Hi Dan,Please modify the

dparker127 · ‎06-11-2014

Hi there,

I am trying to configure a Cisco 887va router, initially I am trying to get it to route between my adsl connection (ppp over ATM) and my Ethernet lan (only the one default vlan to start with).

Here is my running config:

EVC_R1#sh running-config
Building configuration...

Current configuration : 1965 bytes
!
! Last configuration change at 14:32:46 UTC Wed Jun 11 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EVC_R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 PoXaLzKVosUFI2FS5/CPK/sLYb1wgi0LIF6SRnWhVa2
!
no aaa new-model
memory-size iomem 10
!
!
!
!
!
!
!
!
ip domain name emmaus.local
ip cef
no ipv6 cef
!
!
password encryption aes
license udi pid CISCO887VA-K9 sn FCZ1733C2CL
!
!
username xxx password 0 xxx
username xxx password 0 xxx
!
!
!
!
!
controller VDSL 0
!
ip ssh version 1
!
!
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.52.254 255.255.255.0
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
atm vc-per-vp 128
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxx@plusdsl.net
ppp chap password 0 xxx
ppp pap sent-username xxx@plusdsl.net password 0 xxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.52.0 0.0.0.255
!
!
!
line con 0
password $upp0rt100
login
no modem enable
line aux 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
!
end

First off I am aware that the fastethernet interfaces are layer 2 ports on an integrated switch. I assume that ethernet0 should be treated as an actual router port. It seems to support subinterfaces eg ethernet0.1. So what I had envisaged was using fa0/0 as a trunk port and eventually adding vlan router addresses to subinterfaces of ethernet0.

At present my dialer0 interface acquires the correcty ip address from my isp but pings fail to hosts in both my local network 192.168.52.0/24 and to internet hosts. Can anyone look at my config and advise?

thanks very much

Dan

SANTHOSHKUMAR SARAVANAN · ‎06-11-2014

Hi Dan ,

Connect your LAN Cable on your router Ethernet port . You Should able to ping your Local Network 192.168.52.0/24 , Similarly when you create sub interface on your router , switch port of layer 2/layer 3 switch connecting to your router must be trunk port , not your router port .

Router port must be configured for dot1q encapsulation not as trunk port .

Look into below url for more understanding

http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/14976-50.html

HTH

Sandy

kcnajaf · ‎06-11-2014

Hi Dan,

Please modify the configurations as below.

config terminal

int Ethernet 0

no ip address 192.168.52.254 255.255.255.0

int vlan 1

ip address 192.168.52.254 255.255.255.0

ip nat inside

!

ip route 0.0.0.0 0.0.0.0 dialer0

!

ip classless

Hope that helps.

Regards

Najaf

dparker127 · ‎06-11-2014

Thanks Najaf, you changes have improved things however i'm not quite there yet. With your changes I can ping external ip addresses successfully (not hostnames although messages show that the router has acquired dns server addresses from my isp) but other than the router's own ip (192.168.52.254) nothing on the internal lan responds to pings.

A show ip nat translations command reveals that no nat translations are occurring and internal hosts can not access the internet.

At present running config reads as:

EVC_R1#sh running-config
Building configuration...

Current configuration : 2039 bytes
!
! Last configuration change at 19:09:24 UTC Wed Jun 11 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EVC_R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 PoXaLzKVosUFI2FS5/CPK/sLYb1wgi0LIF6SRnWhVa2
!
no aaa new-model
memory-size iomem 10
!
!
!
!
!
!
!
!
ip domain name emmaus.local
ip cef
no ipv6 cef
!
!
password encryption aes
license udi pid CISCO887VA-K9 sn FCZ1733C2CL
!
!
username xxx password 0 xxx
username xxx password 0 xxx
!
!
!
!
!
controller VDSL 0
!
ip ssh version 1
!
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
atm vc-per-vp 128
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 192.168.52.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxx@plusdsl.net
ppp chap password 0 xxx
ppp pap sent-username xxx@plusdsl.net password 0 xxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 permit 192.168.52.0 0.0.0.255
!
!
!
line con 0
password xxx
login
no modem enable
line aux 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
!
end

Can anyone help further?

Thanks

kcnajaf · ‎06-11-2014

Hi Dan,

Good to know that there is some improvement :-)

How is LAN devices connected to this router? Is this trough a switch? If it through switch do you have any VLANs configured on the switch? Also which interface on the router you are connecting the LAN device?

For testing you can connect a single machine to Fastethernet3 and check if NAT transaction is working fine.

With regards to Hostname not getting resolved try using a public DNS manually (4.2.2.2) rather than ISP DNS and check if things are improving.

Regards

Najaf

eaglemobiles1 · ‎08-10-2014

Hi,

We have brand new cisco 887va- M router its not been configure can any one help us to povide remote support to configure this router. We would like to use this router for internet use and SIP trunks some kind of sip policy need to be create to prioritise sip traffic.

Any help will be greatly appreciated.

Thanks

Regards

Akbar

SANTHOSHKUMAR SARAVANAN · ‎08-10-2014

Hi Akbar,

Share me your new device configuration .let me help you with device configuration

HTH

Sandy

eaglemobiles1 · ‎08-11-2014

Hi Sandy,

Many thanks for reply, as I said this is brand new router unconfigured so there isnt any config we will nedd your help to configure from the scratch.

Regards

Akbar

SANTHOSHKUMAR SARAVANAN · ‎08-11-2014

Share me show version and show running for your new brand new router . share me topology diagram if you have any .

Need to know about LAN IP address segment and other things

HTH

Sandy

eaglemobiles1 · ‎08-12-2014

Hi Sandy,

our lan details

enable

conf t

!

parser config cache interface

no service pad

!

errdisable detect cause all

errdisable recovery cause all

!

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

!

hostname COMMSSOURCE

!

ip http secure-server

no ip http secure-server

!

logging buffered 999999

!

enable secret {a&C}uat69!

!

no aaa new-model

!

vtp domain cisco

vtp mode transparent

!

clock timezone GMT 0 0

clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00

!

ip cef

ip name-server 8.8.8.8

!

ip dns server

!

username commssource secret commssource

username commssource priv 15

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

dialer pool-member 1

protocol ppp dialer

no shut

!

interface FastEthernet0

spanning-tree portfast

!

interface FastEthernet1

spanning-tree portfast

!

interface FastEthernet2

spanning-tree portfast

!

interface FastEthernet3

spanning-tree portfast

!

Interface Vlan1

ip address 10.10.14.1 255.255.255.0

ip nat inside

NO SHUT

!

controller vdsl 0

sra

!

ip dhcp excluded-address 10.1010.1 10.10.141.9

!

ip dhcp pool vlan1

network 10.10.14.0 255.255.255.0

default-router 10.10.14.1

dns-server 8.8.8.8 8.8.4.4

domain dot.akbar

!option 176 ascii "MCIPADD=10.149.14.50,TFTPSRVR=10.149.14.137"

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname <our_isp_username>

ppp chap password our_isp_password

no shut

!

ip nat inside source list 110 interface dialer 1 overload

!

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 Dialer1

access-list 1 permit 10.0.0.0 0.255.255.255

access-list 1 permit 192.168.0.0 0.0.255.255

dialer-list 1 protocol ip permit

!

access-list 110 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255

access-list 110 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255

access-list 110 deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255

access-list 110 deny ip 192.168.0.0 0.0.255.255 10.0.0.0 0.255.255.255

access-list 110 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255

access-list 110 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.15.255.255

access-list 110 deny ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255

access-list 110 deny ip 172.16.0.0 0.15.255.255 192.168.0.0 0.0.255.255

access-list 110 deny ip 172.16.0.0 0.15.255.255 172.16.0.0 0.15.255.255

access-list 110 permit ip any any

!

snmp-server community public RO 1

snmp-server ifindex persist

snmp-server enable traps tty

snmp-server host 10.200.200.200 version 2c public

!

interface Ethernet0

no ip address

NO SHUT

!

interface Ethernet0.101

encapsulation dot1Q 101

pppoe-client dial-pool-number 1

!

ip ssh version 2

ip ssh time-out 120

!

line con 0

no modem enable

line aux 0

line vty 0 4

password cisco

login local

transport input telnet ssh

ip access-class 1 in

wr

!

exit

wr

we can connect to VDSL but cant visit websites NAT issue.

what we want is

1- setup this router with lan details above

2- Cretae Vlan1 for Data

3- Vlan2 for Voice

4- QoS for SIP trunks

5- Firewall for our internal network

Thanks

Regards

Akbar

eaglemobiles1 · ‎08-14-2014

Hi,

Please can any one help in this issue we urgently need this router to be configureed.

Many thanks

Regards

Akbar

SANTHOSHKUMAR SARAVANAN · ‎08-15-2014

Hi Akbar,

Kindly let me know , where you have got stuck ?

HTH

Sandy

eaglemobiles1 · ‎08-16-2014

Hi Sandy,

As I replied to your previous post you were asking for our lan details i will repeat the issue again.

This is a brand new router unconfigured we need some one to configure it from scartch the configuration we need are below.

what we want is

1- setup this router with lan details (Rourer 10.10.14.1 255.255.255.0) DHCP 10.10.14.10 )

2- Cretae Vlan1 for Data

3- Vlan2 for Voice

4- QoS for SIP trunks

5- Firewall for our internal network

Thanks

Regards

Akbar

eaglemobiles1 · ‎08-19-2014

what a useless forum :(

SANTHOSHKUMAR SARAVANAN · ‎08-20-2014

Hi Akbar ,

Kindly open a webex session or schedule a time slot for supporting you on this .

HTH

Sandy

cisco 887va router config