We help IT Professionals succeed at work.
Get Started
Cisco 1811W keep failing after 1 to 2 hours
Help!
I just configured Cisco router 1811W for my office to connect to an ISP. Things are working pretty good until 2 hours later the connection from my Cisco 1811W router to the ISP CSU/DSU keep dropping. It keeps doing this for over a week and it's driving crazy!!!
Here is my current configure file:
FE0: ip address 146.xxx.xxx.178 ==>> ISP CSU/DSU Interface: 146.xxx.xxx.177
Internal gateway BVI1: 192.168.xxx.65
Here are my Nating table:
ip nat inside source static 192.168.xxx.65 146.xxx.xxx.178
ip nat inside source static 192.168.xxx.67 146.xxx.xxx.179
ip nat inside source static tcp 192.168.xxx.67 80 interface FA0 80
ip nat inside source static tcp 192.168.xxx.67 110 interface FA0 110
Here is my ip routes:
ip route 0.0.0.0 0.0.0.0 146.xxx.xxx.177
router rip
version 2
passive-interface FastEthernet0
passive-interface BVI1
network 146.xxx.0.0
network 192.168.xxx.0
no auto-summary
...
Below text is my show run command:
!This is the show startup-config output of the router: show startup-config
!-------------------------
Using 8057 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1811W
!
boot-start-marker
boot-end-marker
!
logging buffered 5xxx0 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 xxx3 2:00 Oct 26 xxx3 2:00
!
!
ip cef
ip dhcp excluded-address 192.168.2.0 192.168.2.254
ip dhcp excluded-address 192.168.xxx.65 192.168.xxx.80
!
!
ip domain name localdomain.local
ip name-server 192.168.xxx.70
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW esmtp
!
appfw policy-name SDM_LOW
application http
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-4072465080
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4072465080
!
!
crypto pki certificate chain TP-self-signed-4072465080
certificate self-signed 01 nvram:IOS-Self-Sig#3005.ce
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_gnutella
class sdm_p2p_bittorrent
class sdm_p2p_edonkey
class sdm_p2p_kazaa
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group RVPN-SN20
key xxxxxxxxxxxxxxxx
dns 192.168.xxx.70
wins 192.168.xxx.70
domain localdomain
pool VPN-PL20
max-users 50
netmask 255.255.255.192
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile RVPN-SN20
set transform-set ESP-3DES-SHA
!
!
crypto dynamic-map SDM_DYNMAP_2 1
set transform-set ESP-3DES-SHA
!
!
crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_2 client configuration address respond
crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
!
bridge irb
!
!
!
interface FastEthernet0
description $ETH-LAN$$FW_OUTSIDE$
ip address 146.xxx.xxx.178 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
no ip address
ip nat outside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
interface FastEthernet2
description VLAN1
!
interface FastEthernet3
description VLAN1
!
interface FastEthernet4
description VLAN1
!
interface FastEthernet5
description VLAN1
!
interface FastEthernet6
description VLAN1
!
interface FastEthernet7
description VLAN1
!
interface FastEthernet8
description VLAN1
!
interface FastEthernet9
description VLAN1
!
interface Dot11Radio0
description VL1- VLAN1
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid MY-WLAN
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 xxxxxxxxxxxxxxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 basic-24.0 36.0 48.0 54.0
rts threshold 2312
power local cck 20
power local ofdm 17
channel 2462
station-role root
!
interface Dot11Radio0.1
description VL1- VLAN1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip virtual-reassembly
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description BVI1$ETH-SW-LAUNCH$$INTF-I
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Async1
no ip address
ip virtual-reassembly
encapsulation slip
!
interface BVI1
description VL1- VLAN1$FW_INSIDE$
ip address 192.168.xxx.65 255.255.255.192
ip access-group 100 in
no ip redirects
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
crypto map SDM_CMAP_2
!
router rip
version 2
passive-interface FastEthernet0
passive-interface BVI1
network 146.xxx.0.0
network 192.168.xxx.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 146.xxx.xxx.177
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat Stateful id 1
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.xxx.67 110 interface FastEthernet0 110
ip nat inside source static tcp 192.168.xxx.67 80 interface FastEthernet0 80
ip nat inside source static 192.168.xxx.65 146.xxx.xxx.178
ip nat inside source static 192.168.xxx.67 146.xxx.xxx.179
!
ip access-list extended RMC_Out
remark SDM_ACL Category=2
deny ip host 192.168.xxx.67 any
deny ip host 192.168.xxx.65 any
permit ip any any
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ahp any host 192.168.xxx.65
access-list 100 permit esp any host 192.168.xxx.65
access-list 100 permit udp any host 192.168.xxx.65 eq isakmp
access-list 100 permit udp any host 192.168.xxx.65 eq non500-isakmp
access-list 100 deny ip 146.xxx.xxx.176 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any host 146.xxx.xxx.179
access-list 101 permit tcp any host 146.xxx.xxx.179
access-list 101 permit udp any host 146.xxx.xxx.178
access-list 101 permit tcp any host 146.xxx.xxx.178
access-list 101 permit tcp any host 146.xxx.xxx.178 eq www
access-list 101 permit tcp any host 146.xxx.xxx.178 eq pop3
access-list 101 deny ip 192.168.xxx.64 0.0.0.63 any
access-list 101 permit icmp any host 146.xxx.xxx.178 echo-reply
access-list 101 permit icmp any host 146.xxx.xxx.178 time-exceeded
access-list 101 permit icmp any host 146.xxx.xxx.178 unreachable
access-list 101 permit udp any any eq rip
access-list 101 permit ip any host 224.0.0.9
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address RMC_Out
!
!
!
!
control-plane
!
bridge 1 route ip
!
line con 0
line 1
modem InOut
stopbits 1
speed 115xxx
flowcontrol hardware
line aux 0
line vty 0 4
transport input ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
I just configured Cisco router 1811W for my office to connect to an ISP. Things are working pretty good until 2 hours later the connection from my Cisco 1811W router to the ISP CSU/DSU keep dropping. It keeps doing this for over a week and it's driving crazy!!!
Here is my current configure file:
FE0: ip address 146.xxx.xxx.178 ==>> ISP CSU/DSU Interface: 146.xxx.xxx.177
Internal gateway BVI1: 192.168.xxx.65
Here are my Nating table:
ip nat inside source static 192.168.xxx.65 146.xxx.xxx.178
ip nat inside source static 192.168.xxx.67 146.xxx.xxx.179
ip nat inside source static tcp 192.168.xxx.67 80 interface FA0 80
ip nat inside source static tcp 192.168.xxx.67 110 interface FA0 110
Here is my ip routes:
ip route 0.0.0.0 0.0.0.0 146.xxx.xxx.177
router rip
version 2
passive-interface FastEthernet0
passive-interface BVI1
network 146.xxx.0.0
network 192.168.xxx.0
no auto-summary
...
Below text is my show run command:
!This is the show startup-config output of the router: show startup-config
!-------------------------
Using 8057 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1811W
!
boot-start-marker
boot-end-marker
!
logging buffered 5xxx0 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 xxx3 2:00 Oct 26 xxx3 2:00
!
!
ip cef
ip dhcp excluded-address 192.168.2.0 192.168.2.254
ip dhcp excluded-address 192.168.xxx.65 192.168.xxx.80
!
!
ip domain name localdomain.local
ip name-server 192.168.xxx.70
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW esmtp
!
appfw policy-name SDM_LOW
application http
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-4072465080
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4072465080
!
!
crypto pki certificate chain TP-self-signed-4072465080
certificate self-signed 01 nvram:IOS-Self-Sig#3005.ce
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_gnutella
class sdm_p2p_bittorrent
class sdm_p2p_edonkey
class sdm_p2p_kazaa
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group RVPN-SN20
key xxxxxxxxxxxxxxxx
dns 192.168.xxx.70
wins 192.168.xxx.70
domain localdomain
pool VPN-PL20
max-users 50
netmask 255.255.255.192
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile RVPN-SN20
set transform-set ESP-3DES-SHA
!
!
crypto dynamic-map SDM_DYNMAP_2 1
set transform-set ESP-3DES-SHA
!
!
crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_2 client configuration address respond
crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
!
bridge irb
!
!
!
interface FastEthernet0
description $ETH-LAN$$FW_OUTSIDE$
ip address 146.xxx.xxx.178 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
no ip address
ip nat outside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
interface FastEthernet2
description VLAN1
!
interface FastEthernet3
description VLAN1
!
interface FastEthernet4
description VLAN1
!
interface FastEthernet5
description VLAN1
!
interface FastEthernet6
description VLAN1
!
interface FastEthernet7
description VLAN1
!
interface FastEthernet8
description VLAN1
!
interface FastEthernet9
description VLAN1
!
interface Dot11Radio0
description VL1- VLAN1
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid MY-WLAN
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 xxxxxxxxxxxxxxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 basic-24.0 36.0 48.0 54.0
rts threshold 2312
power local cck 20
power local ofdm 17
channel 2462
station-role root
!
interface Dot11Radio0.1
description VL1- VLAN1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
ip virtual-reassembly
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description BVI1$ETH-SW-LAUNCH$$INTF-I
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Async1
no ip address
ip virtual-reassembly
encapsulation slip
!
interface BVI1
description VL1- VLAN1$FW_INSIDE$
ip address 192.168.xxx.65 255.255.255.192
ip access-group 100 in
no ip redirects
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
crypto map SDM_CMAP_2
!
router rip
version 2
passive-interface FastEthernet0
passive-interface BVI1
network 146.xxx.0.0
network 192.168.xxx.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 146.xxx.xxx.177
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat Stateful id 1
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.xxx.67 110 interface FastEthernet0 110
ip nat inside source static tcp 192.168.xxx.67 80 interface FastEthernet0 80
ip nat inside source static 192.168.xxx.65 146.xxx.xxx.178
ip nat inside source static 192.168.xxx.67 146.xxx.xxx.179
!
ip access-list extended RMC_Out
remark SDM_ACL Category=2
deny ip host 192.168.xxx.67 any
deny ip host 192.168.xxx.65 any
permit ip any any
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ahp any host 192.168.xxx.65
access-list 100 permit esp any host 192.168.xxx.65
access-list 100 permit udp any host 192.168.xxx.65 eq isakmp
access-list 100 permit udp any host 192.168.xxx.65 eq non500-isakmp
access-list 100 deny ip 146.xxx.xxx.176 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any host 146.xxx.xxx.179
access-list 101 permit tcp any host 146.xxx.xxx.179
access-list 101 permit udp any host 146.xxx.xxx.178
access-list 101 permit tcp any host 146.xxx.xxx.178
access-list 101 permit tcp any host 146.xxx.xxx.178 eq www
access-list 101 permit tcp any host 146.xxx.xxx.178 eq pop3
access-list 101 deny ip 192.168.xxx.64 0.0.0.63 any
access-list 101 permit icmp any host 146.xxx.xxx.178 echo-reply
access-list 101 permit icmp any host 146.xxx.xxx.178 time-exceeded
access-list 101 permit icmp any host 146.xxx.xxx.178 unreachable
access-list 101 permit udp any any eq rip
access-list 101 permit ip any host 224.0.0.9
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address RMC_Out
!
!
!
!
control-plane
!
bridge 1 route ip
!
line con 0
line 1
modem InOut
stopbits 1
speed 115xxx
flowcontrol hardware
line aux 0
line vty 0 4
transport input ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE