Cisco 857 - configuration failed

luca.prina · mer 13 feb , 2008 9:22 am

Ciao a tutti.
Ho un 857 (C850-ADVSECURITYK9-M Version 12.4(15)T1) configurato completamente da console (senza SDM), durante il reload mi compare però questo messaggio

Codice: Seleziona tutto

Cisco 857 (MPC8272) processor (revision 0x300) with 59392K/6144K bytes of memory
.
Processor board ID FCZ114592M6
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
20480K bytes of processor board System flash (Intel Strataflash)


Configuration failed!


Press RETURN to get started!

Lo strano è che il router funziona correttamente (anche l'accesso VPN), esiste un comando IOS che permette di visualizzare quali sono gli errori di configurazione in modo da poterli risolvere?
So che potrei lasciare tutto come è visto che funziona perfettamente però.. mi piacerebbe capire ....

Eventualmente posso postare la conf completa...
grazie a chi mi darà un suggerimento, saluti a tutti
Luca

active · mer 13 feb , 2008 10:03 am

luca.prina ha scritto:
Eventualmente posso postare la conf completa...

ecco sarebbe meglio

luca.prina · mer 13 feb , 2008 10:48 am

active ha scritto:
ecco sarebbe meglio

Avete ragione.... eccola

(scusate è un po lunga)

Codice: Seleziona tutto

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ciscorouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$JSrz$Xdrv6uQKlQqmmO8m/srBY1
!
no aaa new-model
!
crypto logging session
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90

!
crypto isakmp client configuration group grpXXXX
 key YYYYYY
 dns 10.10.20.2
 wins 10.10.20.2
 domain XXXXXXXX.local
 pool remote-pool
 acl 158
 save-password
 max-users 10
 max-logins 10
 banner ^C
--------------------------------------------------------------
System is RESTRICTED to authorized personnel ONLY
Unauthorized use of this system will be logged and prosecuted
to the fullest extent of the law.
If you are NOT authorized to use this system, LOG OFF NOW
--------------------------------------------------------------
   ^C
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
!
crypto dynamic-map remote-dyn 10
 set transform-set VPN-CLI-SET
!
!
crypto map remotemap local-address Loopback0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
!
!
crypto pki trustpoint TP-self-signed-888218954
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-888218954
 revocation-check none
 rsakeypair TP-self-signed-888218954
!
!
crypto pki certificate chain TP-self-signed-888218954
 certificate self-signed 01
  30820252 [....CUT.....] A29F
        quit
!
!
ip cef
ip inspect [....CUT.....]  vdolive

ip domain name XXXXXXXXXX.local
ip name-server 151.99.0.100
ip name-server 151.99.125.3
!
!
!
username [....CUT.....]
archive
 log config
  hidekeys
!
!
!
!
!
interface Loopback0
 ip address 88.50.XXX.YYY 255.255.255.248
 ip virtual-reassembly
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 ip address 88.54.ZZZ.WWW 255.255.255.252
 ip access-group 101 in
 ip verify unicast reverse-path
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 no snmp trap link-status
 pvc 8/35
  oam-pvc manage
  encapsulation aal5snap
 !
 crypto map remotemap
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description Inside-Lan
 ip address 10.10.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 hold-queue 100 out
!
ip local pool remote-pool 10.10.21.1 10.10.21.100
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 10.10.21.0 255.255.255.0 ATM0.1
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 110 interface Loopback0 overload
!
access-list 101 remark ***************************
access-list 101 remark *** ACL DA INTERNET     ***
access-list 101 permit ahp any host 88.50.XXX.YYY
access-list 101 permit esp any host 88.50.XXX.YYY
access-list 101 permit udp any host 88.50.XXX.YYY eq isakmp
access-list 101 permit udp any host 88.50.XXX.YYY eq non500-isakmp
access-list 101 permit udp host 151.99.0.100 eq domain host 88.50.XXX.YYY
access-list 101 permit udp host 151.99.125.3 eq domain host 88.50.XXX.YYY
access-list 101 deny   ip 10.10.20.0 0.0.0.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 101 remark ***************************
access-list 110 remark **********************************
access-list 110 remark *** ACL PER NAT VERSO INTERNET ***
access-list 110 deny   ip host 10.10.20.17 any
access-list 110 deny   ip host 10.10.20.18 any
access-list 110 deny   ip host 10.10.20.19 any
access-list 110 deny   ip host 10.10.20.14 any
access-list 110 deny   ip 10.10.20.0 0.0.0.255 10.10.21.0 0.0.0.255
access-list 110 permit ip 10.10.20.0 0.0.0.255 any
access-list 110 permit ip 10.10.21.0 0.0.0.255 any
access-list 110 remark **********************************
access-list 158 remark *** ACL PER SPLIT-TUNNEL DA VPN-CLIENT ***
access-list 158 remark *************************************************************
access-list 158 permit ip 10.10.20.0 0.0.0.255 10.10.21.0 0.0.0.255
access-list 158 remark *************************************************************
no cdp run
!
control-plane
!
banner login ^CC
--------------------------------------------------------------
System is RESTRICTED to authorized personnel ONLY
Unauthorized use of this system will be logged and prosecuted
to the fullest extent of the law.
If you are NOT authorized to use this system, LOG OFF NOW
--------------------------------------------------------------
  ^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input ssh
!
no scheduler max-task-time

Ovviamente accetto suggerimenti, critiche, ecc..ecc..

Grazie 1000, saluti
Luca

Wizard · mer 13 feb , 2008 1:07 pm

La config, dato che la hai copiata da una mia, è corretta

luca.prina · mer 13 feb , 2008 1:56 pm

Wizard ha scritto:La config, dato che la hai copiata da una mia, è corretta

Esatto.. e infatti ti ringrazio molto

... perchè solo guardando i post e ragionandoci sopra sono riuscito ad avere un router funzionante

solo che devo aver inserito qualche mia "cavolata" che causa in config error...

vedete qlc di anomalo?
grazie 1000... ciao ciao
L.

luca.prina · gio 14 feb , 2008 2:51 pm

Ciao..
nessuno mi può dare un piccolo suggerimento su come scoprire quale comando genera il "configuration failed!" ?

saluti e grazie
Luca

daysleeper · gio 14 feb , 2008 3:36 pm

Se non ricordo male un errore simile lo ha dato anche a me dopo che ho aggiornato da un ios che supportava determinati comandi a un altra ios che quei comandi non se li filava proprio.
Forse tra la tua ios e quella di wizard ci sta una differenza in qualche comando, magari quella di wizard ha delle features che la tua non ha.

proton · mer 12 mar , 2008 2:29 pm

Stesso problema sull'857W che ho a casa.... asd

Codice: Seleziona tutto

Configuration failed!

Inoltre ho solo 22MB di memoria disponibile, ogni tanto mi da problemi, penso proprio di venderlo

Cisco 857 - configuration failed

Login • Iscriviti