Re: 877w simple internet access configuration, problem

svenssondaniel · ‎04-26-2011

Hello everyone!

I have recently bought an 877w ADSL router.

Installed and tried to configure it last week without success.

I log in to it. Run the guide, entering all the information. But after that no client have internet access.

And i cant get any real status from it, in the GUI i cannot find any logs, or see if it have recieved any IP from the ISP and so on.

The only status i get is wan: UP.

The clients get their internal IP ok.

Hope someone can help me. Thanks

Daniel

svenssondaniel · ‎04-27-2011

Is there really no one that can point me in the right direction?

garapoglou · ‎04-27-2011

Hi,

If you are not familiar with Cisco, configuring a router would not be an easy thing to do.

The best you can do to have it running without any particular problem, is to call your ISP and ask for some help.

Best regards,

Giorgos

Latchum Naidu · ‎04-27-2011

Daniel

Please post your router running config inorder to trace the issue.

Please rate the helpfull posts.

Regards,

Naidu.

svenssondaniel · ‎04-27-2011

Thanks for your helpful answer! I will certainly post the config as soon as i can. (this evening)

JohnHeller_2 · ‎04-27-2011

Hi,

If you are using SDM to configure the router you may not have a default route set up.

If you can ping an external address from the router when connected to it via telnet or a serial cable, but can't ping from a connected client, you may be missing a NAT command.

These two faults are quite common when setting up a router for the first time.

Post your running config and im sure someone will be able to help you.

Also get the guidlines from you ISP for connection details such as pppoe/pppoa vc info etc.

Many ISP's actually provide basic configs for low end cisco routers. See if they have some sample configs you can adapt to your needs.

Regards,

John.

svenssondaniel · ‎04-28-2011

Thanks for your reply!

Here comes the configuration:

Using 6469 out of 131072 bytes
!
! Last configuration change at 16:50:36 PCTime Thu Apr 21 2011 by cisco
! NVRAM config last updated at 16:50:39 PCTime Thu Apr 21 2011 by cisco
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone

service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$D8aA$AsOnRqh0l7xjYcSO06K6I/
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-489450954
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-489450954
revocation-check none
rsakeypair TP-self-signed-489450954
!
!
crypto pki certificate chain TP-self-signed-489450954
certificate self-signed 01 nvram:IOS-Self-Sig#4.cer
dot11 syslog
!
dot11 ssid chassit
!
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
!
!
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
!
!
!
username admin privilege 15 secret 5 $1$hCxI$rcu6lwr7NDTpNqrWsjQxh.
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
ssid chassit
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1412
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

//Daniel

Latchum Naidu · ‎04-28-2011

Hi Daniel,

I have made a simple 877w config for you.
See the attached config for your reference.

Please rate the all helpfull posts.
Regards,
Naidu.

svenssondaniel · ‎04-28-2011

Wow. man thanks for your help.

Tough, you have used it for ppoe, its not used in this ISP.

(Telia Sweden)

It should use:

RFC 1483 Routing (AAL5SNAP)

or

RFC 1483 Routing (AAL4MUX)

(Dont know wich of them, but it should be one)

Could you make another config for this?

Is there any simple way to upload your config directly to the router?

svenssondaniel · ‎04-28-2011

After some googling it seems that Telia shoudl use

rfc 1483 "Bridged"

That is not even an option in the configuration? :S

It only have to version of "routed"

Latchum Naidu · ‎04-28-2011

Hi Daniel,

It is simple you can just refer my attached config and do the necessary changes as suite to your ISP.
And also I would suggest you to get back your ISP wherever required.
For example I reached my ISP on many things while configuring the router as suite their network. Your ISP definetely will help you and it is important to reach them in such a typical network config.
It is not wrong to reach your ISP for any kind of information.

Gud luck.

Please click on the correct answere if this answered your question.
Regards,
Naidu.

svenssondaniel · ‎04-28-2011

Thanks again!

How do i access the config file for editing? Do i download a file, edit it and then upload it, or should it be changed "on the fly"?

Getting a bit worried about the RFC 1483 though, tested them both out, and tried to ping an outside computer from the Telnet, and nada.

Dont know what the ISP could tell me, since there is only two RFC modes, and none of them seem to work?

svenssondaniel · ‎04-28-2011

Hey!

I think i found a problem with at least the internet connection.

In CP express, when changing from SNAP to MUX, it loads the configration, all success.

It deletes the ATM0.1 and starts ATM0.2.

But then when the router is shut down and started up again. (wich is required from the ISP)

Its back to SNAp and ATM0.1?

JohnHeller_2 · ‎04-28-2011

Hi,

You need to save your config.

CCP/CP express/SDM/SDM express will have an option to write the running config to memory.

Alternativley connect to the router using a telnet program like hyperterm and issue the command WRITE MEMORY.

You can connect to the router using TCPIP or using a serial cable. Most cisco people have a collection of light blue coloured "rollover" cables.

Many new routers have a USB port for configuraton as it is hard to purchase new computers with a serial port on them. The USB port on routers is recogised by Windows as a USB-serial convertor.

You should set up a TFTP server so that you can save versions of your config.

A free one is available from solarwinds that works quite nicely.

Install the TFTP program on your local workstation and make a note of the workstations IP address.

Then you can use the command COPY RUN TFTP to copy the running config to a text file. The router will prompt you for the IP address of the TFTP server and what filename you want to save the file as.

Have you been able to ping internet addresses from the router when the connection details are set to MUX?

svenssondaniel · ‎05-01-2011

hello again!

Thanks for your very informative answer!

I use CP express, and also Telnet.

Is there an FTP server on the router where the config file is, you mean?

And to the for the moment most importat thing, i can not still ping an outside adress from telnet, even when using mux.

That scares me a bit? How does that come?

Please give me some ideas about that!

thanks'