Solved: Re: Cisco 837 Wan issue - Page 2

jcbryan11 · ‎12-10-2010

I have a 837 that I can run "ping atm interface atm 0 0 35 seg-loopback" with 5/5 success. BUT when it test the aggregate with "ping atm interface atm 0 0 35 end-loopback" I get 0/5.

Ugh!

I have a carrier detect light on and need to get this going to verify my other settings. I assume the ISP doesn't need mt user and passwd to perform this function? Please note my ISP gave me the PVC's and added that thhis was the end of their part of anything CIsco. Man, gotta love rural ISP's!

Any ideas for the new guy trying to use CLI?

Config is below if needed.

Best, John

This is the running config of the router: 10.10.10.1
----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 warnings
enable secret 5 $1$MeFQ$9tWMAI6L04F303lKANLvt.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.26 10.10.10.254
!
ip dhcp pool sdm-pool1
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
!
!
ip cef
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-1475291674
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1475291674
revocation-check none
rsakeypair TP-self-signed-1475291674
!
!
crypto pki certificate chain TP-self-signed-1475291674
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
311BA89831
7BLAH BLAH BLAH HERE quit
username john privilege 15 secret 5 $1$PKYL$R4vPtFHBCL3Ys1cP80wvP1
!

!
interface Ethernet0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxx
ppp chap password 0 xxxxxxx
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.26 80 interface Dialer0 80
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

paolo bevilacqua · ‎12-18-2010

Ask ISP for a password reset, and configure CHAP accordingly. The problem is there.

jcbryan11 · ‎12-18-2010

I got it woking with your help! Now I don't appear to have the NAT correct, as I can't get to the internet, but I can ping from the console. WooHoo, close now. I know its a ip routing issue and I am pretty unsure of where to go at this point. I have attached a txt file with a lot of info, SH run, show atm, show atm pvc.

A bit more direction and I shall forever be indebted to the forum !

Best, John

Nikita Singh · ‎12-19-2010

The NAT and routing looks fine. Please check if you can do the following:

ping 4.2.2.2

ping 4.2.2.2 so ethernet 0

jcbryan11 · ‎12-19-2010

I can ping thru en0 with 5/5 success, but no Internet thru router. Ugh! and thanks! John

Nikita Singh · ‎12-19-2010

what is the ip address and default gateway of the device from which your are trying to reach internet ?

can u ping 4.2.2.2 from that device ?

do a tracert 4.2.2.2 and see where it drops

also send "show ip nat trans" from the router.

jcbryan11 · ‎12-19-2010

It appears to be ok from the DOS window I am using for the console, both the CLI and dos pings! A security issue in the router I suspect?

I've attached the results below.

As always, thanks for your help and patience with my learning.

John

tomas.ussher · ‎12-19-2010

[posted in error]

paolo bevilacqua · ‎12-19-2010

Set a DNS server of you liking in the PC (Internet Protocol)

Change ip tcp mss-adjust to 1452.

You also don't need the hold-queue commands.

Please remember to rate useful posts clicking on the stars below.

Nikita Singh · ‎12-19-2010

Looks like you have an issue with DNS.

On the PC, go to the connection properties>> internetprotocol(TCP/IP)>>Properties>> use the following DNS server: set it to 4.2.2.2 and see if you can browse

the NAT and routing is working fine.

Nikita Singh · ‎12-19-2010

I do not see DNS configured on the router.

router#config t

router(config)#ip name-server 4.2.2.2

router(config)#ip dhcp pool sdm-pool1

Router(dhcp-config)#dns-server 4.2.2.2

If you have any other DNS server , include that as well.This should help!

jcbryan11 · ‎12-19-2010

Works like it's supposed to now! Success!!

Connected here with it now, after goofing with it for several months by myself

What about this "correct answer" button? Can I click it mot than once? Lots of correctness from several users getting this 837 going. Have a couple of small issues with security, but I should be able to figure them out.

To all of you guys and gals, Wow and thanks!!!

paolo bevilacqua · ‎12-20-2010

You can click any rating or correct answer, that you haven't clicked before.

Thanks for the nice rating and good luck!

jcbryan11 · ‎12-20-2010

Again, Thanks to everyone! No more hoping the provided ISP modem will work,

Best regards, John