«

I can ping the Cisco router from the internet, I can even ping the
Serial port from the internet, but connecting a cross over cable to my
laptop, yields no internet. The T1 connection I inherited consists of
a T1 line coming in to a Kentrox DataSmart 656. The DataSmart connect
to the Cisco via an h54 serial cable.

Here is a print out of the interfaces:
Ethernet0 is up, line protocol is up
Hardware is QUICC Ethernet, address is 00d0.58a3.76f0 (bia
00d0.58a3.76f0)
Description: connected to EthernetLAN
Internet address is 66.173.244.233/29
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load
1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:26:26, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3154 packets input, 233310 bytes, 0 no buffer
Received 8 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
4666 packets output, 381927 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial0 is up, line protocol is up
Hardware is QUICC Serial
Description: connected to Internet
Internet address is 66.173.245.110/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load
1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Listen: CDPCP
Open: IPCP
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/2/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
12866 packets input, 765456 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
5 input errors, 0 CRC, 5 frame, 0 overrun, 0 ignored, 0 abort
12709 packets output, 700714 bytes, 0 underruns
0 output errors, 0 collisions, 17 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

Sending a ping to the DNS server yields this:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.137.172.20, timeout is 2
seconds:
......
Success rate is 0 percent (0/5)

Waltjones40 <> writes:
>I can ping the Cisco router from the internet, I can even ping the
>Serial port from the internet, but connecting a cross over cable to my
>laptop, yields no internet. The T1 connection I inherited consists of
>a T1 line coming in to a Kentrox DataSmart 656. The DataSmart connect
>to the Cisco via an h54 serial cable.

I don't know if you made up the IP addresses you post, but none of
them (including the "dns server") is pingable from here on the Net..

>Here is a print out of the interfaces:

Interfaces lookup, how about a routing table?

>Ethernet0 is up, line protocol is up
> Description: connected to EthernetLAN
> Internet address is 66.173.244.233/29
>Serial0 is up, line protocol is up
> Internet address is 66.173.245.110/30

So, you're talking at least layer-2 across the serial link upstream,
but yet this IP doesn't seem routable on the general Net.

Maybe your provider shut you down?

I can access the router from the Net. Here is the message:
The server 66.173.244.233 at level 15 access requires a username and
password.

Warning: This server is requesting that your username and password be
sent in an insecure manner (basic authentication without a secure
connection). The gateway address came from my ISP; and they told me
today that the gateway address is wrong, it should be 66.173.245.58,
to which I've changed it. also the "host" address is 66.173.244.234.
It is pingable.

I'm good with Linksys, Netgear, low-end routers, this is my first
experience with "high end" routers. I've figured out how to get in to
this router, check it's config, but I'm not sure about checking its
routing table. The static route is 0.0.0.0 on Ser0. I have no idea
what to add; so, I've left it at the default entry.

On Jun 7, 11:54 am, Doug McIntyre <mer...@geeks.org> wrote:
> Waltjones40 <waltjone...@gmail.com> writes:
> >I can ping the Cisco router from the internet, I can even ping the
> >Serial port from the internet, but connecting a cross over cable to my
> >laptop, yields no internet. The T1 connection I inherited consists of
> >a T1 line coming in to a Kentrox DataSmart 656. The DataSmart connect
> >to the Cisco via an h54 serial cable.
>
> I don't know if you made up the IP addresses you post, but none of
> them (including the "dns server") is pingable from here on the Net..
>
> >Here is a print out of the interfaces:
>
> Interfaces lookup, how about a routing table?
>
> >Ethernet0 is up, line protocol is up
> > Description: connected to EthernetLAN
> > Internet address is 66.173.244.233/29
> >Serial0 is up, line protocol is up
> > Internet address is 66.173.245.110/30
>
> So, you're talking at least layer-2 across the serial link upstream,
> but yet this IP doesn't seem routable on the general Net.
>
> Maybe your provider shut you down?

Sorry about the two replies. Here is a list of the show route-map
command:
OutputCommand base-URL was: /level/15/exec/-
Complete URL was: /level/15/exec/-/show/route-map/CR
Command was: show route-map

Nothing there. What do I do now? (I'll keep looking...)

Waltjones40 <> writes:
>I can access the router from the Net. Here is the message:
> The server 66.173.244.233 at level 15 access requires a username and
>password.

Hmm, okay, so you're trying a web-browser and you didn't supply the
correct enable password? Try telnet instead. The web-interface is
non-existant/barely there. These boxes were designed for CLI access only.

>I'm good with Linksys, Netgear, low-end routers, this is my first
>experience with "high end" routers. I've figured out how to get in to
>this router, check it's config, but I'm not sure about checking its
>routing table. The static route is 0.0.0.0 on Ser0. I have no idea
>what to add; so, I've left it at the default entry.

"high end"??? At the time this router was made far far ago, this was
the entry-model version only made to say they had something that was
"cost effective". Its far from high-end.

To see the routing table, 'show ip route'.

A config with passwords removed would probably be good 'show conf'.

Sorry about the high end remark. I've just nevery used a router like
this before, and if I had a choice, wouldn't now... Anyway, show IP
Route produced the following:

66.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
C 66.173.245.56/30 is directly connected, Serial0
C 66.173.245.109/32 is directly connected, Serial0
C 66.173.244.232/29 is directly connected, Ethernet0
S* 0.0.0.0/0 is directly connected, Serial0

Show conf produced this:

Using 833 out of 7506 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco1600
!
enable secret 5 $1$O3Dp
$obqImiJCRWhw93F3lNw36.
!
ip subnet-zero
ip name-server 209.137.160.2
!
!
!
interface Ethernet0
description connected to
EthernetLAN
ip address 66.173.244.233
255.255.255.248
no ip directed-broadcast
!
interface Serial0
description connected to Internet
ip address 66.173.245.58
255.255.255.252
no ip directed-broadcast
encapsulation ppp
!
router rip
version 2
passive-interface Serial0
network 66.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip http server
!
snmp-server community public RO
snmp-server location Phone Room
!
line con 0
exec-timeout 0 0
password plaza
login
transport input none
line vty 0 4
password *****
login
!
end

I thing the problems are with the 0.0.0.0 serial address and the ip
classless settings.

Waltjones40 <> wrote in message-id: < .com>

>
>Sorry about the high end remark. I've just nevery used a router like
>this before, and if I had a choice, wouldn't now... Anyway, show IP
>Route produced the following:
>
> 66.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
>C 66.173.245.56/30 is directly connected, Serial0
>C 66.173.245.109/32 is directly connected, Serial0
>C 66.173.244.232/29 is directly connected, Ethernet0
>S* 0.0.0.0/0 is directly connected, Serial0
>
>Show conf produced this:
>
>Using 833 out of 7506 bytes
>!
>version 12.0
>service timestamps debug uptime
>service timestamps log uptime
>no service password-encryption
>!
>hostname Cisco1600
>!
>enable secret 5 $1$O3Dp
>$obqImiJCRWhw93F3lNw36.
>!
>ip subnet-zero
>ip name-server 209.137.160.2
>!
>!
>!
>interface Ethernet0
> description connected to
>EthernetLAN
> ip address 66.173.244.233
>255.255.255.248
> no ip directed-broadcast
>!
>interface Serial0
> description connected to Internet
> ip address 66.173.245.58
>255.255.255.252
> no ip directed-broadcast
> encapsulation ppp
>!
>router rip
> version 2
> passive-interface Serial0
> network 66.0.0.0
> no auto-summary
>!
>ip classless
>ip route 0.0.0.0 0.0.0.0 Serial0
>ip http server
>!
>snmp-server community public RO
>snmp-server location Phone Room
>!
>line con 0
> exec-timeout 0 0
> password plaza
> login
> transport input none
>line vty 0 4
> password *****
> login
>!
>end
>
>I thing the problems are with the 0.0.0.0 serial address and the ip
>classless settings.

woah.. quick type no ip http server!!!
and you can change your password now too.

> Sorry about the high end remark. I've just nevery used a router like
> this before, and if I had a choice, wouldn't now... Anyway, show IP
> Route produced the following:


Cisco routers are very popular for a reason. The learning curve involved is
frustrating like any required learning, but you receive greater device
capibilities in return. Nothing in this problem/solution is really specific
to Cisco technologies except having to interact with the Cisco IOS to
resolve the problem. The problem looks to be more of a LAN communication
problem. I have to guess it is IP address related because we can see the
configuration file and test that the outside IP address of the router is
communiting properly. What remains is how the host computer is configured
to connect through this router to the Internet.

I will gladly provide a command breakdown of your configuration:

> Using 833 out of 7506 bytes
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname Cisco1600
> !
> enable secret 5 $1$O3Dp$obqImiJCRWhw93F3lNw36.
> ip subnet-zero
> ip name-server 209.137.160.2

The router will put the device uptime in the "show logging" output. I
personally prefer the current date and time as set by the "clock set ?"
command instead of trying to figure out at what time the device was up for X
hours and X minutes for a log entry. The commands "service timestamps debug
datetime" and "service timestamps log datetime" will change that, if
desired.

The hostname is set and the prompt shows the devicename. This section
includes your enable mode password, a command to allow the new style of
subnetting, and a DNS server to use for lookups from the router itself, not
necessarily the hosts connecting from inside of the router.

> interface Ethernet0
> description connected to EthernetLAN
> ip address 66.173.244.233 255.255.255.248
> no ip directed-broadcast

Simple enough. The inside LAN IP address range is between 66.173.244.232
and 66.173.244.239 You will notice that this is a 10mb/s connection, very
possibly half-duplex due to the interface being "Ethernet" in Cisco
terminology instead of "FastEthernet" (100mb/s) or "GigabitEthernet".

Host computers connecting on this LAN segment, even on a crossover cable,
will need to use an IP address in the range specified above with a subnet
mask the same as specified above. The default gateway used by the host
computers will be the IP address of the Ethernet0 interface on the Cisco
router.
I will include commands below to configure DHCP on this Cisco router for LAN
use, just like the home brand equipment like SMC, DLink, and Linksys.

> interface Serial0
> description connected to Internet
> ip address 66.173.245.58
> 255.255.255.252
> no ip directed-broadcast
> encapsulation ppp

Simple enough. Your router has a serial line connecting to an external
CSU/DSU, so no additional configuration is needed than supplying the layer 3
protocol (using an IP address) and the layer 2 protocol (PPP instead of HDLC
or frame-relay or ATM). The DS-1 (T1) line has an IP address range between
66.173.245.56 and 66.173.245.59 which yields only two IP addresses -
66.173.245.58 for you and 66.173.245.57 for the ISP router upstream.

> router rip
> version 2
> passive-interface Serial0
> network 66.0.0.0
> no auto-summary

This is dynamic routing, RIP style, as opposed to EIGRP or OSPF or the
others. If your had other routers downstream in your network, information
on available networks including the Internet would be passed between
routers. It does not sound like you have any so this section of the
configuration is not needed.
I do not like the "network 66.0.0.0" command and would prefer that it was
"network 66.173.244.232", but it still works.

> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial0
> ip http server

The line "ip route 0.0.0.0 0.0.0.0 Serial0" means to send any default route
traffic through interface serial 0. A default route is commonly expressed
as subnet IP address 0.0.0.0 with a subnet mask of 0.0.0.0. Without this
command, your router would not know which way to send network traffic bound
for "default", a.k.a. anything not otherwise specified.
Use the IOS command "show ip route" to see IP address range routing
information. It shows how the LAN network is known, the WAN network to the
ISP (all two usable addresses) is known, and anything that doesn't fall into
those categories is "default" and falls under that line which looks
something like "S* 0.0.0.0/0 [1/0] via Serial0".

> snmp-server community public RO
> snmp-server location Phone Room
> !
> line con 0
> exec-timeout 0 0
> password plaza
> login
> transport input none
> line vty 0 4
> password *****
> login
> !
> end

This remaining sections specifies SNMP information and information about
logging into the router on VTY ports via telnet or the console port.
Your SNMP community string is set to the word "public" which is a commonly
known setting. I strongly suggest prohibiting that by some means - a "no
snmp-server community public RO" command in configuration mode would do
this.

> I thing the problems are with the 0.0.0.0 serial address and the ip
> classless settings.

No, those are not the cause. Internet communication on the serial interface
is fine. Default routing is fine.

LAN connectivity has not been covered by this troubleshooting. What IP
addresses were you using on this computer connected by a crossover cable to
the router? Private IP address ranges (10.X.X.X / 172.16-31.X.X /
192.168.X.X) will not work. Here is the sample configuration for enabling a
DHCP server on your Cisco router. Enter these commands in configuration
mode:

ip dhcp pool lan-dhcp-pool
network 66.173.244.232 255.255.255.248
domain-name cavtel.net
dns-server address 209.137.160.2
default-router 66.173.244.233
ip dhcp excluded-address 66.173.244.233

The IP address used by hosts in this LAN will be global Internet IP
addresses and have no firewall between them and the Internet. I strongly
suggest putting a good access-list on this router for filtering inbound
network traffic or enabling features on the hosts to protect themselves from
Internet threats. Lucky you! You have five usable static Internet IP
addresses! Go put up a web server... or something.

===========
Scott Perry
===========
Indianapolis, Indiana
________________________________

I just wanted to thank everyone who helped me with this project. The
router is working fine, the T1 connection is great, etc. Thank you for
taking time and helping me survive this mess.





On Jun 11, 10:24 am, "Scott Perry" <scottperry@aciscocompany> wrote:
> > Sorry about the high end remark. I've just nevery used a router like
> > this before, and if I had a choice, wouldn't now... Anyway, show IP
> > Route produced the following:
>
> Cisco routers are very popular for a reason. The learning curve involved is
> frustrating like any required learning, but you receive greater device
> capibilities in return. Nothing in this problem/solution is really specific
> to Cisco technologies except having to interact with the Cisco IOS to
> resolve the problem. The problem looks to be more of a LAN communication
> problem. I have to guess it is IP address related because we can see the
> configuration file and test that the outside IP address of the router is
> communiting properly. What remains is how the host computer is configured
> to connect through this router to the Internet.
>
> I will gladly provide a command breakdown of your configuration:
>
> > Using 833 out of 7506 bytes
> > !
> > version 12.0
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > !
> > hostname Cisco1600
> > !
> > enable secret 5 $1$O3Dp$obqImiJCRWhw93F3lNw36.
> > ip subnet-zero
> > ip name-server 209.137.160.2
>
> The router will put the device uptime in the "show logging" output. I
> personally prefer the current date and time as set by the "clock set ?"
> command instead of trying to figure out at what time the device was up for X
> hours and X minutes for a log entry. The commands "service timestamps debug
> datetime" and "service timestamps log datetime" will change that, if
> desired.
>
> The hostname is set and the prompt shows the devicename. This section
> includes your enable mode password, a command to allow the new style of
> subnetting, and a DNS server to use for lookups from the router itself, not
> necessarily the hosts connecting from inside of the router.
>
> > interface Ethernet0
> > description connected to EthernetLAN
> > ip address 66.173.244.233 255.255.255.248
> > no ip directed-broadcast
>
> Simple enough. The inside LAN IP address range is between 66.173.244.232
> and 66.173.244.239 You will notice that this is a 10mb/s connection, very
> possibly half-duplex due to the interface being "Ethernet" in Cisco
> terminology instead of "FastEthernet" (100mb/s) or "GigabitEthernet".
>
> Host computers connecting on this LAN segment, even on a crossover cable,
> will need to use an IP address in the range specified above with a subnet
> mask the same as specified above. The default gateway used by the host
> computers will be the IP address of the Ethernet0 interface on the Cisco
> router.
> I will include commands below to configure DHCP on this Cisco router for LAN
> use, just like the home brand equipment like SMC, DLink, and Linksys.
>
> > interface Serial0
> > description connected to Internet
> > ip address 66.173.245.58
> > 255.255.255.252
> > no ip directed-broadcast
> > encapsulation ppp
>
> Simple enough. Your router has a serial line connecting to an external
> CSU/DSU, so no additional configuration is needed than supplying the layer 3
> protocol (using an IP address) and the layer 2 protocol (PPP instead of HDLC
> or frame-relay or ATM). The DS-1 (T1) line has an IP address range between
> 66.173.245.56 and 66.173.245.59 which yields only two IP addresses -
> 66.173.245.58 for you and 66.173.245.57 for the ISP router upstream.
>
> > router rip
> > version 2
> > passive-interface Serial0
> > network 66.0.0.0
> > no auto-summary
>
> This is dynamic routing, RIP style, as opposed to EIGRP or OSPF or the
> others. If your had other routers downstream in your network, information
> on available networks including the Internet would be passed between
> routers. It does not sound like you have any so this section of the
> configuration is not needed.
> I do not like the "network 66.0.0.0" command and would prefer that it was
> "network 66.173.244.232", but it still works.
>
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 Serial0
> > ip http server
>
> The line "ip route 0.0.0.0 0.0.0.0 Serial0" means to send any default route
> traffic through interface serial 0. A default route is commonly expressed
> as subnet IP address 0.0.0.0 with a subnet mask of 0.0.0.0. Without this
> command, your router would not know which way to send network traffic bound
> for "default", a.k.a. anything not otherwise specified.
> Use the IOS command "show ip route" to see IP address range routing
> information. It shows how the LAN network is known, the WAN network to the
> ISP (all two usable addresses) is known, and anything that doesn't fall into
> those categories is "default" and falls under that line which looks
> something like "S* 0.0.0.0/0 [1/0] via Serial0".
>
> > snmp-server community public RO
> > snmp-server location Phone Room
> > !
> > line con 0
> > exec-timeout 0 0
> > password plaza
> > login
> > transport input none
> > line vty 0 4
> > password *****
> > login
> > !
> > end
>
> This remaining sections specifies SNMP information and information about
> logging into the router on VTY ports via telnet or the console port.
> Your SNMP community string is set to the word "public" which is a commonly
> known setting. I strongly suggest prohibiting that by some means - a "no
> snmp-server community public RO" command in configuration mode would do
> this.
>
> > I thing the problems are with the 0.0.0.0 serial address and the ip
> > classless settings.
>
> No, those are not the cause. Internet communication on the serial interface
> is fine. Default routing is fine.
>
> LAN connectivity has not been covered by this troubleshooting. What IP
> addresses were you using on this computer connected by a crossover cable to
> the router? Private IP address ranges (10.X.X.X / 172.16-31.X.X /
> 192.168.X.X) will not work. Here is the sample configuration for enabling a
> DHCP server on your Cisco router. Enter these commands in configuration
> mode:
>
> ip dhcp pool lan-dhcp-pool
> network 66.173.244.232 255.255.255.248
> domain-name cavtel.net
> dns-server address 209.137.160.2
> default-router 66.173.244.233
> ip dhcp excluded-address 66.173.244.233
>
> The IP address used by hosts in this LAN will be global Internet IP
> addresses and have no firewall between them and the Internet. I strongly
> suggest putting a good access-list on this router for filtering inbound
> network traffic or enabling features on the hosts to protect themselves from
> Internet threats. Lucky you! You have five usable static Internet IP
> addresses! Go put up a web server... or something.
>
> ===========
> Scott Perry
> ===========
> Indianapolis, Indiana
> ________________________________