Questions

Cisco 871w 12.4-11.T1 Can't get IP config from Road Runner

+
0 Votes
Locked

Cisco 871w 12.4-11.T1 Can't get IP config from Road Runner

rlj
I inadvertently posted this to the wrong forum originally as pointed out with such grace and kindness from "Why Me Worry?" in New York. Reposted to correct forum.

************************************************

I used the template from Tech Republic labeled 851w_dhcp_config_worksheet.xls that is formally titled ?CLI template for Cisco 851w/871w standard ios.?

I figured it would be a good starting point at the very least. However my experience over the past 5 days or so has proven to be an exercise in frustration.

To begin with, I do have at least a small clue most of the time. I was (have let it lapse) a CCNP for a while. It seems now that I have forgotten too much and I am digging again.

I strongly suspect that it is much more a problem with Time Warner / Road Runner than anything else. Using the word Cisco in the same sentence that requests help from Road Runner tech support is akin to teaching a pig to sing. It really annoy's the pig.

I feel for them, they are put in the situation of supporting a network with nothing more than a script and the majority of them haven't got a clue and I'm sure they aren't paid very well. Most unfortunate. But I regress, sorry.

There was one interesting (at least to me) statement made from tech support that they showed 2 IP addresses associated with my connection. I thought that they were only supposed to give me one. I have rebooted the WebStar cable modem so many times now that the power plug is showing wear.

After fighting with this for a while I finally went back to the factory settings and tried to run the SDM to see what was different. The result was that I indeed get an IP address. Of course it also passed it to the laptop I was using to configure the router with. I figured I could beat on the NAT setup afterwords if I at least had an address and was able to get out. Unfortunately, after a few seconds, <minute the connection dropped and I was back to square one. Inside the local gateway the function is flawless all the way to the local gateway. Past that is a black hole.

I set up a statically configured ip address, net mask, gateway, dhcp server, and dns servers that I gleaned from ipconfig /all when the laptop was connected directly to the modem. Everything but pinging the host worked. It showed the interface status as up, DNS settings as successful, IP address as successful, exit interface as successful, and pinging to destination host as failed. Now remember I just said that I configured these settings as static from the ipconfig /all screen.

The reasons for failure were cited as ?The detected DNS servers or the IP address of hostname specified are unreachable or not responding.?

The recommended actions were to ?Contact your WAN administrator or ISP and check the DNS server configuration or retry with a different IP address / hostname.? & ?Contact your WAN administrator or ISP and verify encapsulation.?

I did this to no avail, the people I spoke with honestly didn't know. Very frustrating. I'll try again here in a little while.

To sum up the entire scenario, using DHCP I get an address ?sometimes? and it passes to the configuration computer. I can't ping outside the router or get to web sites or anything else after a period of time minute. If I set it up as static, I get the above stated results but still can't get past the router. The main thing is that the router does not appear to be getting the correct configuration information during the dhcp load from road runner and that if configured statically I still can't get out. In my mind this is definitely on their end. The outside connection, fastethernet4, is all that is not working. And yes I have tried this with no firewall/accesslist configured.

As a side note I have a Netgear WGT624 that works without a glitch at all and it has a super g radio for 108 Mbts wireless. Another question is related to whether or not I could upgrade the radio in the Cisco to super g without too much trouble. That would be nice if I can ever get this blasted thing working correctly.

Below you will see the current configuration. Maybe you will spot something I didn't or maybe you can point me to a document that tells me or road runner or both how to correct this situation.

Thanks in advance for input you may provide.

Take care, rlj

**********************************************
IOS is c870-advsecurityk9-mz.124-11.T1.bin
**********************************************
This is the running config of the router: 10.0.1.253
----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname iamaroutername
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 iamapassword
!
no aaa new-model
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 (oops, I can at least fix this)
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.253
!
ip dhcp pool sdm-pool1
import all
network 10.0.1.0 255.255.255.0
dns-server 24.93.41.125 24.93.41.126
default-router 10.0.1.253
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name bedrockhill.com
ip name-server 24.93.41.125
ip name-server 24.93.41.126
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-xxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxx
revocation-check none
rsakeypair TP-self-signed-xxxxxxxx
!
!
crypto pki certificate chain TP-self-signed-xxxxxxxx
certificate self-signed 01
bla bla bla bla etc.
quit
!
!
username Fred Flintstone privilege 15 secret 5 iamasecretpassword
!
!
!
bridge irb
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet4
ip broadcast-address 0.0.0.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
ip broadcast-address 0.0.0.0
!
ssid xxxxwless
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 (sure do wish it had 108 listed)
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip broadcast-address 10.0.1.0
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.0.1.253 255.255.255.0
ip broadcast-address 10.0.1.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.0.1.1 bla interface FastEthernet4 bla
ip nat inside source static udp 10.0.1.1 bla interface FastEthernet4 bla
ip nat inside source static tcp 10.0.1.1 bla interface FastEthernet4 bla
ip nat inside source static udp 10.0.1.1 bla interface FastEthernet4 bla
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 24.93.41.126 eq domain any
access-list 101 permit udp host 24.93.41.125 eq domain any
access-list 101 permit udp any any eq bla
access-list 101 permit tcp any any eq bla
access-list 101 permit udp any any eq bla
access-list 101 permit tcp any any eq bla
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.0.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C (ooooo scary huh?)
!
line con 0
login local
no modem enable
transport output telnet
speed 115200
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
  • +
    0 Votes
    CG IT

    I'd see if you could send a private message or whatever to either Dave Davis or George Ou. Their the resident Cisco gurus.


    Time Warner probably wouldn't know anything about Cisco stuff. Their customer service basically knows the consumer level products.

    But the WAN port on the 871 requires dynamic addressing support to work with Time Warner Cable Internet unless you get a static address from them.

    +
    0 Votes
    rlj

    OK I give! Can't stand it anymore. Cisco doesn't care. Time warner doesn't care. For that matter......................

    never mind.

    I do have a solution. Sonic wall. At least I can get some support.

    After the way Cisco has acted towards me the past few times I have tried to deal with them, I QUIT.

    FOR SALE Cisco 871w. CHEAP!!!!!


    GGGGGGGGGGGGGGGGGGGRRRRRRRRRRRRRRRRRRRRRRRR!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    +
    0 Votes

    lol

    CG IT

    do you know anything about Cisco IOS? if not, then I would say go get a SonicWall that has a GUI that's user friendly. The Cisco 871 has a configuration program on the CD that came with the router. you might try that. It will configure the router for you instead of having to work with IOS if you don't know anything about it or rely upon others like George or Dave who make up templates.

    +
    0 Votes
    rlj

    well a little or I wouldn't have gotten my ccnp.

    It has lapsed and I haven't been active for about 3 years. However, I do know a little.

    Just fed up with Cisco and their bs policies.

    +
    0 Votes
    ggraham2

    I'm not an expert but this might help.

    ip route 0.0.0.0 0.0.0.0 DHCP

    +
    0 Votes
    antispam1

    I sniffed the DHCP traffic between my 871 and Charter (my ISP) a few months ago. I think I have the problem identified. I'll explain as best I recall. I'm trying to find my capture files to confirm, but haven't located them yet.

    As you probably know, the DHCP session is a series of 4 exchanges. The client DISCOVER broadcast, the DHCP server OFFER, the client REQUEST to the server, and the final server ACK response.

    Here's what I see happening. The 871 router sends the DHCP DISCOVER, and Charter's DHCP server OFFER packet replies with a destination IP of 255.255.255.255, rather than the unicast address intended for the client to use (such as 192.168.1.1). Most DHCP servers use the destination address intended for the client in the OFFER message.

    It appears to me that the Cisco ignores the OFFER message with a destination of 255.255.255.255.

    As I recall, the related RFC's for DHCP permit a DHCP server to use a destination address of 255.255.255.255 in the OFFER, and the Cisco even has a similar command (ip dhcp limited-broadcast-address) used for when the router is the DHCP server.

    I discovered this probably 6 months or so ago, but since I do not have Smartnet on this particular router, I haven't opened a TAC case.

    I know this goes way back, because I've been doing this a long time. It was just 6 months or so ago that I decided to figure out what the problem was.

    For a workaround, since Charter leaves me with the same "dynamic" IP address for at least a year or longer, I usually just pull an IP with a PC, then configure the router with the MAC address from the PC that I used, and a static IP address (the one the PC was assigned). That usually tricks the cable system into thinking it's talking to the same device that pulled the original IP. With Charter, this usually lasts me about a year.

  • +
    0 Votes
    CG IT

    I'd see if you could send a private message or whatever to either Dave Davis or George Ou. Their the resident Cisco gurus.


    Time Warner probably wouldn't know anything about Cisco stuff. Their customer service basically knows the consumer level products.

    But the WAN port on the 871 requires dynamic addressing support to work with Time Warner Cable Internet unless you get a static address from them.

    +
    0 Votes
    rlj

    OK I give! Can't stand it anymore. Cisco doesn't care. Time warner doesn't care. For that matter......................

    never mind.

    I do have a solution. Sonic wall. At least I can get some support.

    After the way Cisco has acted towards me the past few times I have tried to deal with them, I QUIT.

    FOR SALE Cisco 871w. CHEAP!!!!!


    GGGGGGGGGGGGGGGGGGGRRRRRRRRRRRRRRRRRRRRRRRR!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    +
    0 Votes

    lol

    CG IT

    do you know anything about Cisco IOS? if not, then I would say go get a SonicWall that has a GUI that's user friendly. The Cisco 871 has a configuration program on the CD that came with the router. you might try that. It will configure the router for you instead of having to work with IOS if you don't know anything about it or rely upon others like George or Dave who make up templates.

    +
    0 Votes
    rlj

    well a little or I wouldn't have gotten my ccnp.

    It has lapsed and I haven't been active for about 3 years. However, I do know a little.

    Just fed up with Cisco and their bs policies.

    +
    0 Votes
    ggraham2

    I'm not an expert but this might help.

    ip route 0.0.0.0 0.0.0.0 DHCP

    +
    0 Votes
    antispam1

    I sniffed the DHCP traffic between my 871 and Charter (my ISP) a few months ago. I think I have the problem identified. I'll explain as best I recall. I'm trying to find my capture files to confirm, but haven't located them yet.

    As you probably know, the DHCP session is a series of 4 exchanges. The client DISCOVER broadcast, the DHCP server OFFER, the client REQUEST to the server, and the final server ACK response.

    Here's what I see happening. The 871 router sends the DHCP DISCOVER, and Charter's DHCP server OFFER packet replies with a destination IP of 255.255.255.255, rather than the unicast address intended for the client to use (such as 192.168.1.1). Most DHCP servers use the destination address intended for the client in the OFFER message.

    It appears to me that the Cisco ignores the OFFER message with a destination of 255.255.255.255.

    As I recall, the related RFC's for DHCP permit a DHCP server to use a destination address of 255.255.255.255 in the OFFER, and the Cisco even has a similar command (ip dhcp limited-broadcast-address) used for when the router is the DHCP server.

    I discovered this probably 6 months or so ago, but since I do not have Smartnet on this particular router, I haven't opened a TAC case.

    I know this goes way back, because I've been doing this a long time. It was just 6 months or so ago that I decided to figure out what the problem was.

    For a workaround, since Charter leaves me with the same "dynamic" IP address for at least a year or longer, I usually just pull an IP with a PC, then configure the router with the MAC address from the PC that I used, and a static IP address (the one the PC was assigned). That usually tricks the cable system into thinking it's talking to the same device that pulled the original IP. With Charter, this usually lasts me about a year.