Table of Contents
Cisco 1921 Gigabit router
Background
Replaces Cisco ADSL & 1841 router as this is a Fast Ethernet only router, the 1921 is a similar router but with Ge0/0 and Ge0/1 interfaces and two hwic slots. I have a EHWIC-1GE-SFP-CU card as well because in the foreseeable future I may need to bring the internet in from the ISP ONT some distance away, so a utp to fibre next to the ONT would link to the WIC SFP port.
Also, there is a USB port in addition to the serial connector, this implements a usb to serial converter internally, it shows up as /dev/ttyACM0.
Note this is NOT the direct fibre from the ISP, they provide a single WDM / TDM fibre to the Optical Network Terminator (ONT) as part of the G-PON WAN network, then a Ethernet copper RJ45 from the ONT to a fibre converter and on to the 1941 SFP fibre in a different building.
First problem...
Router#sh diag
Slot 0:
WIC Slot 0:
Unknown WAN daughter card
WIC module not supported/disabled in this slot
PCB Serial Number : FOC15164VRP
Hardware Revision : 1.0
... edited ...
Product (FRU) Number : EHWIC-1GE-SFP-CU
I'm running
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
And the Cisco Support page for the EHWIC says the 1921 requires Cisco 1921 ISR - Release 15.1(4)M
So I need to find this IOS release first.
Carrying on without the WIC interface, just a copy and paste from the previous 1841 config but with GigabitEthernet rather than FastEthernet.
I had this problem before enabling SSH but didn't document it:-
Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Solution is to create the key. Many helpful posts on the various forums etc. BUT none seemed to specify the commands below needed to be run in the conf t session not just at the command line.
router01(config)#crypto key generate rsa modulus 2048 The name for the keys will be: router01.rainsbrook.co.uk % The key modulus size is 2048 bits % Generating 2048 bit RSA keys, keys will be non-exportable...[OK] int-router01(config)# *Jun 20 15:24:41.599: %SSH-5-ENABLED: SSH 2.0 has been enabled router01(config)#
Banner text for a multiline statement is a bit unusual:-
router01(config)#banner login $ Enter TEXT message. End with the character '$' +-------------------------------------------------------+ | | | Legal Warning - Access forbidden unless authorized | | | +-------------------------------------------------------+ $ router01(config)#
Updating Flash
Having found an appropriate IOS which supports my WIC, I was able to tftp the file up to the flash: on the router, and then set the boot image to use the new image.
If two images are present in flash, the router will boot off the first image it finds, this may not be the one you require, so set a boot image line. Once this new image is deemed stable, I will probably remove it from the router to an archive, and there will not be a requirement to set the image boot name.
router01# router01# copy tftp: flash: Address or name of remote host ? Source filename ? Destination filename [c1900-universalk9-mz.SPA.157-3.M2.bin]? Accessing tftp://192.168.x.y/c1900-universalk9-mz.SPA.157-3.M2.bin... Loading c1900-universalk9-mz.SPA.157-3.M2.bin from 192.168.x.y (via GigabitEthernet0/1): !!!!!!!!!!!!!!!! [OK - 85245200 bytes] 85245200 bytes copied in 99.340 secs (858116 bytes/sec) router01# router01#sh flash: -#- --length-- -----date/time------ path 1 45801276 Jul 26 2012 09:32:54 c1900-universalk9-mz.SPA.150-1.M4.bin 2 85245200 Nov 16 2025 22:15:32 c1900-universalk9-mz.SPA.157-3.M2.bin 125562880 bytes available (131047424 bytes used) router01# router01#conf t Enter configuration commands, one per line. End with CNTL/Z. router01(config)#boot system flash c1900-universalk9-mz.SPA.157-3.M2.bin router01(config)#exit router01# copy run sta router01#
After a reboot:-
int-router01>sh ver Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.7(3)M2, RELEASE SOFTWARE (fc2) int-router01>sh ip interface brief Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 82.120.220.241 YES NVRAM down down GigabitEthernet0/1 unassigned YES NVRAM down down GigabitEthernet0/0/0 unassigned YES NVRAM up up
The GigabitEthernet0/0/0 interface is the WIC (Slot 0, port 0/0), the 0/0 and 0/1 are the fixed ethernet interfaces.
Running Config
To show a running config without page breaks, use term length 0
Old running config from 1841 - needs updating to Gigabit interfaces.
version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname my-router ! boot-start-marker <del>boot system flash:c1841-advipservicesk9-mz.151-4.M6.bin</del> boot-end-marker ! ! logging buffered 51200 warnings enable secret 5 reallySecret ! no aaa new-model ! clock timezone GMT 0 0 clock summer-time BST recurring 4 Sun Mar 1:00 4 Sun Oct 2:00 dot11 syslog ip source-route ! ! ! ! ! ip cef ip domain list mydomain.co.uk ip domain name mydomain.co.uk ip name-server 92.190.220.250 ip name-server 220.168.200.20 ipv6 source-route ipv6 unicast-routing ipv6 cef ipv6 multicast-routing ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO1841 sn FCZ090720RC username admin password 7 anothersecret ! redundancy ! ! ip ssh time-out 60 ip ssh version 2 ! ! interface FastEthernet0/0 description Internet LAN to firewall ip address ww.xx.yy.zz 255.255.255.248 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Dialer0 description WAN link to ISP ip address negotiated encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 ipv6 address dhcp rapid-commit ipv6 enable ipv6 traffic-filter adsl-ipv6 in ppp chap hostname user@domain ppp chap password 7 chappassword no cdp enable ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip access-list standard snmpv4 permit 82.190.220.252 dialer-list 1 protocol ip permit ipv6 route ::/0 Dialer0 ! ! ! ! snmp-server community mystring1 RO 22 snmp-server community mystring2 RO snmpv4 snmp-server ifindex persist snmp-server location Attic-comms-cab snmp-server contact support@mydomain.co.uk ! ! control-plane ! ! banner exec ^CCC Session established to $(hostname) on line $(line)^C banner login ^CCC +-------------------------------------------------------+ | This is a private system and | | is only for the use of authorized personnel. | | | +-------------------------------------------------------+ | | | If you are allowed access, you will have been told. | | If you have to ask anyone if you are authorized, | | | | -*YOU AREN'T*- | | | +-------------------------------------------------------+ ^C banner motd ^CCCx^C ! line con 0 password 7 top-secret login line aux 0 line vty 0 4 access-class 22 in password 7 very-secret login local transport input ssh ! scheduler allocate 20000 1000 ntp server 123.123.123.1 end
Network Side
Bit off topic but may be of some interest.
Optical Network Terminator
Just for completeness, this is the ONT. It has a single fibre input from OpenReach and a Gigabit ethernet port on an RJ45 for the Subs side interface. The optical technology used for this is GPON.
https://www.draytek.co.uk/information/blog/gpon-fibre-fttp-what-is-it-and-how-does-it-work
OpenReach ONT (Believed to be a Nokia model)
Exchange End
Getting more off-topic, but maybe of interest.
This page has been accessed:-
Today: 1
Yesterday: 0
Until now: 77