Configurazione ADSL Infostrada

therider1290 · **Inviato:** mer 14 mar , 2012 11:01 pm

Ciao a tutti, mi sono appena iscritto, vi pongo un quesito che mi sta facendo diventare matto.
Ho un router cisco 877 che non riesco a configurare per Libero ADSL 8 mega.

Incapsulamento PPPoe LLC

lui funziona correttamente solo non riesco a vedere i siti web autenticati (in ebay non entro nel Mio eBay per esempio, non posso vedere i Cisco Supportforums.... ma banca per esempio funziona!! solo CERTI siti in https) oltre una certa lentezza a rispondere.
Inoltre la mia VPN nonostante avevo le acl e il nat corretto non andava.
allego configurazione

hostname ROUTER01

service password-encryption

enable secret <Password>
username <Username> privilege 15 secret <Password>

interface Vlan 1
description Internal Interface
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

interface ATM 0
description DSL Interface
ip directed-broadcast
ip mask-reply
ip route-cache flow
no ip address
dsl operating-mode auto
no shutdown
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1

interface Dialer 1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp pap sent-username <Username> password <Password>
ppp chap hostname <Username>
ppp chap password <Password>
no shut

ip access-list extended DSL_ACCESSLIST
100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list DSL_ACCESSLIST interface dialer 1 overload

ip domain name CavanaSystems.local
ip domain lookup
ip name-server 208.67.222.222
ip name-server 208.67.220.220

ip dhcp pool DSL_DHCP
network 192.168.1.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.1.1
import all

ip route 0.0.0.0 0.0.0.0 dialer 1

ntp server 193.204.114.232 prefer source Dialer1

line con 0
exec-timeout 15 0
logging synchronous
login local
no modem enable
line aux 0
exec-timeout 15 0
logging synchronous
login local
line vty 0 4
exec-timeout 15 0
logging synchronous
login local

Ragazzi chi mi aiuta ha la cena pagata, non so dove sbattere la testa!

bike70 · **Iscritto il:** sab 15 set , 2007 8:55 am **Messaggi:** 55

guarda ti allego nelle parti di interesse la mia.Infostrada 7mega.é strano notarlo ma in effetti l'incapuslamento dell'atm e cioè aal5snap è giusto (llc) ma io l'ho fatto in vc-mux e cioè aal4mux e funziona bene.

Cita:

hostname CIS-877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$bd/8$7OZgnM6spUV9ZRsjOqbce/
!
no aaa new-model
clock timezone CET 1
!
!
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.3
ip dhcp excluded-address 192.168.2.50
ip dhcp excluded-address 192.168.2.190
ip dhcp excluded-address 192.168.2.10
!
ip dhcp pool CLIENT
network 192.168.2.0 255.255.255.0
default-router 192.168.2.190
dns-server 193.70.152.15 193.70.152.25
lease 3
!
!
no ip cef
ip domain name casa.lan
ip name-server 193.70.152.15
ip name-server 193.70.152.25
ip ddns update method DYNDNS
HTTP
add http://user:password@members.dyndns.it/ ... s&hostname>
remove http://user:password@members.dyndns.it/ ... ndns&hostn>
interval maximum 28 0 0 0
!
no ipv6 cef
ntp server 193.204.114.232
!
multilink bundle-name authenticated
!
!
!
!
no spanning-tree vlan 1
username andrea password 7 0865094F0718091E011F0D406F
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key ***** address xx.xx.xx.34 no-xauth
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map myvpn local-address Dialer0
crypto map myvpn 10 ipsec-isakmp
set peer xx.xx.xx.34
set transform-set myset
match address 104
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface FastEthernet0
shutdown
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.2.190 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan10
no ip address
!
interface Dialer0
mtu 1492
ip ddns update hostname ******.ns0.it
ip ddns update DYNDNS
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname infostrada
ppp chap password 7 111E100B13
ppp pap sent-username infostrada password 7 14001B0508
crypto map myvpn
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 102 interface Dialer0 overload
no logging trap
access-list 102 deny ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 104 permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255

OHh, sono anche buono....ti ho messo pure la configurazione della vpn ipsec l2l , che funziona pure.
Ciao

therider1290 · **Inviato:** mer 14 mar , 2012 11:24 pm

che gli venisse un colpo a lui (877) e a tutta la cisco.

stessa roba di prima IDENTICA.

Ma cosa può essere?

therider1290 · **Inviato:** mer 14 mar , 2012 11:46 pm

allego ulteriori dettagli: neanche molti siti non autenticati non vanno, ad esempio linkedin.

questo scherzo mi era già successo una volta settando in pppoa un router netgear, sempre su questa linea, tornando in pppoe la cosa si è risolta.
come se ignorasse la mia configurazione e si connettesse lo stesso in pppoa.

anubisg1 · **Inviato:** gio 15 mar , 2012 10:07 am

questa è la mia config con adsl infostrada

Codice:

vpdn enable
!         
!         
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 no ip mroute-cache
 no cdp enable
 hold-queue 100 out
!         
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 hold-queue 224 in
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!         
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no ip mroute-cache
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME
 ppp chap password 7 0859454HY5GH4J5
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip nat inside source list 100 interface Dialer0 overload
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any

paolomat75 · **Inviato:** gio 15 mar , 2012 2:08 pm

La butto li.... non è che stai usando un DNS maffo?

therider1290 · **Inviato:** gio 15 mar , 2012 7:25 pm

I dns sono quelli di opendns.

I nomi li risolvo correttamente, per scrupolo sto provando con un altro 877 con ios fermo alla 12.4 e continua a NON funzionare correttamente.

cavolo ma cosa può essere? a me suona come MTU sbagliato! però è giusto! 1492! qualche anima pia sa il mtu da forzare all'interfaccia ATM?

therider1290 · **Inviato:** gio 15 mar , 2012 8:09 pm

FUNZIONAAAA

datemi un paio di giorni che faccio una configurazione bella ordinata, pulita con ddns e amenità varie che la posto per i posteri )))

therider1290 · **Inviato:** ven 16 mar , 2012 7:58 pm

Come promesso, allego per i posteri la mia configurazione rivelatasi funzionante dopo molte peripezie, il segreto era
vlan 1
ip tcp adjust-mss 1412

therider1290 · **Inviato:** ven 16 mar , 2012 7:58 pm

Allego qui configurazione completa

Router01#sh run
Building configuration...

Current configuration : 6852 bytes
!
! No configuration change since last restart
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router01
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 <Password>
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
!
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1377365583
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1377365583
revocation-check none
rsakeypair TP-self-signed-1377365583
!
!
crypto pki certificate chain TP-self-signed-1377365583
certificate self-signed 01
OMISSIS
quit
dot11 syslog
no ip source-route
!
ip dhcp excluded-address 192.168.1.100 192.168.1.254
!
ip dhcp pool DSL_DHCP
import all
network 192.168.1.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.1.1
!
!
!
ip cef
no ip bootp server
ip domain name <Nome_Dominio>
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
ip ddns update method DynDNS
HTTP
add http://<Username>:<Password>@members.dyndns.org/nic/update?system=dyndns&hostname=<Dominio>&myip=
remove http://<Username>:<Password>@members.dyndns.org/nic/update?system=dyndns&hostname=<Dominio>&myip=
interval maximum 28 0 0 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username luca privilege 15 secret 5 <Password>
!
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
description DSL Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description Outside Interface
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
description Internal Interface$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer1
description $FW_OUTSIDE$
ip ddns update hostname <Dominio>
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname <Username_ADSL>
ppp chap password 7 <Password_ADSL>
ppp pap sent-username <Username_ADSL> password 7 <Password_ADSL>
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 192.168.1.0 0.0.0.255 any
!
logging trap debugging
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp host 208.67.222.222 eq domain any
access-list 101 permit udp host 208.67.220.220 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
login authentication local_authen
no modem enable
transport output telnet
line aux 0
logging synchronous
login authentication local_authen
transport output telnet
line vty 0 4
authorization exec local_author
logging synchronous
login authentication local_authen
transport input telnet
!
scheduler allocate 4000 1000
scheduler interval 500
ntp server 193.204.114.232 prefer source Dialer1
end

Router01#sh ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 15.1(4)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 15-Jun-11 00:44 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

Router01 uptime is 18 hours, 56 minutes
System returned to ROM by reload at 00:12:14 CET Fri Mar 16 2012
System restarted at 00:13:08 CET Fri Mar 16 2012
System image file is "flash:c870-advipservicesk9-mz.151-4.M1.bin"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 877 (MPC8272) processor (revision 4.0) with 236544K/25600K bytes of memory.
Processor board ID FHK134678JF
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
128K bytes of non-volatile configuration memory.
53248K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

Router01#

Configurazione ADSL Infostrada

Chi c’è in linea