01-04-2012 10:23 AM - edited 03-04-2019 02:49 PM
Happy New Years Guys,
I have a cisco 870 router which I'm trying to connect to my ISP all the interfaces are in a up, up state. But I'm unable to ping any IP address on the internet.
When I do a debug ppp I can see that the username and password are correct with the dialer 1 interface as there is no errors and I can see success.
But when I shutdown the atm0 interface and then do a no shutdown I see a message called authentication failed.
How does the atm0 interface work with the dialer, what could be the problem?
Also I spoke to the ISP and they can't see any connection being made but the debug shows success. I also get a default gateway via the ISP but it is the incorrect default gateway as I can't ping the internet and the ISP confirms that the default gateway is incorrect.
Thanks
01-05-2012 06:59 AM
Post relevant config and "show ip route".
01-05-2012 07:04 AM
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.35.0 is directly connected, Vlan1
46.0.0.0/32 is subnetted, 1 subnets
C 46.247.0.67 is directly connected, Dialer1
S* 0.0.0.0/0 is directly connected, Dialer1
!
!
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
no ip bootp server
no ip domain lookup
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip telnet source-interface Vlan1
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip mask-reply
no ip proxy-arp
ip mtu 1500
ip load-sharing per-packet
ip virtual-reassembly
atm route-bridged ip
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
arp timeout 300
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
no ip address
!
interface Vlan1
ip address 192.168.35.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
ip unnumbered Vlan1
ip access-group 101 in
no ip unreachables
ip mtu 1492
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1446
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXX
ppp chap password XXXXXXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXXXXXXXXX password XXXXXXXXXXXX
hold-queue 224 in
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 110 interface Dialer1 overload
!
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
01-05-2012 07:12 AM
You have the correct route.
Remove ip inspect and access-group.
You don't need MSS adjust on dialer interface.
01-05-2012 07:24 AM
I have done that now I get a .70 route which is injected, where before it was .60
004144: *Mar 1 02:43:46.298: Di1 IPCP: Install route to 46.247.0.70
004145: *Mar 1 02:43:46.298: Vi2 IPCP: Add link info for cef entry 46.247.0.70
004146: *Mar 1 02:43:47.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
01-05-2012 07:44 AM
It doesn't matter. The static default overrides the IPCP one. And if if it didn't whatever the value recevied, it wouldn't matter anyway, as long packets go out the correct interface.
01-05-2012 07:51 AM
ok but I can't ping out.
ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
So is it still not working.
01-05-2012 07:57 AM
try a traceroute.
All failing, complain to ISP.
01-05-2012 10:56 AM
traceroot fails,
I spoke to the ISP and they say that it is nothing wong on there side.
Does my config look correct?
Also where is the 46. route comming from?
Could it be a bug on the IOS?
01-05-2012 12:19 PM
Traceroute fails how ?
You can take further debugs, but more likely is a problem with ISP. You can prove that using another router, ot se bridge mode and terminate PPPoE on a PC.
01-05-2012 02:35 PM
I dont know why it fails.
I have tried a netgear and that it able to access the internet, but the cisco it not.
Is there anything wrong with the config, the debugs above show that the username and password are correct.
01-05-2012 02:42 PM
do
interface Dialer1
ip address negotiated
no ip mtu 1492
no ip access-group 101 in
no ip tcp adjust-mss
interface vlan1
no ip tcp adjust-mss
And remove all and any "ip inspect" commands.
01-05-2012 02:45 PM
i've did that no luck, also all router lights are green.
01-05-2012 02:46 PM
After done the commands above, send revised config.
01-05-2012 02:54 PM
!
!
ip cef
no ip bootp server
no ip domain lookup
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip telnet source-interface Vlan1
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip mask-reply
no ip proxy-arp
ip mtu 1500
ip load-sharing per-packet
ip virtual-reassembly
atm route-bridged ip
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
arp timeout 300
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
no ip address
!
interface Vlan1
ip address 192.168.35.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Dialer1
ip address negotiated
ip unnumbered Vlan1
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname XXXXXXXXXX
ppp chap password XXXXXXXXXXX
ppp pap sent-username XXXXXXXX password XXXXXXXX
hold-queue 224 in
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 110 interface Dialer1 overload
!
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
01-05-2012 03:02 PM
Interesting stubborn case.
Please do
interface dialer1
no ip unnumbered Vlan1
access-list 110 permit 192.168.35.0 0.0.0.255 any
(that may change if you use VPN later)
and take debug ppp neg again.
You should see router get an Ip address finally, and things working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: