Cisco 861W router

I got a little bit tired of my D-Link router requiring the occasional reboot to get the access point working, so I decided to go a bit wild and buy a Cisco business-class router. The one I chose was the 861W. This page is going to describe my various experiences getting the new router up and running.


First of all, unpacking…. It comes in a big box, and it’s relatively heavy. Big heavy things are the sure indication of a quality product, right? well let’s hope so.

Using Cisco CP Express:

The router comes with a CD-ROM containing installation software. There are several ways to configure the router, ranging from command-line terminal sessions, to something called CP Express, and to something even better than CP Express called simply “CP”. The quick start recommends using CP Express, so I go with that.

It needs a password. Well gee, that’s the one thing Cisco forgot to write down anywhere. Searching the printed documentation that came with the router, I got lucky and found the following in the Cisco Regulatory Compliance and Safety Information Roadmap:

The default username and password is Cisco. They are case sensitive.

Well, they were almost right. It is case sensitive, but it’s “cisco”, not “Cisco”.

Okay, back to business. Now we have CP Express up and running and it’s asking us questions that sound like the usual things a router asks: what IP address do you want to use, how do I connect to the WAN, what DHCP settings to use, etc. This all seems very good. I get it all configured and press the magic <Ok> button at the end. It tells me it’s updating the router configuration and exits. It does not update the configuration. No settings are changed. Try it two or three times more, no difference.

Using Cisco Configuration Professional:

So, I move away from the toy “CP Express” to the much more ominous-sounding “CP”. Who wants the use the “express” version of the software, anyway? We’re professionals here.

Well, CP loads up, displays a progress bar, opens two Windows Explorer windows, opens a third thing off screen, and sits there. I go off to the kitchen and get a bite to eat. It’s still sitting there. I watch some youtube. Still sitting there. Progress bar keeps moving across the screen (who was it who first decided progress bars should move even when the software is stuck, anyway?). It’s obviously not doing anything.

Maybe it has something to do with that window that’s 95% off-screen. I open up the windows task manager and start killing processes until I figure out which one it is. It’s called “IEC2” . I don’t know what it is or what it does, or why it’s 95% off the screen. I can’t move it. I try to get clever and resize the screen but that doesn’t work either. I reboot the laptop again. Still stuck with a progress bar that indicates progress even when no progress is happening.

Took a break…. played some warcraft… did some work….

The next step I setup a virtual machine to run the Cisco CP software in so that I could try to configure it from a controlled environment. On a plain ordinary windows XPSP2 VM, the CP tool also failed. After wasting another hour scouring the Internet, I realized that this thing needs a particular version of Adobe Flash installed. Yes, that’s right:


If you don’t have flash installed, does the CP software warn you? No. it just sits there with a blank screen. If that isn’t pure stupidity, I don’t know what is. You also need java, which is slightly more understandable, but also a pain in the butt.

So, now we’ve got the CP software installed, running, and able to detect the router.

The next step, I try to enable the internal access point. It acts like it configures it, but the AP is not visible from any wireless devices. Don’t know what’s going on there.

Next, I try to change the router’s default IP address from to something more sensible. Software warns me that it’ll lose connection if I change the IP address (well, duh!, but thanks for the warning). After changing the IP Address, the software immediately hangs. While it was smart enough to warn me that the connection will drop, it seems that the CP software itself isn’t smart enough to realize this and hangs waiting for a reply from the (now at a different address) router. Eventually after a few minutes it’ll time out.

Unfortunately now it can’t talk to the router. Although the router is at the new IP Address and responding to pings, it doesn’t respond to telnet or web connections. Could it be that I need to write the configuration to flash and restart the router to restart telnet and web on the new IP? I don’t know, and I’m a little bit worried about bricking the router if I write a known bad configuration to flash.

Fixing the access-control list:

Got out the serial cable and a USB-to-serial adapter to try to figure out what the heck was going on with the router that refused to talk to the new IP address.

The answer was fairly simple once I examined the configuration. There’s an access-control-list that specified which IP addresses are allowed to access the telnet and web interfaces. The ACL was not updated when the router’s IP address changed. Therefore we had a router that was configured on one network, but only allowing connections from a different network. The fix was fairly straightforward — from the serial terminal:

ip access-list standard 23

The above is of course for a network with a netmask Note that the second argument to the permit directive is sort of the inverse of the netmask — it’s a mask of clients that you wish to allow.

Once I proved the router was working and talking to everyone I expected it to, the next step was to write the configuration to the startup configuration, so the router would be setup correctly on power loss:

copy running-config startup-config

Getting the access point up and running

Okay, so now let’s have a look at the internal access point.

The AP works like a separate device inside of the same box. It has it’s own IP address. It has it’s own configuration file. If you follow my CLI examples below, make sure that you’re telnet’d into the AP and not into the router.

The access point gave itself an IP address using DHCP. I don’t like dynamic IP addresses for my access points, so for our first step, let’s change it to a static IP. I used the CLI for a quick change (make sure you telnet into the AP, not the router):

interface BVI1
ip address

(of course, the telnet connection drops when we do this, because we just changed the IP address. We’re smart enough to know this, even without Cisco CP to warn us)

Ok, just as an example, we see the internal AP now set to Simple enough, I’m starting to like the CLI way more than the crappy GUI tools.

Now lets play along with the GUI interface to the access point. Surprisingly it doesn’t suck the CPExpress and CP did. We can get to the GUI by using the IP address of the access point (in my example above,; probably different in your environment) in our web browser. It’s a much simpler design than CP/CPExpress. It doesn’t have the ridiculous pop-up window, and I’m guessing it doesn’t need Adobe Flash to work.

The AP will ask for a name and password. Even though I set the username and password on the AP, and verified it was set to what I wanted using the CLI, the access point GUI still expected a name and password of “cisco”. I couldn’t find any place in the GUI to change this. So, let’s fix this, again using the CLI on the AP (make sure you telnet into the AP, not the router):

ip http authentication local

I kinda figured this out by looking at the router’s configuration file, which had way more stuff in it than the AP’s configuration file. My guess was that since the ap lacked a ‘http authentication’ setting, it was defaulting to cisco/cisco. Telling it ‘ip http authentication local’ configures the http server to use the local username and password for authentication, which I think is what everyone wants.

Ok, back to the AP GUI. Like I said, it doesn’t suck as bad as the other cisco GUIs. In fact, it’s downright usable. You can click on the ‘express security’ link and setup your SSID and WEP or other authentication.

The wireless radio by default is disabled. You’ll want to change that. It can be done in the GUI by clicking network interfaces (notice Radio0-802.11N is ‘disabled’ and ‘down’). Then click Radio0-802.11N. Then select the ‘settings’ tab. Click the ‘enable’ radio button. All the way down at the bottom of the screen is an ‘Apply’ button. Congrats, we’ve just turned the AP on. We can get out our laptop, check the WiFi, and find a new network available.

Now, once all of this is working, it’s time to save it to the startup configuration (make sure you telnet into the AP, not the router):

copy running-config startup-config

Observations on Day 2

Okay, we’ve made some progress and I think I have enough experience to make some conclusions:

  1. The Cisco CP and CP Express software are junk and have major usability problems.
  2. The Cisco AP web GUI is usable with some minor flaws.
  3. The Cisco CLI (command-line interface) is by far better than any of the GUIs.
  4. The Cisco CLI is easy to learn, at least for someone with average experience to command-line operating systems (and by ‘average’, I mean I’ve been doing this for 25 years).

I would suggest that anyone who wants to use one of these routers invest some time in learning the CLI. Although I figured out what I needed to do by stumbling around and the occasional google query, it might be handy to pick up a book and read up ahead of time. So far the router feels more configurable and more powerful than the other routers that I’ve used (D-Link, Netgear, Linksys, and DDWRT). It’s going to take some time to learn the full potential of what I can do, and how to do it.

For a very quick intro to the Cisco CLI, I’d recommend this link: It helped me considerably with some of the simple commands like setting IP addresses, writing the startup configration, etc.

Setting up a DNS proxy

All of my other routers had a DNS proxy built-in. The local computers send DNS requests to the router, which forwards those requests upstream to the ISP’s DNS servers. There’s a variety of flavors of this from simple forwarding to caching to actually running a local DNS server.

Scouring CP and CP Express for this (why did I try the GUI tools again? why?) there’s no explanation for how to set this up on the Cisco router. Some googling reveals some simple CLI commands can be used to setup the DNS proxy:

ip name-server
ip name-server
ip dns server

Note that and are comcast’s DNS servers for my area. You’ll want to substitute the DNS server addresses for your ISP. There should be a way to learn the ISP’s settings from DHCP, but I’m not sure how — if somebody knows, please reply to this post.

Observations at Month 1

It’s now been about a month and the router has performed pretty much flawlessly. I even took some time to experiment with snmp monitoring and wrote up a SNMP monitoring tool for windows.

Related Stuff

  • Scott’s Router Monitor. A small taskbar application to monitor Cisco routers. I wrote it because I didn’t much care for the web-based monitoring tool that came with the router. The tool will show you packets in/out, cpu utilization, and memory utilization.
  • Cisco Router Cheat Sheet. Snippets of useful IOS stuff.

Comments (11)

  1. luke says:

    I have taken Cisco 1-4 CCNA prep classes. Passed all with a moderate B+. Cisco never ceases to amaze me with the level of complexity they keep adding to their machines. I was having issues with my AP, and thought it was just because I was plain stupid. Well, turns out that I just didn’t use the proper password… Assumed it was the one I changed it to! Thanks! Now I get to go use my router the way I bought it to be used!

  2. KaLaMar says:

    I purchased one of these too. Any idea how to reset everything on this thing to factory default?

  3. Victor says:

    I am planning to buy CISCO861W-GN-A-K9, Does anybody know whether or not this router has a active cooling fan, especially the starting noise when it powers on?


  4. Lazar Mihail says:


    Can you give please a working configuration of the router CISCO 861W and the integrated access-point because I’m stuck in my configuration. My LAN is working perfect but my wireless laptop can’t get any IP address from the dhcp server from router and I want to see a working configuration to see where is my mistake. Thank you very much in advance

  5. chris says:

    yes, has active cooling fan, isnt that loud.

  6. Reset Procedure: unplug power if already plugged in, and plug power in, immediately press the “break” key on your keyboard.

    rommon 1> confreg 0x142
    rommon 2> reset

    when the router starts up it will be in password recovery mode.

    Follow the prompts and when you get to enable mode

    router# write erase
    router# config t
    router(config)# config-register 0x2102
    router(config)# end
    router# reload

    to reset the access point:

    config-register must be 0x2102
    do a router# show version
    look at show version and it should have the config-register setting at the bottom

    issue this to set to factory default (access point)

    router# service-module wlan-ap 0 reset default-config

    follow the prompts afterward.

  7. Brandon Knight says:

    Thanks for the post. I just bought the 861 router (without wireless AP) and ran into the same problems you ran into when trying to configure it using CP express. They don’t even give you an option to configure things after you have used the wizard in the first place and I finally gave up after hours of trying to get the ip to the correct subnet. Previously I had a Linksys RV082 and it was very easy to configure using the web based interface. Any thoughts on whether the 861 is better than the RV082. I don’t have a lot of time to dedicate to learning the CLI but if it is solid once it is configured then maybe I’ll keep it.

  8. admin says:

    Brandon, I don’t know anything about the RV082, but I am very pleased with the 861 (once you learn how to configure it using IOS from the command line). In the time I’ve owned it, I’ve never had a stability issue with the 861W. When a router works right, there’s not much to say, you kinda forget you even have a router. That’s the way the 861 is once configured.

  9. Aaron says:

    Erasing current configuration is easy.

    Router#erase statup-config

    Wait for reboot. Done.

  10. Patrick says:

    You can’t “brick” a Cisco router by writing a “bad configuration” to the flash.

Leave a Reply

Your email address will not be published. Required fields are marked *