Problems connecting to BT Broadband using Cisco 877W
I am trying to replace the Business hub supplied by BT with a Cisco 877 W and I am having a number of issues, primarily not be able to connect to the internet from machines on the internal network.
Included below is the running config:-
cisco_877#show running-config
Building configuration...
Current configuration : 4777 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco_877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.20.1 192.168.20.159
ip dhcp excluded-address 192.168.20.181 192.168.20.254
!
ip dhcp pool sdm-pool
import all
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
domain-name delta-victor.com
lease 0 2
!
!
ip domain name delta-victor.com
!
!
crypto pki trustpoint TP-self-signed-929431039
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-929431039
!
!
crypto pki certificate chain TP-self-signed-929431039
certificate self-signed 01
6371301D 0603551D 0E041604 142791D0 A8D2D912 80EFEA18 67F691F3 504F3E63
71300D06 092A8648 86F70D01 01040500 03818100 43E8F66B 262DF7F6 9FCEB71D
FEB3AC44 C7ADDC65 C5CF5CDA 40747B90 8AC2D2C3 FFB41591 AFA1F714 6C2FB56C
2184ABAF 1F99BFC8 4D82D412 7FC1D811 8CD7A1A1 36D6A5A7 342F7A52 E7F16C1B
8A6E0B6A 5F4D893A 61B21B51 1F0B0D74 BC4083B9 B2A7569B 580E411C 08E32DC8
D0DD1241 95D66132 37E11025 FE180749 D590B6CC
quit
username admin privilege 15 secret 5 $1$t5ev$Rq4RnEsg69CxU57jQO
!
!
!
!
interface ATM0
description adsl connection
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname hostname@bt.com
ppp chap password 0 password
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat source route-map NAT-RMAP interface Dialer0 overload
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.20.0 0.0.0.255
no cdp run
route-map NAT-RMAP permit 10
match ip address NAT
!
!
control-plane
!
banner login ^C
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
--------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
When I test the interface I get the following:-
Checking interface status - up
Checking for DNS settings - Successful
Checking interface IP address - Successful
Checking exit interface - Successful
Pinging to destination host - Failed
And if I try to connect via any internal machine to the web it fails.
Included below is the running config:-
cisco_877#show running-config
Building configuration...
Current configuration : 4777 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco_877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.20.1 192.168.20.159
ip dhcp excluded-address 192.168.20.181 192.168.20.254
!
ip dhcp pool sdm-pool
import all
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
domain-name delta-victor.com
lease 0 2
!
!
ip domain name delta-victor.com
!
!
crypto pki trustpoint TP-self-signed-929431039
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-929431039
!
!
crypto pki certificate chain TP-self-signed-929431039
certificate self-signed 01
6371301D 0603551D 0E041604 142791D0 A8D2D912 80EFEA18 67F691F3 504F3E63
71300D06 092A8648 86F70D01 01040500 03818100 43E8F66B 262DF7F6 9FCEB71D
FEB3AC44 C7ADDC65 C5CF5CDA 40747B90 8AC2D2C3 FFB41591 AFA1F714 6C2FB56C
2184ABAF 1F99BFC8 4D82D412 7FC1D811 8CD7A1A1 36D6A5A7 342F7A52 E7F16C1B
8A6E0B6A 5F4D893A 61B21B51 1F0B0D74 BC4083B9 B2A7569B 580E411C 08E32DC8
D0DD1241 95D66132 37E11025 FE180749 D590B6CC
quit
username admin privilege 15 secret 5 $1$t5ev$Rq4RnEsg69CxU57jQO
!
!
!
!
interface ATM0
description adsl connection
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname hostname@bt.com
ppp chap password 0 password
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat source route-map NAT-RMAP interface Dialer0 overload
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.20.0 0.0.0.255
no cdp run
route-map NAT-RMAP permit 10
match ip address NAT
!
!
control-plane
!
banner login ^C
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
--------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
When I test the interface I get the following:-
Checking interface status - up
Checking for DNS settings - Successful
Checking interface IP address - Successful
Checking exit interface - Successful
Pinging to destination host - Failed
And if I try to connect via any internal machine to the web it fails.
ASKER
I will make the tests you have suggested and update with the results
Thanks
Thanks
ASKER
With no configuration changes, the output from tests are as follows:-
cisco_877#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
Dot11Radio0 unassigned YES TFTP administratively down down
ATM0 unassigned YES NVRAM up up
Vlan1 192.168.20.1 YES NVRAM up up
NVI0 unassigned YES unset up up
Dialer0 81.134.176.154 YES IPCP up up
Virtual-Access1 unassigned YES unset up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
Virtual-Access2 unassigned YES unset up up
cisco_877#
cisco_877#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms
cisco_877#
and from my laptop:-
dan@dan-laptop:~$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:13:02:0B:A8:39
inet addr:192.168.20.163 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::213:2ff:fe0b:a839/64
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:138 errors:0 dropped:37 overruns:0 frame:0
TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5672863 (5.4 MiB) TX bytes:874429 (853.9 KiB)
Interrupt:17 Base address:0x2000 Memory:dcfff000-dcffffff
dan@dan-laptop:~$ netstat -nr
Kernel IP routeing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0 eth1
dan@dan-laptop:~$ ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---
23 packets transmitted, 0 received, 100% packet loss, time 22001ms
cisco_877#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
Dot11Radio0 unassigned YES TFTP administratively down down
ATM0 unassigned YES NVRAM up up
Vlan1 192.168.20.1 YES NVRAM up up
NVI0 unassigned YES unset up up
Dialer0 81.134.176.154 YES IPCP up up
Virtual-Access1 unassigned YES unset up up
Virtual-Dot11Radio0 unassigned YES TFTP administratively down down
Virtual-Access2 unassigned YES unset up up
cisco_877#
cisco_877#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms
cisco_877#
and from my laptop:-
dan@dan-laptop:~$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:13:02:0B:A8:39
inet addr:192.168.20.163 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::213:2ff:fe0b:a839/64
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:138 errors:0 dropped:37 overruns:0 frame:0
TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5672863 (5.4 MiB) TX bytes:874429 (853.9 KiB)
Interrupt:17 Base address:0x2000 Memory:dcfff000-dcffffff
dan@dan-laptop:~$ netstat -nr
Kernel IP routeing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0 eth1
dan@dan-laptop:~$ ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
--- 4.2.2.2 ping statistics ---
23 packets transmitted, 0 received, 100% packet loss, time 22001ms
OK - so it seems that the router has connection to the Internet but the LAN does not. This means router configuration. Give me some time to review it (I just got in to work). I will post back in the next couple of hours.
Is your LAN just one flat network with 192.168.20.0/24 subnet?
ASKER
At the moment yes, but I have five fixed public IP addresses which I will need to get working as well.
ASKER
I have sorted basic internet access out, now just have to get wireless access and then the static public address working.
I will post the basic config shortly.
I will post the basic config shortly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Closed, 500 points refunded.
modus_operandi
Community Support Moderator
modus_operandi
Community Support Moderator
2. If you are getting an IP on that interface, then rom the router, see if you can ping a server on the Internet. Try 4.2.2.2, which is a root name-server that seems to be available all the time. If you can ping that IP from the router, then try pinging it from your workstation. If you can ping it from the router but not from the workstations, then it would mean something wrong in the router configuration. If you cannot ping it from the router itself, then you will need to check the "WAN" side configuration of your router.
Post back your findings to continue assisting you. If you make any configuration changes, please post the new configuration here.