Cisco configs, howtos and useful information - Cisco 877W Dynamic IP configuration

This configuration is known working with c870-advipservicesk9-mz.124-24.T1.bin. This configuration was designed for use in the UK. This applies to the wireless section. This configuration also relies on having the crypto featureset to make use of SSH console logins.

Help! I just need a working configuration now!
Copy the following out, replacing the bits in red with your own information. Click here if you want to see the explanations.
You should make sure that you SSH v2 switched on (ie have your done the generation stage already). If not, you can do this by doing the following from the command line:
conf term
ip domain-name your domain name
crypto key generate rsa usage-keys modulus 2048

This is the full working configuration (minus bits that are pertinent to my own connection):

version 12.4
no parser cache
no service pad
service tcp-keepalives-in
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
hostname name-of-your-device
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging userinfo
logging buffered 32000 informational
logging console informational
logging monitor informational
enable secret 5 password for your device
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login admin local
!
!
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
!
!
dot11 syslog
!
dot11 ssid name of your wireless network
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid
wpa-psk ascii wireless key for your network
!
no ip source-route
no ip gratuitous-arps
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool pool1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server IP addresses of your DNS servers
!
!
no ip cef
no ip bootp server
no ip domain lookup
ip domain name your domain name
ip name-server IP address of your ISP DNS server
ip name-server Second IP address of your ISP DNS server
ip inspect max-incomplete high 1100
ip inspect max-incomplete low 1100
ip inspect one-minute high 1100
ip inspect one-minute low 1100
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 tcp
login block-for 60 attempts 3 within 30
login on-failure log
login on-success log
no ipv6 cef
ntp logging
ntp peer ip address of an NTP server prefer
!
multilink bundle-name authenticated
!
!
!
username username to connect to the router password 7 password to connect to the router
!
no crypto isakmp enable
!
!
archive
log config
logging enable
logging size 500
notify syslog contenttype plaintext
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 1
ip ssh version 2
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
ip access-group 10 out
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
!
encryption mode ciphers tkip
!
ssid name of your wireless network
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2432
station-role root access-point
antenna gain 34
world-mode dot11d country GB both
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
no ip proxy-arp
no ip mroute-cache
ntp broadcast
bridge-group 1
hold-queue 100 out
!
interface Dialer0
ip address negotiated
ip access-group 101 in
ip access-group 102 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ISP provided ADSL username
ppp chap password 7 ISP provided ADSL password
ppp pap sent-username ISP provided ADSL username password 7 ISP provided ADSL password
!
interface BVI1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
!
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner motd ^CC
This is machine name. Unauthorised access to this
machine is strictly prohibited. Please disconnect now unless
you have received prior authorisation for use. The systems
administrator is your name on Your phone number.
^C
!
line con 0
password 7 console password
login authentication admin
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 15 in
exec-timeout 5 0
login authentication admin
transport input ssh
!
scheduler max-task-time 5000
ntp logging
ntp source Dialer0
ntp peer 158.152.1.76 prefer
ntp peer 130.88.200.98
ntp peer 193.0.0.228
end