877W ADSL help

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I've taken another shot at it, I wish my SDM was working properly - I've been thrown 10 feet into the deep end here I think I've managed to get my router talking to my ISP, I can ping the ADSL Gateway IP from the router, I cannot however get an internet connection on any device that is connected :S

Taking an (un)educated guess I believe I have a problem with NAT? Appreciate any and all help

Code:

version 12.4
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname router-1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$pRB8$XziT7Wb1HNhCEeDYufkc31
!
no aaa new-model
!
resource policy
!
clock timezone GMT 0
clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool sdm-pool
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 212.139.132.4 212.74.114.193
   lease 0 2
!
!
ip inspect max-incomplete high 1100
ip inspect max-incomplete low 1100
ip inspect one-minute high 1100
ip inspect one-minute low 1100
no ip domain lookup
ip domain name tailornetworks.local
!
!
crypto pki trustpoint TP-self-signed-1552868178
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1552868178
 revocation-check none
 rsakeypair TP-self-signed-1552868178
!
!
crypto pki certificate chain TP-self-signed-1552868178
 certificate self-signed 01
  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31353532 38363831 3738301E 170D3131 30323038 32313430
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35353238
  36383137 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C552 005F8CB5 B7ECB3DA 4212AF32 3A99C48A 72AF1677 050A1CED 9B80A813
  8B382C13 50B0F148 793E800A EAB4C914 C1796E39 B7B157C1 3D68DBF3 C58FB355
  E078BA30 A5958A32 05AA1D16 E319EF3D 15D37F59 EB04AD56 C911312E 6DCB9AB1
  F0E1EA88 D177657B 4FCFD031 F74C727E ECEA79B8 D3B35BF6 4BD8B66F ED5EB6FC
  E64B0203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
  551D1104 21301F82 1D726F75 7465722D 312E7461 696C6F72 6E657477 6F726B73
  2E6C6F63 616C301F 0603551D 23041830 168014BC 8871D8E0 CE00C722 DE3B465A
  36B934FF 5B024630 1D060355 1D0E0416 0414BC88 71D8E0CE 00C722DE 3B465A36
  B934FF5B 0246300D 06092A86 4886F70D 01010405 00038181 008D5AA1 FD37FB3C
  A12FA2DE 6C76236B 6DD8DBA5 D0BDB730 D16DB78C C87ABA6A 28C0F445 016C05BE
  763BFAEE 81A435D0 5AE59C48 F756D805 A45EDB84 E9393868 68E5A728 978A6335
  852DE3A7 70B8D28B 242ECB35 ADC14D2A E32B1D88 A8F21D0E B0E5A0C9 F71B78FE
  35700C49 06E3E941 CEAE3710 60CB0D43 8776C2DA 208DC54F 6F
  quit
username sam privilege 15 secret 5 $1$fd/L$sGO1HKDESOEoydHR0ODj//
!
!
!
bridge irb
!
!
interface ATM0
 no ip address
 ip access-group 10 out
 no ip mroute-cache
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid TN-WBS
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 070D284B48000A0D46
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no snmp trap link-status
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 no ip address
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Dialer0
 ip address negotiated
 ip access-group 101 in
 ip access-group 102 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxxxxx
 ppp chap password 7 xxxxxx
 ppp pap sent-username xxxxxx password 7 xxxxxx
!
interface BVI1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.1.1 255.255.255.0
 ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCCC
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I had another go, got further this time around edited first post to reflect this.

 

Not sure about your config sorry but my SDM stopped working when I updated my Java. Had to roll backup to update 6 before it started working again (think current is 12 at moment).

Maybe that will help?

 

NAT does not seem te be set up.

Can you access the command line? Dump the SDM anyway

Try making these changes:

Code:

interface Dialer0

	ip nat outside

interface Vlan1

	ip nat inside

[B]global config:[/B]

ip nat inside source list 1 interface Dialer0 overload

access-list 1 permit 192.168.1.0 0.0.0.255

Could be that you have to put the "nat inside" on your interface BVI1.
On my 857 it goes on the VLAN 1 interface but it seems to depend on your IOS version etc.

 

Your DHCP service on the router is probably not handing out the DNS server information.

Add this in global config:

Code:

ip dhcp pool sdm-pool
      dns-server X.X.X.X Y.Y.Y.Y 

Where X.X.X.X and Y.Y.Y.Y are your DNS server

 

Hey, I'll give this a shot as soon as I get home. It's probably best I don't get too comfortable with SDM anyway Simon

Appreciate it!

 

No problem at all.

Ran into the same problems when first setting it up with SDM

 

No success sadly, I can still only ping my ISP gateway I've changed my config in the first post to reflect what I currently have.

 

Where are your access lists?

 

You'll have to forgive me if I'm way off track here but I know that in our BVI1 interface it specifies that NAT uses list 1?

"access-list 1 permit 192.168.1.0 0.0.0.255"

Is this not an access list?

EDIT: Are we talking about 101? I noticed that :S

 

Yep... and 102.

 

Hahaha I feel stupid

I'll take a shot at creating these, will report if I do so with success

 

Nah, man... it happens.

For the record, I would abandon the SDM and learn only as much as you need for certification purposes.

 

I've taken a shot at it but to no prevail, perhaps I'm doing this wrong could you give me examples?

I can't use the SDM anyways dude, it freezes up at WAN configuration, learning as I go along

 

Can you post your latest config?

This could also help (bottom of the page)

 

Updated, nothing has changed really.

Edit: Really want to thank you guys for your time, I'll have another go at tackling this head on tomorrow evening, my brain is a little slow after a busy day of College

 

I believe the problem with you config is that you dont have a default route configured; any request for the internet has no idea where to go!

Enter the following command to enter a default route and then try again:
ip route 0.0.0.0 0.0.0.0 dialer 0

If this does not work then below is the basic configuration for adsl connectivity:

Configure DHCP:ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4

Configure the ATM 0 Interface:interface ATM0
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1

Configure the Dialer interface:
interface Dialer1
description ISP NAME
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ISPUSERNAME
ppp chap password ISPPASSWORD
ppp pap sent-username ISPUSERNAME password ISPPASSWORD

Configure the default route:
ip route 0.0.0.0 0.0.0.0 Dialer1

Configure NAT
ip nat inside source list NAT interface Dialer1 overload

Also note that as part of the NAT config the dialer interface has "ip nat outside" and the BVI has "ip nat inside"

Configure the Access list for the source addresses to be NAT'd
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255

Hope this helps, and if not let us know and i will try to make a config for you to drop on the router if all else fails (BUT you must try first otherwise you will not learn!! )

Cheers
Jon

 

I can ping all IP addresses from the Router now that I've assigned our default route, cheers Jonny!

Edit: Just got DNS working too, can ping domain names from the Router.

Need to get an internet connection to clients now, hmmm :S

 

Just thought I'd post an update managed to get NAT working when I got home today, was too busy yesterday. DHCP seems to be a little slow, hangs sometimes if I try and renew a lease - I've got the weekend to fine tune though! I'll show my config to the original post once I'm happy, it may help someone in a similar situation at a later date

Thanks for the help you've given me guys!

 

Had that same problem on one port, where a host is directly connected to the switch ports.
Could be you have to enable PortFast on those ports, because of STP negotation.

On the interface config, type "spanning-tree portfast" and see if that helps.