Problem with configuring Cisco router 857

itsupport · ‎10-12-2012

Hello,

I am very new in Cisco and this is a first time that I've received task to configure it. This is going to be my backup router in case one of 2 existing Cisco 857 routers fails. I will keep new router off-line but first I would like to configure it and test it.

Task looked straight forward as I could see the other routes settings. I configured all settings via Cisco CP Express to much with my original router 192.2.1.254. Once I swapped routers over for a test my new router didn't get CD and PPP light. Username and password are confirmed that they should be fine.

The option which I don't understand much is encapsulation. On my original router I have selected PPPoA(AAL5MUX).

Also in routing I have selected Dialer0 same like on my original router.

I noticed that when I changed encapsulation to PPPoE, green lighs against CD and PPP appeared . Well I tought problem must be something regarding that option but I can't understand that even when I got CD and PPP green I still couldn't connect to internet. Well then tried to come back to

PPPoA(AAL5MUX). This time all green light stayed on (CD and PPP). Unfortunately I am still unable to connect even if router says in overview "Internet (WAN) up

Once I connect router to the internet I would like to configure firewall and some security using SDM but at the moment I have problem with configuring simple WAN setting in Cisco CP Express. Could you please advise what can I do to compare 2 routers more in detail and see what's different between them.

Regards

Dragan

paolo bevilacqua · ‎10-12-2012

All is done by checking configuration and show commands. For example, to report problem you post configuration here.

itsupport · ‎10-12-2012

This is config of my new router......

Username: admin

Password:

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you

want to use.

-----------------------------------------------------------------------

new254#show startup-config

Using 3308 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname new254

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-3185909327

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3185909327

revocation-check none

rsakeypair TP-self-signed-3185909327

!

crypto pki certificate chain TP-self-signed-3185909327

certificate self-signed 01 nvram:IOS-Self-Sig#A.cer

dot11 syslog

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 192.2.1.1 192.2.1.129

ip dhcp excluded-address 192.2.1.141 192.2.1.254

!

ip dhcp pool ccp-pool

network 192.2.1.0 255.255.255.0

default-router 192.2.1.254

lease 0 2

!

ip cef

!

username dinicd privilege 15 password 0 Password

username admin privilege 15 secret 5 $1$xMuk$kvmTS1F.KZaCohsbvmbUT1

!

archive

log config

hidekeys

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description $ES_WAN$

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$

ip address 192.2.1.254 255.255.255.0

ip virtual-reassembly

!

interface Dialer0

ip address negotiated

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname elc@gibnet.gi

ppp chap password 0 oooo

ppp pap sent-username elc@gibnet.gi password 0 oooo

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface ATM0.1 overload

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.7

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you

want to use.

-----------------------------------------------------------------------

^C

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

new254#

paolo bevilacqua · ‎10-12-2012

You can check "show dsl interface" and then ppp debugs.

Also, you need to add nat configuration. There are many similar threads, just use search-

ciscoamit_497 · ‎10-12-2012

Can't say anything configuration seems perfect for ATM...

ciscoamit_497 · ‎10-12-2012

But You can use few very specific commands like --

debug ppp authentication

debug ppp negotiation

debug ppp packet.

And also check the show int dsl int at0, it will give the overview of Activation, dsl parameters and errors on line if any.

Hope this would be helpful.

Regards,

Amit

Please rate helpful posts.

itsupport · ‎10-12-2012

I will try to find something if I have some spare time unfortunately it is a lot of reading and it is not very simple to find exactly the same problem. I am supporting a lot of clients which means my time is limited so I would really appreciate that you save me some time and help me. It is really much easier to fix something if you have live discussion and exchanging your tought.

thanks and regards

Dragan

ciscoamit_497 · ‎10-12-2012

Can you please post the output of all commands...

and share any gmail account username if u access to ur office...as I am in office and can not support u via skype kind of thing but yes if u can give me your gmail id then i can try to ping you from here..

itsupport · ‎10-15-2012

Here is the output of your 3 commands:

new254#debug ppp authentication

PPP authentication debugging is on

new254#debug ppp negotiation

PPP protocol negotiation debugging is on

new254#debug ppp packet

PPP packet display debugging is on

new254#

cadet alain · ‎10-15-2012

Hi,

How are you connected to the router? telnet or console ? if telnet then do these commands:

-enable

-terminal monitor

-conf t

- logging monitor debug

Then shut your atm interface then no shut it and you should see the logs from the debug commands.

note: the NAT overload should point out dialer interface not atm and you should notify the router which interface is inside and which is outside relating to NAT:

int vlan 1

ip nat inside

int dialer0

ip nat outside

Regards.

Alain

Don't forget to rate helpful posts.

itsupport · ‎10-16-2012

I connect to the router via Hyper Terminal. Are above commands are going to work?

What do you mean by saying shut your atm interface? Please let me know what commands I need to execute after:

-enable

-terminal monitor

-conf t

- logging monitor debug

thanks

Dragan

itsupport · ‎10-16-2012

Hello,

Here is my gmail address.

ddinic@n-wss.co.uk

Regards

Dragan

ciscoamit_497 · ‎10-16-2012

Hi Dragon,

I m still confused why ur ATM link not coming up.

Did u recieve any output of the all debug commands ...?? Your configuration seems perfect and this is same config i m using on my customer's WAN over DSL line thru Dialer profile.

And it is working fine though.

If this is still an issue then ...

try to run below command one more time and give me the output--

Can you give me virtual interface output that is made by the ATM ---

I dont know which virtual access- number created by the ATM..

Do a show ip int brief

and you will the the virtual-access interface there..

Give me the output of all virtual-access interface running in router...

use "show int virtual-access [number]" command and post ur output here pls..

Regards,

Amit Kumar

itsupport · ‎10-17-2012

Here is the configuration of the working router which I need to clone and configure my new backup router:

==================================

new254>enable

Password:

new254#show startup-config

Using 3883 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname new254

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$O3Lm$pbIf/qzdRp///8fa3KZTf1

enable password cisco

!

aaa new-model

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

aaa session-id common

!

dot11 syslog

no ip dhcp use vrf connected

ip dhcp excluded-address 192.2.1.1 192.2.1.129

ip dhcp excluded-address 192.2.1.141 192.2.1.254

!

ip dhcp pool POOL-DHCP

network 192.2.1.0 255.255.255.0

dns-server 85.115.130.4

default-router 192.2.1.254

!

ip cef

ip dhcp-server 192.2.1.253

!

username andymac privilege 15 secret 5 $1$o48f$XA7NQH51HByvxyB0Qp2vQ.

username admin privilege 15 password 0

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group all

key hello

pool SDM_POOL_1

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ctcp port 10000

archive

log config

hidekeys

!

ip telnet source-interface Vlan1

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

logging event atm pvc state

load-interval 30

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode ansi-dmt

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 192.2.1.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

load-interval 30

!

interface Dialer0

description ADSL PPPoA

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

load-interval 30

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname elc@gibnet.gi

ppp chap password 0 oooo

ppp pap sent-username elc@gibnet.gi password 0 oooo

ppp ipcp dns request

!

ip local pool SDM_POOL_1 192.2.1.170 192.2.1.175

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 permanent

ip route 10.0.0.0 255.255.255.0 192.2.1.107 permanent

ip route 10.1.0.0 255.255.255.0 192.2.1.107 permanent

ip route 10.2.0.0 255.255.255.0 192.2.1.107 permanent

ip route 10.6.0.0 255.255.255.0 192.2.1.107 permanent

ip route 10.7.0.0 255.255.255.0 192.2.1.107 permanent

ip route 10.8.0.0 255.255.255.0 192.2.1.9 permanent

ip route 10.20.0.0 255.255.255.0 192.2.1.7 permanent

ip route 10.55.0.0 255.255.255.0 192.2.1.28 permanent

ip route 192.2.1.0 255.255.255.0 192.2.1.253 permanent

ip route 192.2.3.0 255.255.255.0 192.2.1.107 permanent

ip route 192.3.1.0 255.255.255.0 192.2.1.253 permanent

ip route 192.168.1.0 255.255.255.0 192.2.1.107 permanent

ip route 192.168.2.0 255.255.255.0 10.0.0.2 permanent

ip route 192.168.5.0 255.255.255.0 192.2.1.28 permanent

ip route 192.168.6.0 255.255.255.0 192.2.1.28 permanent

ip route 192.168.10.0 255.255.255.0 192.2.1.253 permanent

ip route 192.168.20.0 255.255.255.0 10.1.0.2 permanent

!

ip http server

ip http authentication local

no ip http secure-server

ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload

!

logging trap debugging

logging 192.2.1.253

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.2.1.0 0.0.0.255

access-list 100 remark SDM_ACL Category=18

access-list 100 deny ip 192.2.1.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 100 permit ip any any

snmp-server community public RO

route-map SDM_RMAP_2 permit 1

match ip address 100

!

control-plane

!

line con 0

no modem enable

line aux 0

line vty 0 4

!

scheduler max-task-time 5000

end

itsupport · ‎10-19-2012

Hello again,

I am sorry for delaying this discussion but I was busy with some other clients. Here is what I got from your debugging commnads:

new254#enable

new254#terminal monitor

% Console already monitors

new254#conft

Translating "conft"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computer address

new254#logging monitor debug

^

% Invalid input detected at '^' marker.

new254#