This document describes how to use the Cisco Configuration Professional
(Cisco CP) in order to set the basic configuration of the router. Basic
configuration of the router includes configuration of the IP address, default
routing, static and dynamic routing, static and dynamic NATing, host name,
banner, secret password, user accounts, and other options. Cisco CP allows you
to configure your router in several network environments, such as small office
home office (SOHO), branch office (BO), regional office, and central site or
Enterprise headquarters, with an easy-to-use web-based management
The information in this document is based on these software and
Cisco 2811 Router with Cisco IOS® Software Release 12.4(9)
Cisco CP Version 2.5
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Note: The IP addressing schemes used in this configuration are not legally
routable on the Internet. They are RFC
1918 addresses which have been used in a lab environment.
Perform these steps in order to configure the interfaces of a Cisco
Click Home in order to go to the Cisco CP
The Cisco CP homepage provides information such as the hardware and
software of the router, feature availability, and a configuration
Choose Configure > Interface
Management > Interfaces and Connections > Create Connection in order to configure the WAN connection for
As an example, for FastEthernet 0/1, choose the Ethernet option and click Create New
Note: For other types of interfaces like Ethernet,
choose the respective interface type and click Create New
Connection to proceed.
Click Next in order to proceed once this interface
Choose FastEthernet 0/1 (desired) from the
Available Interfaces option and click Next.
Specify the static IP address with the corresponding subnet mask
for the interface and click Next.
Configure the default routing with optional parameters such as the
next hop IP address (172.16.1.2 as per network diagram) supplied by the ISP and
This window appears and shows the configuration summary configured
by the user. Click Finish.
Note: The connectivity of the configuration can be checked by checking
the checkbox next to Test the connectivity after configuring.
This is an optional feature available.
This window appears and shows the command delivery status to the
router. Otherwise, it displays errors if the command delivery fails due to
incompatible commands or unsupported features.
Choose Configure > Interface
Management > Interfaces and Connections > Edit Interfaces/Connections in order to add/edit/delete the
Highlight the interface with which you want to make changes and
click Edit if you want to edit or change the interface
configuration. Here, you can change the existing static IP address.
Dynamic NAT Configuration
Perform these steps in order to configure the dynamic NAT in a Cisco
Choose Configure > Router > NAT > Basic NAT and click Launch
the selected task in order to configure basic NATing.
Choose the interface that connects to the Internet or your ISP and
choose the IP address range to which Internet access is to be shared. After
choosing this information, click Next as shown
This window appears and shows the configuration summary configured
by the user. Click Finish.
The Edit NAT Configuration window shows the configured dynamic NAT
configuration with the translated IP address overloaded (PATing). If you want
to configure the dynamic NATing with address pool, click Address
Here, information such as the pool name and IP address range with
netmask are provided. There can be times when most of the addresses in the pool
have been assigned, and the IP address pool is nearly depleted. When this
occurs, PAT can be used with a single IP address in order to satisfy additional
requests for IP addresses. Check Port Address Translation
(PAT) if you want the router to use PAT when the address pool is close
to depletion. Click OK.
Choose Address Pool in the Type field, provide the
name to the Address Pool as pool, and click OK.
This window shows the configuration for dynamic NATing with the
address pool. Click Designate NAT Interfaces.
Use this window in order to designate the inside and outside
interfaces that you want to use in NAT translations. NAT uses the inside and
outside designations when it interprets translation rules, because translations
are performed from inside to outside, or from outside to inside.
Once designated, these interfaces are used in all NAT translation
rules. The designated interfaces appear above the Translation Rules list in the
main NAT window.
Static NAT Configuration
Perform these steps in order to configure static NAT in a Cisco
Choose Configure > Router > NAT > Edit NAT Configuration and click Add in order to configure static NATing.
Choose the Direction either from inside to outside
or from outside to inside, and specify the inside IP address to be translated
under Translate from Interface. For the Translate to
Interface area, choose the Type:
Choose IP Address if you want the Translate from Address to be translated to an IP address
defined in the IP Address field.
Choose Interface if you want the Translate from Address to use the address of an interface on
the router. The Translate from Address is translated to the IP
address assigned to the interface that you specify in the Interface
Check Redirect Port if you want to include port
information for the inside device in the translation. This enables you to use
the same public IP address for multiple devices, as long as the port specified
for each device is different. You must create an entry for each port mapping
for this Translated to address. Click TCP if this is a TCP
port number and click UDP if it is a UDP port number. In the
Original Port field, enter the port number on the inside device. In the
Translated Port field, enter the port number that the router is to use for this
translation. Refer to the Allowing
the Internet to Access Internal Devices section of Configuring
Network Address Translation: Getting Started.
This window shows the static NATing configuration with port
Static Routing Configuration
Perform these steps in order to configure static routing in a Cisco
Choose Configure > Router > Static and Dynamic Routing and click Add in
order to configure static routing.
Enter the Destination Network address with mask and choose either
outgoing interface or next hop IP address.
This window shows the static route configured for the 10.1.1.0
network with 172.16.1.2 as the next hop IP address:
Dynamic Routing Configuration
Perform these steps in order to configure the dynamic routing in a
Choose Configure > Router > Static and Dynamic Routing.
Select the RIP and click Edit.
Check Enable RIP, choose the RIP version, and
Specify the Network address to be advertised.
Click Deliver in order to transfer the commands to
This window shows the dynamic RIP routing
Perform these steps in order to configure the other basic settings in a
Choose Configure > Router > Router Options and click Edit if you want to
change the Hostname, Domain Name, Banner, and Enable Secret Password properties
for a router.
Choose Configure > Router
Access > User Accounts/View in order to
add/edit/delete the User Accounts to the router.
Choose Configure > Utilities > Save Running Config to
PC in order to save the configuration to the NVRAM of the router as
well as the PC and to reset the current configuration to default (factory)
Note: In order to use CCP to restore the configuration file stored on a
computer to a router or to backup the configuration file from a router to a
computer, access the Configuration Editor, and click I agree.
In the Configure window, choose Import configuration from PC,
and then click the replace running configuration button.
Current configuration : 2525 bytes
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no logging buffered
enable password cisco
no aaa new-model
!--- RSA certificate generated after you enable the
!--- ip http secure-server command.
crypto pki trustpoint TP-self-signed-2401602417
crypto pki certificate chain TP-self-signed-2401602417
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343031 36303234 3137301E 170D3130 30353139 30393031
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34303136
30323431 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CD35 A3A6E322 9B6005DA A0FF26C2 8A0DC5AF 27B38F3B DBF2BF58 D8F2655D
31115681 EC8BC750 03FE3A25 0F79DC74 3A839496 CB9486F1 A1F5BF43 D92BA7AF
3C72A57B D8D37799 50493588 A5A18F7F 27955AB0 AC36B560 3BE9F648 A4F6F41F
B9E9C5E6 F9570DEB 5555FDED 9593BD00 5ABB30CD D3B9BDFA F570F987 651652CE
3D310203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603
551D1104 14301282 10526F75 7465722E 70616D6D 692E636F 6D301F06 03551D23
04183016 80146A0A C2100122 EFDA58AB C319820D 98256622 52C5301D 0603551D
0E041604 146A0AC2 100122EF DA58ABC3 19820D98 25662252 C5300D06 092A8648
86F70D01 01040500 03818100 83B0EC8C 6916178F 587E15D6 5485A043 E7BB258D
0C9A63F2 DA18793D CACC026E BC0B9B33 F8A27B34 5BD7DD7F FCECA34F 04662AEC
07FD7677 A90A8D1C 49042963 C2562FEC 4EFFF17C 360BF88A FEDC7CAA AE308F6C
A5756C4A F574F5F3 39CE14AE BAAEC655 D5920DD0 DA76E296 B246E36E 16CFBC5A
00974370 170BBDAD C1594013
!--- Create a user account named ccpccp with all privileges.
username ccpccp privilege 15 password 0 cisco123
!--- The LAN interface configured with a private IP address.
ip address 192.168.1.1 255.255.255.0
!--- Designate that traffic that originates from behind
!--- the interface is subject to Network Address Translation (NAT).
ip nat inside
!--- This is the LAN interface configured with a routable (public) IP address.
ip address 172.16.1.1 255.255.255.0
!--- Designate that this interface is the
!--- destination for traffic that has undergone NAT.
ip nat outside
!--- RIP version 2 routing is enabled.
!--- This is where the commands to enable HTTP and HTTPS are configured.
ip http server
ip http authentication local
ip http secure-server
!--- This configuration is for dynamic NAT.
!--- Define a pool of outside IP addresses for NAT.
ip nat pool pool 10.10.10.1 10.10.10.100 netmask 255.255.255.0
!--- In order to enable NAT of the inside source address,
!--- specify that traffic from hosts that match access list 1
!--- are NATed to the address pool named pool1.
ip nat inside source list 1 pool pool1
!--- Access list 1 permits only 22.214.171.124 network to be NATed.
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
!--- This configuration is for static NAT
!--- In order to translate the packets between the real IP address 10.10.10.1 with TCP
!--- port 80 and the mapped IP address 172.16.1.1 with TCP port 500.
ip nat outside source static tcp 10.10.10.1 8080 172.16.1.1 80 extendable
!--- The default route is configured and points to 172.16.1.2.
ip route 0.0.0.0 0.0.0.0 172.16.1.2
line con 0
line aux 0
!--- Telnet enabled with password as cisco.
line vty 0 4
transport input all
line vty 5 15
transport input all
Choose Configure > Interface & Connections > Edit
Interface Connections > Test Connection in order to test the
end-to-end connectivity. You can specify the remote end IP address if you click
the User-specified radio button.
This error might be the result of a browser compatibility issue.
Internet Explorer 8 changes many fundamental aspects of developing applications
for IE. Cisco recommends that you downgrade Internet Explorer to version 7. You
should also uninstall and reinstall Cisco CP.
I receive this error message when I try to install Cisco CP: "Unable to read the source file. File could be Corrupted. Please re-install Cisco Configuration Professional to resolve the issue." How do I resolve this issue?
When you download the application setup file and attempt to install
Cisco CP, you might receive this error:
Unable to read the source file. File could be Corrupted.
Please re-install Cisco Configuration Professional to resolve the issue
Try the following in order to resolve this.
Delete all instances of Cisco CP on your PC, and perform a fresh
download and install.
If the previous step does not work, try to download a different
version of Cisco CP.
If the previous step does not work, contact Cisco
Note: You must have valid Cisco user credentials in order to contact
How do I access the Cisco CP technical logs?
Click Start > Programs > Cisco Systems > Cisco
Configuration Professional > Collect Data for Tech Support. Cisco
CP automatically archives the logs in a zip file named _ccptech.zip. Perform a local file system search for this
file if it is not saved to your Desktop. You can send these technical logs to Cisco
TAC for further troubleshooting.
Note: Close all instances of Cisco CP to get rid of any other issues in
archiving the logs.
Router discovery takes more time than usual. How do I resolve this issue?
Once Cisco CP is launched and the community is configured, discovery of
the router takes more time than usual. Here are the Cisco CP logs that describe
the time elapsed:
July 10, 2009 8:29:19 AM EDT Discovering device test-router
July 10, 2009 8:29:20 AM EDT Last discovery clean-up elapsed time was 47 milliseconds.
July 10, 2009 8:31:13 AM EDT Discovery job allocation elapsed time was 113859 milliseconds.
July 10, 2009 8:31:13 AM EDT Authentication completed.
July 10, 2009 8:40:28 AM EDT Video feature disabled. Video feature discovery elapsed time=214375 ms
July 10, 2009 8:51:15 AM EDT Security feature ready - elapsed time was 860734 milliseconds.
July 10, 2009 8:51:16 AM EDT Total device test-router discovery elapsed time was 1316047 milliseconds.
This issue occurs with all routers irrespective of their model and
platform. In addition, there are no memory or CPU related issues on the
Verify the authentication mode. If authentication does not occur
locally, then check if there is an issue with the authenticating server. Fix
any issue with the authenticating server in order to resolve this issue.
I am unable to view the IPS configuration page on Cisco CP. How do I resolve this issue?
When a specific feature in the Configuration window does not show
anything except a blank page, there might be a incompatibility issues.
Verify these items in order to resolve this issue:
Verify if that specific feature is supported and enabled on your
Verify if your router version supports that feature. Router version
incompatibilities could be resolved with a version upgrade.
Verify if the problem is with the current