C 877 solo led OK acceso

[NY0]

Nella Vlan1 metti quello del router. Forse non ho capito bene la tua domanda.

Ok Paolo, nella Vlan1 metto ip l'interno del router e abilito il nat come hai detto giusto?

Invece la mia connessione adsl e' formata da un login e un ip statico assegnato dal provider x.x.x.x con netmask 255.255.255.255
Dove lo inserisco?

Si giusto. L'IP statico penso venga assegnato dal gestore dopo il login.
Almeno con alcuni ISP viene fatto così. Se non va mettilo tu fisso nel Dialer.
Sicuro della netmask? Mi sa molto che è sbagliata

Ciao

Dalla mail di attivazione mi hanno scritto quella, infatti in cli mi dice che e' sbagliata e metto 255.255.255.0 e non mi dice piu' errore...peccato che comunque non navigo
la mia configurazione su 877 e' la seguente:

Codice: Seleziona tutto

Building configuration...

Current configuration : 1363 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname provarouter
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 bundle-enable
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip address x.x.x.x 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp pap sent-username [email protected] password 7 035D435E1C1529545D
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 9 interface Dialer0 overload
!
access-list 9 permit 192.0.0.0
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
 stopbits 1
line aux 0
line vty 0 4
 password 7 1433000218102F392121303D7242
 login
!
scheduler max-task-time 5000
end

[paolomat75]

Dovrebbe essere 255.255.255.252.
Se la lasci ip in negoziazione non te lo assegnano?

[NY0]

Dovrebbe essere 255.255.255.252.
Se la lasci ip in negoziazione non te lo assegnano?

Ho provato in 252 ma non me lo accetta, provo ora a lasciarlo in negoziazione come fosse un ip fisso?
posso provare con quale conf abbastanza pronta?

[giubbe]

Prova questa configurazione.
A me funziona con aruba ip fisso 7
Devi solo mettere il tuo log aruba ipstatico e relativa pass


version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname giubbeRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 warnings
!
no aaa new-model
!
resource policy
!
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.120
!
ip dhcp pool sdm-pool
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 62.149.128.4 62.149.132.4
lease 0 2
!
!
ip cef
ip inspect log drop-pkt
ip inspect name Firewall dns
ip inspect name Firewall cuseeme
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
no ip ftp passive
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name Workgroup
ip name-server 62.149.128.4
ip name-server 62.149.132.4
!

(qui c'era tutto il crypto)

username xxxxxx privilege 15 password 0 yyyyyy
archive
log config
hidekeys
!
!
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1

ip address 10.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0

ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp header-compression
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname [email protected]
ppp chap password 0 99999999
ppp pap sent-username [email protected] password 0 9999999
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 10.0.0.30 80 interface Dialer0 80
ip nat inside source static udp 10.0.0.30 21 interface Dialer0 21
ip nat inside source static udp 10.0.0.30 80 interface Dialer0 80
ip nat inside source static tcp 10.0.0.77 50003 interface Dialer0 50003
ip nat inside source static tcp 10.0.0.79 50004 interface Dialer0 50004
ip nat inside source static tcp 10.0.0.72 50005 interface Dialer0 50005
ip nat inside source static tcp 10.0.0.71 50006 interface Dialer0 50006
!

access-list 1 permit 10.0.0.0 0.0.0.255

access-list 2 permit 10.0.0.0 0.0.0.255
access-list 2 deny any

access-list 100 permit ip 10.0.0.0 0.0.0.255 any
access-list 100 deny ip any any

access-list 101 permit udp host 62.149.128.4 eq domain any
access-list 101 permit udp host 62.149.132.4 eq domain any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 permit gre any any
access-list 101 permit tcp any any eq www log

access-list 101 permit tcp any any eq 50003
access-list 101 permit tcp any any eq 50004
access-list 101 permit tcp any any eq 50005
access-list 101 permit tcp any any eq 50006

access-list 101 permit udp any any eq discard
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.240.0.0 0.15.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
no modem enable
transport output telnet
stopbits 1
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
sntp server 192.43.244.18
end

[NY0]

grazie!
posso chiederti se l'hai fatta tu ? ora sono riuscito anche io ma voglio capire meglio la parte di firewall e acl..
Poi magari se la posto mi aiutate a migliorarla che dite?

[giubbe]

Fatta io.
Ho perso tante serate, perchè va impostata come un ip dinamico , ma è fisso.
Buona notte