Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

C801 dialin user can't ping

Posted on 2001-06-15
6
Medium Priority
?
309 Views
Last Modified: 2010-04-17
I wanted to configure Cisco 801 for access to internet (with bandwidh on demand) and for dial in users. Acess to internet works just fine, but when a user tries to dial-in, the password is accepted and the user is conected, but he can not ping anything on central site. On remote site is PC with ISDN card.
Here is the configuration:

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxx
!
enable secret 5 $$$$$$$$$$$
!
username "username" password 0 "password"
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
interface Ethernet0
 ip address 10.0.0.250 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 no ip address
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 dialer pool-member 1
 dialer pool-member 2
 isdn switch-type basic-net3
 no cdp enable
 ppp authentication chap callin
!
interface Dialer1
 ip address negotiated
 ip access-group 101 out
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 ip tcp header-compression passive
 no ip split-horizon
 dialer remote-name xxxxxxx
 dialer idle-timeout 60
 dialer string 111111111
 dialer hold-queue 10
 dialer load-threshold 150 either
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp chap hostname xxxxxxx
 ppp chap password 7 0832585C5C4C51
 ppp multilink
!
interface Dialer2
 ip unnumbered Ethernet0
 no ip directed-broadcast
 ip nat inside
 encapsulation ppp
 no ip split-horizon
 dialer remote-name remote
 dialer pool 2
 dialer-group 1
 peer default ip address pool naslovi
 no cdp enable
 ppp authentication chap callin
 ppp multilink
!
router rip
 version 2
 passive-interface Dialer1
 passive-interface Dialer2
 network 10.0.0.0
 no auto-summary
!
ip local pool naslovi 10.0.0.251 10.0.0.252
ip nat inside source list 101 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 101 deny   tcp any range 137 139 any
access-list 101 deny   tcp any any range 137 139
access-list 101 deny   udp any range netbios-ns netbios-ss any
access-list 101 deny   udp any any range netbios-ns netbios-ss
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
 password xxxxx
 login
 transport input none
 stopbits 1
line vty 0 4
 password xxxxx
 login
!
end


Another think I don't understand is why if I don't use ppp multilink command in both Dialer1 and Dialer2 profile access to internet does not work.

Router is at the moment a little bit distant to me, so I will be very happy if someone could give me precise instructions.

Thank you very much!

Davorin
0
Comment
Question by:davorin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 6194846
Since you have dialer-pool commands on the dialers, but not on the physical interface, you could see this behavior.
Question: what is the IP address of the user's ETHERNET port at remote site, or do they have one? You might want to assign them to a different network for that interface.

I would use a separate access-list for your NAT also..

Try this:

Interface BRI0
 dialer pool-member 1 priority 50
 dialer pool-member 2 min-link 1
!
interface Dialer2
 ip address 10.0.1.250 255.255.255.0
 dialer in-band
!
ip local pool naslovi 10.0.1.251 10.0.1.252
!
ip route <Ethernet of remote> <mask> dialer 2
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
0
 
LVL 27

Author Comment

by:davorin
ID: 6195611
Ethernet port IP address on remote side (testing) PC is 192.168.0.222/24.

There will be different PCs that will connect to router so I will have dificulties to configure "ip route" and I see no need to configure ip route for IP pool addresses ;-)

Identical configuration except isdn caller screening and bandwidth on demand configured for Dialer1 works perfectly on another router.
Few hours later I have been notified, that internet access does not work anymore. I'm really concerned about router's health.



0
 
LVL 27

Author Comment

by:davorin
ID: 6205336
Finally I got router here and when I tried to dial in I got the message :

Memory Protection Violation:
    epc  =0x0045FCC0, location of fault
    eva  =0x0270E???, read fault address
    error=0x00000082, illegal address
    pti  =0x0000170E
    pte  =0x002CD104


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x0045FEB0, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0xFFFFF100


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x00248624, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0x02102100

It seems like there something wrong with memory.
Any ideas?
0
The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

 
LVL 79

Expert Comment

by:lrmoore
ID: 6206194
Looks like your flash SIMM is bad.
Check:
http://www.add-tech.com 
for best prices.

Or open TAC case with serial number of the router. Do you have SmartNet maint?
0
 
LVL 27

Author Comment

by:davorin
ID: 6297102
Untill now I had no time to "play" with router.
Now I had upgraded IOS and Memory Protection Violation error disapeared.
Also I have copied working config from another router and anything seems to work right.

Just another thing is a little bit confusing me: If the router is connected to normal ISDN line (BRI) dial in works fine, if it is connected to centrex, dial in password is rejected?! At the moment I dont have another router to try the same thing, but I think that this is telephony problem.

Irmoore, thanx again for your help.
0
 
LVL 27

Author Comment

by:davorin
ID: 6297108
This comment has not directly solved my problem, but it has some usefull info.

Thanx
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question