Solved: I can't see a reason why

David Harrison · ‎12-27-2014

Hello all,

I'm hoping someone can help me with a problem I have with my 877 adsl router.

A bit of background:

I have set this up as my home router to the internet, which is connected to a Linksys WRT54GL as a wireless access point.

My windows & Linux devices/laptops all work fine over this setup and connect without a problem

However, all my apple devices, phones and ipads don't fully work. I can get to google and a handful of pages, but not the store or games or facebook etc. (my daughter thinks its the end of the world - without FB and instagram)

If I take out the Cisco and put a Thompson router in, it all works fine. so I'm assuming it something with the Cisco config.

Below is the config I'm using on the router

Any pointers would be most appreciated.

ddhrouter#sh run
Building configuration...

Current configuration : 2292 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ddhrouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 mysecret
!
no aaa new-model
!
!
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool CISCODHCP
   network 192.168.1.0 255.255.255.0
   dns-server 212.50.160.100 213.249.130.100 8.8.8.8
   default-router 192.168.1.1
!
!
ip name-server 212.50.160.100
ip name-server 213.249.130.100
ip name-server 8.8.8.8
!
!
username cisco privilege 15 password 0 mysecret
!
!
archive
log config
hidekeys
!
!
interface ATM0
description ** adsl interface **
mtu 1452
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 1/50
ubr 288
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description ** local lan **
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface Dialer0
no ip address
!
interface Dialer10
description ** adsl dialer interface **
ip address negotiated
ip mtu 1482
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname myusername
ppp chap password 0 mypassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer10
!
no ip http server
no ip http secure-server
ip http max-connections 4
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer10 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.0 any eq telnet
permit tcp any any eq 22
deny   tcp any any
ip access-list extended no_telnet
deny   tcp any any eq telnet
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.0.0.0 0.255.255.255
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any echo-reply
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
password password
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
password password
login
!
scheduler max-task-time 5000
end

ddhrouter#

all I'm after is a standard setup for my router. allow any out - deny any in.

Many thanks in advance.

Dave

ghostinthenet · ‎12-27-2014

I can't see a reason why Apple devices in particular would be having a problem, but I would add "ip tcp adjust-mss 1442" to your Dialer10 interface to see if that helps you out. You're dealing with a connection with a low MTU and this is going to cause problems with packets that don't like fragmenting, like HTTPS.

View solution in original post

ghostinthenet · ‎12-27-2014

I can't see a reason why Apple devices in particular would be having a problem, but I would add "ip tcp adjust-mss 1442" to your Dialer10 interface to see if that helps you out. You're dealing with a connection with a low MTU and this is going to cause problems with packets that don't like fragmenting, like HTTPS.

tdorsey123 · ‎01-09-2015

ooo, you left your username, password, and enable in in clear text in the config you pasted, as well as not having an outside ACL applied and the VTY ACL allowing ssh from anywhere. Luckily the outside IP address isn't in the config or I'm sure someone would get ahold of your router....:) You should apply an outside access list and a firewall (I prefer CBAC firewall config for ease of use, but there is Zone based) to fix this. I assume ACL 110 was meant to be your outside ACL but it just isn't applied.

That being said Jody is likely right. PPPoE requires you to shrink your packet size (MTU/MSS) to allow room for the encapsulation that gets added to the packet. The command he supplied should fix this.

The 'ip mtu 1482' on the dialer interface may be too large as well.

talhazafer010 · ‎08-19-2024

It sounds like the issue might be related to the MTU (Maximum Transmission Unit) size or a compatibility setting in your Cisco 877 router. Apple devices can sometimes have issues with certain network configurations that don't affect other operating systems.

Here’s a potential solution:

1. Adjust the MTU Size: Apple devices can be sensitive to MTU settings. Try setting the MTU size on your Cisco 877 router to 1492 or lower. This can be done using the command:

interface Dialer1
ip mtu 1492

Adjust this according to your interface.

2. Check for Access Control Lists (ACLs): Ensure there are no ACLs blocking specific ports or protocols required by Apple services. You can review your existing ACLs and adjust them if necessary.

3. Disable any IP inspection settings: If you have any IP inspect or firewall settings enabled, try disabling them temporarily to see if the issue persists.

4. DNS Configuration: Ensure your DNS settings are correctly configured. Apple devices sometimes have trouble with DNS settings that work fine for other devices.

By the way, Instagram has become essential for teens and businesses alike. For teens, it’s a vital platform for social interaction and self-expression, while businesses use it to engage with their audience and build their brand. Given its importance, optimizing your Instagram profile is crucial to maximize reach and influence.

It is good to see that your daughter is aware of importance of social media. If your daughter is passionate about growing her Instagram following, or if you’re using it for business, you might want to check out Instagramup. It’s an effective tool for boosting followers, likes, and comments, helping you stand out in the competitive Instagram landscape.

I hope you will find this solution and Instagram Importance an helpful solution
Regards
Talha Zafar

Cisco 877 - not working with apple devices