Solved: Cisco Incompetents 877W

patioheater · ‎01-07-2011

Morning folks. You are going to love me. I'll give you a bit of backround info first. I'm basically a home user that fancied a new toy to play with so I purchased a brand new 877W from a well know auction site. Unfortunately I'm failing at the first hurdle ie getting it connected to the net. There was a method to my madness, in we have students and I use OpenDNS to block them from file sharing sites, however knowing that there are ways round this I wanted to try a router with that bit extra security. My ideal scenario would be to use static IP's for all my pc's as thay are mostly hardwired or use Homepugs and wireless as DHCP for the students. My 877W is running 12.4(15)T13 I am using Cisco CP Express to configure it as this is preinstalled, I can Telnet into it using PuTTY

My IP issued from my ISP is a static one ie 193.xxx.xxx.27 with a subnet of 255.255.255.255 this is what is showing in my current BT2700HGV and my ISP also confirms that this is correct. However Cisco CP Express when I select Static IP just throws it out and tells me to "Enter a valid IP and Subnet" So I then try the IP address negotiated option in the hope that it will obtain addresses automatically, this doesn't appear to work either.

So hopefully some of you kind souls can point me in the right direction

My current running config is

!This is the running config of the router: 192.168.240.125
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 877w
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$hW0F$38SYt0RnOl5gGC7Go.lrW.
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2526460045
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2526460045
revocation-check none
rsakeypair TP-self-signed-2526460045
!
!
crypto pki certificate chain TP-self-signed-2526460045
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353236 34363030 3435301E 170D3131 30313034 31313534
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35323634
36303034 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A393 BD2E6AD4 ACD27DD6 418FBB2A B8A20E57 A01A9613 EB890B43 0B86E9DD
72809742 6F2C371D BC6129F1 B958662E E27BD811 FAFD4D09 D5CFFF85 52069E9F
DFBD6624 A56320C6 0A7180CE 6E30614D DFAAEF54 DD6009C8 ED86DF30 836C9932
DFF4FE9E DD0E023B 1F33BD81 7E348302 D0D63B7E B640D279 75B81967 788B08F4
76D10203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13383737 772E796F 7572646F 6D61696E 2E636F6D 301F0603
551D2304 18301680 14D950F9 C78F2D5B 285DF4F8 C1D67423 56AD79A6 70301D06
03551D0E 04160414 D950F9C7 8F2D5B28 5DF4F8C1 D6742356 AD79A670 300D0609
2A864886 F70D0101 04050003 8181003B BEE248F6 A3CC72E2 7A7656AE 618DADBC
DA4021F4 49C83D76 6694E184 37A6EE34 63E05A61 C3099318 0BF76435 94A0D506
7EE27FD6 400E6C9E F7CFEC54 E5737D73 9B500EE9 DFE5C129 8A9BF926 C30C9E3E
28154C47 C5F12F57 7DE9BD8D 73948D86 B72220C2 96D37571 3F180CD8 709C77E3
D58D520F E9862E65 EE576710 ED00C1
quit
dot11 syslog
!
dot11 ssid NoFileSharing
!
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.240.1 192.168.240.129
ip dhcp excluded-address 192.168.240.181 192.168.240.254
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 208.67.222.222 208.67.220.220
lease 0 2
!
ip dhcp pool ccp-pool1
import all
network 192.168.240.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.240.125
!
!
no ip bootp server
ip domain name yourdomain.com
ip name-server 208.67.222.222
ip name-server 208.67.220.220
!
!
!
username Router privilege 15 secret 5 $1$O/Xh$rbc15QoLfexUzap6vUuN./
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
ssid NoFileSharing
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname d.xxxxxxxx@xxx-xxx.xx-dsl
ppp chap password 7 055B575D711E1A5B4D564347
!
interface BVI1
description $ES_LAN$
ip address 192.168.240.125 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static tcp 192.168.240.139 12123 interface Dialer0 12123
ip nat inside source static udp 192.168.240.139 12123 interface Dialer0 12123
!
logging trap debugging
access-list 100 remark CCP_ACL Category=2
access-list 100 permit ip 192.168.240.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

cadet alain · ‎01-07-2011

Can you disconnect and reconnect and then see the log to see any dhcp exchange in your BT ?

Regards.

Aalin.

Don't forget to rate helpful posts.

View solution in original post

paolo bevilacqua · ‎01-11-2011

Try:

int dialer1

ip address negotiated

ppp ipcp route default

ppp ipcp dns request

If still trouble collect "debug ppp negotiation" and "debug ppp authentication" with "terminal monitor".

View solution in original post

cadet alain · ‎01-07-2011

Hi,

You can't use a 32 bits mask ( 255.255.255.255) the longest mask you can use is a /31( 255.255.255.254) but on point-to-point

you usually use /30( 255.255.255.252). You can use /32 on router's loopback interfaces though.

Try the /30 and tell us more.

Are you sure your static address is not negotiated and tied to your mac address and so as you change router with another MAC it is not accepted.

Can you first try /30 then in CLI : sh ip int br | exc una if up-up then ping dns server in your dhcp pool and tell us.

Regards.

Alain.

Don't forget to rate helpful posts.

patioheater · ‎01-07-2011

Many thanks for reply Alain. Please try to keep answers simple as this is very difficult for me to understand as a home user. If I try to change the subnet to a 30 ie 252 the Cisco CP still gives me the "Enter Valid IP and Subnet"

Pretty sure my static IP is not tied to a mac as I have done a fair few re flashes of basic home routers in the past without the connection being affected, apart from loss of sync of course

One thing I did notice when I had the 877 connected using the IP negotiated login details(current running config), the RXD and TXD lights would then start to flash, don't know if this means anything. Also I'm not too sure if perhaps I need to stick my ISP gateway IP in any where

cadet alain · ‎01-07-2011

Hi,

Also I'm not too sure if perhaps I need to stick my ISP gateway IP in any where

wheter it is given by dhcp from isp or you must set default static route pointing to it.

If I remember your IP was finishing with 27? right so indeed /30 was not good because it would be broadcast address which you can't assign to interface.

Can you take a look at your actual router and put screenshot of ip configuration of WAN.

because /32 can't work for sure so if it's static address then we must know subnet mask to communicate with them.

Regards.

Alain.

Don't forget to rate helpful posts.

patioheater · ‎01-07-2011

I'm hoping you mean in my current working BT2700?

Broadband Link – SummaryConnection Information
Broadband Connection: Built in modem - ADSL
Current Status: Fully Operational

DSL Connection Details
Broadband Link
DSL Line (Wire Pair):     Line 1 (inner pair)
Protocol:     G.DMT Annex A
DSL Channel:     Interleaved
DSLAM:     Country: {0xB5} Vendor: {TSTC} Specific: {0x00}
ATM PVC Info:     0/38
ATM Encapsulation:     Routed LLC

ISP Details
ISP Connection
Connection Type:     PPPoA
User Name:     d.xxxxxx@xxx-dsl.xx-dsl
IP Address Range:     193.xxx.xxx.27
Subnet Mask:     255.255.255.255
Gateway:     109.xx.xxx.2
Primary DNS:     208.67.222.222
Secondary DNS:     208.67.220.220
Host Name
Domain Name:
MTU:     1500

cadet alain · ‎01-07-2011

Can you disconnect and reconnect and then see the log to see any dhcp exchange in your BT ?

Regards.

Aalin.

Don't forget to rate helpful posts.

patioheater · ‎01-07-2011

Hi Alain, I can also supply routing table if required. Hopefully no one will be trying to hack my connection as I've left all details in. Connection details now deleted

cadet alain · ‎01-07-2011

Hi,

Your problem solved?

Regards.

Alain.

Don't forget to rate helpful posts.

patioheater · ‎01-07-2011

Sorry no, that's just me clicking things that I shouldn't, once again apologies

cadet alain · ‎01-07-2011

No worries,

But people will think your case is solved which is not the case.

Regards.

Alain.

Don't forget to rate helpful posts.

cadet alain · ‎01-07-2011

Your BT is a router/modem? when you tried ip address negotiated on 877 were you linked to this BT?

Regards.

Alain.

Don't forget to rate helpful posts.

patioheater · ‎01-07-2011

Yep it's Adsl wireless Router and no it wasn't connected to the 877. I have to use one or the other, unfortunately I don't have two lines, which given this scenario is a bit of a shame

Have you gleaned anything useful from the 2700 log?

cadet alain · ‎01-07-2011

Hi,

What did you do to get this log? can you post screenshot?

I don't see any negotiation of WAN address but I'm sure you can't configure a /32 so it must be given by ISP but not configured this way.

Regards.

Alain.

Don't forget to rate helpful posts.

patioheater · ‎01-07-2011

I cleared the log, rebooted router and copied and pasted result. Can't seem to do a screenshot on this pc but the C+P is the same result

The most interesting bit I can see is

NTC      P0000-00-00T00:00:48      ppp: ppp0: local IP address 193.xxx.xxx.27
NTC      P0000-00-00T00:00:48      ppp: ppp0: remote IP address 109.xx.xxx.2
INF      P0000-00-00T00:00:48      ppp: ppp0: up with ipv4 service on pppoa0
INF      P0000-00-00T00:00:48      lmd: ipnet0: UP on ppp0 with 193.xxx.xxx.27/32 GW:109.xx.xxx.2
INF      P0000-00-00T00:00:48      lmd: ipnet0: UP on ppp0 DNS1: 0.0.0.0 DNS2: 0.0.0.0

cadet alain · ‎01-07-2011

Hi,

You should ask ISP how they give you this address but really I think this is given by ppp or dhcp, it's not a staic address because I repeat it's impossible to configure a mask of 255.255.255.255

You'll have to wait for PPPoA/PPPoE experts to solve your problem because I can't do much more for you.

I'm sorry, but if I think about something I'll let you know.

Regards.

Alain.

Don't forget to rate helpful posts.