Thanks for the quick response. I'll try and clarify a little more. I have an 891c it is the Chinese version of the router but everything is in English and it looks to be exactly the same as the base 891. As I figured there seems to be no wireless device built into it even though all the specs on the 891 c say that its there.

As for authentication I have tried to connect through both CHAP and PAP as well as each individually on their own. My ISP for my business is a direct fiber optic lan. The other routers I have used were fine but this is the first Cisco that I've used.

Im getting in contact with my seller now to replace it becuase it cant seem to authenticate an internet session. Ill try and get set over to the 891w.

thanks for you timely response

e

Did you configure the dialer interface as detailed in the link above?

Brandon

I sure did, went through the whole setup. I got in contact with my seller and they ran through the process with me and determined it was most likely an issue with the device itself. I am sending it back today and I am upgrading it to the 891w device. Sucks though because it will take at least a month before they get a replacement out to me. I am going to have to stick with my consumer grade router for now and hope it doesnt burn out under the stress. Thanks for your help, when I get the next one I'll check back in here with you all just to let you know if its up and running.

thanks again

e

Alright, so I finally got my cisco 891W.

The router is actually authenticating on the net.

But now my big trouble is that it is not routing internet through the network. I've had a tough time trying to get this thing to get going so I can replace my old router on the network and move on to other things. So maybe I can get some help here. I contacted Cisco tech support in China and they were less than helpfull.

I'm going to paste in my router config file with certain areas marked out.

Maybe someone nice enough could look at it and tell me where I am going wrong.

Current configuration : 8895 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname {xxxxxx}
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$rCWO$P4roSn6l6AszgPoiN1NO4/
!        
no aaa new-model
clock timezone PCTime 8
service-module wlan-ap 0 bootimage autonomous
!        
crypto pki trustpoint TP-self-signed-1848013357
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1848013357
revocation-check none
rsakeypair TP-self-signed-1848013357
!        
!        
crypto pki certificate chain TP-self-signed-1848013357
certificate self-signed 01
{xxxxx}
        quit
no ip source-route
!        
!        
ip dhcp excluded-address 10.10.10.1 10.10.10.49
ip dhcp excluded-address 10.10.10.201 10.10.10.254
!        
ip dhcp pool ccp-pool1
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 125.123.0.170 220.189.127.108
   default-router 10.10.10.1
!        
!        
ip cef   
no ip bootp server
ip name-server 125.123.0.170
ip name-server 220.189.127.108
no ipv6 cef
!        
!        
multilink bundle-name authenticated
!        
!        
username {xxxxxx} privilege 15 secret 5 $1$S5I6$lrlMTU1SoHzd/CzcNiHKA/
!        
!        
!        
archive  
log config
  hidekeys
!        
!        
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!        
class-map type inspect match-all sdm-nat-http-1
match access-group 101
match protocol http
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
!        
!        
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
  inspect
class class-default
  pass   
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-http-1
  inspect
class class-default
  drop   
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
  drop log
class type inspect ccp-protocol-http
  inspect
class type inspect ccp-insp-traffic
  inspect
class class-default
  drop   
policy-map type inspect ccp-permit
class class-default
  drop   
!        
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!        
!        
!        
interface FastEthernet0
!        
interface FastEthernet1
!        
interface FastEthernet2
!        
interface FastEthernet3
!        
interface FastEthernet4
!        
interface FastEthernet5
!        
interface FastEthernet6
!        
interface FastEthernet7
!        
interface FastEthernet8
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!        
interface GigabitEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
!        
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!        
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!        
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1412
!        
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!        
interface Dialer0
description $FW_OUTSIDE$
ip address dhcp client-id FastEthernet8
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname {xxxxx}
ppp chap password 7 {xxxxx}
ppp pap sent-username {xxxxx} password 7 {xxxxx}
!        
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!        
!        
ip nat inside source static tcp 0.0.0.0 80 interface Dialer0 80
ip nat inside source list 1 interface FastEthernet8 overload
!        
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 0.0.0.0
dialer-list 1 protocol ip permit
no cdp run
         
!        
!        
!        
!        
!        
!        
!        
control-plane
!        
banner exec
!        
line con 0
login local
transport output telnet
line 1   
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2   
no activation-character
no exec 
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!        
scheduler max-task-time 5000
scheduler allocate 4000 1000
sched

end

Also my internet provider is a lan ethernet connection utilizing

http://www.gfirst.com.cn/uploads/FT-10-100%20Enhance%20Series%20Media%20Converter%20Technical%20Specifications.pdf

this media converter.  It is PAP authenticated.

Super stumped here

Thanks in advance.

e

Hi,

can you get rid of these by prefixing them with a no beginning with service-policy:

zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1

tell me if it solves your problem.

Regards.

Alain.

I am heading out of the office in the next couple minutes here. I'll drop those into the CLi

real quick and see if I can get a connection.

edit*

        Im staring at the console went into config terminal and entered the command but it did not accept it, I guess because Im not in the service policy zone. So how do enter the config menu for the specific settings. Sorry im pretty noobish to cisco routing.

Hi,

zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 no service-policy type inspect sdm-pol-NATOutsideToInside-1

then

no zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone

but I think you must take out the interfaces from zone before then rapply interfaces to zones:  no zone member and then zone member

Regards.

Alain.

I will make these changes, and repost in a couple when I get back to the office. Thank you for your time

OMG, so I pretty much figured out why the router is not routing internet, and it had nothing to do with my configuartion settings specifically. At least as far as I know.

My ISP is not letting this device authenticate for one reason or another. So I will call into them and get a static IP assigned and jumpback in here the next week or two to give you all a heads up.

Sorry for the wild goose chase guys

If I have real issues then ill get back in here and talk to you guys again.

thank youmuch for you help though.

Alrighty, well I wanted to let you all know I finally got this thing up and running and routing internet success

fully. My headaches are now gone. I contacted my ISP and had them release the MAC bind on our account and the router was then able to get an address from the ISP.

I ran into more problems later on though. I used the Cisco web based utility to set the router up, and Im thinking that was not such a good idea.

Nonetheless I flash the router to factory defaults and coded everything line by line.

I found a few discrepancies between the auto config and the coded config, with certain lines like no ip redirects.

Furthermore I did a mega fail on my part when i set the default route to fast ethernet 8 and not dialer 0.

So i had 3 tiny problems that gave me a headache for about a month.

But its up and running now hooray .

Now i get to go play with my expanded to set permissions on a per pc basis.

Anyways thank you all for your help it was very helpful as a learning experience and I now know much more about how to work with the CLI and finding problems by looking at the config files.

Thanks again for your time, now to go out and grab a pitcher of beer.