Hi alain,

I had started to reply directly to each post but this screws up the order of posts - for example London's post is still the bottom one even though it is older than 3 or 4 others.  Anyway, yours was next on my reply list.  I did the ip route 0.0.0.0 0.0.0.0 66.28.150.125 and this changed sh ip route to:

Gateway of last resort is 66.28.150.125 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 66.28.150.125
                is directly connected, GigabitEthernet0
      66.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        66.28.150.124/30 is directly connected, GigabitEthernet0
L        66.28.150.126/32 is directly connected, GigabitEthernet0

Hopefully that's how things shoudl look.  Unfortunatley, no change to ping problem! :|

I have a suspicion about the ISP's connection - their cable modem has sometimes gone down for no reason - I have no way to verify their connection other than to call them - I had emailed them 6 days ago and they just now got back to me but advised I call.  So I'll do that and will post results back here.  We can do the packet debugging then if the ISP says all is good on their end. 

Ok so I called the ISP.  Please note, I was unable to ping 8.8.8.8 before I called, 100% packet loss each time I tried (seveal times).  They remotely checked the cable modem (good), their router (good) and their gateway which I assume is the next hop up from their router/cable modem, and this tested good as well.  We ended the call as they had nothing more to offer. 

I then pinged 8.8.8.8 and now it works.  Strange coincidence?  Who knows, or maybe their checking the connection brought it out of sleep mode or who knows what.  But not all is well. 

Router#: ping 66.28.150.125 (ISP next hop from my router - 100% Success)

Router# ping 8.8.8.8 (100% Success)

Router# ping 8.8.8.8 source 192.168.0.1 (variably 60% or 40% success, always alternating .!.!. or !.!.!)

Router# ping 8.8.8.8 source 192.168.0.2 (0% success - gives error % Invalid source address - IP address not on any of our up interfaces )

I had thought perhaps when I used CCP Express to config the AP it woudl have put the interface to up state.  I'll have to see how to change that - can't use CCP because there's no LAN connectivity so I'll try that service-module command to see what I can do. 

Some years ago when I did more with the IOS (was temprarily studying for CCNA but had to stop due to work demands) ) I vaguely recall there being a simple reason why one gets alternating packet loss from a ping  - duplex setting?  I can't remember.  

Also what is interesting to me is that now that we have logging console 7 on, I'm seeing somebody from an IP address in Germany trying to connect via TCP to our router.  Also a diffferent IP a moment ago - I hope whatever ZPF mods we did did not open the router to the outside world?  These are logged as %DROP_PKT so hopefully not.  Anyway, connectivity is clearly somewhat working as these console messages neve rcame up before I called the ISP 20 minutes ago.   

Any thoughts about the alternating packet loss?  I'll see if I can figure out how to bring up the 192.168.0.2 (IP of the internal AP) on my own but if you know the answer off hand pleaes feel free to provide, thank you kindly. 

Just an addendum to my above post:

ping testing is odd.  I decided to try DNS, so I ping www.google.com .  I have four DNS servers entered in the rotuer, firs ttwo are internal servers (no connection currently due to no LAN cables), and the two external DNS servfers of the ISP.  So my first ping of google.com took a minute to cycle through DNS servers but when it finally got going, I had !.!.! or .!.!. again.  Repeatd this several times, same result. 

I then took a break for 5 minutes, came back, did it again and now ping to www.google.com is 100% every time.  I don't really understand why this behaves this way.  It is learning the route, perhaps? 

So since that seemed to start workintg, I tried ping 8.8.8.8 source 192.168.0.1 but still get either !.!.! or .!.!. every time.  Perhaps I should go get lunch and in an hour, everything will work including all my upcoming problems. 

Yet another bit of info to add (3 mins after last post)

Went to the AP via service-module wlan-ap0 session

AP#: ping 192.168.0.2 (AP's IP) - !!!!!

AP#: ping 192.168.0.1 (LAN IP) - !!!!!

AP#: ping 66.28.150.125 (ISP's next-hop router) - !!!!!

AP# ping 8.8.8.8  - !.!.! or .!.!.

I'm sure in 5 minutes it'll be 100% but we'll see. 

Sorry for the excessive details - better than I update on progress than leavce you to reply based on old information. 

any update ??         

Sorry Parvesh I am just catching up on my long overlooked posts.  I would have to read the entire thread to see if there is anything I need to answer, but, the final resolution on this was that the cable Internet provider sent a tech onsite and this tech increased the dB on the cable line by 6.  So a basic signal boost it seems, and that corrected all this inconsistent activity.  We have not yet gone live with this router, howefver it has been reliably up for a couple of months now.  I am certain I will need to start a new thread for some other topic in trying to get this router configured, so talk to you then! 

Colin,

Any update on the Cisco 891W router? Did you get it deployed in production yet? I am about to travel to Haiti to set an 891w router and I am trying to prepare myself with as much trouble shooting knowledge as possible in case I have a problem. Did you end up switching everything to Wan GE0? As of now my wan port is configured at FE8. Let me know the latest.

Hi Kevin,

I hope all goes well in Haiti. 

I have to be honest, I have nt tested FE8.  I simply went to GE0 with no delay.  From what others havce said, not sure if in this thread or in another, but they say don't use FE8. 

I have a lot to learn on the subject of routing and security, especially firewalls in the IOS, but I have the unit working in a test environment, yet the lab is pretty much identical to the real thing using the same IP's and so on.  I have 6 of these routers in the lab.  So far two of them are fully configured.  My method for getting them ready started with:

1.  Using CCP Express (built-in web UI) to config the very basics.  No firewall or security, just the basics that the wizard prompts you for like outside/inside IPs, defaulr route, WAP basics, etc.  No NAT, no firewall, etc.

2.  Then used Cisco Config Pro 2.6 to do other things I'd go one step at a time, saving the running-config to TFTP with unique filenames each time so I can revert back if needed without rebuilding the whole thing again which I had to do a lot earlier on. 

3.  So after initial CCP Express config, I first used regular CCP to put in a firewall.  (Basic firewall, High Security, plus Allow secure CCP access on outside interface, as per the wizard). 

4.  After testing that I could still connect via WAN after this, I copied to starutp config and to tftp.  I then set up the VPN (Site to Site).  Still working on that.  Once you set it up, you get the option to test it's connectivity.  I do so, and it fails a couple of checks, yet at the end says the tunnel is Up.  Who knows. 

I intend to do a number of tweaks in the CLI once I get the general functionality working via CCP.  What I've begun to do is as I learn about any command in the IOS that I'd want to implement on my router, I put that into a file as a list.  These are things you'd want to do on every router deployment that aren't accomplished via the CCP tools.  Like changing SSH to version 2, regenerating RSA keys to 2048bit, removing unneeded banners,etc.  I have about 20 things listed so far that I prefer to set. 

Anyway, maybe I'm being a little verbose on info here and you may know all this already but that's where I am at with this 891W stuff. 

Are you further along than me or not there yet?