Solved

Cisco Router 827

Posted on 2003-11-11
14
524 Views
Last Modified: 2010-04-17
Hi.

I have a problem with a Cisco 827H ADSL router.

I have created my configuration for both the ethernet0 and the ATM0 i can ping anything on my own internal network 192.0.x.x so i know thats set up correctly. When i type show ip int bri i get the following...

Interface                  IP-Address      OK? Method Status                Prot
ocol
ATM0                       unassigned      YES NVRAM  up                    up

Dialer0                    172.16.x.x    YES NVRAM  up                    up

Ethernet0                  192.0.x.x   YES NVRAM  up                    up

Virtual-Access1            unassigned      YES unset  up                    up

However when i try and ping the IP address assigned to the Dialer0 it wont give me a response. I also can not ping anything on the internet accept the IP address in my private network.

I've tried configuring the Dialer0 with both a static IP address and letting the connection configure my IP address (I always get the IP above)

Has anyone any ideas why i'm getting this problem. All the sample configs i've looked at look pretty much like what i've entered. Heres my config.

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname FastTrack
!
enable secret 5 xxxxxxxxxxxx
enable password xxxxxxx
!
ip subnet-zero
no ip routing
!
!
!
!
interface Ethernet0
 ip address 192.0.x.x 255.255.255.0
 no ip route-cache
 hold-queue 100 out
!
interface ATM0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
 hold-queue 224 in
!
interface Dialer0
 ip address 172.16.x.x 255.255.255.0
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname <USERNAME>
 ppp chap password <PASSWORD>
!
ip classless
ip http server
!
!
dialer-list 1 protocol ip permit
!
line con 0
 stopbits 1
line vty 0 4
 password xxxxxxxxxxx
 login
!
scheduler max-task-time 5000
end
0
Comment
Question by:IanH001
  • 6
  • 6
14 Comments
 
LVL 7

Expert Comment

by:NicBrey
ID: 9721118
You IP address assigned to your outside interface (dialer ) is also not a routable address on the internet.
Your ISP should give you an address to configure on that interface, or it should get it from a DHCP server on there network. You'll have to contact them to get that info.

Secondly:

You have to configure your router to handle NAT (network address translation) for your internal network.

You need to add:

interface Ethernet0
ip nat inside


interface Dialer0
ip nat outside

Global config

access-list 1 permit 192.168.x.0   0.0.0.255
ip nat inside source list 1  interface dialer 0 overload



0
 

Author Comment

by:IanH001
ID: 9721159
Ok, i've put the NAT in the config. I did orginally have it in but as my router wasnt working i thought it had something to do with that.

Excuse me for being daft.. but i dont understand the first point. I've now selected the Dialer0 to get the ip address from the DHCP server at the end i'm dialing into. It assigns me the IP address 172.16.33.51. I'm assuming that at their end the router is done so i'm given the IP address 172.16.33.51 by their router and then it sets out what i can/can not do..

0
 
LVL 7

Expert Comment

by:NicBrey
ID: 9721235
The addres space  172.16.0.0  -->  172.31.255.255    255.255.0.0     is not routable on the internet. It is an address space like your 192.168.0.0 255.255.255.0  network.

RFC 1918:
http://www.isi.edu/in-notes/rfc1918.txt

Something I missed earlier.  You also need a default route pointing to the other side IP or to the dialer interface
ip route 0.0.0.0  0.0.0.0   dialer 0

0
 

Author Comment

by:IanH001
ID: 9721283
So technically its the ISP?? As my config looks ok?
0
 
LVL 7

Expert Comment

by:NicBrey
ID: 9721393
If you get an address of 172.16.33.51 to connect to the internet, the ISP have a problem on their side. I suspect that you are getting an address assigned from their internal address pool and not the Internet address pool.
Contact them to resolve/ask why you get a non routable address from their DHCP or what your outside address should be.

Where did you get the CHAP username and password??  From the ISP?

Make sure you have a default route. I always prefer to point the default route to the IP of the next hop interface address, so ask your ISP what that is?  

Just some other advice:

Add the lines under global configuration:
service password-encryption
no ip http server

Just good practice for security reasons.
0
 

Author Comment

by:IanH001
ID: 9721446
Yeah the CHAP username and password came from the ISP. A default route what would i set that up as... previously i've had address such as 0.0.0.0 0.0.0.0 set up....

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 7

Expert Comment

by:NicBrey
ID: 9721480
Thats correct, the important thing is, where do you point that to.

It is better, for a number of reasons,  to point it to the next hop interface address rather than to use the dialer interface. eg.
ip route 0.0.0.0  0.0.0.0  <ip of next hop>                      

Some providers change your next hop address when you get a new IP address from their DHCP for your outside interface though.
Then you would have to point the route to the dialer interface.  eg.
ip route 0.0.0.0  0.0.0.0  dialer 0

Ask the provider what your next hop address should be and if it is ever going to change.

Let me know what you find out with regards to the 172.16.0.0  address issue - quite curious about what they are going to say about that one...


0
 

Author Comment

by:IanH001
ID: 9721493
Well they are already telling me that its nothing to do with their end. I'm about to phone them up and basically say what you've said about needing an IP address that will route to the internet. I've actually put an IP route in 0.0.0.0 0.0.0.0 Dialer0 in. I previously had one of these in before.
0
 
LVL 7

Expert Comment

by:NicBrey
ID: 9721566
Another open thread at the moment about routes etc.

Have a read through this as well:
http://www.experts-exchange.com/Hardware/Routers/Q_20793403.html
0
 

Author Comment

by:IanH001
ID: 9721582
Aye.. i'm having to learn quick about ADSL router.. it seems alot more complicated that normal routing through a internal/external network!
0
 

Author Comment

by:IanH001
ID: 9721590
Worthy of a mention though is that i can not even ping the IP address they give to me..... It  just sends a request and doesnt return anything. Would this be connected to the problem of the IP address not letting routing out?
0
 
LVL 7

Accepted Solution

by:
NicBrey earned 125 total points
ID: 9721639
Yes. The address they give you as the next hop, will be something completely different from your address. Your interface should have an address on the same subnet as the address they give you as the next hop - otherwise they would not be able to connect.
Once you have configured your outside address to what they gave you, you can configure the route to point to the next hop address.

0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now