Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
962
Views
0
Helpful
4
Replies

modem trainned, but can not get online, why??

Go to solution
scorpion1118
Level 1
Level 1

‎06-11-2012 05:03 PM - edited ‎03-04-2019 04:38 PM

i just purchased a cisco 877,, and got a console cable to programed the modem/router(i had used cisco 857 but doesn't need the console cable to program, don't know why), i can see the router is trained, but just can't got online, i dont know why,, i had tried to used my other modem cisco 857 and test the adsl line, works fine... please help...... -_-

here is the configuration for cisco 877


Building configuration...
Current configuration : 8818 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
enable secret 5 $1$9QY6$4joK6aXh6e8/mHJE3J250.
enable password **********
!
no aaa new-model
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2007689474
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2007689474
 revocation-check none
 rsakeypair TP-self-signed-2007689474
!
!
crypto pki certificate chain TP-self-signed-2007689474
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32303037 36383934 3734301E 170D3032 30333031 30313036 
  35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30303736 
  38393437 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100E101 D6A5B91F D4880CBA 98D19DA5 AAD37529 BB2B7833 3CCC0A83 F1B9FFE8 
  3CF70D16 0A9CBB3D 642EA08F 98F80292 6845FC18 02C14BD6 B0C14267 D79ADE3A 
  82C76EB3 9DD827F6 B002B29F 8C8A63B6 70F10B0A C5F01963 ABC0CE70 5DEACB3A 
  2F89E65B 34B9849E E5EFC21F 4D84CDC8 BD2E4C12 31A1C330 76BECA3A D6E7B850 
  A3070203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603 
  551D1104 0C300A82 08436973 636F3837 37301F06 03551D23 04183016 80146B77 
  81C87A4F 8BBD687A A7C8FC5C 3F6B116F 60B5301D 0603551D 0E041604 146B7781 
  C87A4F8B BD687AA7 C8FC5C3F 6B116F60 B5300D06 092A8648 86F70D01 01040500 
  03818100 DF461E08 20E05BD2 AB828A48 6A9B3CAF 4ABE280C EEC4DD31 3D83BFB1 
  80770F85 99F72351 693F9051 D4E4E0D6 8C0DE23E D10B50D0 C35077FF 9CB73977 
  BB7D6675 DE963825 8732EAC2 4FFE51F6 87534E22 105AC292 1484F18B 3843D4FB 
  6687392A 6CE44AF6 EC15F824 4A37F05C 0F565FC5 33F3773A DF87F05C 07E7BFDD FBA4EB23
   quit
dot11 syslog
ip source-route
no ip routing
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.201 192.168.0.254
!
ip dhcp pool DownStair
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 205.171.3.65 205.171.2.65 
   default-router 192.168.0.1 
   lease infinite
!
!
no ip cef
ip name-server 205.171.3.65
ip name-server 205.171.2.65
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 password 0 **********
! 
!
!
archive
 log config
  hidekeys
!
!
!
class-map type inspect match-any SDM_HTTPS
 match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
 match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
 match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
 match class-map SDM_HTTPS
 match class-map SDM_SSH
 match class-map SDM_SHELL
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
 match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
 match protocol h323-annexe
class-map type inspect match-all sdm-access
 match class-map sdm-cls-access
 match access-group 104
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all ccp-invalid-src
 match access-group 103
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class type inspect ccp-sip-inspect
  inspect 
 class type inspect ccp-h323-inspect
  inspect 
 class type inspect ccp-h323annexe-inspect
  inspect 
 class type inspect ccp-h225ras-inspect
  inspect 
 class type inspect ccp-h323nxg-inspect
  inspect 
 class type inspect ccp-skinny-inspect
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class type inspect sdm-access
  inspect 
 class class-default
  drop
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
!
!
!
interface ATM0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 no ip route-cache
 pvc 0/32 
  oam-pvc manage
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.0.1 255.255.255.0
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 no ip route-cache
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxx@qwest.net
 ppp chap password 0 xxxxxxx
 ppp pap sent-username xxxxxxx@qwest.net password 0 xxxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended SDM_HTTPS
 remark CCP_ACL Category=1
 permit tcp any any eq 443
ip access-list extended SDM_SHELL
 remark CCP_ACL Category=1
 permit tcp any any eq cmd
ip access-list extended SDM_SSH
 remark CCP_ACL Category=1
 permit tcp any any eq 22
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq telnet
access-list 101 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 22
access-list 101 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq www
access-list 101 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 443
access-list 101 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq cmd
access-list 101 deny   tcp any host 192.168.0.1 eq telnet
access-list 101 deny   tcp any host 192.168.0.1 eq 22
access-list 101 deny   tcp any host 192.168.0.1 eq www
access-list 101 deny   tcp any host 192.168.0.1 eq 443
access-list 101 deny   tcp any host 192.168.0.1 eq cmd
access-list 101 deny   udp any host 192.168.0.1 eq snmp
access-list 101 permit ip any any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=128
access-list 103 permit ip host 255.255.255.255 any
access-list 103 permit ip 127.0.0.0 0.255.255.255 any
access-list 104 remark CCP_ACL Category=128
access-list 104 permit ip x.x.x.x 0.0.0.7 any
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 102 in
 password **********
 login
 transport input telnet ssh
!
scheduler max-task-time 5000
end

and here is the show dsl interface atm 0


ATM0
Alcatel 20190 chipset information
   ATU-R (DS)   ATU-C (US)
Modem Status:  Showtime (DMTDSL_SHOWTIME)
DSL Mode:  ITU G.992.1 (G.DMT) Annex A
ITU STD NUM:   0x03     0x1 
Vendor ID:  'STMI'     'IFTN'
Vendor Specific: 0x0000     0x71C5
Vendor Country:  0x0F     0xB5
Chip ID:   C196 (0)
DFE BOM:  DFE3.0 Annex A (1)
Capacity Used:  63%     80%
Noise Margin:  25.5 dB    16.0 dB
Output Power:  17.0 dBm    10.0 dBm
Attenuation:  10.0 dB     6.5 dB
FEC ES Errors:   0      0
ES Errors:   0      0
SES Errors:   0      0
LOSES Errors:   0      0
UES Errors:   0      0
Defect Status:  None                            None                        
Last Fail Code:  None
Watchdog Counter: 0x02
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:  0x00 
Interrupts:  8259 (0 spurious)
PHY Access Err:  0
Activations:  2
LED Status:  ON
LED On Time:  100
LED Off Time:  100
Init FW:  init_AMR-3.0.014_no_bist.bin
Operation FW:  AMR-3.0.014.bin
FW Source:  embedded
FW Version:  3.0.14
    Interleave  Fast Interleave  Fast
Speed (kbps):        7168            0        896            0
Cells:          185            0    1058430            0
Reed-Solomon EC:          0            0          0            0
CRC Errors:           0            0          0            0
Header Errors:           0            0          0            0
Total BER:    0E-0   0E-0
Leakage Average BER:   0E-0   0E-0
   ATU-R (DS) ATU-C (US)
Bitswap:        enabled    enabled
Bitswap success:          0               0
Bitswap failure:          0               0
LOM Monitoring : Disabled

DMT Bits Per Bin
000: 0 0 0 0 0 0 4 6 8 8 9 A B B B C
010: C C C C C C C B B B B B A 9 9 8
020: 0 0 0 0 0 0 0 4 5 5 6 7 7 8 8 9
030: 9 9 A A A A A A A A A A A B B A
040: 0 A B A B B B B B B B B B A B B
050: B B A B A B B B B B B B B B B A
060: B A B B A B A 2 A A A A B B A A
070: A A A A A A A A A A A A A A A A
080: A A A A A A A A A A A A A A A A
090: A A A A A A A A A A A A A A A 9
0A0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0B0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0C0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0D0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0E0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0F0: 9 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8
DSL: Training log buffer capability is not enabled

and here is the configuration for cisco 857, this configuration used my other account has a block of static ip. but i had tried to change to a single ip, it works, just the cisco 877 is not working..


Building configuration...
Current configuration : 11365 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco857
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$NAWc$CH1VUmksNXMkkat90KfbB1
!
no aaa new-model
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2303996204
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2303996204
 revocation-check none
 rsakeypair TP-self-signed-2303996204
!
!
crypto pki certificate chain TP-self-signed-2303996204
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32333033 39393632 3034301E 170D3132 30353236 30333433 
  32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33303339 
  39363230 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100BF21 6828CD85 E210711C 803B25AB A8925091 A9857FFD 27F41EDF 5B3AF02C 
  2091C97B 5AE61741 54A5C59B CD67BBB5 BADC622C 72C66DB3 3C6EFB63 D26AD1E8 
  55E8359B 20537D4E 921BF325 BF0189D1 F239F6C6 5A25A749 8F4FADF2 6C221038 
  59B2E779 020BEA00 74E630F0 EB63F7A4 A27447A0 8A344173 BC8D3A49 42A0401B 
  9E030203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603 
  551D1104 0C300A82 08436973 636F3835 37301F06 03551D23 04183016 80147DC7 
  C0A62275 777DE818 ED11203D 6AF0A21A 974F301D 0603551D 0E041604 147DC7C0 
  A6227577 7DE818ED 11203D6A F0A21A97 4F300D06 092A8648 86F70D01 01040500 
  03818100 0611714C D40109C7 5679E67E 79E22FC4 58EC1319 B19FDE21 636DC31D 
  E27333C5 7465A13C C841011A 0129F475 7C2F4B58 D45554CC 00B81B28 58E0A9B2 
  94477CBA 8CF21107 E3CB9983 10A0C225 A24CD3D8 B4BE5741 7AB4217C 4B239485 
  7ACBB5DB C836AD8B 44D14068 0B7B5D3B D6FEFAA3 02AFC77E 2310C0D8 83E84473 7E485DA3
   quit
dot11 syslog
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.99
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1 
   dns-server 192.168.0.2 205.171.2.65 
!
ip dhcp pool Server1
   hardware-address 0027.0e0a.9339
   client-name Intel-i5
!
!
ip cef
ip inspect name CCP_LOW cuseeme
ip inspect name CCP_LOW dns
ip inspect name CCP_LOW ftp
ip inspect name CCP_LOW h323
ip inspect name CCP_LOW sip
ip inspect name CCP_LOW https
ip inspect name CCP_LOW icmp
ip inspect name CCP_LOW imap
ip inspect name CCP_LOW pop3
ip inspect name CCP_LOW rcmd
ip inspect name CCP_LOW realaudio
ip inspect name CCP_LOW rtsp
ip inspect name CCP_LOW esmtp
ip inspect name CCP_LOW sqlnet
ip inspect name CCP_LOW streamworks
ip inspect name CCP_LOW tftp
ip inspect name CCP_LOW tcp
ip inspect name CCP_LOW udp
ip inspect name CCP_LOW vdolive
no ip bootp server
ip name-server 205.171.3.65
ip name-server 205.171.2.65
!
!
!
username admin privilege 15 secret 5 $1$b8Ew$IT41ysH8Q0vre4RtpnVz2.
! 
!
archive
 log config
  hidekeys
!
!
no ip ftp passive
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 pvc 0/32 
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.0.1 255.255.255.0
 ip access-group 103 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address x.x.x.78 255.255.255.248
 ip access-group 104 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip inspect CCP_LOW out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxx@qwest.net
 ppp chap password 7 0961561xxxxxxxxxxxxx
 ppp pap sent-username xxxxxxx@qwest.net password 7 112401xxxxxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static 192.168.0.2 x.x.x.73
ip nat inside source static 192.168.0.3 x.x.x.75
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 192.168.254.0 0.0.0.255
access-list 3 permit x.x.x.232
access-list 3 remark Auto generated by SDM Management Access feature
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.0.0 0.0.0.255
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq telnet
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 22
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq www
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 443
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq cmd
access-list 100 permit udp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq snmp
access-list 100 deny   tcp any host 192.168.0.1 eq telnet
access-list 100 deny   tcp any host 192.168.0.1 eq 22
access-list 100 deny   tcp any host 192.168.0.1 eq www
access-list 100 deny   tcp any host 192.168.0.1 eq 443
access-list 100 deny   tcp any host 192.168.0.1 eq cmd
access-list 100 deny   udp any host 192.168.0.1 eq snmp
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 permit ip host x.x.x.x any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit tcp host x.x.x.x host x.x.x.78 eq telnet
access-list 102 permit tcp host x.x.x.x host x.x.x.78 eq 22
access-list 102 permit tcp host x.x.x.x host x.x.x.78 eq www
access-list 102 permit tcp host x.x.x.x host x.x.x.78 eq 443
access-list 102 permit tcp host x.x.x.x host x.x.x.78 eq cmd
access-list 102 deny   tcp any host x.x.x.78 eq telnet
access-list 102 deny   tcp any host x.x.x.78 eq 22
access-list 102 deny   tcp any host x.x.x.78 eq www
access-list 102 deny   tcp any host x.x.x.78 eq 443
access-list 102 deny   tcp any host x.x.x.78 eq cmd
access-list 102 deny   udp any host x.x.x.78 eq snmp
access-list 102 permit ip any any
access-list 103 remark auto generated by CCP firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq telnet
access-list 103 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 22
access-list 103 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq www
access-list 103 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 443
access-list 103 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq cmd
access-list 103 deny   tcp any host 192.168.0.1 eq telnet
access-list 103 deny   tcp any host 192.168.0.1 eq 22
access-list 103 deny   tcp any host 192.168.0.1 eq www
access-list 103 deny   tcp any host 192.168.0.1 eq 443
access-list 103 deny   tcp any host 192.168.0.1 eq cmd
access-list 103 deny   udp any host 192.168.0.1 eq snmp
access-list 103 deny   ip x.x.x.72 0.0.0.7 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by CCP firewall configuration
access-list 104 remark CCP_ACL Category=1
access-list 104 permit tcp host x.x.x.x host x.x.x.78 eq telnet
access-list 104 permit tcp host x.x.x.x host x.x.x.78 eq 22
access-list 104 permit tcp host x.x.x.x host x.x.x.78 eq www
access-list 104 permit tcp host x.x.x.x host x.x.x.78 eq 443
access-list 104 permit tcp host x.x.x.x host x.x.x.78 eq cmd
access-list 104 deny   udp any host x.x.x.78 eq snmp
access-list 104 remark Custom Terminals
access-list 104 permit tcp any host x.x.x.73 range 1982 1984
access-list 104 remark Allow WebServer
access-list 104 permit tcp any host x.x.x.73 eq www
access-list 104 remark SVN Server
access-list 104 permit tcp any host x.x.x.73 eq 8443
access-list 104 remark From Rest To I7 All Port
access-list 104 permit ip host x.x.x.x host x.x.x.75
access-list 104 permit udp host 205.171.2.65 eq domain host x.x.x.78
access-list 104 permit udp host 205.171.3.65 eq domain host x.x.x.78
access-list 104 deny   ip 192.168.0.0 0.0.0.255 any
access-list 104 permit icmp any host x.x.x.78 echo-reply
access-list 104 permit icmp any host x.x.x.78 time-exceeded
access-list 104 permit icmp any host x.x.x.78 unreachable
access-list 104 permit tcp 192.168.0.0 0.0.0.255 host x.x.x.78 eq 4443
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you 
want to use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 access-class 101 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎06-12-2012 01:50 AM

Hello,

A couple of suggestions:

  1. Reactivate the CEF using the ip cef command in the global configuration mode. Did you have any reason to deactivate CEF? Did you follow any whitepaper on the Cisco website? It seems that there is a misleading configuration being suggested and many people are using it.
  2. Remove the oam-pvc manage command from the ATM PVC 0/32. Unless you are sure you need it, do not use the command.
  3. Please post the output of the following commands:
    1. show pppoe session
    2. show interface dialer0
    3. show interface atm0
    4. show interface atm0.1
    5. show atm pvc
  4. For testing purposes, I suggest removing the zone-based firewall configuration. It complicates troubleshooting at this point.

Thank you!

Best regards,

Peter

View solution in original post

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to scorpion1118

‎06-12-2012 03:38 PM

Hello,

Let's continue with the suggestions:

  1. Reenable the routing using the ip routing command in the global configuration mode
  2. Then reenable the CEF using the ip cef command in the global configuration mode
  3. Have the zone-based firewall deactivated on the interfaces
  4. Then, from the router's command line, try pinging an IP address, say, 158.193.138.40, 8.8.8.8 or 4.2.2.2
  5. If that works, try pinging the same IP address from a device behind the router

Please keep me informed! Thank you!

Best regards,

Peter

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎06-12-2012 01:50 AM

Hello,

A couple of suggestions:

  1. Reactivate the CEF using the ip cef command in the global configuration mode. Did you have any reason to deactivate CEF? Did you follow any whitepaper on the Cisco website? It seems that there is a misleading configuration being suggested and many people are using it.
  2. Remove the oam-pvc manage command from the ATM PVC 0/32. Unless you are sure you need it, do not use the command.
  3. Please post the output of the following commands:
    1. show pppoe session
    2. show interface dialer0
    3. show interface atm0
    4. show interface atm0.1
    5. show atm pvc
  4. For testing purposes, I suggest removing the zone-based firewall configuration. It complicates troubleshooting at this point.

Thank you!

Best regards,

Peter

0 Helpful

Go to solution
scorpion1118
Level 1
Level 1
In response to Peter Paluch

‎06-12-2012 09:50 AM

thank you for your reply.....

1. i didn't deactived ip cef, it just deactived itself.. -_-,

i tried:

Cisco877#config terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Cisco877(config)#ip cef

%Must enable ip routing first

Cisco877(config)#

2. i tried "no oam-pvc manage" at interface atm 0.1, but didn't work..

3.

show pppoe session:
----------------------------
     1 client session 
Uniq ID  PPPoE  RemMAC          Port                  Source   VA         State
           SID  LocMAC                                         VA-st
    N/A    110  50c5.8dd5.5628  ATM0.1                Di0      Vi1        UP      
                001e.be7d.1b66  VC:  0/32                      UP         
-----------END SHOW PPPOE SESSION-------------------
show interface dialer0
---------------------------------
Dialer0 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Description: $FW_OUTSIDE$
  Internet address is 207.224.103.27/32
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi1
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 17:01:49
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     101 packets input, 5438 bytes
     7329 packets output, 97178 bytes
Bound to:
Virtual-Access1 is up, line protocol is up 
  Hardware is Virtual Access interface
  MTU 1500 bytes, BW 896 Kbit/sec, DLY 20000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Listen: CDPCP
  Open: IPCP
  PPPoE vaccess, cloned from Dialer0
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  Interface is bound to Di0 (Encapsulation PPP)
  Last input 00:08:54, output never, output hang never
  Last clearing of "show interface" counters 16:58:16
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     7420 packets input, 102544 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     7322 packets output, 97083 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
---------------END SHOW INTERFACE DIALER0----------------------
show interface atm 0
------------------------------------------------------
ATM0 is up, line protocol is up 
  Hardware is MPC ATMSAR (with Alcatel ADSL Module)
  MTU 4470 bytes, sub MTU 4470, BW 896 Kbit/sec, DLY 410 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ATM, loopback not set
  Encapsulation(s): AAL5  AAL2, PVC mode
  10 maximum active VCs, 1024 VCs per VP, 1 current VCCs
  VC Auto Creation Disabled.
  VC idle disconnect time: 300 seconds
  Last input 16:56:24, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Per VC Queueing
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     7458 packets input, 356894 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     13525 packets output, 865552 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
-------------------END SHOW INTERFACE ATM 0-------------------------

show interface atm 0.1
-----------------------------------------------------
ATM0.1 is up, line protocol is up 
  Hardware is MPC ATMSAR (with Alcatel ADSL Module)
  MTU 4470 bytes, BW 896 Kbit/sec, DLY 410 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ATM
     7460 packets input, 553627 bytes
     7368 packets output, 545432 bytes 
     6160 OAM cells input, 6161 OAM cells output
  AAL5 CRC errors : 0
  AAL5 SAR Timeouts : 0
  AAL5 Oversized SDUs : 0
  Last clearing of "show interface" counters never
--------------END SHOW INTERFACE ATM 0.1------------------

show atm pvc
-----------------------------------------------
           VCD /                                        Peak  Avg/Min Burst
Interface  Name         VPI   VCI  Type   Encaps   SC   Kbps   Kbps   Cells  Sts
0.1        1              0    32  PVC    SNAP     UBR     896                UP
-----------------END SHOW ATM PVC--------------------

4. i had removed all firewall settigns....

still not working yet...

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to scorpion1118

‎06-12-2012 03:38 PM

Hello,

Let's continue with the suggestions:

  1. Reenable the routing using the ip routing command in the global configuration mode
  2. Then reenable the CEF using the ip cef command in the global configuration mode
  3. Have the zone-based firewall deactivated on the interfaces
  4. Then, from the router's command line, try pinging an IP address, say, 158.193.138.40, 8.8.8.8 or 4.2.2.2
  5. If that works, try pinging the same IP address from a device behind the router

Please keep me informed! Thank you!

Best regards,

Peter

0 Helpful

Go to solution
scorpion1118
Level 1
Level 1
In response to Peter Paluch

‎06-12-2012 05:14 PM

thank you very very much for the help aboves..... after i turn on ip routing and ip cef,, its working now,,, and again thank you very mush experts....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card