Cisco 857 + ADSL Please help

dan · ‎02-16-2011

Hi,

I've purchased a Cisco 857 router for a client as they wanted a more reliable modem. I've been playing with the 857 for a few days now and im frustrated to the point where I wish I hadn't chosen Cisco.

My company isnt a Cisco partner nor do I have any Cisco certifications, I have set up many routers and unusual network configurations in the past but always managed to get everything working without writing a forum post.

So brand new out of the box, no manuals or any documentation other than regulatory stuff. It came with a US style power cord thats useless to me. Luckly its just a standard figure8 lead but still not what I expected from Cisco and its a good job im not out somewhere on a client site without a spare.

Console cable is serial so had to use my old PC to configure the initial settings.

Set up my PC to use 10.10.10.0 network so I can connect to the web admin pages. These dont work initially as for some reason they require JRE installed on the PC. It loads up so far with the standard java included with IE but then gives a useless error message.

Why do I need to install Java to use a web interface? Why can't it just be pure HTML.

Eventually get into CP express and set everything up, DHCP pool, ADSL details etc. All is going well. ADSL appears to connect CD light is solid and the RX D and TXD LED's are flashing intermittently. No way in CP express to see the status, speed, IP or anything to do with the ADSL connection. Its all absolute minimum functionality. Switched my PC's configuration back to DHCP and get a lease from the pool all looks good but no internet access.

I've tried altering DNS settings but no joy, still get no route out to the internet.

Thought id check and see if there are any firmware upgrades available but cant download anything as I dont have permissions on cisco.com to get full support for the product.

Cisco said:

Hi Dan,

Thank you for your email.

The Partner Initiated Commerce Access program (PICA) is designed to allow Cisco Partners to give their end customers access to certain Cisco resources. PICA numbers and verification keys are generated, managed, and controlled exclusively by Cisco Partners. Only these companies can issue PICA numbers. To get access to the program, you will have to call your Cisco Distributor and ask if they participate in the program. If they do, ask to be transferred to the PICA Admin. Thanks.

Best Regards,

Sunny

WW-Customer Interaction Network

Cisco Technical Assistance Center

Business hours: Monday-Friday 09:00am-03:00pm GMT+8

I've forwarded this to eBuyer as an eTicket and had no response. Tried calling eBuyer and noone seems to know what PICA is.

First question is how do I do a dump of the configuration file so I can post it up here? Cant find an option in CP express to do this so im assuming its via telnet?

Thanks,

Dan

manish arora · ‎02-16-2011

Connect via telnet , as your said. Do "sh run" and copy paste it here

Manish

dan · ‎02-16-2011

Hi Manish, Thanks for your quick reply.

Here's the dump:

router#sh run
Building configuration...

Current configuration : 7118 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1644485990
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1644485990
revocation-check none
rsakeypair TP-self-signed-1644485990
!
!
crypto pki certificate chain TP-self-signed-1644485990
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
        quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool 0
!
ip dhcp pool Default
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
!
!
ip cef
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
vlan ifdescr detail
!
!
!
username admin privilege 15 secret 5 ***REMOVED***
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address dhcp
ip access-group 101 in
ip mtu 1452
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ***REMOVED***
ppp chap password 7 ***REMOVED***
ppp pap sent-username ***REMOVED*** password ***REMOVED***
ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 192.168.1.0 255.255.255.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13#
#
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit udp host 193.36.79.101 eq domain any
access-list 101 permit udp host 193.36.79.100 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
dialer-list 1 protocol ip permit
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username privilege 15 secret 0
no username cisco

Replace and with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

router#

manish arora · ‎02-16-2011

here :-

router>en

router#conf t

router(config)#access-list 1 permit 192.168.1.0 255.255.255.0

router(config)#ip nat inside source list 1 interface dialer 0 overload

router(config)#int vlan 1

router(config-if)#ip nat inside

router(config-if)#exit

router(config)#int atm 0

router(config-if)#ip nat outside

router(config-if)#exit

also , you don't need this :-

ip route 192.168.1.0 255.255.255.0 Dialer0

so just do :-

router(config)#no ip route 192.168.1.0 255.255.255.0 Dialer0 ( since this directly attached to the router).

Also , verify from router itself , that you can ping 4.2.2.2 , if not then try :-

router(config)#no ip route 0.0.0.0 0.0.0.0 ATM0.1

router(config)# ip route 0.0.0.0 0.0.0.0 dialer 0

Manish

dan · ‎02-17-2011

Hi Manish,

Tried those commands and they appear to have updated as rebooting and running sh run again shows the changes.

Still no route out tho. Is there a command to see the IP and DNS details that have been leased to me from the ISP?

router#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

router#sh run
Building configuration...

Current configuration : 7228 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1644485990
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1644485990
revocation-check none
rsakeypair TP-self-signed-1644485990
!
!
crypto pki certificate chain TP-self-signed-1644485990
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

        quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool 0
!
ip dhcp pool Default
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
!
!
ip cef
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
vlan ifdescr detail
!
!
!
username admin privilege 15 secret 5 $1$7MuI$D64Le/NcrUcTnfiJaJNXK.
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address dhcp
ip access-group 101 in
ip mtu 1452
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *** REMOVED ***
ppp chap password 7 *** REMOVED ***
ppp pap sent-username *** REMOVED *** password 7 *** REMOVED ***
ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13#
#
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit udp host 193.36.79.101 eq domain any
access-list 101 permit udp host 193.36.79.100 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
dialer-list 1 protocol ip permit
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username privilege 15 secret 0
no username cisco

Replace and with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

router#

manish arora · ‎02-17-2011

Hi Dan,

First of all My bad on one command :-

remove :-

router(config)# no access-list 1 permit 0.0.0.0 255.255.255.0

add :-

router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

==========

Now since you are not able to ping from your router that means the ADSL is not set up properly , so please make few changes :-

1> router(config)#interface Dialer0

# no ip add dhcp

#ip add negotiated

#no ip access-group 101 in { till you get access to internet }

# no ip inspect SDM_LOW out { till you get access to internet }

I do have a little doubt about the atm sub interface as I have always seen configuration under the ATM 0 only.But i would say that try above and post following :-

1> sh version

2> sh ip int bri

3> sh atm interface atm

Manish

dan · ‎02-17-2011

Hi Manish,

Ok I tried running the additional commands and its now possible to ping outside from the router, ie: 4.2.2.2 or a domain name.

Still no internet access from the LAN side. I think its more a routing thing rather than DNS as I cant ping a known IP eg.: 4.2.2.2 from the PC either.

When you said { till you get access to internet } did you mean repeat this command?

Here's those dumps :

router#sh version

Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T14, R
ELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 18-Aug-10 02:37 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

router uptime is 4 minutes
System returned to ROM by power-on
System image file is "flash:c850-advsecurityk9-mz.124-15.T14.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
export@cisco.com. 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory
.
Processor board ID FCZ1453C34G
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
20480K bytes of processor board System flash (Intel Strataflash)

If

Cisco

Configuration register is 0x2102

router# sh ip int bri
Interface IP-Address OK? Method Status Prot
ocol
ATM0 unassigned YES NVRAM up up

ATM0.1 unassigned YES unset up up

Dialer0 95.148.103.11 YES IPCP up up

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up down

NVI0 unassigned YES unset administratively down down

Virtual-Access1 unassigned YES unset up up

Vlan1 192.168.1.1 YES NVRAM up up

router#sh atm interface atm 0
Interface ATM0:
AAL enabled: AAL5 AAL2, Maximum VCs: 10, Current VCCs: 1

VCIs per VPI: 1024,
Max. Datagram Size: 4528
PLIM Type: ADSL - 448Kbps Upstream, DMT, TX clocking: LINE
113 input, 2 output, 67 IN fast, 175 OUT fast
Avail bw = 448
Config. is ACTIVE

manish arora · ‎02-17-2011

Hi Dan !

did you change the access-list 1 as i mentioned earlier ?also remove the access list from vlan 1 , using no access-group.

then try pinging 4.2.2.2 from your pc , then run "show ip nat statistics" & paste output as well.

attach your modified config please , so that I can look at it ?

Manish

dan · ‎02-18-2011

Hi Manish,

I tried all of the commands you sent in your last message.

% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------

router#sh run
Building configuration...

Current configuration : 7186 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1644485990
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1644485990
revocation-check none
rsakeypair TP-self-signed-1644485990
!
!
crypto pki certificate chain TP-self-signed-1644485990
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

        quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool 0
!
ip dhcp pool Default
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
!
!
ip cef
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
vlan ifdescr detail
!
!
!
username admin privilege 15 secret 5 $1$7MuI$D64Le/NcrUcTnfiJaJNXK.
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *** REMOVED ***
ppp chap password 7 *** REMOVED ***
ppp pap sent-username *** REMOVED *** password 7 *** REMOVED ***
ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13#
#
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit udp host 193.36.79.101 eq domain any
access-list 101 permit udp host 193.36.79.100 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
dialer-list 1 protocol ip permit
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username privilege 15 secret 0
no username cisco

Replace and with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

router#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
ATM0
Inside interfaces:
Vlan1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface Dialer0 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
router#

Could it be access-list 101 deny ip 192.168.1.0 0.0.0.255 any?

Thanks,

Dan

manish arora · ‎02-18-2011

Hi Dan,

can you please check :-

1> ping from your local pc to the gateway ip 192.168.1.1 , see if thats working ?

2> remove the access list from int vlan 1 :-

router(config)#int vlan 1

# no ip access-group 100 in

Manish

dan · ‎02-18-2011

Hi Manish,

No problems at the PC end, its on DHCP and I can ping the router. I'm communicating with the modem with telnet on 192.168.1.1

The PC doesn't have a firewall installed.

Tried the additional command, saved and rebooted and still no access.

manish arora · ‎02-18-2011

Hi Dan,

I guess the only changes that we are left with now are :-

router(config)#no interface ATM0.1 point-to-point

router(config)#interface ATM0

#pvc 0/38

#pppoe-client dial-pool-number 1

#no dsl operating-mode auto

#exit

#dsl operating-mode auto

# wr

Manish

dan · ‎02-18-2011

Hi Manish,

Just tried those, saved and rebooted. The ADSL now fails to connect, I cant ping out from the PC or the Modem.

I think im gonna have to return this one. Apart from this support forum, this has not been a generally good first experience of Cisco.

Dan

manish arora · ‎02-18-2011

No Dude , we will fix it together ,

Just send me current configuration one last time and I will fix it this time.

Manish

manish arora · ‎02-18-2011

Interface ATM 0

no ip address

ip nat outside

ip virtual-reassembly

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/38

dialer pool-member 1

encapsulation aal5mux ppp dialer

no shut

EXIT

Dude, I feel bad , if you want I can do a gotomeeting and fix it for.

Paste output : sh dsl interface atm

Manish