General discussion

  • Creator
    Topic
  • #2214040

    Cisco 857 configuration for BT DSL

    Locked

    by phid2002 ·

    Hi i hope there is somebody who can take a look at this configuration of a Cisco Router 857 and tell me where is the mistake. I managed to get connected to the dsl line, meaning i received the DNS servers and IP automatically from the ISP but i can’t ping outside, i don’t have internet on my local network.

    Building configuration…

    Current configuration : 5940 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname TEST
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200
    logging console critical
    enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
    !
    no aaa new-model
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    !
    crypto pki trustpoint TP-self-signed-1984768014
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1984768014
    revocation-check none
    rsakeypair TP-self-signed-1984768014
    !
    !
    crypto pki certificate chain TP-self-signed-1984768014
    certificate self-signed 01
    30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31393834 37363830 3134301E 170D3032 30333031 30383031
    32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39383437
    36383031 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BF90 46E2657C ED3A3C8B 212982D7 003928B5 F6996ECB 912BDA36 F3AA502D
    40B4FCB9 4AC16FBD 81607E79 15E7B645 D7D12138 A4DBB51A 99DBCCE4 0A5D3909
    F2873C03 2722160B 37CD1753 5593FCD9 AB01964D 3CAF41BF AB5CD0F8 BCDD4DF5
    CFB00FB7 777C4C04 B2DA582D 28983C76 D557D8C0 17E2C624 01308547 E4ABCF85
    97F50203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
    551D1104 1D301B82 19706861 726D6368 656D2E70 6861726D 6368656D 2E636F2E
    756B301F 0603551D 23041830 168014D6 638242D5 EEAE00A4 C3516D48 25A21B7A
    0584A230 1D060355 1D0E0416 0414D663 8242D5EE AE00A4C3 516D4825 A21B7A05
    84A2300D 06092A86 4886F70D 01010405 00038181 004AF457 EE5E7588 90C3777E
    E666C0AE 93FF7261 83852E61 725BDB21 DA6E9DF1 9CFFA72C AB6FB850 BFBCD2AF
    8BB68C2D 7BB55276 409C034C 15E0BEC9 832B65A3 30243E62 ADEBBAD1 E7DF0871
    8AB5CF74 0F5D4B35 9F84E603 F1190E26 2FCAE8FB 27E946BE F02F590A B61A678C
    09F92375 2BA804C6 B647EC55 BFAAD26A D04451DD F2
    quit
    dot11 syslog
    no ip source-route
    !
    !
    ip cef
    no ip bootp server
    ip domain name test.co.uk
    !
    !
    !
    username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip tcp synwait-time 10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    !
    interface ATM0
    description British Telecom – BT
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache policy
    ip route-cache flow
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$$FW_OUTSIDE$
    ip nat outside
    ip virtual-reassembly
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    description LAN ip static retea
    ip address 80.138.81.181 255.255.255.248
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache same-interface
    ip route-cache policy
    ip route-cache flow
    ip tcp adjust-mss 1452
    hold-queue 100 in
    hold-queue 100 out
    !
    interface Dialer0
    ip address negotiated
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 1492
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip route-cache policy
    ip route-cache flow
    dialer pool 1
    dialer idle-timeout 0
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname username@BT
    ppp chap password 7 passBT
    ppp pap sent-username username@BT password 7 passBT
    ppp ipcp dns request
    ppp ipcp mask request
    ppp ipcp route default
    ppp ipcp address accept
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface ATM0.1 overload
    !
    ip access-list standard ACL_DIALER0_OUT
    remark CCP_ACL Category=1
    permit any
    !
    ip access-list extended ACL_DIALER0_IN
    remark DHCP
    remark CCP_ACL Category=16
    permit udp any any eq bootpc
    permit udp any any eq bootps
    !
    logging trap debugging
    access-list 1 permit 0.0.0.0
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 80.138.81.180 0.0.0.7
    dialer-list 1 protocol ip permit
    no cdp run
    !
    control-plane
    !
    !
    line con 0
    login local
    no modem enable
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    transport output none
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end

All Comments

  • Author
    Replies
    • #2830253

      Do this

      by netman1958 ·

      In reply to Cisco 857 configuration for BT DSL

      on one of your computers on the LAN, open a command prompt and run “ipconfig /all” and post the output.

      • #2830068

        ipconfig

        by phid2002 ·

        In reply to Do this

        IP 80.138.81.184
        Subnet 255.255.255.248
        Gateway 80.138.81.181

        • #2830065

          related info

          by phid2002 ·

          In reply to ipconfig

          on the cisco router there is a software cisco CP and when i trying to test the interface it’s showing the same thing … like after connecting to the dsl line the router takes the dns and the ip but when pinging the dns it shows timeout

        • #2829987

          RE: Related info

          by netman1958 ·

          In reply to related info

          What is a “software cisco CP”? I’m not familiar with that term.

        • #2829988

          Additional questions

          by netman1958 ·

          In reply to ipconfig

          What did the ipconfig results show for the DNS server(s)? Also, how did you come to use 80.138.81.184 255.255.255.248 as an internal IP? That is a public IP and is not usually used on hosts in the LAN. Further, with the subnet mask 255.255.255.248, 80.138.81.184 is not a usable IP. I’m surprised your computer didn’t reject it.

        • #3025216

          ip

          by phid2002 ·

          In reply to Additional questions

          Cisco provides a CD with a software Cisco CP Express.

          actually at this stage i gave a Netgear router working , and we have 5 static ip from the ISP and it is xxx.xxx.xxx.41 – xxx.xxx.xxx.46 , one ip is for the router, one is for the server 2003, and the other 3 for other 3 servers. the subnet mask is 255.255.255.248 on all of them and is working becasue

        • #3025196

          Does that mean

          by netman1958 ·

          In reply to ip

          That you decided to use the Netgear instead of the Cisco and that everything is working now? Or do you still want to use the Cisco? I’m confused as to what the static range xxx.xxx.xxx.41 – xxx.xxx.xxx.46 has to do with the 80.138.81.184 that you are using on your LAN.

        • #3025182

          means

          by phid2002 ·

          In reply to Does that mean

          I want to use Cisco instead of Netgear because we have lots of hang up / frezzeing of Netgear router and cisco is more reliable

          This IP 80.138.81.184 is not real in this post i just puted as a orientation the real one is
          xxx.xxx.xxx.46

        • #3025150

          Making more sense now

          by netman1958 ·

          In reply to means

          In your current setup using the Netgear, are you using the public IP Addresses directly on the servers are is the Netgear using static NAT to map the public IPs to private IPs that are assigned to the servers?

          According to the Cisco config you posted, the router is getting it’s IP via DHCP and is “NATing” all outbound traffic to that IP.

    • #3025146

      ping from console it’s working

      by phid2002 ·

      In reply to Cisco 857 configuration for BT DSL

      ping from console it’s working but on the network i still don’t have access and the ip of the pc has the sme class like the ip of the router and the same mask and the gateway is the same ip og the router ip

      • #3025135

        Info Needed

        by netman1958 ·

        In reply to ping from console it’s working

        On the Cisco, while it is connected to the DSL circuit, run this command:
        “show interface Dialer0”
        I need the output from that. If you don’t want to post it here, you can send me a PM with the info.

        • #3025091

          posting

          by phid2002 ·

          In reply to Info Needed

          i’ll post it tomorrow …
          at this stage it working the connection, the issue is between the router and the LAN

        • #3025087

          Before you go much further

          by netman1958 ·

          In reply to posting

          Give this a try a let me know the results.
          Remove this line from your Cisco config:
          “ip nat inside source list 1 interface ATM0.1 overload”
          You can remove it with the command:
          “no ip nat inside source list 1 interface ATM0.1 overload”
          Then try accessing the Internet from a machine on your LAN. If that doesn’t help then you can add the NAT statement back with:
          “ip nat inside source list 1 interface ATM0.1 overload”

        • #3024939

          NAT statement

          by phid2002 ·

          In reply to Before you go much further

          it’s still not working with the statement removed even with the statement changed
          ip nat inside source list 1 interface Dialer0 overload

        • #3024911

          More NAT

          by netman1958 ·

          In reply to NAT statement

          According to this article, I’m pretty sure you are going to have to leave the NAT statement out:
          http://btbusiness.custhelp.com/app/answers/detail/a_id/9430/c/426,427,1951

          How are you testing? Are you using pings? If so, are you pinging a URL such as http://www.google.com or are you pinging an ip address? If you haven’t already done so, try pinging an ip address that you know replies to pings.

          Also, try running a traceroute to a known ip address (traceroute xx.xx.xx.xx) and post the output.

        • #2816542

          ping from console it’s working

          by phid2002 ·

          In reply to More NAT

          i’m pinging both using URL as http://www.google.com and IP address and it’s working.
          If i remove NAT or keep it it’s still works only the PC can’t access the internet

        • #2816536

          RE: ping from console it’s working

          by netman1958 ·

          In reply to More NAT

          When you ping from the router console, the source address is the dialer0 address. When you ping from a computer the source address is the ip of the computer. Try an extended ping from the router and then specify the vlan1 ip as the source. Example:
          Cisco-831#ping
          Protocol [ip]:
          Target IP address: 72.14.253.104
          Repeat count [5]:
          Datagram size [100]:
          Timeout in seconds [2]:
          Extended commands [n]: y
          Source address or interface: 192.168.69.1
          Type of service [0]:
          Set DF bit in IP header? [no]:
          Validate reply data? [no]:
          Data pattern [0xABCD]:
          Loose, Strict, Record, Timestamp, Verbose[none]:
          Sweep range of sizes [n]:
          Type escape sequence to abort.
          Sending 5, 100-byte ICMP Echos to 72.14.253.104, timeout is 2 seconds:
          Packet sent with a source address of 192.168.69.1
          !!!!!
          Success rate is 100 percent (5/5), round-trip min/avg/max = 72/82/96 ms

          Let me know if you get replies using the vlan1 ip as a source.

        • #2816535

          Clarification

          by netman1958 ·

          In reply to More NAT

          Are you able to ping from a computer but just not able to access a web page or do pings fail from the computer? If you are able to ping from the computers but not open a web page, try adding this line under the dialer0 interface:
          ip tcp adjust-mss 1452

        • #3024958

          show dialer0

          by phid2002 ·

          In reply to Info Needed

          router#show int Dialer0
          Dialer0 is up, line protocol is up (spoofing)
          Hardware is Unknown
          Internet address is 81.130.125.138/32
          MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
          reliability 255/255, txload 1/255, rxload 1/255
          Encapsulation PPP, loopback not set
          Keepalive set (10 sec)
          DTR is pulsed for 1 seconds on reset
          Interface is bound to Vi2
          Last input never, output never, output hang never
          Last clearing of “show interface” counters 00:02:02
          Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
          Queueing strategy: weighted fair
          Output queue: 0/1000/64/0 (size/max total/threshold/drops)
          Conversations 0/0/16 (active/max active/max total)
          Reserved Conversations 0/0 (allocated/max allocated)
          Available Bandwidth 42 kilobits/sec
          5 minute input rate 0 bits/sec, 0 packets/sec
          5 minute output rate 0 bits/sec, 0 packets/sec
          44 packets input, 3035 bytes
          46 packets output, 2693 bytes
          Bound to:
          Virtual-Access2 is up, line protocol is up
          Hardware is Virtual Access interface
          MTU 1500 bytes, BW 1079 Kbit/sec, DLY 20000 usec,
          reliability 255/255, txload 1/255, rxload 1/255
          Encapsulation PPP, LCP Open
          Open: IPCP
          PPPoATM vaccess, cloned from Dialer0
          Vaccess status 0x44
          Bound to ATM0.1 VCD: 1, VPI: 0, VCI: 38, loopback not set
          Keepalive set (10 sec)
          DTR is pulsed for 5 seconds on reset
          Interface is bound to Di0 (Encapsulation PPP)
          Last input 00:00:38, output never, output hang never
          Last clearing of “show interface” counters 00:00:48
          Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
          Queueing strategy: fifo
          Output queue: 0/40 (size/max)
          5 minute input rate 0 bits/sec, 1 packets/sec
          5 minute output rate 0 bits/sec, 1 packets/sec
          56 packets input, 3264 bytes, 0 no buffer
          Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
          0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
          57 packets output, 2973 bytes, 0 underruns
          0 output errors, 0 collisions, 0 interface resets
          0 unknown protocol drops
          0 output buffer failures, 0 output buffers swapped out
          0 carrier transitions

    • #2816279

      new configuration and testing

      by phid2002 ·

      In reply to Cisco 857 configuration for BT DSL

      This is a BT Business Class Service. I have 5 static IP, one used for router and other 4 for internal devices.

      Router#traceroute 217.37.85.211

      Type escape sequence to abort.
      Tracing the route to host217-37-85-211.in-addr.btopenworld.com (217.37.85.211)

      1 host81-134-64-1.in-addr.btopenworld.com (81.134.64.1) 28 msec 32 msec 28 mse
      c
      2 213.120.182.141 32 msec 32 msec 28 msec
      3 213.120.161.82 32 msec 28 msec 28 msec
      4 217.41.222.30 32 msec 32 msec 28 msec
      5 217.41.222.161 32 msec 32 msec 28 msec
      6 213.120.161.81 32 msec 28 msec 32 msec
      7 213.120.182.132 28 msec 32 msec 36 msec
      8 host81-130-104-119.in-addr.btopenworld.com (81.130.104.119) 56 msec 52 msec
      52 msec
      9 host81-130-104-119.in-addr.btopenworld.com (81.130.104.119) 56 msec 60 msec
      52 msec
      10 host217-37-85-211.in-addr.btopenworld.com (217.37.85.211) 56 msec 56 msec 60
      msec

      -interface of the Dialer0

      Router#show int Dialer0
      Dialer0 is up, line protocol is up (spoofing)
      Hardware is Unknown
      Internet address is 81.134.93.192/32
      MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
      reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation PPP, loopback not set
      Keepalive set (10 sec)
      DTR is pulsed for 1 seconds on reset
      Interface is bound to Vi2
      Last input never, output never, output hang never
      Last clearing of “show interface” counters 00:15:44
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: weighted fair
      Output queue: 0/1000/64/0 (size/max total/threshold/drops)
      Conversations 0/0/16 (active/max active/max total)
      Reserved Conversations 0/0 (allocated/max allocated)
      Available Bandwidth 42 kilobits/sec
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
      505 packets input, 43688 bytes
      276 packets output, 8525 bytes
      Bound to:
      Virtual-Access2 is up, line protocol is up
      Hardware is Virtual Access interface
      MTU 1500 bytes, BW 1083 Kbit/sec, DLY 20000 usec,
      reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation PPP, LCP Open
      Open: IPCP
      PPPoATM vaccess, cloned from Dialer0
      Vaccess status 0x44
      Bound to ATM0.1 VCD: 1, VPI: 0, VCI: 38, loopback not set
      Keepalive set (10 sec)
      DTR is pulsed for 5 seconds on reset
      Interface is bound to Di0 (Encapsulation PPP)
      Last input 00:00:02, output never, output hang never
      Last clearing of “show interface” counters 00:13:11
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
      532 packets input, 44256 bytes, 0 no buffer
      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
      298 packets output, 9085 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 unknown protocol drops
      0 output buffer failures, 0 output buffers swapped out
      0 carrier transitions

      ROUTER CONFIGURATION

      Router#show conf
      Using 4225 out of 131072 bytes
      !
      version 12.4
      no service pad
      service tcp-keepalives-in
      service tcp-keepalives-out
      service timestamps debug datetime msec localtime show-timezone
      service timestamps log datetime msec localtime show-timezone
      service password-encryption
      service sequence-numbers
      !
      hostname XXXXX
      !
      boot-start-marker
      boot-end-marker
      !
      logging buffered 51200
      logging console critical
      enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
      !
      no aaa new-model
      clock timezone PCTime 0
      clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
      !
      crypto pki trustpoint TP-self-signed-1984768014
      enrollment selfsigned
      subject-name cn=IOS-Self-Signed-Certificate-1984768014
      revocation-check none
      rsakeypair TP-self-signed-1984768014
      !
      !
      crypto pki certificate chain TP-self-signed-1984768014
      certificate self-signed 01 nvram:IOS-Self-Sig#9.cer
      dot11 syslog
      no ip source-route
      !
      !
      ip cef
      no ip bootp server
      ip domain name XXXXX
      ip name-server 194.72.9.34
      ip name-server 194.72.0.98
      !
      !
      !
      username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
      !
      !
      archive
      log config
      hidekeys
      !
      !
      ip tcp synwait-time 10
      ip ssh time-out 60
      ip ssh authentication-retries 2
      !
      !
      !
      interface ATM0
      description British Telecom – BT
      no ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip route-cache policy
      ip route-cache flow
      no atm ilmi-keepalive
      dsl operating-mode auto
      !

    • #2813756

      ping statement

      by phid2002 ·

      In reply to Cisco 857 configuration for BT DSL

      Router#ping 217.46.201.44 source Dialer0

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
      Packet sent with a source address of 81.130.97.44
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

      Router#ping 217.46.201.46
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.46, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

      Router#ping http://www.google.co.uk
      Translating “www.google.co.uk”…domain server (194.72.9.34) [OK]
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms

      Route#ping http://www.google.co.uk source Vlan1
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
      Packet sent with a source address of 217.46.201.46
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/52 ms

      Router#ping http://www.google.co.uk source Dialer0
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
      Packet sent with a source address of 81.130.97.44
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms

      Router#ping 217.46.201.44 source Dialer0
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
      Packet sent with a source address of 81.130.97.44
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

      Router#ping 217.46.201.44 source Vlan1
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
      Packet sent with a source address of 217.46.201.46
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

      • #2813711

        Debug

        by netman1958 ·

        In reply to ping statement

        Add this access-list:
        access-list 100 permit ip any host 66.102.9.104
        access-list 100 permit ip host 66.102.9.104 any
        Then run this debug:
        debug ip packet 100
        Then go to a computer and try to ping 66.102.9.104. Then go to the router and copy the output from the debug and post it. Turn the debug off with “undebug all”.

        • #2813672

          debug works

          by phid2002 ·

          In reply to Debug

          using this it;s working i couldn’t do debug because i needed to go, but this is the problem, setting the acces list

        • #2813663

          RE: Access List

          by netman1958 ·

          In reply to debug works

          Configuring that access-list shouldn’t have affected anything but the debug output. If it had an affect on the router passing traffic then the configs you posted aren’t complete. Did you use 100 for the access-list number and if so look through the config again and see if you already had access-group 100 appied to any interface.

    • #2813706

      need to see the output of these command.

      by cg it ·

      In reply to Cisco 857 configuration for BT DSL

      In Exec mode

      type sh ip route

      also sh controller

      The post the config.

      Didn’t you get SDM with your 871? if not you really should use the SDM software. Makes it easy to config the router.

      added:

      If you want to use all of your public addresses, then you have to use static routing for those public addresses that go directly to a host. If you want to share the public addresses with all LAN hosts, you do NAT.

      you’ll need a NAT pool and access list for the subnet. I don’t see a NAT pool list in the config.

      Added: [as I look at the run config]:

      I get using a subinterface for your fastethernet port [wan port] your ATM connection to your ISP,

      How are hosts on the LAN communcating with the 871?

      while switchports 1,2,3 operate as simple store and forward switching, I wonder why you’ve configured the vlan settings that you have.

      • #2813700

        to CG IT

        by phid2002 ·

        In reply to need to see the output of these command.

        witch SDM software you are speaking about ? I have a Cisco CP software CD with manual and this software Cisco CP Express.

        For the NAT issue , i gave allready tryied same config with NAT settings inside for Vlan1 and outside for Dialer0.
        Also tried with access list, same thing.

        On the LAN from the PC i’m working i can ping , access the router but pinging outside no answer.

        I configured de Vlan1 to use the public ip i hjave from the ISP.

        • #2813654

          Cisco Security Device Manager [SDM]

          by cg it ·

          In reply to to CG IT

          web based management and configuration utility for Cisco devices like the 800 series routers.

          vlan 1 is the default vlan for lan switchports. If you configured a lan switchport with a public IP address, then what are clients using to connect to the 871?

    • #2813696

      see this tests

      by phid2002 ·

      In reply to Cisco 857 configuration for BT DSL

      Router#ping http://www.google.ro

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.99, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms

      Router#show ip route
      Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
      D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
      N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
      E1 – OSPF external type 1, E2 – OSPF external type 2
      i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
      ia – IS-IS inter area, * – candidate default, U – per-user static route
      o – ODR, P – periodic downloaded static route

      Gateway of last resort is 81.134.64.1 to network 0.0.0.0

      217.46.201.0/29 is subnetted, 1 subnets
      C 217.46.201.40 is directly connected, Vlan1
      81.0.0.0/32 is subnetted, 2 subnets
      C 81.134.75.9 is directly connected, Dialer0
      C 81.134.64.1 is directly connected, Dialer0
      S* 0.0.0.0/0 [1/0] via 81.134.64.1
      is directly connected, Dialer0

      Router#ping http://www.google.co.uk source vlan1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.99, timeout is 2 seconds:
      Packet sent with a source address of 217.46.201.46
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms

      Router#ping 217.46.201.44 source Dialer0

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
      Packet sent with a source address of 81.130.97.44
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

      Router#ping 217.46.201.46

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.46, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

      Router#ping http://www.google.co.uk

      Translating “www.google.co.uk”…domain server (194.72.9.34) [OK]

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms

      Route#ping http://www.google.co.uk source Vlan1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
      Packet sent with a source address of 217.46.201.46
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/52 ms

      Router#ping http://www.google.co.uk source Dialer0

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 66.102.9.104, timeout is 2 seconds:
      Packet sent with a source address of 81.130.97.44
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms

      Router#ping 217.46.201.44 source Dialer0

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
      Packet sent with a source address of 81.130.97.44
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

      Router#ping 217.46.201.44 source Vlan1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 217.46.201.44, timeout is 2 seconds:
      Packet sent with a source address of 217.46.201.46
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

      C:\Documents and Settings\patrick>netstat -r

      Route Table
      ===========================================================================
      Interface List
      0x1 ……………………… MS TCP Loopback interface
      0x2 …00 25 b3 53 4f f2 …… Marvell Yukon 88E8042 PCI-E Fast Ethernet Contro
      ller – Packet Scheduler Miniport
      0x3 …00 1f 3c da f4 c7 …… Intel(R) PRO/Wireless 3945ABG Network Connection
      – Packet Scheduler Miniport
      ===========================================================================
      ===========================================================================
      Active Routes:
      Network Destination Netmask Gateway Interface Metric
      0.0.0.0 0.0.0.0 217.46.201.46 217.46.201.44 20
      127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
      217.46.201.40 255.255.255.248 217.46.201.44 217.46.201.44 20
      217.46.201.44 255.255.255.255 127.0.0.1 127.0.0.1 20
      217.46.201.255 255.255.255.255 217.46.201.44 217.46.201.44 20
      224.0.0.0 240.0.0.0 217.46.201.44 217.46.201.44 20
      255.255.255.255 255.255.255.255 217.46.201.44 217.46.201.44 1
      255.255.255.255 255.255.255.255 217.46.201.44 3 1
      Default Gateway: 217.46.201.46
      ===========================================================================
      Persistent Routes:
      None

      Router#debug ip packet

      IP packet debugging is on
      Router#

      000030: *Mar 1 13:25:59.827 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000031: *Mar 1 13:25:59.827 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      000032: *Mar 1 13:26:03.827 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000033: *Mar 1 13:26:03.827 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      000034: *Mar 1 13:26:09.656 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
      d=217.46.201.41 (Vlan1), routed via RIB
      000035: *Mar 1 13:26:09.656 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), g=217.46.201.41, len 60, forward
      000036: *Mar 1 13:26:09.656 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), len 60, encapsulation failed
      000037: *Mar 1 13:26:11.252 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.47 (Vlan1), routed via RIB
      000038: *Mar 1 13:26:11.252 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      7 (Vlan1), len 236, rcvd 3
      000039: *Mar 1 13:26:14.853 PCTime: IP: tableid=0, s=219.158.14.21 (Dialer0), d
      =217.46.201.45 (Vlan1), routed via RIB
      000040: *Mar 1 13:26:14.853 PCTime: IP: s=219.158.14.21 (Dialer0), d=217.46.201
      .45 (Vlan1), g=217.46.201.45, len 56, forward
      000041: *Mar 1 13:26:14.853 PCTime: IP: s=219.158.14.21 (Dialer0), d=217.46.201
      .45 (Vlan1), len 56, encapsulation failed
      000042: *Mar 1 13:26:18.333 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000043: *Mar 1 13:26:18.333 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      000044: *Mar 1 13:26:18.497 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000045: *Mar 1 13:26:18.497 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 59, rcvd 3
      000046: *Mar 1 13:26:19.333 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000047: *Mar 1 13:26:19.333 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      000048: *Mar 1 13:26:19.497 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000049: *Mar 1 13:26:19.497 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 59, rcvd 3
      000050: *Mar 1 13:26:20.334 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000051: *Mar 1 13:26:20.334 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      000052: *Mar 1 13:26:20.498 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000053: *Mar 1 13:26:20.498 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 59, rcvd 3
      000054: *Mar 1 13:26:22.330 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000055: *Mar 1 13:26:22.334 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      000056: *Mar 1 13:26:22.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000057: *Mar 1 13:26:22.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 56, rcvd 3
      000058: *Mar 1 13:26:22.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000059: *Mar 1 13:26:22.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 64, rcvd 3
      000060: *Mar 1 13:26:22.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000061: *Mar 1 13:26:22.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 70, rcvd 3
      000062: *Mar 1 13:26:22.498 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000063: *Mar 1 13:26:22.498 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 59, rcvd 3
      000064: *Mar 1 13:26:22.666 PCTime: IP: tableid=0, s=219.158.18.245 (Dialer0),
      d=217.46.201.45 (Vlan1), routed via RIB
      000065: *Mar 1 13:26:22.666 PCTime: IP: s=219.158.18.245 (Dialer0), d=217.46.20
      1.45 (Vlan1), g=217.46.201.45, len 56, forward
      000066: *Mar 1 13:26:22.666 PCTime: IP: s=219.158.18.245 (Dialer0), d=217.46.20
      1.45 (Vlan1), len 56, encapsulation failed
      000067: *Mar 1 13:26:23.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000068: *Mar 1 13:26:23.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 56, rcvd 3
      000069: *Mar 1 13:26:23.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000070: *Mar 1 13:26:23.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 70, rcvd 3
      000071: *Mar 1 13:26:23.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000072: *Mar 1 13:26:23.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 64, rcvd 3
      000073: *Mar 1 13:26:24.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000074: *Mar 1 13:26:24.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 56, rcvd 3
      000075: *Mar 1 13:26:24.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000076: *Mar 1 13:26:24.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 64, rcvd 3
      000077: *Mar 1 13:26:24.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000078: *Mar 1 13:26:24.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 70, rcvd 3
      000079: *Mar 1 13:26:26.026 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
      d=217.46.201.41 (Vlan1), routed via RIB
      000080: *Mar 1 13:26:26.026 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), g=217.46.201.41, len 60, forward
      000081: *Mar 1 13:26:26.026 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), len 60, encapsulation failed
      000082: *Mar 1 13:26:26.330 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000083: *Mar 1 13:26:26.330 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      000084: *Mar 1 13:26:26.434 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000085: *Mar 1 13:26:26.434 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 56, rcvd 3
      000086: *Mar 1 13:26:26.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000087: *Mar 1 13:26:26.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 64, rcvd 3
      000088: *Mar 1 13:26:26.438 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000089: *Mar 1 13:26:26.438 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 70, rcvd 3
      000090: *Mar 1 13:26:26.498 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000091: *Mar 1 13:26:26.498 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 59, rcvd 3
      000092: *Mar 1 13:26:29.027 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
      d=217.46.201.41 (Vlan1), routed via RIB
      000093: *Mar 1 13:26:29.027 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), g=217.46.201.41, len 60, forward
      000094: *Mar 1 13:26:29.027 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), len 60, encapsulation failed
      000095: *Mar 1 13:26:30.435 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000096: *Mar 1 13:26:30.435 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 56, rcvd 3
      000097: *Mar 1 13:26:30.435 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000098: *Mar 1 13:26:30.435 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 64, rcvd 3
      000099: *Mar 1 13:26:30.435 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000100: *Mar 1 13:26:30.439 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 70, rcvd 3
      000101: *Mar 1 13:26:33.499 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.47 (Vlan1), routed via RIB
      000102: *Mar 1 13:26:33.499 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      7 (Vlan1), len 78, rcvd 3
      000103: *Mar 1 13:26:34.247 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.47 (Vlan1), routed via RIB
      000104: *Mar 1 13:26:34.247 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      7 (Vlan1), len 78, rcvd 3
      000105: *Mar 1 13:26:34.999 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.47 (Vlan1), routed via RIB
      000106: *Mar 1 13:26:34.999 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      7 (Vlan1), len 78, rcvd 3
      000107: *Mar 1 13:26:35.023 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
      d=217.46.201.41 (Vlan1), routed via RIB
      000108: *Mar 1 13:26:35.023 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), g=217.46.201.41, len 60, forward
      000109: *Mar 1 13:26:35.023 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), len 60, encapsulation failed
      000110: *Mar 1 13:26:37.432 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.47 (Vlan1), routed via RIB
      000111: *Mar 1 13:26:37.436 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      7 (Vlan1), len 78, rcvd 3
      000112: *Mar 1 13:26:38.184 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.47 (Vlan1), routed via RIB
      000113: *Mar 1 13:26:38.184 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      7 (Vlan1), len 78, rcvd 3
      000114: *Mar 1 13:26:38.932 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.47 (Vlan1), routed via RIB
      000115: *Mar 1 13:26:38.932 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      7 (Vlan1), len 78, rcvd 3
      000116: *Mar 1 13:26:40.836 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000117: *Mar 1 13:26:40.836 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3
      pharmchem#
      000118: *Mar 1 13:26:41.836 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000119: *Mar 1 13:26:41.836 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3write mem
      000120: *Mar 1 13:26:42.836 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000121: *Mar 1 13:26:42.836 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 6debug ip packet
      000122: *Mar 1 13:26:44.837 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000123: *Mar 1 13:26:44.837 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1),no de
      000124: *Mar 1 13:26:47.029 PCTime: IP: tableid=0, s=68.171.236.133 (Dialer0),
      d=217.46.201.41 (Vlan1), routed via RIB
      000125: *Mar 1 13:26:47.029 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), g=217.46.201.41, len 60, forward
      000126: *Mar 1 13:26:47.029 PCTime: IP: s=68.171.236.133 (Dialer0), d=217.46.20
      1.41 (Vlan1), len 60, encapsulation failedbug
      000127: *Mar 1 13:26:48.837 PCTime: IP: tableid=0, s=217.46.201.44 (Vlan1), d=2
      17.46.201.46 (Vlan1), routed via RIB
      000128: *Mar 1 13:26:48.837 PCTime: IP: s=217.46.201.44 (Vlan1), d=217.46.201.4
      6 (Vlan1), len 63, rcvd 3 ip packet
      IP packet debugging is off

      And this is the last configuration of the router

      Building configuration…

      Current configuration : 5814 bytes
      !
      version 12.4
      no service pad
      service tcp-keepalives-in
      service tcp-keepalives-out
      service timestamps debug datetime msec localtime show-timezone
      service timestamps log datetime msec localtime show-timezone
      service password-encryption
      service sequence-numbers
      !
      hostname XXXXX
      !
      boot-start-marker
      boot-end-marker
      !
      logging buffered 51200
      logging console critical
      enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
      !
      no aaa new-model
      clock timezone PCTime 0
      clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
      !
      crypto pki trustpoint TP-self-signed-1984768014
      enrollment selfsigned
      subject-name cn=IOS-Self-Signed-Certificate-1984768014
      revocation-check none
      rsakeypair TP-self-signed-1984768014
      !
      !
      crypto pki certificate chain TP-self-signed-1984768014
      certificate self-signed 01
      30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31393834 37363830 3134301E 170D3032 30333031 30383031
      32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39383437
      36383031 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100BF90 46E2657C ED3A3C8B 212982D7 003928B5 F6996ECB 912BDA36 F3AA502D
      40B4FCB9 4AC16FBD 81607E79 15E7B645 D7D12138 A4DBB51A 99DBCCE4 0A5D3909
      F2873C03 2722160B 37CD1753 5593FCD9 AB01964D 3CAF41BF AB5CD0F8 BCDD4DF5
      CFB00FB7 777C4C04 B2DA582D 28983C76 D557D8C0 17E2C624 01308547 E4ABCF85
      97F50203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
      551D1104 1D301B82 19706861 726D6368 656D2E70 6861726D 6368656D 2E636F2E
      756B301F 0603551D 23041830 168014D6 638242D5 EEAE00A4 C3516D48 25A21B7A
      0584A230 1D060355 1D0E0416 0414D663 8242D5EE AE00A4C3 516D4825 A21B7A05
      84A2300D 06092A86 4886F70D 01010405 00038181 004AF457 EE5E7588 90C3777E
      E666C0AE 93FF7261 83852E61 725BDB21 DA6E9DF1 9CFFA72C AB6FB850 BFBCD2AF
      8BB68C2D 7BB55276 409C034C 15E0BEC9 832B65A3 30243E62 ADEBBAD1 E7DF0871
      8AB5CF74 0F5D4B35 9F84E603 F1190E26 2FCAE8FB 27E946BE F02F590A B61A678C
      09F92375 2BA804C6 B647EC55 BFAAD26A D04451DD F2
      quit
      dot11 syslog
      no ip source-route
      !
      !
      ip cef
      no ip bootp server
      ip domain name XXXXX
      ip name-server 194.72.9.34
      ip name-server 194.72.0.98
      !
      !
      !
      username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
      !
      !
      archive
      log config
      hidekeys
      !
      !
      ip tcp synwait-time 10
      ip ssh time-out 60
      ip ssh authentication-retries 2
      !
      !
      !
      interface ATM0
      description British Telecom – BT
      no ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip route-cache policy
      ip route-cache flow
      no atm ilmi-keepalive
      dsl operating-mode auto
      !
      interface ATM0.1 point-to-point
      description $ES_WAN$$FW_OUTSIDE$
      ip virtual-reassembly
      pvc 0/38
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
      !
      !
      interface FastEthernet0
      !
      interface FastEthernet1
      !
      interface FastEthernet2
      !
      interface FastEthernet3
      !
      interface Vlan1
      description LAN ip static retea
      ip address 217.46.201.46 255.255.255.248
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip virtual-reassembly
      no ip route-cache cef
      no ip route-cache
      ip tcp adjust-mss 1452
      hold-queue 100 in
      hold-queue 100 out
      !
      interface Dialer0
      ip address negotiated
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip mtu 1492
      ip virtual-reassembly
      encapsulation ppp
      ip route-cache policy
      ip route-cache flow
      dialer pool 1
      dialer idle-timeout 0
      dialer-group 1
      no cdp enable
      ppp authentication chap callin
      ppp chap hostname user@BT
      ppp chap password 7 passBT
      ppp pap sent-username user@BT password 7 passBT
      ppp ipcp dns request
      ppp ipcp mask request
      ppp ipcp route default
      ppp ipcp address accept
      !
      ip forward-protocol nd
      ip route 0.0.0.0 0.0.0.0 Dialer0
      !
      ip http server
      ip http authentication local
      ip http secure-server
      ip http timeout-policy idle 60 life 86400 requests 10000
      !
      logging trap debugging
      access-list 1 permit any
      access-list 1 permit 217.46.201.40 0.0.0.7
      access-list 1 remark INSIDE_IF=Vlan1
      access-list 1 remark CCP_ACL Category=2
      dialer-list 1 protocol ip permit
      no cdp run
      !
      control-plane
      !
      banner exec ^CC
      % Password expiration warning.
      ———————————————————————–

      ———————————————————————–
      ^C
      banner login ^CCAuthorized access only!
      Disconnect IMMEDIATELY if you are not an authorized user!^C
      banner motd
      !
      line con 0
      login local
      no modem enable
      transport output telnet
      line aux 0
      login local
      transport output telnet
      line vty 0 4
      access-class 2 in
      privilege level 15
      login local
      transport input telnet ssh
      transport output none
      !
      scheduler max-task-time 5000
      scheduler allocate 4000 1000
      scheduler interval 500
      end

      • #2813691

        RE: Debug Output

        by netman1958 ·

        In reply to see this tests

        Looking through the debug output I don’t see where you tried to ping from the computer to something on the Internet, maybe it’s there and I missed it. I’m only interested in the debug output generated by pinging from a computer to an ip address on the internet such as google’s ip.

      • #2813657

        nat pool

        by cg it ·

        In reply to see this tests

        interface Vlan1
        description LAN ip static retea
        ip address 217.46.201.46 255.255.255.248

        that subnet mask provides 5 usable addresses with all 1s and all 0s excluded [the -2]. So if you have more than 5 hosts, you need to change your LAN subnet mask. If your VLANs are different subnets [sub interfaces], as shown in your route table, each subnet going out the WAN has to do NAT. So your inside NAT access list has to cover the vlan subnets, and the NAT pool has to cover all the hosts on each of the vlan subnets.

        if this 871 is used as a perimeter router/firewall that does NAT, you need to create a natpool, then assign a range of address to use in the nat pool.

        after that you need to create an access list example:

        access-list 1 permit[space][subnet][space][mask] (0.0.0.255 in this format, whatever subnet mask you use on the lan where the 255 is the last octet of the host portion of mask and the 0s represent the network portion of the mask).

        Since you can ping google or yahoo through the WAN interface via you ATM connection from the console, then your router is routing ICMP packets.

        for hosts to get outside, your router has to do many to one NAT [unless you do one to one mapping. If so, then that is simply creating a static route for the routing table.

Viewing 5 reply threads