HELP Configuring 837 ADSL Router for Tiscali (uk)

I have aquried a cisco 837 ADSL router and i need help in configuring
it for use on my tiscali ADSL connection. I have tried many different
configurations and none seem to work. I have used CRWS and found this
to be no help at all, my current config follows. Any ideas on how i
can get this working, or where i am going wrong? I can talk to it
quite happily with the PC but the atm0 and dialer0 dont seem to do
anything. I managed to find the tiscali settings but dont really know
where they all should go.

Thanks

The tiscali settings are as follows:

Virtual Circuit Identifier - VCI 38
Virtual Path Identifier - VPI 0
Encapsulation Mode VCMux
Authentication Type CHAP
Protocol RFC 2364:
PPP over ATM (PPPoA)
Modulation Type G.DMT or Auto
Tiscali Primary DNS Server 212.74.112.66
Tiscali Secondary DNS Server 212.74.112.67


My current config is as follows:


cisco#sho run
Building configuration...

Current configuration : 2327 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxx
enable password xxx
!
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 212.74.112.67 213.200.77.169
default-router 192.168.0.1
!
!
ip domain name tiscali.net
ip name-server 192.168.0.1
ip name-server 213.200.77.169
no ip bootp server
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
description $FW_INSIDE$$ETH-LAN$$INTF-INFO-Ethernet 10/100$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 0 xxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end

 

Hi Ian,

Your PPP settings should be something like this

ppp authentication chap pap callin
ppp chap hostname your_isp_username
ppp chap password your_isp_password
ppp pap sent-username your_isp_username password your_isp_password

Once you have changed those settings try from the console
"debug ppp authentication"
This should spit out authentication details concerning authentication
its possible thats not working.

Run a "show ip int brief" to see the status of all your interfaces
once you have changed the settings.
Also make sure your pcs are actually getting IP addresses via DHCP
configured on the router.

Rob

 

Hi Rob

Thanks for your reply.
I put in the missing info:

xxxxxxxx's being my info

ppp authentication chap callin
ppp chap hostname
ppp chap password xxxxxx
ppp pap sent-username password xxxxxxx


The problem appears that the router isnt even attempting to connect to
the adsl connection --- LAN is fine as im getting an IP in the DHCP
range on eth0.

However I suspect my whole configuration as this has been total
guesswork until now.

Ive created the line : ip name-server 213.200.77.169 from connecting
to tiscali and running a tracert to an ip address on the net - this IP
was from a tiscali server on the tracert.

as you could see on my first message the setting tiscali tell
customers to use dont show an ip address just 2 x dns address.





I then set up the debug as you recommended but nothing is coming out
at all.

the show int brief is below:

Interface IP-Address OK? Method Status
Protocol

ATM0 unassigned YES unset down
down

Dialer0 unassigned YES manual up
up

Ethernet0 192.168.0.1 YES manual up
up

FastEthernet1 unassigned YES unset up
up

FastEthernet2 unassigned YES unset administratively
down down

FastEthernet3 unassigned YES unset administratively
down down

FastEthernet4 unassigned YES unset administratively
down down


I would expect ATM0 to be up or does this only come up when a
connection is made ---- also the LED's on the router are just flashing
(RXD - TXD) the CD never comes on


Thanks for your time

any more suggestions

Ian

 

Ian,

-Make sure that the "ppp authentication chap pap callin" is put in as
is as your previous post does not have this change, note the "pap
callin" at the end.
-On the atm0 interface have you added "atm vc-per-vp 64"?
Now it might not show up on a show run but just to make sure.!!
-Your pvc setting is correct as this is generic to most of the UK.(BT)
Everything appears to be correct at first glance.
-Are you logged on to the router via console?
Need to make sure that you can see any debugs???
-also run "debug atm events" see what that spits out.

-In respect of the name server commands you mentioned if your computers
are pointing to other dns servers on the outside world then your pcs
wont even query the router for DNS resolution they will go straight out
to your ISP dns servers.
-Change the ip name-server to both ISP DNS servers not to the routers.
-Remove the "dialer-list 1 protocol ip permit " for the time being.

-Once you have changed the settings I mentioned run all the debugs ie
from the console and do a "show ip int brief" see if the dialer
interface has been assigned an ip address.
If not try "ip address dhcp" on the dialer interface.

Rob

 

Here is a sample config. I have cut out access lists
and the like but it should
get you going I think. You SHOULD put in some
filtering (use the web thingy) to protect you from the internet.

Everything should be OK apart from the NAT.

version 12.3
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 debugging
no logging console
!
clock timezone GMT 0
aaa new-model
!
!
aaa authentication login userauthenticate local
aaa authorization network groupauthorise local
aaa session-id common
ip subnet-zero
no ip source-route
ip name-server 212.23.8.1
ip name-server 212.23.8.6
!
!
no ip bootp server
ip cef
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
ip address xx.xx.163.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1392
no ip mroute-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
mtu 4470
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
dsl enable-training-log
!
interface Dialer1
description $FW_OUTSIDE$
ip address 32.60.134.62 255.255.255.248
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside

encapsulation ppp
no ip route-cache
ip tcp adjust-mss 1392
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxx
ppp chap password 7 xxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map fw1
!
!ip nat inside source route-map nonat interface Dialer1 overload
! there follows a GUESS at a valid NAT statement.
ip nat inside source interface Dialer1 overload

!ip nat inside source static yyy.yyy.163.251 xx.xx.134.61 route-map
static-nat extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
no logging trap

dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
!
line con 0
exec-timeout 60 0
no modem enable
transport preferred all
transport output none
stopbits 1
line aux 0
exec-timeout 0 1
no exec
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 60 0
privilege level 15
transport preferred all
transport input telnet ssh
transport output all

 

Rob

Still no joy with those settings


I will start again from default just in case ive got some bad setting
in the router

I will let you know how I get on


Thanks again



Sorry reply is late, but work takes over in the week

Cheers

 

Thanks for this I will give it a try.

Could you tell me if this is a working config to Tiscali in the UK or a
general setup

Cheers

 

Ian,

ADSL settings are pretty generic here in the UK no matter which ISP you
are with because at the end of the day its all linked back to BT.
All authentication and ATM settings are done on BT systems even though
Im with one ISP and you with another.

The settings you have supplied from Tiscali are exactly the same for
PIPEX,ECLIPSE and BT themselves.

I have setups with all these ISPs with Cisco Routers and the only
differences being username, password and IP settings.

Not sure from your previous post but have you tried the settings I
mentioned a few posts back?
If you have please post a new version of your config.
or if you like post me your email address and I shall send you a
current working config from one of our 837 routers.

Rob

 

Rob,

Sorry ive been so long getting back to you. Ive been away for a few
days.

If you could send me a working config to
I would very much appreciate that

Ive done everything youve asked me to until this point but im still not
seeing activity when im in the debug mode.
Im starting to think the port is knackered, however ive been told this
was definately a working router.


Thanks Again for your help

Ian

 

Hi Ian,

No worries,

I can see in the original config in this post has got
//<
"no logging console"
//>

You'll need to enable it by
//<
"logging console debugging"
//>

This is why you are not seeing any debugs.

Dont think your email address displayed correctly but send me an email
to
roboravec TA hotmail TOD com
and we can discuss this over email if you prefer.

Rob

 

Hi,

Paste in the config that I sent and post the resultant show run.

You will need in a couple of places to put in your IP address, mask,
user, passwords.

also post your IP address ranges.

The config I sent was pretty much a working config.

 

Some security too

Here is a little security.... (Might want to copy this into your console too)

access-list 111 remark This protects networks from RPC vulnerabilities
access-list 111 deny udp any any eq 135
access-list 111 deny udp any any eq netbios-ns
access-list 111 deny udp any any eq netbios-dgm
access-list 111 deny udp any any eq tftp
access-list 111 deny tcp any any eq 135
access-list 111 deny tcp any any eq 139
access-list 111 deny tcp any any eq 445
access-list 111 deny tcp any any eq 593
access-list 111 deny tcp any any eq 4444
access-list 111 remark This protects against the Cisco IPv4 IOSvulnerability
access-list 111 permit tcp any any
access-list 111 permit udp any any
access-list 111 deny 53 any any
access-list 111 deny 55 any any
access-list 111 deny 77 any any
access-list 111 deny pim any any
access-list 111 permit ip any any

:captain: