====== Cisco 1921 Gigabit router ======
===== Background =====
{{:networking:cisco1921.png?400 |Cisco 1921}}
Replaces [[cisco-1841|Cisco ADSL & 1841 router]] as this is a Fast Ethernet only router, the 1921 is a similar router but with Ge0/0 and Ge0/1 interfaces and two hwic slots. I have a EHWIC-1GE-SFP-CU card as well because in the foreseeable future I may need to bring the internet in from the ISP ONT some distance away, so a utp to fibre next to the ONT would link to the WIC SFP port.
Also, there is a USB port in addition to the serial connector, this implements a usb to serial converter internally, it shows up as ''/dev/ttyACM0''.
{{ :networking:cisco-ehwic-sfp.png?100|Without SFP module}}
Note this is NOT the direct fibre from the ISP, they provide a single WDM / TDM fibre to the Optical Network Terminator (ONT) as part of the G-PON WAN network, then a Ethernet copper RJ45 from the ONT to a fibre converter and on to the 1941 SFP fibre in a different building.
{{:networking:ehwic-1ge-sfp.png?200|sfp fibre module fitted}}
==== First problem... ====
Router#sh diag
Slot 0:
WIC Slot 0:
Unknown WAN daughter card
WIC module not supported/disabled in this slot
PCB Serial Number : FOC15164VRP
Hardware Revision : 1.0
... edited ...
Product (FRU) Number : EHWIC-1GE-SFP-CU
I'm running
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
And the Cisco Support page for the EHWIC says the 1921 requires ''Cisco 1921 ISR - Release 15.1(4)M ''
So I need to find this IOS release first.
Carrying on without the WIC interface, just a copy and paste from the previous [[cisco-1841-config|1841 config]] but with ''GigabitEthernet'' rather than ''FastEthernet''.
I had this problem before enabling SSH but didn't document it:-
Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Solution is to create the key. Many helpful posts on the various forums etc. BUT none seemed to specify the commands below needed to be run in the ''conf t'' session not just at the command line.
router01(config)#crypto key generate rsa modulus 2048
The name for the keys will be: router01.rainsbrook.co.uk
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
int-router01(config)#
*Jun 20 15:24:41.599: %SSH-5-ENABLED: SSH 2.0 has been enabled
router01(config)#
Banner text for a multiline statement is a bit unusual:-
router01(config)#banner login $
Enter TEXT message. End with the character '$'
+-------------------------------------------------------+
| |
| Legal Warning - Access forbidden unless authorized |
| |
+-------------------------------------------------------+
$
router01(config)#
==== Updating Flash ====
Having found an appropriate IOS which supports my WIC, I was able to tftp the file up to the flash: on the router, and then set the boot image to use the new image.
If two images are present in flash, the router will boot off the first image it finds, this may not be the one you require, so set a boot image line. Once this new image is deemed stable, I will probably remove it from the router to an archive, and there will not be a requirement to set the image boot name.
router01#
router01# copy tftp: flash:
Address or name of remote host ?
Source filename ?
Destination filename [c1900-universalk9-mz.SPA.157-3.M2.bin]?
Accessing tftp://192.168.x.y/c1900-universalk9-mz.SPA.157-3.M2.bin...
Loading c1900-universalk9-mz.SPA.157-3.M2.bin from 192.168.x.y (via GigabitEthernet0/1): !!!!!!!!!!!!!!!!
[OK - 85245200 bytes]
85245200 bytes copied in 99.340 secs (858116 bytes/sec)
router01#
router01#sh flash:
-#- --length-- -----date/time------ path
1 45801276 Jul 26 2012 09:32:54 c1900-universalk9-mz.SPA.150-1.M4.bin
2 85245200 Nov 16 2025 22:15:32 c1900-universalk9-mz.SPA.157-3.M2.bin
125562880 bytes available (131047424 bytes used)
router01#
router01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router01(config)#boot system flash c1900-universalk9-mz.SPA.157-3.M2.bin
router01(config)#exit
router01# copy run sta
router01#
After a reboot:-
int-router01>sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.7(3)M2, RELEASE SOFTWARE (fc2)
int-router01>sh ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 82.120.220.241 YES NVRAM down down
GigabitEthernet0/1 unassigned YES NVRAM down down
GigabitEthernet0/0/0 unassigned YES NVRAM up up
The ''GigabitEthernet0/0/0'' interface is the WIC (Slot 0, port 0/0), the 0/0 and 0/1 are the fixed ethernet interfaces.
==== Running Config ====
To show a running config without page breaks, use ''term length 0''
Old running config from 1841 - needs updating to Gigabit interfaces.
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname my-router
!
boot-start-marker
boot system flash:c1841-advipservicesk9-mz.151-4.M6.bin
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 reallySecret
!
no aaa new-model
!
clock timezone GMT 0 0
clock summer-time BST recurring 4 Sun Mar 1:00 4 Sun Oct 2:00
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip domain list mydomain.co.uk
ip domain name mydomain.co.uk
ip name-server 92.190.220.250
ip name-server 220.168.200.20
ipv6 source-route
ipv6 unicast-routing
ipv6 cef
ipv6 multicast-routing
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FCZ090720RC
username admin password 7 anothersecret
!
redundancy
!
!
ip ssh time-out 60
ip ssh version 2
!
!
interface FastEthernet0/0
description Internet LAN to firewall
ip address ww.xx.yy.zz 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer0
description WAN link to ISP
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ipv6 address dhcp rapid-commit
ipv6 enable
ipv6 traffic-filter adsl-ipv6 in
ppp chap hostname user@domain
ppp chap password 7 chappassword
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list standard snmpv4
permit 82.190.220.252
dialer-list 1 protocol ip permit
ipv6 route ::/0 Dialer0
!
!
!
!
snmp-server community mystring1 RO 22
snmp-server community mystring2 RO snmpv4
snmp-server ifindex persist
snmp-server location Attic-comms-cab
snmp-server contact support@mydomain.co.uk
!
!
control-plane
!
!
banner exec ^CCC
Session established to $(hostname) on line $(line)^C
banner login ^CCC
+-------------------------------------------------------+
| This is a private system and |
| is only for the use of authorized personnel. |
| |
+-------------------------------------------------------+
| |
| If you are allowed access, you will have been told. |
| If you have to ask anyone if you are authorized, |
| |
| -*YOU AREN'T*- |
| |
+-------------------------------------------------------+
^C
banner motd ^CCCx^C
!
line con 0
password 7 top-secret
login
line aux 0
line vty 0 4
access-class 22 in
password 7 very-secret
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp server 123.123.123.1
end
====== Network Side ======
Bit off topic but may be of some interest.
===== Optical Network Terminator =====
Just for completeness, this is the ONT. It has a single fibre input from OpenReach and a Gigabit ethernet port on an RJ45 for the Subs side interface.
The optical technology used for this is GPON.
[[https://www.draytek.co.uk/information/blog/gpon-fibre-fttp-what-is-it-and-how-does-it-work]]
[[https://www.cisco.com/c/en/us/support/docs/switches/catalyst-pon-series/216230-understand-gpon-technology.html]]
OpenReach ONT (Believed to be a Nokia model)
{{:networking:450px-fttp-ont-pon.jpg?100|}}
===== Exchange End =====
Getting more off-topic, but maybe of interest.
{{networking:gpon-switch.jpg?200 |}}
{{ :networking:fx-16-gpon.jpg?200 |}}
{{ :networking:nokia_7360_data_sheet_en.pdf |}}
----
This page has been accessed:- \\
Today: {{counter|today}} \\
Yesterday: {{counter|yesterday}} \\
Until now: {{counter|total}} \\