09-14-2015 09:00 AM - edited 03-08-2019 01:45 AM
Hi everyone!
Currently I am studying for my CCENT. I have used a 877W as my lab router to replace my ISP modem/router.
The wireless, LAN, and DSL dialer seems to work fine, but the LAN disconnects randomly about every 10 hours for IOS 15.1, and for IOS 12.4 the DSL dialer desyncs every 2 days.
Not sure if this applicable, few days ago I opened SSH version 2 port over the internet, and someone in Beijing China (according to #terminal monitor) attempt to access the SSH using usernames like, root/admin/ubt etc, lucky I use 13 char long randomized username and passwords. So I did a counter port scan on the attacker, so he stopped his/her dictionary attack against my SSH, but after doing an SSH version check. (according to #show ssh) After how quickly attackers attempt to "break-in" I have blocked it with an ACL currently.
Here are some config information:
====================================================================
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes256-cbc hmac-sha1 Session started xxxxxxxxxxxxxxxxxxx
0 2.0 OUT aes256-cbc hmac-sha1 Session started xxxxxxxxxxxxxxxxxx
====================================================================
Building configuration...
Current configuration : 4034 bytes
!
! Last configuration change at 23:05:20 EST Sun Sep 13 2015 by xxxxxxxxxxxxxxxxxxx
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 31AUG2015CCNA
!
boot-start-marker
boot system flash c870-advsecurityk9-mz.151-1.T5.bin
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
clock timezone EST -5
clock summer-time EST recurring
!
!
dot11 syslog
!
dot11 ssid RSGE_Cisco
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
ip source-route
ip dhcp excluded-address 222.222.222.1
!
ip dhcp pool dhcppool
network 222.222.222.0 255.255.255.0
default-router 222.222.222.1
dns-server 107.170.95.180 104.237.144.172
!
!
ip cef
ip inspect name FW udp
ip inspect name FW tcp
ip inspect name FW ftp
ip inspect name FW icmp
ip inspect name FW http
ip domain name xxxxxxxxxxxxxx.org
ip name-server 107.170.95.180
ip name-server 104.237.144.172
ip ddns update method noip_update
HTTP
add http://zPodNS7mexmKm:xxxxxxxxxxxxxxxxxxxx@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
remove http://zPodNS7mexmKm:xxxxxxxxxxxxxxxxxxxx@dynupdate.no-ip.com/nic/update?hostname=vpn&myip=rsge.org
interval maximum 0 0 5 0
interval minimum 0 0 2 0
!
login block-for 65535 attempts 2 within 65535
login on-failure log
login on-success log
!
!
vpdn enable
!
vpdn-group pppoe
!
!
!
archive
log config
hidekeys
username xxxxxxxxxxxxxxxxxx secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
!
ip ssh version 2
!
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid RSGE_Cisco
!
speed basic-2.0
channel 2417
station-role root
world-mode dot11d country US outdoor
no cdp enable
!
interface Dot11Radio0.1
bandwidth receive 400
encapsulation dot1Q 1 native
ip virtual-reassembly
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip inspect FW in
ip virtual-reassembly
bridge-group 1
!
interface Dialer1
ip ddns update hostname vpn.xxxxxxxxxxxxxxx.org
ip ddns update noip_update
ip address negotiated previous
ip access-group WAN_FIREWALL in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap callin
ppp chap hostname vzxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username testtest1 password 7 xxxxxxxxxxxxxxxxxxxxxxx
no cdp enable
!
interface BVI1
ip address 222.222.222.1 255.0.0.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat pool natpool 222.222.222.2 222.222.222.240 netmask 255.0.0.0
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended WAN_FIREWALL
deny icmp any any
permit ip any any
!
access-list 1 permit 222.222.222.0 0.0.0.255
access-list 1 deny any
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner motd ^C
*************************************
Unauthorized access may subject to
criminal prosecution
-RSGE
*************************************^C
!
line con 0
exec-timeout 600 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
logging synchronous
login
no modem enable
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 600 0
logging synchronous
login local
transport preferred none
transport input ssh
transport output none
!
scheduler max-task-time 5000
ntp server time.nist.gov
end
======================================================
ATM0
Alcatel 20190 chipset information
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.5 (ADSL2+) Annex A
ITU STD NUM: 0x03 0x2
Chip Vendor ID: 'STMI' 'BDCM'
Chip Vendor Specific: 0x0000 0x544D
Chip Vendor Country: 0x0F 0xB5
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x0000 0x0000
Modem Vendor Country: 0xB5 0x00
Serial Number Near: FHK12482BF2
Serial Number Far:
Modem VerChip ID: C196 (0)
DFE BOM: DFE3.0 Annex A (1)
Capacity Used: 45% 85%
Noise Margin: 9.5 dB 11.0 dB
Output Power: 16.0 dBm 12.0 dBm
Attenuation: 55.0 dB 33.0 dB
FEC ES Errors: 0 2268
ES Errors: 1 223
SES Errors: 1 4
LOSES Errors: 1 4
UES Errors: 0 3922
Defect Status: None None
Last Fail Code: None
Watchdog Counter: 0xFA
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction: 0x00
Interrupts: 4202 (0 spurious)
PHY Access Err: 0
Activations: 1
LED Status: ON
LED On Time: 100
LED Off Time: 100
Init FW: init_AMR_6.0.010.bin
Operation FW: AMR-E-6.0.010.bin
FW Source: external
FW Version: 6.0.10
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 2528 0 861
Cells: 0 614220628 0 286460339
Reed-Solomon EC: 0 2294 0 15114
CRC Errors: 0 6 0 270
Header Errors: 0 5 0 941
Total BER: 0E-0 6259E-11
Leakage Average BER: 0E-0 1390E-10
Interleave Delay: 0 43 0 63
ATU-R (DS) ATU-C (US)
Bitswap: enabled enabled
Bitswap success: 0 0
Bitswap failure: 0 0
LOM Monitoring : Disabled
DMT Bits Per Bin
000: 0 0 0 0 0 0 0 7 9 9 A B B C C C
010: C C C C C C B B B B B B B A A 9
020: 0 2 3 4 5 6 7 7 8 8 8 9 9 9 8 8
030: 9 A A A A A A A A A A A A A 7 A
040: 9 A A A 9 9 9 8 8 9 8 A 2 7 7 9
050: 9 8 9 9 9 9 8 8 8 7 6 7 8 6 8 8
060: 7 7 7 7 7 7 7 7 7 7 7 6 3 4 6 5
070: 6 6 6 5 5 5 5 5 5 5 5 5 2 5 5 5
080: 4 3 4 4 2 2 0 0 2 2 2 0 2 2 0 0
090: 0 0 2 2 0 2 2 2 0 0 0 0 2 2 2 2
0A0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0B0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0C0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0D0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0E0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
100: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
110: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
120: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
130: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
140: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
150: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
160: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
170: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
180: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
190: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1A0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1B0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1C0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1D0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1E0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
09-14-2015 12:29 PM
Sep 14 16:41:36.794: %DOT11-4-MAXRETRIES: Packet to client c81e.e785.e453 reached max retries, removing the client
I think it might be MTU size, not 100% sure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide