Problem with 857

Answered Question
Dec 22nd, 2007
User Badges:

Was wondering if anyone could help me fugure out whats wrong with our 857 router. We wanter to upgrade our network with some vpn options, and chose the 857 router (none wlan). The problem is that we dont get an IP from our ISP. When we talk to the ISP they say that they have connection with the router, but for some reason the ip they send out doesnt stick.


We have the newest ios and the right settings(we think). Logicly, the problem seems to be something with the DHCP client thingy...


When debugging, the ISP and our router is communicating, but nothing more.


How do we continue our troubleshooting? Any ideas what the problem can be? What config should I have regarding the dhcp client protocol?

Correct Answer by Paolo Bevilacqua about 9 years 3 months ago

Hi,


PVC 8/35 is down due to OAM failure, beside it never receives anything.

Try:


int atm0.1

pvc 8/35

no oam-pvc manage


If that doesn't resolve, something is wrong with config by ISP side.





Correct Answer by Paolo Bevilacqua about 9 years 3 months ago

Hi,


most likely your ISP is using bridged and not routed encapsulation. Please configure:


interface ATM0.1 point-to-point

no ip address

no ip nat outside

no ip virtual-reassembly

bridge-group 1


interface BVI1

ip address dhcp

ip nat outside


bridge irb

bridge 1 route ip


no ip nat inside source list 1 interface ATM0.1 overload

ip nat inside source list 1 interface BVI1 overload


Let us know, please rate useful posts using the scrollbox below!




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
Paolo Bevilacqua Sat, 12/22/2007 - 05:37
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Please send router configuration and the technical details from ISP (eg, if PPP is used, VCI/VPI, etc)

Correct Answer
Paolo Bevilacqua Sun, 12/23/2007 - 04:40
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


most likely your ISP is using bridged and not routed encapsulation. Please configure:


interface ATM0.1 point-to-point

no ip address

no ip nat outside

no ip virtual-reassembly

bridge-group 1


interface BVI1

ip address dhcp

ip nat outside


bridge irb

bridge 1 route ip


no ip nat inside source list 1 interface ATM0.1 overload

ip nat inside source list 1 interface BVI1 overload


Let us know, please rate useful posts using the scrollbox below!




BrazzanCisco Tue, 12/25/2007 - 13:47
User Badges:

Thanks man! That worked just fine, beside from the automatic DNS server update... but we solved that by statictly tell the router about the dns server addresses.


The next item on the "To do List" is to arrange VPN passthrough to our win2k server. If we have any problems in that area we will surely be using this forum again!

Paolo Bevilacqua Tue, 12/25/2007 - 14:14
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Good to know it worked. To automatize dns, configure:


ip domain-lookup

ip dns server


and configure clients (static or dhcp), to use router's inside address as dns.


Thanks for the nice rating, good luck and happy X-mas!

BrazzanCisco Wed, 12/26/2007 - 02:53
User Badges:

The router whent down again when we changed it's location from the testenvironment to the real location.


What happens is that the BVI1 interface is always down for some reason and we dont get any response from ISP. In this post I've included config, debug etc for troubleshooting.





Paolo Bevilacqua Wed, 12/26/2007 - 03:27
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


Please collect "show dsl interface", "show atm pvc 8/35". No need to use atachments, it's little output.

BrazzanCisco Wed, 12/26/2007 - 03:54
User Badges:

show dsl interface


ATM0

Alcatel 20190 chipset information

ATU-R (DS) ATU-C (US)

Modem Status: Showtime (DMTDSL_SHOWTIME)

DSL Mode: ITU G.992.3 (ADSL2) Annex A

ITU STD NUM: 0x03 0x2

Chip Vendor ID: 'STMI' 'BDCM'

Chip Vendor Specific: 0x0000 0x6207

Chip Vendor Country: 0x0F 0xB5

Modem Vendor ID: 'CSCO' ' '

Modem Vendor Specific: 0x0000 0x0000

Modem Vendor Country: 0xB5 0x00

Serial Number Near: FCZ1141R4Y3

Serial Number Far:

Modem VersChip ID: C196 (0)

DFE BOM: DFE3.0 Annex A (1)

Chip ID: C196 (0)

DFE BOM: DFE3.0 Annex A (1)

Capacity Used: 99% 100%

Noise Margin: 7.0 dB 7.0 dB

Output Power: 18.5 dBm 10.0 dBm

Attenuation: 11.0 dB 3.0 dB

Defect Status: None None

Last Fail Code: None

Watchdog Counter: 0x47

Watchdog Resets: 0

Selftest Result: 0x00

Subfunction: 0x00

Interrupts: 65998 (0 spurious)

PHY Access Err: 0

Activations: 2

LED Status: ON

LED On Time: 100

LED Off Time: 100

Init FW: init_AMR-3.0.014_no_bist.bin

Operation FW: AMR-3.0.014.bin

FW Source: embedded

FW Version: 3.0.14


DS Channel1 DS Channel0 US Channel1 US Channel0

Speed (kbps): 0 11715 0 1210

Cells: 0 0 0 7

Reed-Solomon EC: 0 0 0 0

CRC Errors: 0 0 0 0

Header Errors: 0 0 0 0

Total BER: 0E-0 0E-0

Leakage Average BER: 0E-0 0E-0

Interleave Delay: 0 58 0 15

ATU-R (DS) ATU-C (US)

Bitswap: enabled enabled

Bitswap success: 0 0

Bitswap failure: 0 0


LOM Monitoring : Disabled



DMT Bits Per Bin

000: 0 0 0 0 0 0 0 8 A C C D E E E E

010: F F F F F F F F F E E D D C B A

020: 0 0 C D E E F F F F F F F F F F

030: F F F F F F F F F F F F F F F F

040: F F F F F F F F F F F F F F F F

050: F F F F F F F F F F F F F F F F

060: F F F F F F F F F F F F F F F F

070: F F F F F F F F F F F F F F F F

080: F F F F E F F F F F F F F E F F

090: F F E E E E 2 E E E E E E E E E

0A0: E E E E E E E E E E E E E E E E

0B0: E E E E E E E E E E E E E E E D

0C0: E E E E E E D D E D E E E E E D

0D0: E E E E E E E E E E D D D E D D

0E0: D E D D D D E D E E D E E D D D

0F0: D D D D D D D D D D D E D D E E


DSL: Training log buffer capability is not enabled






erik#show atm pvc 8/35

Description: N/A

ATM0.1: VCD: 1, VPI: 8, VCI: 35

UBR, PeakRate: 1210 (2854 cps)

AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0, Encapsize: 12

OAM frequency: 10 second(s), OAM retry frequency: 1 second(s)

OAM up retry count: 3, OAM down retry count: 5

OAM END CC Activate retry count: 3, OAM END CC Deactivate retry count: 3

OAM END CC retry frequency: 30 second(s),

OAM SEGMENT CC Activate retry count: 3, OAM SEGMENT CC Deactivate retry count: 3

OAM SEGMENT CC retry frequency: 30 second(s),

OAM Loopback status: OAM Sent

OAM VC Status: Not Verified

ILMI VC status: Not Managed

VC is managed by OAM.

InARP frequency: 15 minutes(s)

InPkts: 0, OutPkts: 0, InBytes: 0, OutBytes: 0

InPRoc: 0, OutPRoc: 0, Broadcasts: 0

InFast: 0, OutFast: 0, InAS: 0, OutAS: 0

InPktDrops: 0, OutPktDrops: 0/0/0 (holdq/outputq/total)

CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0

Out CLP=1 Pkts: 0

OAM cells received: 0

F5 InEndloop: 0, F5 InSegloop: 0,

F5 InEndcc: 0, F5 InSegcc: 0, F5 InAIS: 0, F5 InRDI: 0

F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0

OAM cells sent: 116

F5 OutEndloop: 116, F5 OutSegloop: 0,

F5 OutEndcc: 0, F5 OutSegcc: 0, F5 OutAIS: 0, F5 OutRDI: 0

F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0

OAM cell drops: 0

Status: DOWN, State: NOT_VERIFIED

erik#

Correct Answer
Paolo Bevilacqua Wed, 12/26/2007 - 04:19
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


PVC 8/35 is down due to OAM failure, beside it never receives anything.

Try:


int atm0.1

pvc 8/35

no oam-pvc manage


If that doesn't resolve, something is wrong with config by ISP side.





BrazzanCisco Wed, 12/26/2007 - 05:04
User Badges:

:) Everything works now! Thanks alot man, you've been most kind and helpfull!!

Paolo Bevilacqua Wed, 12/26/2007 - 05:09
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

No problem, thanks for the appreciation.


Happy Holidays too!

BrazzanCisco Thu, 12/27/2007 - 10:01
User Badges:

The router is now placed at the correct location and working just fine. next week we plan to configure vpn for remote access.


Instead of making a new post, I though I might as well post it here.


We want to allow access to the local network at the company through VPN. Basicly what we want, is to be able to get access to the local network and it's domain so that a few people can use the recources at work, from a remote location.


We figure this wont be to hard to do. As long ass we get a connection to the local network, our system handles the rest.

Paolo Bevilacqua Thu, 12/27/2007 - 10:53
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

And the question is ?

BrazzanCisco Thu, 12/27/2007 - 11:00
User Badges:

My question is:


How do we proceed to configure the router to allow remote access without using the webinterface and software.

Paolo Bevilacqua Thu, 12/27/2007 - 11:01
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

What is there at the "remote place", another router, or anything like that ?

BrazzanCisco Thu, 12/27/2007 - 11:07
User Badges:

No, it's just a server (win2k). We just want to get access to the local network so that we can run a cpl of .bat files. These files will map upp specifik network disks. These disks contain different databases for different programs. On the remote pc they will use the client version of the programs, and get the database access through the vpn connection.

Paolo Bevilacqua Thu, 12/27/2007 - 11:17
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Cisco supports a variety of VPN schemes, however interworking with the microsoft ones is not easy and I would not recommended it.


Unless you are willing to learn how to do the above, perhaps the easier thing is that you used some microsoft VPN client or sw like logmein, to do VPN that without touching the router.


The alternative is that you get a router at the other site also, then configure a VPN or tunnel on which all your applications would work without you touching the PC and the server.





BrazzanCisco Thu, 12/27/2007 - 11:25
User Badges:

hmm. I didnt think it would be such a problem. All we want is to get a local IP from the dhcp server... thats basicly it. With that we can get access to our server and the applications.

Paolo Bevilacqua Thu, 12/27/2007 - 11:50
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Indeed it is a problem that amounts to choosing a VPN technique and configuring it.


I gave you above the summary choices (there are others), you have to pick one and implement it.


But it not automatic, in fact far from it.

Actions

This Discussion