General discussion
-
CreatorTopic
-
May 1, 2010 at 1:47 pm #2214040
Cisco 857 configuration for BT DSL
Lockedby phid2002 · about 13 years, 11 months ago
Hi i hope there is somebody who can take a look at this configuration of a Cisco Router 857 and tell me where is the mistake. I managed to get connected to the dsl line, meaning i received the DNS servers and IP automatically from the ISP but i can’t ping outside, i don’t have internet on my local network.
Building configuration…
Current configuration : 5940 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TEST
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1984768014
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1984768014
revocation-check none
rsakeypair TP-self-signed-1984768014
!
!
crypto pki certificate chain TP-self-signed-1984768014
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393834 37363830 3134301E 170D3032 30333031 30383031
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39383437
36383031 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BF90 46E2657C ED3A3C8B 212982D7 003928B5 F6996ECB 912BDA36 F3AA502D
40B4FCB9 4AC16FBD 81607E79 15E7B645 D7D12138 A4DBB51A 99DBCCE4 0A5D3909
F2873C03 2722160B 37CD1753 5593FCD9 AB01964D 3CAF41BF AB5CD0F8 BCDD4DF5
CFB00FB7 777C4C04 B2DA582D 28983C76 D557D8C0 17E2C624 01308547 E4ABCF85
97F50203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 19706861 726D6368 656D2E70 6861726D 6368656D 2E636F2E
756B301F 0603551D 23041830 168014D6 638242D5 EEAE00A4 C3516D48 25A21B7A
0584A230 1D060355 1D0E0416 0414D663 8242D5EE AE00A4C3 516D4825 A21B7A05
84A2300D 06092A86 4886F70D 01010405 00038181 004AF457 EE5E7588 90C3777E
E666C0AE 93FF7261 83852E61 725BDB21 DA6E9DF1 9CFFA72C AB6FB850 BFBCD2AF
8BB68C2D 7BB55276 409C034C 15E0BEC9 832B65A3 30243E62 ADEBBAD1 E7DF0871
8AB5CF74 0F5D4B35 9F84E603 F1190E26 2FCAE8FB 27E946BE F02F590A B61A678C
09F92375 2BA804C6 B647EC55 BFAAD26A D04451DD F2
quit
dot11 syslog
no ip source-route
!
!
ip cef
no ip bootp server
ip domain name test.co.uk
!
!
!
username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
description British Telecom – BT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip nat outside
ip virtual-reassembly
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description LAN ip static retea
ip address 80.138.81.181 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1452
hold-queue 100 in
hold-queue 100 out
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache policy
ip route-cache flow
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname username@BT
ppp chap password 7 passBT
ppp pap sent-username username@BT password 7 passBT
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
ip access-list standard ACL_DIALER0_OUT
remark CCP_ACL Category=1
permit any
!
ip access-list extended ACL_DIALER0_IN
remark DHCP
remark CCP_ACL Category=16
permit udp any any eq bootpc
permit udp any any eq bootps
!
logging trap debugging
access-list 1 permit 0.0.0.0
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 80.138.81.180 0.0.0.7
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output none
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
endTopic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
May 1, 2010 at 2:18 pm #2830253
Do this
by netman1958 · about 13 years, 11 months ago
In reply to Cisco 857 configuration for BT DSL
on one of your computers on the LAN, open a command prompt and run “ipconfig /all” and post the output.
-
May 2, 2010 at 5:43 pm #2830068
-
May 2, 2010 at 5:46 pm #2830065
related info
by phid2002 · about 13 years, 11 months ago
In reply to ipconfig
on the cisco router there is a software cisco CP and when i trying to test the interface it’s showing the same thing … like after connecting to the dsl line the router takes the dns and the ip but when pinging the dns it shows timeout
-
May 2, 2010 at 8:20 pm #2829987
RE: Related info
by netman1958 · about 13 years, 11 months ago
In reply to related info
What is a “software cisco CP”? I’m not familiar with that term.
-
May 2, 2010 at 8:18 pm #2829988
Additional questions
by netman1958 · about 13 years, 11 months ago
In reply to ipconfig
What did the ipconfig results show for the DNS server(s)? Also, how did you come to use 80.138.81.184 255.255.255.248 as an internal IP? That is a public IP and is not usually used on hosts in the LAN. Further, with the subnet mask 255.255.255.248, 80.138.81.184 is not a usable IP. I’m surprised your computer didn’t reject it.
-
May 3, 2010 at 5:46 am #3025216
ip
by phid2002 · about 13 years, 11 months ago
In reply to Additional questions
Cisco provides a CD with a software Cisco CP Express.
actually at this stage i gave a Netgear router working , and we have 5 static ip from the ISP and it is xxx.xxx.xxx.41 – xxx.xxx.xxx.46 , one ip is for the router, one is for the server 2003, and the other 3 for other 3 servers. the subnet mask is 255.255.255.248 on all of them and is working becasue
-
May 3, 2010 at 6:39 am #3025196
Does that mean
by netman1958 · about 13 years, 11 months ago
In reply to ip
That you decided to use the Netgear instead of the Cisco and that everything is working now? Or do you still want to use the Cisco? I’m confused as to what the static range xxx.xxx.xxx.41 – xxx.xxx.xxx.46 has to do with the 80.138.81.184 that you are using on your LAN.
-
May 3, 2010 at 7:15 am #3025182
means
by phid2002 · about 13 years, 11 months ago
In reply to Does that mean
I want to use Cisco instead of Netgear because we have lots of hang up / frezzeing of Netgear router and cisco is more reliable
This IP 80.138.81.184 is not real in this post i just puted as a orientation the real one is
xxx.xxx.xxx.46 -
May 3, 2010 at 8:33 am #3025150
Making more sense now
by netman1958 · about 13 years, 11 months ago
In reply to means
In your current setup using the Netgear, are you using the public IP Addresses directly on the servers are is the Netgear using static NAT to map the public IPs to private IPs that are assigned to the servers?
According to the Cisco config you posted, the router is getting it’s IP via DHCP and is “NATing” all outbound traffic to that IP.
-
-
-
May 3, 2010 at 8:38 am #3025146
ping from console it’s working
by phid2002 · about 13 years, 11 months ago
In reply to Cisco 857 configuration for BT DSL
ping from console it’s working but on the network i still don’t have access and the ip of the pc has the sme class like the ip of the router and the same mask and the gateway is the same ip og the router ip
-
May 3, 2010 at 9:20 am #3025135
Info Needed
by netman1958 · about 13 years, 11 months ago
In reply to ping from console it’s working
On the Cisco, while it is connected to the DSL circuit, run this command:
“show interface Dialer0”
I need the output from that. If you don’t want to post it here, you can send me a PM with the info.-
May 3, 2010 at 12:28 pm #3025091
posting
by phid2002 · about 13 years, 11 months ago
In reply to Info Needed
i’ll post it tomorrow …
at this stage it working the connection, the issue is between the router and the LAN -
May 3, 2010 at 1:17 pm #3025087
Before you go much further
by netman1958 · about 13 years, 11 months ago
In reply to posting
Give this a try a let me know the results.
Remove this line from your Cisco config:
“ip nat inside source list 1 interface ATM0.1 overload”
You can remove it with the command:
“no ip nat inside source list 1 interface ATM0.1 overload”
Then try accessing the Internet from a machine on your LAN. If that doesn’t help then you can add the NAT statement back with:
“ip nat inside source list 1 interface ATM0.1 overload” -
May 4, 2010 at 3:15 am #3024939
NAT statement
by phid2002 · about 13 years, 11 months ago
In reply to Before you go much further
it’s still not working with the statement removed even with the statement changed
ip nat inside source list 1 interface Dialer0 overload -
May 4, 2010 at 7:14 am #3024911
More NAT
by netman1958 · about 13 years, 11 months ago
In reply to NAT statement
According to this article, I’m pretty sure you are going to have to leave the NAT statement out:
http://btbusiness.custhelp.com/app/answers/detail/a_id/9430/c/426,427,1951How are you testing? Are you using pings? If so, are you pinging a URL such as http://www.google.com or are you pinging an ip address? If you haven’t already done so, try pinging an ip address that you know replies to pings.
Also, try running a traceroute to a known ip address (traceroute xx.xx.xx.xx) and post the output.
-
May 4, 2010 at 8:26 am #2816542
ping from console it’s working
by phid2002 · about 13 years, 11 months ago
In reply to More NAT
i’m pinging both using URL as http://www.google.com and IP address and it’s working.
If i remove NAT or keep it it’s still works only the PC can’t access the internet -
May 4, 2010 at 8:55 am #2816536
RE: ping from console it’s working
by netman1958 · about 13 years, 11 months ago
In reply to More NAT
When you ping from the router console, the source address is the dialer0 address. When you ping from a computer the source address is the ip of the computer. Try an extended ping from the router and then specify the vlan1 ip as the source. Example:
Cisco-831#ping
Protocol [ip]:
Target IP address: 72.14.253.104
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.69.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.14.253.104, timeout is 2 seconds:
Packet sent with a source address of 192.168.69.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/82/96 msLet me know if you get replies using the vlan1 ip as a source.
-
May 4, 2010 at 8:57 am #2816535
Clarification
by netman1958 · about 13 years, 11 months ago
In reply to More NAT
Are you able to ping from a computer but just not able to access a web page or do pings fail from the computer? If you are able to ping from the computers but not open a web page, try adding this line under the dialer0 interface:
ip tcp adjust-mss 1452 -
May 4, 2010 at 1:40 am #3024958
show dialer0
by phid2002 · about 13 years, 11 months ago
In reply to Info Needed
router#show int Dialer0
Dialer0 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 81.130.125.138/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of “show interface” counters 00:02:02
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
44 packets input, 3035 bytes
46 packets output, 2693 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 1079 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoATM vaccess, cloned from Dialer0
Vaccess status 0x44
Bound to ATM0.1 VCD: 1, VPI: 0, VCI: 38, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di0 (Encapsulation PPP)
Last input 00:00:38, output never, output hang never
Last clearing of “show interface” counters 00:00:48
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 1 packets/sec
56 packets input, 3264 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
57 packets output, 2973 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
-
-
-
May 5, 2010 at 3:40 am #2816279
new configuration and testing
by phid2002 · about 13 years, 11 months ago
In reply to Cisco 857 configuration for BT DSL
This is a BT Business Class Service. I have 5 static IP, one used for router and other 4 for internal devices.
Router#traceroute 217.37.85.211
Type escape sequence to abort.
Tracing the route to host217-37-85-211.in-addr.btopenworld.com (217.37.85.211)1 host81-134-64-1.in-addr.btopenworld.com (81.134.64.1) 28 msec 32 msec 28 mse
c
2 213.120.182.141 32 msec 32 msec 28 msec
3 213.120.161.82 32 msec 28 msec 28 msec
4 217.41.222.30 32 msec 32 msec 28 msec
5 217.41.222.161 32 msec 32 msec 28 msec
6 213.120.161.81 32 msec 28 msec 32 msec
7 213.120.182.132 28 msec 32 msec 36 msec
8 host81-130-104-119.in-addr.btopenworld.com (81.130.104.119) 56 msec 52 msec
52 msec
9 host81-130-104-119.in-addr.btopenworld.com (81.130.104.119) 56 msec 60 msec
52 msec
10 host217-37-85-211.in-addr.btopenworld.com (217.37.85.211) 56 msec 56 msec 60
msec-interface of the Dialer0
Router#show int Dialer0
Dialer0 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 81.134.93.192/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of “show interface” counters 00:15:44
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
505 packets input, 43688 bytes
276 packets output, 8525 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 1083 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoATM vaccess, cloned from Dialer0
Vaccess status 0x44
Bound to ATM0.1 VCD: 1, VPI: 0, VCI: 38, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di0 (Encapsulation PPP)
Last input 00:00:02, output never, output hang never
Last clearing of “show interface” counters 00:13:11
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
532 packets input, 44256 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
298 packets output, 9085 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitionsROUTER CONFIGURATION
Router#show conf
Using 4225 out of 131072 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1984768014
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1984768014
revocation-check none
rsakeypair TP-self-signed-1984768014
!
!
crypto pki certificate chain TP-self-signed-1984768014
certificate self-signed 01 nvram:IOS-Self-Sig#9.cer
dot11 syslog
no ip source-route
!
!
ip cef
no ip bootp server
ip domain name XXXXX
ip name-server 194.72.9.34
ip name-server 194.72.0.98
!
!
!
username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
description British Telecom – BT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!-
May 5, 2010 at 7:50 am #2816230
Previous posts
by netman1958 · about 13 years, 11 months ago
In reply to new configuration and testing
-
May 5, 2010 at 9:24 am #2816209
able to ping
by phid2002 · about 13 years, 11 months ago
In reply to Previous posts
I’m able to ping only from router , using the console connection, but from PC there’s no communication. I’ll send you the details of pinging 72.14.253.104
-
-
-
May 7, 2010 at 4:42 am #2813756
ping statement
by phid2002 · about 13 years, 11 months ago
In reply to Cisco 857 configuration for BT DSL
Router#ping 217.46.201.44 source Dialer0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
Packet sent with a source address of 81.130.97.44
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 msRouter#ping 217.46.201.46
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.46, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msRouter#ping http://www.google.co.uk
Translating “www.google.co.uk”…domain server (194.72.9.34) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 msRoute#ping http://www.google.co.uk source Vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
Packet sent with a source address of 217.46.201.46
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/52 msRouter#ping http://www.google.co.uk source Dialer0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
Packet sent with a source address of 81.130.97.44
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 msRouter#ping 217.46.201.44 source Dialer0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
Packet sent with a source address of 81.130.97.44
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msRouter#ping 217.46.201.44 source Vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
Packet sent with a source address of 217.46.201.46
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms-
May 7, 2010 at 6:54 am #2813711
Debug
by netman1958 · about 13 years, 11 months ago
In reply to ping statement
Add this access-list:
access-list 100 permit ip any host 66.102.9.104
access-list 100 permit ip host 66.102.9.104 any
Then run this debug:
debug ip packet 100
Then go to a computer and try to ping 66.102.9.104. Then go to the router and copy the output from the debug and post it. Turn the debug off with “undebug all”.-
May 7, 2010 at 11:45 am #2813672
-
May 7, 2010 at 12:48 pm #2813663
RE: Access List
by netman1958 · about 13 years, 10 months ago
In reply to debug works
Configuring that access-list shouldn’t have affected anything but the debug output. If it had an affect on the router passing traffic then the configs you posted aren’t complete. Did you use 100 for the access-list number and if so look through the config again and see if you already had access-group 100 appied to any interface.
-
-
-
May 7, 2010 at 7:08 am #2813706
need to see the output of these command.
by cg it · about 13 years, 11 months ago
In reply to Cisco 857 configuration for BT DSL
In Exec mode
type sh ip route
also sh controller
The post the config.
Didn’t you get SDM with your 871? if not you really should use the SDM software. Makes it easy to config the router.
added:
If you want to use all of your public addresses, then you have to use static routing for those public addresses that go directly to a host. If you want to share the public addresses with all LAN hosts, you do NAT.
you’ll need a NAT pool and access list for the subnet. I don’t see a NAT pool list in the config.
Added: [as I look at the run config]:
I get using a subinterface for your fastethernet port [wan port] your ATM connection to your ISP,
How are hosts on the LAN communcating with the 871?
while switchports 1,2,3 operate as simple store and forward switching, I wonder why you’ve configured the vlan settings that you have.
-
May 7, 2010 at 7:45 am #2813700
to CG IT
by phid2002 · about 13 years, 10 months ago
In reply to need to see the output of these command.
witch SDM software you are speaking about ? I have a Cisco CP software CD with manual and this software Cisco CP Express.
For the NAT issue , i gave allready tryied same config with NAT settings inside for Vlan1 and outside for Dialer0.
Also tried with access list, same thing.On the LAN from the PC i’m working i can ping , access the router but pinging outside no answer.
I configured de Vlan1 to use the public ip i hjave from the ISP.
-
May 7, 2010 at 1:21 pm #2813654
Cisco Security Device Manager [SDM]
by cg it · about 13 years, 10 months ago
In reply to to CG IT
web based management and configuration utility for Cisco devices like the 800 series routers.
vlan 1 is the default vlan for lan switchports. If you configured a lan switchport with a public IP address, then what are clients using to connect to the 871?
-
-
-
May 7, 2010 at 7:59 am #2813696
see this tests
by phid2002 · about 13 years, 10 months ago
In reply to Cisco 857 configuration for BT DSL
Router#ping http://www.google.ro
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.99, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 msRouter#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static routeGateway of last resort is 81.134.64.1 to network 0.0.0.0
217.46.201.0/29 is subnetted, 1 subnets
C 217.46.201.40 is directly connected, Vlan1
81.0.0.0/32 is subnetted, 2 subnets
C 81.134.75.9 is directly connected, Dialer0
C 81.134.64.1 is directly connected, Dialer0
S* 0.0.0.0/0 [1/0] via 81.134.64.1
is directly connected, Dialer0Router#ping http://www.google.co.uk source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.99, timeout is 2 seconds:
Packet sent with a source address of 217.46.201.46
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 msRouter#ping 217.46.201.44 source Dialer0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
Packet sent with a source address of 81.130.97.44
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 msRouter#ping 217.46.201.46
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.46, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msRouter#ping http://www.google.co.uk
Translating “www.google.co.uk”…domain server (194.72.9.34) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 msRoute#ping http://www.google.co.uk source Vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
Packet sent with a source address of 217.46.201.46
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/52 msRouter#ping http://www.google.co.uk source Dialer0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
Packet sent with a source address of 81.130.97.44
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 msRouter#ping 217.46.201.44 source Dialer0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
Packet sent with a source address of 81.130.97.44
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msRouter#ping 217.46.201.44 source Vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
Packet sent with a source address of 217.46.201.46
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 msC:\Documents and Settings\patrick>netstat -r
Route Table
===========================================================================
Interface List
0x1 ……………………… MS TCP Loopback interface
0x2 …00 25 b3 53 4f f2 …… Marvell Yukon 88E8042 PCI-E Fast Ethernet Contro
ller – Packet Scheduler Miniport
0x3 …00 1f 3c da f4 c7 …… Intel(R) PRO/Wireless 3945ABG Network Connection
– Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 217.46.201.46 217.46.201.44 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
217.46.201.40 255.255.255.248 217.46.201.44 217.46.201.44 20
217.46.201.44 255.255.255.255 127.0.0.1 127.0.0.1 20
217.46.201.255 255.255.255.255 217.46.201.44 217.46.201.44 20
224.0.0.0 240.0.0.0 217.46.201.44 217.46.201.44 20
255.255.255.255 255.255.255.255 217.46.201.44 217.46.201.44 1
255.255.255.255 255.255.255.255 217.46.201.44 3 1
Default Gateway: 217.46.201.46
===========================================================================
Persistent Routes:
NoneRouter#debug ip packet
IP packet debugging is on
Router#000030: *Mar 1 13:25:59.827 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000031: *Mar 1 13:25:59.827 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
000032: *Mar 1 13:26:03.827 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000033: *Mar 1 13:26:03.827 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
000034: *Mar 1 13:26:09.656 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
d=217.46.201.41 (Vlan1), routed via RIB
000035: *Mar 1 13:26:09.656 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), g=217.46.201.41, len 60, forward
000036: *Mar 1 13:26:09.656 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), len 60, encapsulation failed
000037: *Mar 1 13:26:11.252 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.47 (Vlan1), routed via RIB
000038: *Mar 1 13:26:11.252 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
7 (Vlan1), len 236, rcvd 3
000039: *Mar 1 13:26:14.853 PCTime: IP: tableid=0, s=219.158.14.21 (Dialer0), d
=217.46.201.45 (Vlan1), routed via RIB
000040: *Mar 1 13:26:14.853 PCTime: IP: s=219.158.14.21 (Dialer0), d=217.46.201
.45 (Vlan1), g=217.46.201.45, len 56, forward
000041: *Mar 1 13:26:14.853 PCTime: IP: s=219.158.14.21 (Dialer0), d=217.46.201
.45 (Vlan1), len 56, encapsulation failed
000042: *Mar 1 13:26:18.333 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000043: *Mar 1 13:26:18.333 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
000044: *Mar 1 13:26:18.497 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000045: *Mar 1 13:26:18.497 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 59, rcvd 3
000046: *Mar 1 13:26:19.333 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000047: *Mar 1 13:26:19.333 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
000048: *Mar 1 13:26:19.497 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000049: *Mar 1 13:26:19.497 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 59, rcvd 3
000050: *Mar 1 13:26:20.334 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000051: *Mar 1 13:26:20.334 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
000052: *Mar 1 13:26:20.498 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000053: *Mar 1 13:26:20.498 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 59, rcvd 3
000054: *Mar 1 13:26:22.330 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000055: *Mar 1 13:26:22.334 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
000056: *Mar 1 13:26:22.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000057: *Mar 1 13:26:22.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 56, rcvd 3
000058: *Mar 1 13:26:22.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000059: *Mar 1 13:26:22.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 64, rcvd 3
000060: *Mar 1 13:26:22.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000061: *Mar 1 13:26:22.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 70, rcvd 3
000062: *Mar 1 13:26:22.498 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000063: *Mar 1 13:26:22.498 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 59, rcvd 3
000064: *Mar 1 13:26:22.666 PCTime: IP: tableid=0, s=219.158.18.245 (Dialer0),
d=217.46.201.45 (Vlan1), routed via RIB
000065: *Mar 1 13:26:22.666 PCTime: IP: s=219.158.18.245 (Dialer0), d=217.46.20
1.45 (Vlan1), g=217.46.201.45, len 56, forward
000066: *Mar 1 13:26:22.666 PCTime: IP: s=219.158.18.245 (Dialer0), d=217.46.20
1.45 (Vlan1), len 56, encapsulation failed
000067: *Mar 1 13:26:23.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000068: *Mar 1 13:26:23.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 56, rcvd 3
000069: *Mar 1 13:26:23.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000070: *Mar 1 13:26:23.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 70, rcvd 3
000071: *Mar 1 13:26:23.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000072: *Mar 1 13:26:23.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 64, rcvd 3
000073: *Mar 1 13:26:24.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000074: *Mar 1 13:26:24.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 56, rcvd 3
000075: *Mar 1 13:26:24.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000076: *Mar 1 13:26:24.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 64, rcvd 3
000077: *Mar 1 13:26:24.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000078: *Mar 1 13:26:24.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 70, rcvd 3
000079: *Mar 1 13:26:26.026 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
d=217.46.201.41 (Vlan1), routed via RIB
000080: *Mar 1 13:26:26.026 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), g=217.46.201.41, len 60, forward
000081: *Mar 1 13:26:26.026 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), len 60, encapsulation failed
000082: *Mar 1 13:26:26.330 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000083: *Mar 1 13:26:26.330 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
000084: *Mar 1 13:26:26.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000085: *Mar 1 13:26:26.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 56, rcvd 3
000086: *Mar 1 13:26:26.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000087: *Mar 1 13:26:26.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 64, rcvd 3
000088: *Mar 1 13:26:26.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000089: *Mar 1 13:26:26.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 70, rcvd 3
000090: *Mar 1 13:26:26.498 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000091: *Mar 1 13:26:26.498 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 59, rcvd 3
000092: *Mar 1 13:26:29.027 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
d=217.46.201.41 (Vlan1), routed via RIB
000093: *Mar 1 13:26:29.027 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), g=217.46.201.41, len 60, forward
000094: *Mar 1 13:26:29.027 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), len 60, encapsulation failed
000095: *Mar 1 13:26:30.435 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000096: *Mar 1 13:26:30.435 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 56, rcvd 3
000097: *Mar 1 13:26:30.435 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000098: *Mar 1 13:26:30.435 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 64, rcvd 3
000099: *Mar 1 13:26:30.435 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000100: *Mar 1 13:26:30.439 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 70, rcvd 3
000101: *Mar 1 13:26:33.499 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.47 (Vlan1), routed via RIB
000102: *Mar 1 13:26:33.499 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
7 (Vlan1), len 78, rcvd 3
000103: *Mar 1 13:26:34.247 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.47 (Vlan1), routed via RIB
000104: *Mar 1 13:26:34.247 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
7 (Vlan1), len 78, rcvd 3
000105: *Mar 1 13:26:34.999 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.47 (Vlan1), routed via RIB
000106: *Mar 1 13:26:34.999 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
7 (Vlan1), len 78, rcvd 3
000107: *Mar 1 13:26:35.023 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
d=217.46.201.41 (Vlan1), routed via RIB
000108: *Mar 1 13:26:35.023 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), g=217.46.201.41, len 60, forward
000109: *Mar 1 13:26:35.023 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), len 60, encapsulation failed
000110: *Mar 1 13:26:37.432 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.47 (Vlan1), routed via RIB
000111: *Mar 1 13:26:37.436 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
7 (Vlan1), len 78, rcvd 3
000112: *Mar 1 13:26:38.184 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.47 (Vlan1), routed via RIB
000113: *Mar 1 13:26:38.184 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
7 (Vlan1), len 78, rcvd 3
000114: *Mar 1 13:26:38.932 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.47 (Vlan1), routed via RIB
000115: *Mar 1 13:26:38.932 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
7 (Vlan1), len 78, rcvd 3
000116: *Mar 1 13:26:40.836 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000117: *Mar 1 13:26:40.836 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3
pharmchem#
000118: *Mar 1 13:26:41.836 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000119: *Mar 1 13:26:41.836 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3write mem
000120: *Mar 1 13:26:42.836 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000121: *Mar 1 13:26:42.836 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 6debug ip packet
000122: *Mar 1 13:26:44.837 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000123: *Mar 1 13:26:44.837 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1),no de
000124: *Mar 1 13:26:47.029 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
d=217.46.201.41 (Vlan1), routed via RIB
000125: *Mar 1 13:26:47.029 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), g=217.46.201.41, len 60, forward
000126: *Mar 1 13:26:47.029 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
1.41 (Vlan1), len 60, encapsulation failedbug
000127: *Mar 1 13:26:48.837 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
17.46.201.46 (Vlan1), routed via RIB
000128: *Mar 1 13:26:48.837 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
6 (Vlan1), len 63, rcvd 3 ip packet
IP packet debugging is offAnd this is the last configuration of the router
Building configuration…
Current configuration : 5814 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1984768014
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1984768014
revocation-check none
rsakeypair TP-self-signed-1984768014
!
!
crypto pki certificate chain TP-self-signed-1984768014
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393834 37363830 3134301E 170D3032 30333031 30383031
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39383437
36383031 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BF90 46E2657C ED3A3C8B 212982D7 003928B5 F6996ECB 912BDA36 F3AA502D
40B4FCB9 4AC16FBD 81607E79 15E7B645 D7D12138 A4DBB51A 99DBCCE4 0A5D3909
F2873C03 2722160B 37CD1753 5593FCD9 AB01964D 3CAF41BF AB5CD0F8 BCDD4DF5
CFB00FB7 777C4C04 B2DA582D 28983C76 D557D8C0 17E2C624 01308547 E4ABCF85
97F50203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 19706861 726D6368 656D2E70 6861726D 6368656D 2E636F2E
756B301F 0603551D 23041830 168014D6 638242D5 EEAE00A4 C3516D48 25A21B7A
0584A230 1D060355 1D0E0416 0414D663 8242D5EE AE00A4C3 516D4825 A21B7A05
84A2300D 06092A86 4886F70D 01010405 00038181 004AF457 EE5E7588 90C3777E
E666C0AE 93FF7261 83852E61 725BDB21 DA6E9DF1 9CFFA72C AB6FB850 BFBCD2AF
8BB68C2D 7BB55276 409C034C 15E0BEC9 832B65A3 30243E62 ADEBBAD1 E7DF0871
8AB5CF74 0F5D4B35 9F84E603 F1190E26 2FCAE8FB 27E946BE F02F590A B61A678C
09F92375 2BA804C6 B647EC55 BFAAD26A D04451DD F2
quit
dot11 syslog
no ip source-route
!
!
ip cef
no ip bootp server
ip domain name XXXXX
ip name-server 194.72.9.34
ip name-server 194.72.0.98
!
!
!
username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
description British Telecom – BT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip virtual-reassembly
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description LAN ip static retea
ip address 217.46.201.46 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1452
hold-queue 100 in
hold-queue 100 out
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
ip route-cache policy
ip route-cache flow
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname user@BT
ppp chap password 7 passBT
ppp pap sent-username user@BT password 7 passBT
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
access-list 1 permit any
access-list 1 permit 217.46.201.40 0.0.0.7
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner exec ^CC
% Password expiration warning.
———————————————————————–———————————————————————–
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
banner motd
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 2 in
privilege level 15
login local
transport input telnet ssh
transport output none
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end-
May 7, 2010 at 8:45 am #2813691
RE: Debug Output
by netman1958 · about 13 years, 10 months ago
In reply to see this tests
Looking through the debug output I don’t see where you tried to ping from the computer to something on the Internet, maybe it’s there and I missed it. I’m only interested in the debug output generated by pinging from a computer to an ip address on the internet such as google’s ip.
-
May 7, 2010 at 1:10 pm #2813657
nat pool
by cg it · about 13 years, 10 months ago
In reply to see this tests
interface Vlan1
description LAN ip static retea
ip address 217.46.201.46 255.255.255.248that subnet mask provides 5 usable addresses with all 1s and all 0s excluded [the -2]. So if you have more than 5 hosts, you need to change your LAN subnet mask. If your VLANs are different subnets [sub interfaces], as shown in your route table, each subnet going out the WAN has to do NAT. So your inside NAT access list has to cover the vlan subnets, and the NAT pool has to cover all the hosts on each of the vlan subnets.
if this 871 is used as a perimeter router/firewall that does NAT, you need to create a natpool, then assign a range of address to use in the nat pool.
after that you need to create an access list example:
access-list 1 permit[space][subnet][space][mask] (0.0.0.255 in this format, whatever subnet mask you use on the lan where the 255 is the last octet of the host portion of mask and the 0s represent the network portion of the mask).
Since you can ping google or yahoo through the WAN interface via you ATM connection from the console, then your router is routing ICMP packets.
for hosts to get outside, your router has to do many to one NAT [unless you do one to one mapping. If so, then that is simply creating a static route for the routing table.
-
-
-
AuthorReplies