright (c) 2002 by cisco Systems, Inc.
C800/SOHO series (Board ID: 29-129) platform with 49152 Kbytes of main memory

rommon 1 > set
PS1=rommon ! > 
?=0
RET_2_RUTC=0
BSI=0
RANDOM_NUM=785157632
RET_2_RTS=
RET_2_RCALTS=
CRASHINFO=crashinfo_FAILED
rommon 2 > IP_ADDRESS=192.168.1.1
rommon 3 > IP_SUBNET_MASK=255.255.255.0
rommon 4 > DEFAULT_GATEWAY=192.168.1.1
rommon 5 > TFTP_SERVER=192.168.1.2
rommon 6 > TFTP_FILE=c831-k9o3sy6-mz.124-12c.bin
rommon 7 > tftpdnld -u

          IP_ADDRESS: 192.168.1.1
      IP_SUBNET_MASK: 255.255.255.0
     DEFAULT_GATEWAY: 192.168.1.1
         TFTP_SERVER: 192.168.1.2
           TFTP_FILE: c831-k9o3sy6-mz.124.12c.bin  4-12c.bin
TFTP error 1 received (TFTP Error: File does not exist).
TFTP: Operation terminated.
rommon 8 > TFTP_FILE=c831-k9o3sy6-mz.124.12

rommon 9 > 

monitor: command "" not found
rommon 10 > t

monitor: command "t" not found
rommon 11 > TFTP_FILE=c831-k9o3sy6-mz.124-12c.bin
rommon 12 > tftpdnld -u

          IP_ADDRESS: 192.168.1.1
      IP_SUBNET_MASK: 255.255.255.0
     DEFAULT_GATEWAY: 192.168.1.1
         TFTP_SERVER: 192.168.1.2
           TFTP_FILE: c831-k9o3sy6-mz.124-12c.bin
Receiving c831-k9o3sy6-mz.124-12c.bin from 192.168.1.2!!!!!!!!!!!!...<snipped>..... 
File reception completed.
Copying file c831-k9o3sy6-mz.124-12c.bin to flash.
Invalid rommon image, aborting download.

[/color]


(fyi: I typed in a few syntax errors above)

But it appears now I either get the message "Invalid rommon image, aboriting download", or
"boot: cannot determine first file name on device "flash:"ê

 

[burtsbees]

Try it without any switches---it should ask if you want to erase flash (say yes!). If not, then try the -r option---it will just load the image into DRAM and boot it---that way, you can completely erase flash after it boots and do the tftpdnld again. That is if it does not give you the option to erase flash.

Burt

 

[addiction]

Burt, I did it!

Here is what I did:
1) used my "original" 12.3(7)T3 image, which is smaller than all the previous images I've tried.

2) used the tftpdnld without the -u switch.

(I think the key was a SMALLER sized image!).

Here's the screen capture:

[blue]blue text is my comments[/blue]
[red]red text is for emphasis, pay attention[/red]

System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
TAC Support: [URL unfurl="true"]http://www.cisco.com/tac[/URL]
Copyright (c) 2002 by cisco Systems, Inc.
C800/SOHO series (Board ID: 29-129) platform with 49152 Kbytes of main memory
[blue]
(at this point, getting the boot: cannot determine first file name... error.)
[/blue]


boot: cannot determine first file name on device "flash:"ê
System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
TAC Support: [URL unfurl="true"]http://www.cisco.com/tac[/URL]
Copyright (c) 2002 by cisco Systems, Inc.
C800/SOHO series (Board ID: 29-129) platform with 49152 Kbytes of main memory

boot: cannot determine first file name on device "flash:"

System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
TAC Support: [URL unfurl="true"]http://www.cisco.com/tac[/URL]
Copyright (c) 2002 by cisco Systems, Inc.
C800/SOHO series (Board ID: 29-129) platform with 49152 Kbytes of main memory

[blue](hit CTRL-BREAK to get to rommon>)[/blue]
rommon 1 > set
PS1=rommon ! > 
?=0
RET_2_RUTC=0
BSI=0
RANDOM_NUM=785157632
RET_2_RTS=
RET_2_RCALTS=
CRASHINFO=crashinfo_FAILED
rommon 2 > IP_ADDRESS=192.168.1.50
rommon 3 > IP_SUBNET_MASK=255.255.255.0
rommon 4 > DEFAULT_GATEWAY=192.169.1.1
rommon 5 > TFTP_SERVER=192.168.1.2
rommon 6 > TFTP_FILE=c831-k9o3sy6-mz.123-7.T3.bin
rommon 7 > tftpdnld

          IP_ADDRESS: 192.168.1.50
      IP_SUBNET_MASK: 255.255.255.0
     DEFAULT_GATEWAY: [red]192.169.1.1[/red]
         TFTP_SERVER: 192.168.1.2
           TFTP_FILE: c831-k9o3sy6-mz.123-7.T3.bin

Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n:  [n]:  y

Receiving c831-k9o3sy6-mz.123-7.T3.bin from 192.168.1.2 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[red]ARP: address resolution for 192.169.1.1 timed out.
ARP failed with failure code 1.  TFTP transfer aborted.
[/red]

[blue]
(error due to my using a wrong gateway IP of 192.169.1.1)
[/blue]
TFTP: Operation terminated prematurely.
[blue](I corrected the gateway IP; then retry tftpdnld)[/blue]
rommon 8 > DEFAULT_GATEWAY=192.168.1.1
rommon 9 > tftpdnld

          IP_ADDRESS: 192.168.1.50
      IP_SUBNET_MASK: 255.255.255.0
     DEFAULT_GATEWAY: 192.168.1.1
         TFTP_SERVER: 192.168.1.2
           TFTP_FILE: c831-k9o3sy6-mz.123-7.T3.bin

Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n:  [n]:  y

Receiving c831-k9o3sy6-mz.123-7.T3.bin from 192.168.1.2 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
File reception completed.
Copying file c831-k9o3sy6-mz.123-7.T3.bin to flash.
Erasing flash ................................................................................................................................
Programming flash .Programming flash .Programming flash ..................................................

[blue](here I entered an invalid command "en")[/blue]
rommon 10 > en

monitor: command "en" not found
rommon 11 > confreg 2142

[blue](reseting the router...)[/blue]
rommon 12 > reset
System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
TAC Support: [URL unfurl="true"]http://www.cisco.com/tac[/URL]
Copyright (c) 2002 by cisco Systems, Inc.
C800/SOHO series (Board ID: 29-129) platform with 49152 Kbytes of main memory

[blue](Success!!! I no longer get the "boot:cannot determine first file name..)[/blue]
program load complete, entry point: 0x80013000, size: 0x6303e8
Self decompressing the image : ############################################################################################################################ [OK]

             [blue]...(snipped Cisco disclaimers)...[/blue]

Cisco C831 (MPC857DSL) processor (revision 0x400) with 46695K/2457K bytes of memory.
Processor board ID AMB08151H6X (3386745382), with hardware revision 0000
CPU rev number 7
2 Ethernet interfaces
128K bytes of NVRAM.
16384K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)


         --- System Configuration Dialog ---

[red]Would you like to enter the initial configuration dialog? [yes/no]:[/red] [b]n[/b]

[blue](answer No here, hit Return, this gets you to the  Router> prompt, look below)[/blue]


Press RETURN to get started!


*Mar  1 00:00:05.727: %LINK-3-UPDOWN: Interface Ethernet1, changed state to up
*Mar  1 00:00:17.143: %SYS-6-LOGGERSTART: Logger process started
*Mar  1 00:00:17.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to up
*Mar  1 00:00:17.303: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
*Mar  1 00:00:18.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
*Mar  1 00:00:18.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to down
*Mar  1 00:01:09.951: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C831 Software (C831-K9O3SY6-M), Version 12.3(7)T3, RELEASE SOFTWARE (fc2)
Technical Support: [URL unfurl="true"]http://www.cisco.com/techsupport[/URL]
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Tue 20-Jul-04 08:19 by eaarmas
*Mar  1 00:01:09.951: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Mar  1 00:01:12.947: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down
*Mar  1 00:01:12.947: %LINK-5-CHANGED: Interface Ethernet1, changed state to administratively down
*Mar  1 00:01:13.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down

Router>en
Router#

[blue](now proceed to configure the router like what Burt has posted in the previous posts)[/blue]

I posted this so if some Cisco newbie like me self were to ever run into this! Well you have have this fool's experience!

Thank you Burt, I could not have done this without you, and would probably be chasing my tail for weeks if I asked this same question on most other tech forums. You pretty much guided me through a cisco disaster recovery, in 24 hours, on the weekend, through the net. I don't know how much they would charge for this kinda help outside, prolly not cheap,... i feel like I'm abusing you.. but hopefully at least my stumble will help somebody who has this problem as I'm sure I can't be the only newbie cisco fool!

Now that I kinda get the ios flash/disaster recover process down a bit, I think I'm gonna go try a few more recent images to see which one works, which don't and in the process probably enhance my disaster recovery skill... i prolly be back here crying again.. lol.

 

[burtsbees]

You will want the config register set at 2102, not 2142 though.

Burt

 

[addiction]

Burt, could you explain what's the difference between the two registers?

 

[burtsbees]

2142 tells the router to ignore the config.txt file (startup config)---you can configure the router, do a copy run start, and reboot---it will be as if you forgot to save it. This is mainly for troubleshooting, like password recovery. 2102 tells the router to load the config.txt file (your config---the startup config) like normal.

Burt

 

[addiction]

Thanks for the explanation, I was guessing something similar like that.

I've finally settled down on ios image 12.3(14)T7 IP/FW/PLUS 3DES. This allows me the 3 features I wanted (for now), namely: dynamic dns, VPN, and demilatirze zone.

I've tried one other 12.4 image with PLUS (only PLUS images have VPN server), and it appears that most of the 12.4 PLUS images are too big to run on my router. I can run many (but not all) other "12.4 non-T non-PLUS" images, but then I get no VPN support, so that's not as good for me.

So I've settled back down to 12.3(14)T7 IP/FW/PLUS 3DES image. I think I'm done with experimenting images for now.

One other weird problem (could be a bug) I want to mention is this. In 2 separate trials (each trial with a different ios image), in "disaster recovery" mode, I loaded each respective ios image (both are the "larger" size images) into RAM (use, rommon> tftpdnld -r), and the images WOULD load into RAM ok (ie, images decompressed successfully), and I was then even able to go into flash area and DELETE the CURRENT image in FLASH, and then copy (using tftp) the image I had just loaded into RAM (which is of course also current running image) into flash. After copying, I browse flash (show flash) and the image did seem to copy fine (ie, no "invalid checksum" error when doing "sh flash"). Everything looks good right? Not quite. I reboot the router, and I got the same "boot:cannot determine first file name..". So I then do a "tftpdnld -r" to load the SAME image that I had just copied into flash, and this SAME image loaded FINE! I then go into flash and do "sh flash", and guess what... the image file is now displaying an "invalid checksum" next to it!! Weird huh? This file didn't show up as invalid before. So after rebooting, somehow the image file got corrupted?? or maybe the copy tftp process is buggy? Weird huh? But hold on, it gets weirder (but in a good way)...read on

now if I put a SMALLER image back on the router that is know to work.. and then once the the smaller image is on, go back to flash and re-copied the previous image above that failed the checksum, and guess what... this will copy the previously failed image successfully AND will enable the router to reboot without the "boot: cannot determing first file..." error.

The above only seems to happen to the "larger images". Smaller images copied fine during disaster recovery. I don't know if the router is buggy or, perhaps my Solarwinds TFTP server is not transferring large image correctly. I've had the Solarwinds tftp server not playing nice when I tried to upload a DD-WRT firmware onto a cheap Airlink router through the WAN port in the past, which was resolve by using another tftp sever. So it's entirely possible that the Solarwinds tftp server was the culprit. I suppose I could try with another TFTP server other than Solarwinds' and see if it'll work for larger images... but I think I've had enough dosage of swapping in and out ios images for now lol... it's time to get some real learning going!! Prolly be back here later for some more Q&A sessions lol.

Burt, again, your assistance has been greatly appreciated. I can't thank you enough! You're one of the most approachable cisco guru and tech guru I've seen on the web!