Link up ma nessun scambio dati su 877

[mmarangon61]

Cisco 877 con IOS 12.4.24T1 ma provate altre IOS e provati vari firmware. Configurazione con SDM e poi perfezionata e modificata da CLI. OS Linux. Spesso, a volte dopo 10 minuti a volte dopo giorni pur con la portante allineata, non c'è scambio dati. Il router si impalla. Bisogna riavviare il router. Collegato un PA VoIP PAP2. Noise Margin intorno ai 6 db. Questo il mio sh dsl int e sh run:

Grazie :-(

Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.5 (ADSL2+) Annex A
ITU STD NUM: 0x03 0x2
Chip Vendor ID: 'STMI' 'GSPN'
Chip Vendor Specific: 0x0000 0x0010
Chip Vendor Country: 0x0F 0xFF
Modem Vendor ID: 'CSCO' 'GSPN'
Modem Vendor Specific: 0x0000 0x1000
Modem Vendor Country: 0xB5 0xFF
Serial Number Near: FCZ1231926V
Serial Number Far:
Modem VerChip ID: C196 (0)
DFE BOM: DFE3.0 Annex A (1)
Capacity Used: 98% 100%
Noise Margin: 6.0 dB 9.5 dB
Output Power: 20.5 dBm 12.5 dBm
Attenuation: 31.0 dB 16.0 dB
FEC ES Errors: 0 0
ES Errors: 0 0
SES Errors: 0 0
LOSES Errors: 0 0
UES Errors: 0 0
Defect Status: None None
Last Fail Code: None
Watchdog Counter: 0x0F
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction: 0x00
Interrupts: 4160 (0 spurious)
PHY Access Err: 0
Activations: 1
LED Status: ON
LED On Time: 100
LED Off Time: 100
Init FW: init_AMR-3.0.014_no_bist.bin
Operation FW: AMR-3.0.014.bin
FW Source: embedded
FW Version: 3.0.14

DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 14822 0 986
Cells: 0 51987 0 8331551
Reed-Solomon EC: 0 2869 0 0
CRC Errors: 0 601 0 2
Header Errors: 0 538 0 0
Total BER: 0E-0 1488E-8
Leakage Average BER: 0E-0 1488E-8
Interleave Delay: 0 7 0 2
ATU-R (DS) ATU-C (US)
Bitswap: enabled enabled
Bitswap success: 0 0
Bitswap failure: 0 0





Current configuration : 11974 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$0ziq$May2.tejky8NkgvbVoO/i/
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3660863090
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3660863090
revocation-check none
rsakeypair TP-self-signed-3660863090
dot11 syslog
no ip source-route
ip dhcp excluded-address 192.168.2.23 192.168.2.254
ip dhcp excluded-address 192.168.2.2
!
ip dhcp pool sdm-pool1
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.2
!
!
ip port-map user-protocol--2 port udp 554
ip port-map user-protocol--3 port tcp from 16384 to 16482
ip port-map user-protocol--1 port tcp 587
ip port-map user-protocol--6 port tcp 6881
ip port-map user-protocol--7 port udp 4444
ip port-map user-protocol--4 port tcp 4662
ip port-map user-protocol--5 port udp 4672
ip cef
no ip bootp server
ip domain name yourdomain.com
ip name-server 192.168.2.3
!
!
!
!
username mario privilege 15 secret 5 $1$o6MH$rAN6cd.jM/tYIhgDczXDO/
!
!
!
archive
log config
hidekeys
class-map type inspect match-all sdm-nat-user-protocol--7-1
match access-group 115
match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 114
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 113
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 112
match protocol user-protocol--4
class-map type inspect match-any 111
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 111
match class-map 111
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 107
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-http-1
match access-group 101
match protocol http
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 105
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-imap-1
match access-group 104
match protocol imap
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-all sdm-nat-skinny-1
match access-group 110
match protocol skinny
class-map type inspect match-all sdm-nat-rtsp-1
match access-group 106
match protocol rtsp
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-h323-1
match access-group 109
match protocol h323
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
class-map type inspect match-all sdm-nat-https-1
match access-group 102
match protocol https
class-map type inspect match-all sdm-nat-sip-1
match access-group 108
match protocol sip
class-map type inspect match-all sdm-nat-ftp-1
match access-group 103
match protocol ftp
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-ftp-1
inspect
class type inspect sdm-nat-imap-1
inspect
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-rtsp-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-sip-1
inspect
class type inspect sdm-nat-h323-1
inspect
class type inspect sdm-nat-skinny-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class type inspect sdm-nat-user-protocol--7-1
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
drop
policy-map type inspect sdm-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl bitswap both
l2-filter bridge-group-acl
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport voice vlan 1
switchport priority default 7
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.2.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 1200
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 4096
ip nat service allow-h323-keepalive
ip nat service allow-skinny-even-rtp-port
ip nat service allow-h323-even-rtp-port
ip nat service port-randomization
ip nat inside source static tcp 192.168.2.3 80 interface Dialer0 80
ip nat inside source static tcp 192.168.2.3 443 interface Dialer0 443
ip nat inside source static tcp 192.168.2.3 21 interface Dialer0 21
ip nat inside source static tcp 192.168.2.3 143 interface Dialer0 143
ip nat inside source static tcp 192.168.2.3 587 interface Dialer0 587
ip nat inside source static tcp 192.168.2.3 554 interface Dialer0 554
ip nat inside source static udp 192.168.2.3 554 interface Dialer0 554
ip nat inside source static tcp 192.168.2.5 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.2.5 1720 interface Dialer0 1720
ip nat inside source static tcp 192.168.2.5 2000 interface Dialer0 2000
ip nat inside source static tcp 192.168.2.5 16384 interface Dialer0 16482
ip nat inside source static tcp 192.168.2.3 4662 interface Dialer0 4662
ip nat inside source static udp 192.168.2.3 4672 interface Dialer0 4672
ip nat inside source static tcp 192.168.2.3 6881 interface Dialer0 6881
ip nat inside source static udp 192.168.2.3 4444 interface Dialer0 4444
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.2.3
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.2.3
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.2.3
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.2.3
access-list 105 remark SDM_ACL Category=0
access-list 105 permit ip any host 192.168.2.3
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.2.3
access-list 107 remark SDM_ACL Category=0
access-list 107 permit ip any host 192.168.2.3
access-list 108 remark SDM_ACL Category=0
access-list 108 permit ip any host 192.168.2.5
access-list 109 remark SDM_ACL Category=0
access-list 109 permit ip any host 192.168.2.5
access-list 110 remark SDM_ACL Category=0
access-list 110 permit ip any host 192.168.2.5
access-list 111 remark SDM_ACL Category=0
access-list 111 permit ip any host 192.168.2.5
access-list 112 remark SDM_ACL Category=0
access-list 112 permit ip any host 192.168.2.3
access-list 113 remark SDM_ACL Category=0
access-list 113 permit ip any host 192.168.2.3
access-list 114 remark SDM_ACL Category=0
access-list 114 permit ip any host 192.168.2.3
access-list 115 remark SDM_ACL Category=0
access-list 115 permit ip any host 192.168.2.3
dialer-list 1 protocol ip permit
no cdp run

[Gianremo.Smisek]

Quanta RAM ha il router? Con tutte quelle inspect e con molto traffico peer-to-peer puo' andar KO. Purtroppo hai anche la linea fisica (doppino) al limite.


ciao

[mmarangon61]

Quanta RAM ha il router? Con tutte quelle inspect e con molto traffico peer-to-peer puo' andar KO. Purtroppo hai anche la linea fisica (doppino) al limite.


ciao

Ho 128 mb di RAM. Sia che faccia P2P o meno si impalla. Anzi, raramente faccio P2P. Si impalla anche in condizioni di nessun scambio dati. Il doppino in effetti è al limite, ma ciò (credo) potrebbe spiegare disconnessioni (che in effetto avvengono) ma non un link su e nessun traffico. Il mio ISP mi rassicura sul fatto che non perdo l'IP pubblico. Provati anche DNS pubblici ma nulla. Le inspect quasi tutte me le installa di dafault SDM a parte le mie che credo visibili nel nat. Aggiungo che sembra un fatto di linea più che di router KO in effetti quando si impalla entro regolarmente per un reload con telenet sul gateway. Grazie per l'attenzione.

[Gianremo.Smisek]

prova a cancellare il superfluo aggiunto in config da SDM. Meglio se rifai la cfg da 0 dopo un erase start e reload, senza SDM.

ciao