CertForums.com IT Certification Forum Homepage
Page 1 of 3 123 LastLast
Results 1 to 15 of 38

Cisco 877W ADSL Setup

You are viewing a topic in the Routing & Switching forum part of the Cisco Certification Forums category.

  • Share:
  1. #1
    Bit Poster
    Posts
    13
    Join Date
    07 Oct 2007
    Liked
    0 times
    Rep Power
    6

    Question Cisco 877W ADSL Setup

    Drop Ship Lifestyle
    Hi folks

    Got a working ST 330 DSL connection, but want to go wireless so bought a Cisco 877W; however I'm having a bit of a nightmare setting it up to talk to my ISP (Orange)...wondered if anyone could help? This should have been the easy bit!

    Got the PC to talk to the Router no problem & Orange helpfully tell me that I need:
    encap. PPP over ATM
    Multiplex. VC-based
    VPI=0, VCI=38
    Modulation - multimode
    Auth = CHAP

    So set up the ATM port as PPPoA AAL5MUX 0/38, CHAP with my orange username etc.

    1st problem - don't know if should be using IP negotatiated (think so as diagnostics get the furthest here) or Dyn IP (looks for DHCP server, but no IP assigned to interface)...

    Diag report for IP neg indicates that the ATM got an IP address - good, but checking exit interface test failed - "Exit Interface not found"

    Report helpfully tells me the following...
    "To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface. Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface and retest connection. "

    Fair enough, but how!

    Suspect whatever the answer is will be the missing step to getting my PC to access the internet.

    I entered the DNS servers as static addresses based on the Orange DNS server IPs provided.

    Feeling slightly stupid now, but any suggestions on what to try?

    many thanks
    Simon

  2. Posts
    666
    Join Date
    6 June 2003
    Location
    Somewhere in Germany
     

  3. #2
    Gold Member
    Posts
    6,630
    Join Date
    08 Sep 2005
    Location
    Tunbridge Wells, Kent
    Liked
    0 times
    Rep Power
    49
    I thought I'd look that unit up. When I saw the price I nearly fell off my chair! Nearly 10X the price I would expect to pay for home use these days!

    To rub salt into the wound - there seem to have been issues with this unit on UK ADSL connections, and people are suggesting upgrades to IOS plus some patches.

    As this unit is new I'd suggest that you go back to where you bought it and get them to set it up for you, or demonstrate it working.

    Harry.

  4. #3
    Gold Member
    Posts
    6,630
    Join Date
    08 Sep 2005
    Location
    Tunbridge Wells, Kent
    Liked
    0 times
    Rep Power
    49
    I see that jodsclass has set one of these up - see the thread here.

    Might be worth dropping him a PM.

    Harry.

  5. #4
    Bit Poster
    Posts
    13
    Join Date
    07 Oct 2007
    Liked
    0 times
    Rep Power
    6
    Thanks Harry - there's hope then!

  6. #5
    Megabyte Poster Spice_Weasel's Avatar
    Posts
    254
    Join Date
    24 Jun 2006
    Liked
    0 times
    Rep Power
    16
    Post your config, with any sensitive bits changed (username, password, etc). If you are getting an ip address assigned, it appears from the bit you posted that you don't have a route to your dns servers, in particular no default route, which is all you really need for a simple home setup. Your default route should generally point out the dialer interface. But a copy of your current config will make it much easier to help.

    Spice_Weasel

  7. #6
    New Member EvilDaz's Avatar
    Posts
    8
    Join Date
    26 Sep 2007
    Location
    Lichfield, UK
    Liked
    0 times
    Rep Power
    6
    Hi

    This should work. This assumes you are using the network 192.168.0.0/24 with the router IP 192.168.0.1.
    Just ammend / replace anything in between <>'s as you need
    Also add other IP's to access list 1 for external access to the router. Let me know if you want any Port Mappings added:

    Code:
    no service pad
    service timestamps debug datetime localtime
    service timestamps log datetime localtime
    service password-encryption
    !
    hostname <hostname>
    !
    enable secret <password>
    username <username> password <password>
    no aaa new-model
    ip subnet-zero
    no ip source-route
    no ip domain lookup
    !
    !
    no ftp-server write-enable
    !
    interface vlan1
     description <description>
     ip address <192.168.0.1> <255.255.255.0>
     ip nat inside
    !
    interface ATM0
     no ip address
     no atm ilmi-keepalive
     pvc 0/38 
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
     !
     dsl operating-mode auto
    !
    interface Dialer0
     description <description>
     ip address negotiated
     ip nat outside
     encapsulation ppp
     no ip route-cache
     no ip mroute-cache
     dialer pool 1
     dialer-group 1
     ppp chap hostname <adsl username>
     ppp chap password <adsl password>
    !
    ip nat inside source list 100 interface Dialer0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    no ip http server
    no ip http secure-server
    !
    dialer-list 1 protocol ip permit
    access-list 1 permit <external ip address to access telnet from> <mask>
    access-list 100 permit ip <192.168.0.0> <0.0.0.255> any
    !
    line con 0
     password <console password>
     no modem enable
     stopbits 1
    line aux 0
     stopbits 1
    line vty 0 4
     access-class 1 in
     exec-timeout 0 0
     password <telnet password>
     login
    !
    scheduler max-task-time 5000
    !
    end
    Let me know if it doesn't work.

    Daz

  8. #7
    Bit Poster
    Posts
    13
    Join Date
    07 Oct 2007
    Liked
    0 times
    Rep Power
    6
    Guys - thanks for the replies, sorry for the slow response back, but I've been away on business.

    First off, tried the default route as suggested by Spice Weasel - this has some success as now the router can ping both the DNS server and my laptop. Sadly the laptop is not getting beyond the router at present!

    Next had a look at your config EvilDaz - most of it seems to be covered by the more complex config created by my route config software (SDM) with the exception of the access-lists (intend to take up the good advice as set within here once I've got the thing working) and in the Dialer0 section you have "ip nat outside" followed by "ip nat inside source list 100 interface Dialer0 overload" just before the default route entry...not sure what this does?

    Anyway, I've attached my config and the current route table from the router...hopefully will cast some light for you on what's going on.

    many thanks
    Simon
    Attached Files Attached Files

  9. #8
    Megabyte Poster Spice_Weasel's Avatar
    Posts
    254
    Join Date
    24 Jun 2006
    Liked
    0 times
    Rep Power
    16
    dewdnys - currently you have no nat configured. Your internal hosts can send packets outbound, but they will be dropped by your isp as the source address will be a private ip.

    Configuring nat is fairly easy - you need an inside interface, an outside interface and a way of deciding what gets natt'ed.

    For example:

    The interfaces participating in NAT:
    int bvi1
    ip nat inside

    int dialer0
    ip nat outside


    Selecting traffic to NAT:
    ip nat inside source route-map nonat int di0 over

    route-map nonat permit 10
    match ip address 100

    access-list 100 permit ip 1.2.3.0 0.0.0.255 any

    You can also use the nat from EvilDav's sample config, it is a bit simpler than above, but I tend to like using a route-map. Either will work fine.

    ip nat inside source list 100 interface Dialer0 overload
    access-list 100 permit ip <192.168.0.0> <0.0.0.255> any


    That should get you going. One thing - please put an access list on your vty lines, right now anyone can log in to your router:

    access-list 15 per 1.2.3.0 0.0.0.255
    access-list 15 deny any log

    line vty 0 4
    access-class 15 in

    Also, use ssh only:

    line vty 0 4
    transport input ssh

    Also, if you are not using the wireless make sure it is shutdown. If you are using it we can give you a proper config for the wireless portion to use at least wpa.

    After you have a working setup there are a few things that can be added to improve the configuration.

    Spice_Weasel

  10. #9
    Bit Poster
    Posts
    13
    Join Date
    07 Oct 2007
    Liked
    0 times
    Rep Power
    6
    Thanks for this guys - and the explanation of what NAT is all about...I'll give it a try this evening and let you know how I get on.

    cheers
    Simon

  11. #10
    Bit Poster
    Posts
    13
    Join Date
    07 Oct 2007
    Liked
    0 times
    Rep Power
    6

    Smile

    nice one -thanks for all your advice.

    configured Default route and NAT and all works hunky dorey. Even set up Wireless configuration without any problems.

    The Cisco SDM works well in terms of setup once you know which elements to set up. Not sure if the firewall is working yet, but seems fine. Amusingly, when I set it to high (filters out malformed HTM), the BBC news pages stop working!

    Anyway, everything inside my network now wireless and talking to the router, although I have a slight glitch with connecting to my wireless printer - suspect that's a firewall issue though.

    thanks again & keep up the good work.
    Simon

  12. #11
    Bit Poster
    Posts
    15
    Join Date
    17 Oct 2007
    Location
    Manchester, UK
    Liked
    0 times
    Rep Power
    6

    Cisco 877 drama

    Sorry to piggy back this thread but didn't see the point of a new thread as the problem is so similar to mine.

    I'm new to cisco gear, I've just had two cisco 877 Routers thrown at me by the boss.

    I'm using Cisco SDM as I have little CLI experience.

    Basically I can connect to router through a browser and use SDM to configure but cannot get any Internet access on the pc I have connected without using an IP. I can ping a web IP address (not a name) through the routers ping option and PC - so I am connected to my ISP.

    I think my issues are; no DNS configured on the router and no proper default route but I dont have a clue how to get them working. Here is my running config> (excuse me if there is useless information in there)
    Building configuration...

    Current configuration : 4698 bytes
    !
    ! Last configuration change at 15:21:25 PCTime Wed Oct 17 2007 by admin
    ! NVRAM config last updated at 15:06:47 PCTime Wed Oct 17 2007 by cisco
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname yourname
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$KFpQ$dQ72q.s8K.wqBz278Ng9X0
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    no ip source-route
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1
    !
    ip dhcp pool sdm-pool1
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    !
    !
    ip tcp synwait-time 10
    no ip bootp server
    no ip domain lookup
    ip domain name yourdomain.com
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    crypto pki trustpoint TP-self-signed-633710060
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-633710060
    revocation-check none
    rsakeypair TP-self-signed-633710060
    !
    !
    crypto pki certificate chain TP-self-signed-633710060
    certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 36333337 31303036 30301E17 0D303630 37313831 32353433
    365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3633 33373130
    30363030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    AA7E0863 1E016995 7504E293 F1657305 038E1541 E3DDC119 D2ABDB92 4FE9BEB6
    9C209590 926C9815 0B264D4D 164160E0 AA2B0174 E7D762FB C26EF9E1 70069858
    3FF684A6 69B2146F 408CEBA5 58C1E2DB D82DE653 C739268F C00138CD 97BCDB25
    6123FA2A 298A8362 8F0210EF EF555863 5EAB79C6 D7391AD4 204BB01E D677FD95
    02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
    11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
    0603551D 23041830 16801471 AF934650 7D2ACCFA 3F914931 0D98CA52 A6FB4D30
    1D060355 1D0E0416 041471AF 9346507D 2ACCFA3F 9149310D 98CA52A6 FB4D300D
    06092A86 4886F70D 01010405 00038181 003D7256 7B2874F5 B6428DDC 95139A92
    B8764E65 6D01527A 09E90068 6084B420 BCC41F7B 49A2A950 6C0D7C2D F4E0C7A7
    A3145256 E702D88F 25C95302 7F94F6B9 9D97F4F3 A3C11AD2 44B4F426 46B3D7BF
    82CCBDC6 A0DCA3E5 656140F8 59B284CB 8CD9D6B1 D20D12D1 63A42919 7807D655
    CC395D16 4CAFE02D D70D772D 72DAF1B7 4B
    quit
    username admin privilege 15 secret 5 $1$wxN1$CvEW8ZXlCmZ.W3QY2g6Je.
    !
    !
    !
    !
    !
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$$FW_OUTSIDE$
    no snmp trap link-status
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
    ip address 10.10.10.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    interface Dialer0
    ip address negotiated
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip route-cache flow
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname [email]************
    ppp chap password 7 **********
    !
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 5 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer0 overload
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.255
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    no modem enable
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end

  13. #12
    Yottabyte Poster BosonMichael's Avatar
    Posts
    19,663
    Join Date
    02 Nov 2006
    Location
    near Nashville, TN
    Age
    44
    Liked
    3 times
    Rep Power
    174
    Can you ping anything on the Internet from your PC?

  14. #13
    Bit Poster
    Posts
    15
    Join Date
    17 Oct 2007
    Location
    Manchester, UK
    Liked
    0 times
    Rep Power
    6
    I can ping via the pc and access the website through a browser using the IP.

    Also if I add primary and secondary dns settigns into windows ip configuration then everything works fine.

    I just cant seem to get them onto the router so that the pc can use those.

  15. #14
    Megabyte Poster Spice_Weasel's Avatar
    Posts
    254
    Join Date
    24 Jun 2006
    Liked
    0 times
    Rep Power
    16
    Your config looks good but you need a dns server entry in your dhcp setup. You have this configured:

    ip dhcp pool sdm-pool1
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1

    You will need to specify a dns server, e.g.:

    ip dhcp pool sdm-pool1
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    dns-server a.b.c.d <-- for example, isp dns server
    domain-name something.whatever <-- you might also want a domain name assigned. Optional, not needed.

    You pc should be able resolve names after you release and renew your dhcp ip address. Your router will not resolve names since no ip domain lookup has been configured, which is usual.

    Spice_Weasel

  16. #15
    Yottabyte Poster BosonMichael's Avatar
    Posts
    19,663
    Join Date
    02 Nov 2006
    Location
    near Nashville, TN
    Age
    44
    Liked
    3 times
    Rep Power
    174
    Spicey's correct... that'll do it.

Page 1 of 3 123 LastLast

Similar Threads

  1. Cisco 837 Router configuration help needed!
    By ciscofevers in forum Routing & Switching
    Replies: 2
    Last Post: 07-Sep-2007, 09:54 PM
  2. Replies: 0
    Last Post: 25-Jul-2007, 04:55 PM
  3. Question about taking a Cisco exam at a VUE Testing Centre
    By r.h.lee in forum General Cisco Certifications
    Replies: 2
    Last Post: 04-Jul-2007, 01:29 PM
  4. Cisco 877W ADSL Router - Port Forwarding
    By jodsclass in forum General Cisco Certifications
    Replies: 13
    Last Post: 19-Feb-2007, 11:11 PM