cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4439
Views
9
Helpful
27
Replies

Cisco 837 Wan issue

jcbryan11
Level 1
Level 1

I have a 837 that I can run "ping atm interface atm 0 0 35 seg-loopback" with 5/5 success. BUT when it test the aggregate with "ping atm interface atm 0 0 35 end-loopback" I get 0/5.

Ugh!

I have a carrier detect light on and need to get this going to verify my other settings. I assume the ISP doesn't need mt user and passwd to perform this function? Please note my ISP gave me the PVC's and added that thhis was the end of their part of anything CIsco. Man, gotta love rural ISP's!

Any ideas for the new guy trying to use CLI?  

Config is below if needed.

Best, John


This is the running config of the router: 10.10.10.1
----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 warnings
enable secret 5 $1$MeFQ$9tWMAI6L04F303lKANLvt.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.26 10.10.10.254
!
ip dhcp pool sdm-pool1
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
!
!
ip cef
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-1475291674
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1475291674
revocation-check none
rsakeypair TP-self-signed-1475291674
!
!
crypto pki certificate chain TP-self-signed-1475291674
certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  311BA89831
  7BLAH BLAH BLAH HERE  quit
username john privilege 15 secret 5 $1$PKYL$R4vPtFHBCL3Ys1cP80wvP1
!

!
interface Ethernet0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/35
  pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxx
ppp chap password 0 xxxxxxx
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.26 80 interface Dialer0 80
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

9 Accepted Solutions

Accepted Solutions

Ok so in this case,

Run

conf t

in fa4

shut

end

debug pppoe error

debug pppoe event

debug ppp nego

debug ppp authentication

conf t

int fa 4

no shut

end

Get outputs and see if there are any errors in authentication or not. If not then authentication is the least of your worries. If there are other errors then that has to be investigated.

Get show atm pvc x/y once the AMT interface is up as well. This will shouw you the DSL speed and pvc details.

Also if the 837 is terminating the DSL connection then enable training logs:

interface atm0
     dsl enable-training-log

This will helpful to understand how strong/weak the signal is. If the signal is low, we can expect many kinds of issues.

Can you get their end of the config (even if not cisco we can still make out what they have)

Shelley.

View solution in original post

If you work with the service provider, this can be a quick fix. You are failing authentication. Debugs show they are certainly doing CHAP authentication and expect you to have a username "Blnc-Redback" configured on your router to authenticate their side and expect a specific user/pass to be sent to them for authentication..

The commands for that are

ppp chap username

ppp chap password

They go under the dialer interface.

Read these :

http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml

http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4130.shtml

Best of luck.

Shelley.

View solution in original post

Just ask ISP, what is my username and password?

They don't know about PAP, CHAP and stuff, because consumer-grade routers handle that automatically.

Also they are likely to get confused by trace output, that is for 2nd or 3rd level support only.

Unrelated to the failure, you should configure "mtu 1492" on dialer itnerface.

View solution in original post

Ask ISP for a password reset, and configure CHAP accordingly. The problem is there.

View solution in original post

The NAT and routing looks fine. Please check if you can do the following:

ping 4.2.2.2

ping 4.2.2.2 so ethernet 0

View solution in original post

what is the ip address and default gateway of the device from which your are trying to reach internet ?

can u ping 4.2.2.2 from that device ?

do a tracert 4.2.2.2 and see where it drops

also send "show ip nat trans" from the router.

View solution in original post

Set a DNS server of you liking in the PC (Internet Protocol)

Change ip tcp mss-adjust to 1452.

You also don't need the hold-queue commands.

Please remember to rate useful posts clicking on the stars below.

View solution in original post

Looks like you have an issue with DNS.

On the PC, go to the connection properties>> internetprotocol(TCP/IP)>>Properties>> use the following DNS server: set it to 4.2.2.2 and see if you can browse

the NAT and routing is working fine.

View solution in original post

Nikita Singh
Cisco Employee
Cisco Employee

I do not see DNS configured on the router.

router#config t

router(config)#ip name-server 4.2.2.2

router(config)#ip dhcp pool sdm-pool1

Router(dhcp-config)#dns-server 4.2.2.2

If you have any other DNS server , include that as well.This should help!

View solution in original post

27 Replies 27

paolo bevilacqua
Hall of Fame
Hall of Fame

You can disregard atm ping results.

All what matters, is if it works, or not.

Shouldn't I be able to ping, say, cisco.com, via the console? I understand that takes the router out of the equation and is a direct ping??

Thanks for the reply by the way.

John

Currently, cisco.com does not responds to pings.

You have first to find out if ISP uses PPPoE or not. If not, your config is wrong.