Link to home
Start Free TrialLog in
Avatar of grblades
grbladesFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Cisco 837 ADSL configuration for UK provider and multiple static IP's

I have bought a Cisco 837 ADSL router to replace a noname router which keeps crashing. Here are the configuration details supplied by our ISP :-

Your ADSL login:                xxxxxxxxxxxxx@dslconnect.co.uk
Your ADSL Password:             lxxxxxxx
Virtual Path Identifier:        0
Virtual Channel Identifier:     38
Data Link Encapsulation:        PPPoA (PPP over ATM)
PPP Properties:                 VC Multiplexed or VC Based or VCMUX
Below are details of the static IP addresses allocated to you:
Network:        x.x.40.32
Gateway*:       x.x.40.33
Netmask:        255.255.255.240
* The gateway address will be automatically assigned to your router when
you connect via DHCP.

This is the configuration I have created :-
hostname voiprouter
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
no aaa new-model
ip subnet-zero
ip routing
ip ips po max-events 100
no ftp-server write-enable
interface Ethernet0
 ip address x.x.40.34 255.255.255.240
 no ip route-cache
 hold-queue 100 out
!
interface ATM0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 no ip route-cache
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address dhcp
 ip mtu 1452
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname USERNAME
 ppp chap password 0 PASSWORD
 ppp pap sent-username USERNAME password PASSWORD
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
control-plane
!
scheduler max-task-time 5000
end
Avatar of grblades
grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Dialer0 is up (spoofing), line protocol is up (spoofing)
  Hardware is Unknown
  Description: $FW_OUTSIDE$
  Internet address will be negotiated using DHCP
  MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:00:32
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     0 packets output, 0 bytes

I guess it is not attempting to make a call?

So what is the problem?  Are you not able to connect using this config?  I see you don't have the LAN interface setup.  Are you planning on using NAT or are you going to use your network block on the inside?
Try adding this to your configuration:

dialer-list 1 protocol ip permit
Actually it does seem to work almost. I appear to be having a disconnection problem as you can see from this ping :-

PING www.google.akadns.net (216.239.59.99) 56(84) bytes of data.
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=1 Destination Host Unreachable
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=2 Destination Host Unreachable
etc...
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=14 Destination Host Unreachable
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=15 Destination Host Unreachable
64 bytes from 216.239.59.99: icmp_seq=16 ttl=238 time=48.1 ms
64 bytes from 216.239.59.99: icmp_seq=17 ttl=238 time=51.1 ms
etc...
64 bytes from 216.239.59.99: icmp_seq=61 ttl=238 time=50.1 ms
64 bytes from 216.239.59.99: icmp_seq=62 ttl=238 time=46.6 ms
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=63 Destination Host Unreachable
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=64 Destination Host Unreachable
etc...
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=72 Destination Host Unreachable
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=73 Destination Host Unreachable
64 bytes from 216.239.59.99: icmp_seq=74 ttl=238 time=55.1 ms
64 bytes from 216.239.59.99: icmp_seq=75 ttl=238 time=52.6 ms
etc...
64 bytes from 216.239.59.99: icmp_seq=141 ttl=238 time=53.1 ms
64 bytes from 216.239.59.99: icmp_seq=142 ttl=238 time=48.2 ms
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=143 Destination Host Unreachable
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=144 Destination Host Unreachable
etc...
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=192 Destination Host Unreachable
From dsl-80-46-40-34.access.as9105.com (80.46.40.34) icmp_seq=193 Destination Host Unreachable
64 bytes from 216.239.59.99: icmp_seq=194 ttl=238 time=50.5 ms
64 bytes from 216.239.59.99: icmp_seq=195 ttl=238 time=48.4 ms
Just added 'dialer-list 1 protocol ip permit' but it has made no difference. I intend to use the public IP's on the inside of the router which is the way the old one was setup and I specifically dont wish to use NAT because of the added complication it caused with SIP VoIP calls.
Do you see any messages (interface going up and down) in the router log:

show logging
The log contains nothing special:-
Cisco IOS Software, C837 Software (C837-K9O3Y6-M), Version 12.3(8)T5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Wed 20-Oct-04 19:27 by cmong
*Mar  1 00:00:18.787: %SNMP-5-COLDSTART: SNMP agent on host voiprouter is undergoing a cold start
*Mar  1 00:02:56.883: %DIALER-6-BIND: Interface Vi2 bound to profile Di0
*Mar  1 00:02:56.891: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Mar  1 00:02:57.411: %LINK-3-UPDOWN: Interface ATM0, changed state to up
*Mar  1 00:02:58.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up
*Mar  1 00:03:00.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

Is there a reason why you have your MTU set to 1452 instead of 1492?
It was a type which I have now fixed but I still have the same problem.
Well, the router configuration looks okay.  Perhaps it is a problem with your provider?

Can you ping the default router 80.46.40.33 okay or do you get the same problems?
I doubt it is a provider problem as the old router was working. I literally unplugged it and plugged in the replacement.

I'll try pinging a few other destinations when I get back into work again tomorrow.
Oh okay, sorry, missed that part.  I'd test other protocols as well.  See if you can browse the Internet or if you experience slow response or page not found messages.
I tried pinging the default router 80.46.40.33 before I left work and that had the same problem.

I know pinging google normally works as I have it setup on our monitoring system so that I got notified when the old router crashed so I could power cycle it.
Just for grins, can you post a "show ip route" from the router?

You might want to try some ATM debugging as well.
When I cannot ping:-
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     80.0.0.0/28 is subnetted, 1 subnets
C       80.46.40.32 is directly connected, Ethernet0

When I can ping:-
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     80.0.0.0/28 is subnetted, 1 subnets
C       80.46.40.32 is directly connected, Ethernet0
S*   0.0.0.0/0 is directly connected, Dialer0

Strangely when I can ping I dont get anything from 'show dialer'.
voiprouter#show dialer

Di0 - dialer type = DIALER PROFILE
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 0

Dial String      Successes   Failures    Last DNIS   Last status
voiprouter#
What debugging do you suggest I enable?
So fat I have the following set and am getting nothing logged.

Dial on demand:
  Dial on demand events debugging is on
  Dial on demand dynamic dialer maps debugging is on
Generic ATM:
  ATM events debugging is on
  MLP LFI over ATM PVC debugging is on
  ATM VC States debugging is on
  ATM errors debugging is on
  ATM PVC-Discovery events debugging is on
  ATM counters debugging is on
SOLUTION
Avatar of JFrederick29
JFrederick29
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I have had to put the old router back for the rest of today. I had the logging set to the buffer and was using the 'show log' to display it (connected via telnet) but nothing was being logged.
I did a 'debug all' to test debugging was working and I did get lots of events written to the buffer.

I would have expected the 'show dialer' to display something but it is as if it has never dialed in which case I cannot understand how it worked at all.
There is nothing in the logs about the interface going up/down apart from when I first power on the router.
Next time you get a chance, try these commands to see if it provides more information:

show dsl interface atm 0.1
show interface atm 0.1

Also, try removing the dialer-group 1 command from the dialer0 interface and remove the dialer-list 1 command I posted earlier.  These commands are not necessary when using ADSL.

Other than that, you could try upgrading your IOS to 12.3(12a) just in case there are any bugs.

We are reaching the end of my abilities here...
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The original router (unbranded) had x.x.40.34 on its internal interface and that works. Could this be doing something that the Cisco is not capable of?
Or perhaps the ISP gave me incorrect details and I should be using "ip unnumbered Eth0" anyway.

The ISP is practically useless anyway and asking them to change anything is not an option.
I think I will just try using "ip unnumbered Eth0" and if it does not work get a new ADSL line with another better supplier and configure the router with them.
I have got the router working using NAT but unless there is an equivilent of the PIX command 'fixup protocol sip' then I cannot use it in this configuration.

I should be able to configure it for bridging?
I have tried configuring bridging but it is not working. Can you see what is wrong?

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname voiprouter
!
boot-start-marker
boot-end-marker
!
logging buffered 16000 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
ip subnet-zero
!
!
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
bridge irb
!
!
interface Ethernet0
 no ip address
 bridge-group 1
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer0
 description $FW_OUTSIDE$
 no ip address
 ip mtu 1492
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxxxxxxxxxx
 ppp chap password 0 yyyyyyyyyyy
 ppp pap sent-username xxxxxxxxxxxx password 0 yyyyyyyyyy
 bridge-group 1
!
interface BVI1
 ip address x.x.40.33 255.255.255.240
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server enable traps tty
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 exec-timeout 0 0
 password xxxxxxxxx
 login
 transport preferred all
 transport input all
 transport output all
!
scheduler max-task-time 5000
end
Given by the ISP
"Gateway*:       x.x.40.33

I would expect

interface BVI1
 ip address x.x.40.34 255.255.255.240
!
ip route 0.0.0.0 0.0.0.0 x.x.40.33


I have made those changes but the initial problem that I am having is that the pc connected to eth0 (x.x.40.35) cannot ping x.x.40.34 or any other address.
From the router itself I can ping x.x.40.34 but not x.x.40.33 or x.x.40.35
Hmmmm...
>* The gateway address will be automatically assigned to your router when
you connect via DHCP.

OK, lets try this....just for giggles...
  interface BVI1
   ip address dhcp
DHCP does not seem to be working. I left it for a couple of minutes after rebooting :-
BVI1 is up, line protocol is up
  Hardware is BVI, address is 0012.807b.1803 (bia 0012.807b.1803)
  Internet address will be negotiated using DHCP

When I had it configured with NAT using the following configuration it worked fine but I cannot use NAT:-
interface Dialer0
 description $FW_OUTSIDE$
 ip address 80.46.40.33 255.255.255.240
ip route 0.0.0.0 0.0.0.0 Dialer0
Hmmm......
Usually with a bridged config, there is another device (i.e. PIX FW) connected to the Ethernet port that will actually pull the IP address, and "no bridge irb" and no BVI interface...

How about this...
 Go back to the NAT config that works, and create 1-1 static nats for your SIP hosts
    ip nat inside source list 101 interface Dialer0
    ip nat inside source static 192.168.122.35 x.x.40.35
    ip nat inside source static 192.168.122.36 x.x.40.36
    ip nat inside source static 192.168.122.37 x.x.40.37
    ip nat inside source static 192.168.122.38 x.x.40.38
 access-list 101 deny ip host 192.168.122.35 any
 access-list 101 deny ip host 192.168.122.36 any
 access-list 101 deny ip host 192.168.122.37 any
 access-list 101 deny ip host 192.168.122.38 any
 access-list 101 permit ip 192.168.122.0 0.0.0.255 any
There is no SIP proxy so if I use NAT on the router then the router will have to alter the SIP packets the same as a PIX would do when using 'fixup protocol sip'.
I could not find an option on the router to do this (certenly not with the standard IP feature set).
Regarding your comment about bridging. The only computer connected to this ADSL line will be a Linux machine running Asterisk (telephone exchange).
It would be acceptible to have the router configured for a more standard bridging setup and have the Linux PC set to DHCP or manually configured IP address.
The Firewall feature set has "inspect" commands that pretty much do the same thing as the fixup..but the PIX ASA is much more powerful than SPI and is why I never recommend Cisco firewall feature set on the router...

Is you plan then to setup a normal bridge and try to let the Asterisk box draw an IP?
> Is you plan then to setup a normal bridge and try to let the Asterisk box draw an IP?
If you think I am likly to have more luck with configuring it like that then I will give it a go. It does not matter if it is done this way since there is a firewall on the machine and it will only ever be that machine which is connected to the ADSL.

Otherwise I will order a new ADSL line from a provider who is prepared to supply an example configuration file which does not use NAT.
looks like our good friend sunray_2003 is trying to do something very similar.
I'm not at all familiar with the Asterisk, so maybe you can help us out here
https://www.experts-exchange.com/questions/21295741/configure-cisco-1720-router-along-with-asterisk-pbx.html

Thanks!
I am getting a new ADSL line shortly and it will probably be supplied with a router. I may try and configure the Cisco again then but it wont be necessary.