HELP Configuring 837 ADSL Router for Tiscali (uk)

Discussion in 'Cisco' started by Ian, Feb 20, 2005.

  1. Ian

    Ian Guest

    I have aquried a cisco 837 ADSL router and i need help in configuring
    it for use on my tiscali ADSL connection. I have tried many different
    configurations and none seem to work. I have used CRWS and found this
    to be no help at all, my current config follows. Any ideas on how i
    can get this working, or where i am going wrong? I can talk to it
    quite happily with the PC but the atm0 and dialer0 dont seem to do
    anything. I managed to find the tiscali settings but dont really know
    where they all should go.

    Thanks

    The tiscali settings are as follows:

    Virtual Circuit Identifier - VCI 38
    Virtual Path Identifier - VPI 0
    Encapsulation Mode VCMux
    Authentication Type CHAP
    Protocol RFC 2364:
    PPP over ATM (PPPoA)
    Modulation Type G.DMT or Auto
    Tiscali Primary DNS Server 212.74.112.66
    Tiscali Secondary DNS Server 212.74.112.67


    My current config is as follows:


    cisco#sho run
    Building configuration...

    Current configuration : 2327 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname cisco
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 xxxxxxxxxxx
    enable password xxx
    !
    no aaa new-model
    ip subnet-zero
    no ip source-route
    !
    !
    ip dhcp excluded-address 192.168.0.1
    !
    ip dhcp pool sdm-pool1
    import all
    network 192.168.0.0 255.255.255.0
    dns-server 212.74.112.67 213.200.77.169
    default-router 192.168.0.1
    !
    !
    ip domain name tiscali.net
    ip name-server 192.168.0.1
    ip name-server 213.200.77.169
    no ip bootp server
    ip ips po max-events 100
    no ftp-server write-enable
    !
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    description $FW_INSIDE$$ETH-LAN$$INTF-INFO-Ethernet 10/100$
    ip address 192.168.0.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    no cdp enable
    hold-queue 100 out
    !
    interface
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no atm ilmi-keepalive
    dsl operating-mode auto
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet3
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet4
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Dialer0
    ip address negotiated
    ip mtu 1452
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname [email protected]
    ppp chap password 0 xxxxxxxxx
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip nat inside source list 1 interface Dialer0 overload
    !
    !
    access-list 1 remark INSIDE_IF=Ethernet0
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    dialer-list 1 protocol ip permit
    no cdp run
    !
    control-plane
    !
    banner login ^CCAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    no modem enable
    transport preferred all
    transport output all
    line aux 0
    line vty 0 4
    !
    scheduler max-task-time 5000
    end
     
    Ian, Feb 20, 2005
    #1
    1. Advertisements

  2. Ian

    RobO Guest

    Hi Ian,

    Your PPP settings should be something like this

    ppp authentication chap pap callin
    ppp chap hostname your_isp_username
    ppp chap password your_isp_password
    ppp pap sent-username your_isp_username password your_isp_password

    Once you have changed those settings try from the console
    "debug ppp authentication"
    This should spit out authentication details concerning authentication
    its possible thats not working.

    Run a "show ip int brief" to see the status of all your interfaces
    once you have changed the settings.
    Also make sure your pcs are actually getting IP addresses via DHCP
    configured on the router.

    Rob
     
    RobO, Feb 20, 2005
    #2
    1. Advertisements

  3. Ian

    Ian Guest

    Hi Rob

    Thanks for your reply.
    I put in the missing info:

    xxxxxxxx's being my info

    ppp authentication chap callin
    ppp chap hostname
    ppp chap password xxxxxx
    ppp pap sent-username password xxxxxxx


    The problem appears that the router isnt even attempting to connect to
    the adsl connection --- LAN is fine as im getting an IP in the DHCP
    range on eth0.

    However I suspect my whole configuration as this has been total
    guesswork until now.

    Ive created the line : ip name-server 213.200.77.169 from connecting
    to tiscali and running a tracert to an ip address on the net - this IP
    was from a tiscali server on the tracert.

    as you could see on my first message the setting tiscali tell
    customers to use dont show an ip address just 2 x dns address.





    I then set up the debug as you recommended but nothing is coming out
    at all.

    the show int brief is below:

    Interface IP-Address OK? Method Status
    Protocol

    ATM0 unassigned YES unset down
    down

    Dialer0 unassigned YES manual up
    up

    Ethernet0 192.168.0.1 YES manual up
    up

    FastEthernet1 unassigned YES unset up
    up

    FastEthernet2 unassigned YES unset administratively
    down down

    FastEthernet3 unassigned YES unset administratively
    down down

    FastEthernet4 unassigned YES unset administratively
    down down


    I would expect ATM0 to be up or does this only come up when a
    connection is made ---- also the LED's on the router are just flashing
    (RXD - TXD) the CD never comes on


    Thanks for your time

    any more suggestions

    Ian
     
    Ian, Feb 20, 2005
    #3
  4. Ian

    RobO Guest

    Ian,

    -Make sure that the "ppp authentication chap pap callin" is put in as
    is as your previous post does not have this change, note the "pap
    callin" at the end.
    -On the atm0 interface have you added "atm vc-per-vp 64"?
    Now it might not show up on a show run but just to make sure.!!
    -Your pvc setting is correct as this is generic to most of the UK.(BT)
    Everything appears to be correct at first glance.
    -Are you logged on to the router via console?
    Need to make sure that you can see any debugs???
    -also run "debug atm events" see what that spits out.

    -In respect of the name server commands you mentioned if your computers
    are pointing to other dns servers on the outside world then your pcs
    wont even query the router for DNS resolution they will go straight out
    to your ISP dns servers.
    -Change the ip name-server to both ISP DNS servers not to the routers.
    -Remove the "dialer-list 1 protocol ip permit " for the time being.

    -Once you have changed the settings I mentioned run all the debugs ie
    from the console and do a "show ip int brief" see if the dialer
    interface has been assigned an ip address.
    If not try "ip address dhcp" on the dialer interface.

    Rob
     
    RobO, Feb 20, 2005
    #4
  5. Ian

    anybody43 Guest

    Here is a sample config. I have cut out access lists
    and the like but it should
    get you going I think. You SHOULD put in some
    filtering (use the web thingy) to protect you from the internet.

    Everything should be OK apart from the NAT.

    version 12.3
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 32000 debugging
    no logging console
    !
    clock timezone GMT 0
    aaa new-model
    !
    !
    aaa authentication login userauthenticate local
    aaa authorization network groupauthorise local
    aaa session-id common
    ip subnet-zero
    no ip source-route
    ip name-server 212.23.8.1
    ip name-server 212.23.8.6
    !
    !
    no ip bootp server
    ip cef
    ip ssh time-out 60
    ip ssh authentication-retries 2
    no ftp-server write-enable
    !
    !
    interface Null0
    no ip unreachables
    !
    interface Ethernet0
    ip address xx.xx.163.254 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip tcp adjust-mss 1392
    no ip mroute-cache
    no cdp enable
    hold-queue 100 out
    !
    interface ATM0
    mtu 4470
    no ip address
    atm vc-per-vp 64
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    dsl enable-training-log
    !
    interface Dialer1
    description $FW_OUTSIDE$
    ip address 32.60.134.62 255.255.255.248
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 1492
    ip nat outside

    encapsulation ppp
    no ip route-cache
    ip tcp adjust-mss 1392
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname xxxxxxxx
    ppp chap password 7 xxxxxxxxxxxx
    ppp ipcp dns request
    ppp ipcp wins request
    crypto map fw1
    !
    !ip nat inside source route-map nonat interface Dialer1 overload
    ! there follows a GUESS at a valid NAT statement.
    ip nat inside source interface Dialer1 overload

    !ip nat inside source static yyy.yyy.163.251 xx.xx.134.61 route-map
    static-nat extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    no ip http server
    !
    !
    no logging trap

    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    control-plane
    !
    !
    line con 0
    exec-timeout 60 0
    no modem enable
    transport preferred all
    transport output none
    stopbits 1
    line aux 0
    exec-timeout 0 1
    no exec
    transport preferred all
    transport output all
    stopbits 1
    line vty 0 4
    exec-timeout 60 0
    privilege level 15
    transport preferred all
    transport input telnet ssh
    transport output all
     
    anybody43, Feb 21, 2005
    #5
  6. Ian

    Dracula Guest

    Rob

    Still no joy with those settings


    I will start again from default just in case ive got some bad setting
    in the router

    I will let you know how I get on


    Thanks again



    Sorry reply is late, but work takes over in the week

    Cheers
     
    Dracula, Feb 22, 2005
    #6
  7. Ian

    Dracula Guest

    Thanks for this I will give it a try.

    Could you tell me if this is a working config to Tiscali in the UK or a
    general setup

    Cheers
     
    Dracula, Feb 22, 2005
    #7
  8. Ian

    RobO Guest

    Ian,

    ADSL settings are pretty generic here in the UK no matter which ISP you
    are with because at the end of the day its all linked back to BT.
    All authentication and ATM settings are done on BT systems even though
    Im with one ISP and you with another.

    The settings you have supplied from Tiscali are exactly the same for
    PIPEX,ECLIPSE and BT themselves.

    I have setups with all these ISPs with Cisco Routers and the only
    differences being username, password and IP settings.

    Not sure from your previous post but have you tried the settings I
    mentioned a few posts back?
    If you have please post a new version of your config.
    or if you like post me your email address and I shall send you a
    current working config from one of our 837 routers.

    Rob
     
    RobO, Feb 22, 2005
    #8
  9. Ian

    Dracula Guest

    Rob,

    Sorry ive been so long getting back to you. Ive been away for a few
    days.

    If you could send me a working config to
    I would very much appreciate that

    Ive done everything youve asked me to until this point but im still not
    seeing activity when im in the debug mode.
    Im starting to think the port is knackered, however ive been told this
    was definately a working router.


    Thanks Again for your help

    Ian
     
    Dracula, Mar 1, 2005
    #9
  10. Ian

    RobO Guest

    Hi Ian,

    No worries,

    I can see in the original config in this post has got
    //<
    "no logging console"
    //>

    You'll need to enable it by
    //<
    "logging console debugging"
    //>

    This is why you are not seeing any debugs.

    Dont think your email address displayed correctly but send me an email
    to
    roboravec TA hotmail TOD com
    and we can discuss this over email if you prefer.

    Rob
     
    RobO, Mar 1, 2005
    #10
  11. Ian

    anybody43 Guest

    Hi,

    Paste in the config that I sent and post the resultant show run.

    You will need in a couple of places to put in your IP address, mask,
    user, passwords.

    also post your IP address ranges.

    The config I sent was pretty much a working config.
     
    anybody43, Mar 1, 2005
    #11
  12. Ian

    mpgibbs

    Joined:
    Jan 22, 2008
    Messages:
    1
    Likes Received:
    0
    Some security too

    Here is a little security.... (Might want to copy this into your console too)

    access-list 111 remark This protects networks from RPC vulnerabilities
    access-list 111 deny udp any any eq 135
    access-list 111 deny udp any any eq netbios-ns
    access-list 111 deny udp any any eq netbios-dgm
    access-list 111 deny udp any any eq tftp
    access-list 111 deny tcp any any eq 135
    access-list 111 deny tcp any any eq 139
    access-list 111 deny tcp any any eq 445
    access-list 111 deny tcp any any eq 593
    access-list 111 deny tcp any any eq 4444
    access-list 111 remark This protects against the Cisco IPv4 IOSvulnerability
    access-list 111 permit tcp any any
    access-list 111 permit udp any any
    access-list 111 deny 53 any any
    access-list 111 deny 55 any any
    access-list 111 deny 77 any any
    access-list 111 deny pim any any
    access-list 111 permit ip any any

    :captain:
     
    mpgibbs, Jan 22, 2008
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.