configurazione cisco 877

[k1ll3r]

ciao a tutti ragazzi...ho dei problemi con la configurazione di questo "router" visto che non ho mai configurato un router con modem integrato e switch integrato...come provider ho alice e questo sono lo show running config e lo show interfaces
che c'è che non va?
grazie in anticipo per le risposte!!!

[Gianremo.Smisek]

manca
ip nat outside sulla dialer0. Non devi metterlo sull'ATM.

Poi togli la regola di nat superflua.
ciao

[k1ll3r]

allora...se vi può essere di aiuto ho alice 7 mega e penso che pure chi userà questo router la abbia...

questo è lo strano scherzo che mi fa...:

Codice: Seleziona tutto

massimo#
*Jun 19 11:28:58.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Jun 19 11:29:00.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Jun 19 11:29:20.099: %LINK-3-UPDOWN: Interface ATM0, changed state to up
*Jun 19 11:29:21.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up
*Jun 19 11:29:29.431: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Jun 19 11:29:29.443: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Jun 19 11:29:29.651: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
*Jun 19 11:29:29.655: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
*Jun 19 11:29:51.971: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Jun 19 11:29:51.975: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Jun 19 11:29:52.195: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
*Jun 19 11:29:52.199: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
*Jun 19 11:30:14.599: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Jun 19 11:30:14.607: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Jun 19 11:30:14.803: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
*Jun 19 11:30:14.807: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
*Jun 19 11:30:37.079: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Jun 19 11:30:37.083: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Jun 19 11:30:37.271: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
*Jun 19 11:30:37.275: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
massimo#ping 192.168.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
massimo#
*Jun 19 11:30:59.631: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Jun 19 11:30:59.635: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Jun 19 11:30:59.859: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
*Jun 19 11:30:59.863: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

appena connetto il cavo del telefono fa così...ho riimpostato tutto, levato la regola superflua ecc...ah poi come potete vedere da quel che ho postato non mi pinga la macchina...con la macchina pingo il router ma non viceversa... suggerimenti?

[Gianremo.Smisek]

Misa' tanto che il PPP non riesce a salire. Hai configurato correttamente user e passwd in PAP/CHAP? Potresti reincollare lo sh run su nopaste? (lo hanno deletato). Visto che ti trovi, incolla anche uno sh dsl int atm0


ciao

P.S. nel frattempo hai migrato ip nat outside dall'ATM alla Dialer0?

[k1ll3r]

user e password dovrebbero essere le classiche...aliceadsl aliceadsl...
ora riincollo tutto...

comunque ho rifatto tutto da 0...ho eliminato dialer0 e usato amt0.1 point-to-point

[k1ll3r]

lo show run: (ho rimesso dialer0 ma non so se la acl 131 ci sta bene li...male che vada tronco tutto)

Codice: Seleziona tutto

Building configuration...

Current configuration : 5665 bytes
!
version 12.4
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname massimo
!
boot-start-marker
boot-end-marker
!
logging exception 100000
logging count
logging userinfo
logging queue-limit 10000
logging buffered 150000 notifications
logging console critical
enable secret 5 $1$L3HT$xX3IUuWANpHsaey3PflX..
enable password 7 14141B180F0B
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
ip cef
!
!
!
!
no ip bootp server
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name IDS tcp
ip inspect name IDS udp
ip inspect name IDS ftp
login block-for 1 attempts 3 within 30
login on-failure
login on-success
!
multilink bundle-name authenticated
!
!
username massimo password 7 082C4D5D1A100818
archive
 log config
  hidekeys
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!
!
!
interface Loopback0
 description INTERFACCIA VIRTUALE END-POINT VPN
 ip address 192.168.254.1 255.255.255.255
!
interface ATM0
 description ALICE BUSINESS 20 Mbps - TGU: ***
 mtu 1500
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description CONNESSIONE LAN ***
 ip address 192.168.1.1 255.255.255.0
 ip accounting output-packets
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 no ip mroute-cache
 hold-queue 100 out
!
interface Dialer0
 ip address negotiated
 ip access-group 131 in
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp header-compression
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp chap hostname aliceadsl
 ppp chap password 7 045A070F0C244D4A1A15
 ppp pap sent-username aliceadsl password 7 070E2D454D0C1801041E
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
!
!
access-list 100 remark *************************************************************
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 131 remark *************************************************************
access-list 131 remark *** ACL ANTI-SPOOFING ***
access-list 131 deny   ip host 0.0.0.0 any log
access-list 131 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 131 deny   ip 192.0.2.0 0.0.0.255 any log
access-list 131 deny   ip 224.0.0.0 31.255.255.255 any log
access-list 131 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 131 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 131 deny   ip 192.168.0.0 0.0.255.255 any log
access-list 131 remark *************************************************************
access-list 131 remark *** ACL PER CONTROLLARE TRAFFICO ICMP ***
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 permit icmp any any time-exceeded
access-list 131 permit icmp any any unreachable
access-list 131 permit icmp any any administratively-prohibited
access-list 131 permit icmp any any packet-too-big
access-list 131 permit icmp any any traceroute
access-list 131 deny   icmp any any
access-list 131 remark *************************************************************
access-list 131 remark *** ACL PER BLOCCARE L'ACCESSO A VIRUS E ATTACCHI ***
access-list 131 deny   tcp any any eq 135
access-list 131 deny   udp any any eq 135
access-list 131 deny   udp any any eq netbios-ns
access-list 131 deny   udp any any eq netbios-dgm
access-list 131 deny   tcp any any eq 139
access-list 131 deny   udp any any eq netbios-ss
access-list 131 deny   tcp any any eq 445
access-list 131 deny   tcp any any eq 593
access-list 131 deny   tcp any any eq 2049
access-list 131 deny   udp any any eq 2049
access-list 131 deny   tcp any any eq 2000
access-list 131 deny   tcp any any range 6000 6010
access-list 131 deny   udp any any eq 1433
access-list 131 deny   udp any any eq 1434
access-list 131 deny   udp any any eq 5554
access-list 131 deny   udp any any eq 9996
access-list 131 deny   udp any any eq 113
access-list 131 deny   udp any any eq 3067
access-list 131 remark *************************************************************
access-list 131 remark *** ACL PER BLOCCARE ACCESSI NON AUTORIZZATI ***
access-list 131 deny   ip any any log
!
!
!
!
control-plane
!
banner motd ^CC
****************************************************************
----------------------------------------------------------------
* ***   ROUTER PERIMETRALE ----      ***   *
----------------------------------------------------------------
* WARNING: System is RESTRICTED to authorized personnel ONLY! *
* Unauthorized use of this system will be logged and *
* prosecuted to the fullest extent of the law. *
* *
* If you are NOT authorized to use this system, LOG OFF NOW! *
* *
****************************************************************
^C
!
line con 0
 exec-timeout 120 0
 login local
 no modem enable
 transport output ssh
 stopbits 1
line aux 0
 login local
 transport output ssh
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 login local
 transport input telnet ssh
 transport output telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500

!
webvpn cef
end

lo show dsl int atm0:

Codice: Seleziona tutto

Alcatel 20190 chipset information

Line has not yet been activated.

Modem Status:    Down (DMTDSL_STOP)
DSL Mode:        Unknown
Interrupts:      4124 (0 spurious)
PHY Access Err:  0
Activations:     0
LED Status:      OFF
LED On Time:     500
LED Off Time:    500
Init FW:         init_AMR-3.0.014_no_bist.bin
Operation FW:    AMR-3.0.014.bin
FW Source:       embedded

DSL: Training log buffer capability is not enabled

[Gianremo.Smisek]

lo show run: (ho rimesso dialer0 ma non so se la acl 131 ci sta bene li...male che vada tronco tutto)



lo show dsl int atm0:

Codice: Seleziona tutto

Alcatel 20190 chipset information

Line has not yet been activated.

Modem Status:    Down (DMTDSL_STOP)
DSL Mode:        Unknown
Interrupts:      4124 (0 spurious)
PHY Access Err:  0
Activations:     0
LED Status:      OFF
LED On Time:     500
LED Off Time:    500
Init FW:         init_AMR-3.0.014_no_bist.bin
Operation FW:    AMR-3.0.014.bin
FW Source:       embedded

DSL: Training log buffer capability is not enabled

per le ACL dipende da cosa devi fare. Cosi' sono impostate correttamente. Per quanto riguarda lo sh dsl int atm0, per cortesia, devi lanciarlo con la portante agganciata.

ciao

[k1ll3r]

cosa intendi per portante? il cavo alla linea telefonica era attaccato...

[rain3]

la Spia CD "Carrier Detect" deve essere fissa sul router

[Gianremo.Smisek]

si esatto, la portante e quindi il led CD dev'essere fisso.

ciao

[k1ll3r]

era fissa... boh vabeh stasera riprovo e vi do il comando...

[Gianremo.Smisek]

era fissa... boh vabeh stasera riprovo e vi do il comando...

e se cosi' fosse, hai l'ATM0 bruciata... perche' con quel comando dovresti vedere le statische della portante.

[k1ll3r]

ahahahha

certo che io sono proprio scemo...e voi non avete fatto caso a una piccolezza...su atm0 c'è shutdown...difatti per vedere ho dato lo show int e:

Codice: Seleziona tutto

ATM0 is administratively down, line protocol is down

comunque lo show dsl int atm0:

Codice: Seleziona tutto

ATM0
Alcatel 20190 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.5 (ADSL2+) Annex A
ITU STD NUM:     0x03                            0x2
Chip Vendor ID:  'STMI'                          'GSPN'
Chip Vendor Specific:  0x0000                    0x0010
Chip Vendor Country:   0x0F                      0xFF
Modem Vendor ID: 'CSCO'                          'GSPN'
Modem Vendor Specific: 0x0000                    0x1000
Modem Vendor Country:  0xB5                      0xFF
Serial Number Near:    FHK1215236Z
Serial Number Far:
Modem VersChip ID:       C196 (0)
DFE BOM:         DFE3.0 Annex A (1)
Chip ID:         C196 (0)
DFE BOM:         DFE3.0 Annex A (1)
Capacity Used:   47%                             100%
Noise Margin:    28.5 dB                         27.0 dB
Output Power:    20.0 dBm                        10.5 dBm
Attenuation:     16.0 dB                          8.0 dB
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0x4E
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:     0x00
Interrupts:      8261 (0 spurious)
PHY Access Err:  0
Activations:     1
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_AMR-3.0.014_no_bist.bin
Operation FW:    AMR-3.0.014.bin
FW Source:       embedded
FW Version:      3.0.14

                 DS Channel1      DS Channel0   US Channel1       US Channel0
Speed (kbps):             0             7146             0               478
Cells:                    0              102             0                 0
Reed-Solomon EC:          0                0             0                 0
CRC Errors:               0                0             0                 0
Header Errors:            0                0             0                 0
Total BER:                0E-0           0E-0
Leakage Average BER:      0E-0           0E-0
Interleave Delay:         0                0             0                34
                        ATU-R (DS)      ATU-C (US)
Bitswap:               enabled            enabled
Bitswap success:          0                   0
Bitswap failure:          0                   0

LOM Monitoring : Disabled


DMT Bits Per Bin
000: 0 0 0 0 0 0 0 3 3 5 5 6 6 7 7 7
010: 7 7 7 7 8 8 7 7 7 7 7 6 6 5 5 5
020: 0 0 0 0 0 2 2 2 2 2 3 4 4 4 5 5
030: 5 5 6 6 6 5 6 6 7 7 6 6 6 7 7 7
040: 7 7 7 7 6 6 6 7 7 6 6 6 6 6 7 7
050: 7 7 7 7 7 7 7 7 6 6 6 6 6 7 7 7
060: 7 7 7 7 7 7 7 6 6 7 7 7 7 7 7 7
070: 7 7 7 7 7 7 6 6 6 6 6 7 7 7 7 7
080: 7 7 7 7 7 6 6 7 6 7 7 6 6 6 6 7
090: 7 7 7 7 7 2 6 7 6 6 6 6 6 6 6 6
0A0: 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 7
0B0: 6 6 6 7 6 6 6 6 6 6 6 6 6 6 6 6
0C0: 6 7 7 6 6 6 6 6 6 6 6 6 6 6 6 6
0D0: 6 6 6 6 6 6 6 6 6 5 6 5 6 6 5 5
0E0: 5 5 6 5 5 5 5 5 5 5 5 5 5 5 5 5
0F0: 5 5 5 5 5 5 4 5 5 6 6 5 5 5 6 6
100: 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6
110: 6 6 6 5 5 5 5 5 5 5 5 5 5 5 5 5
120: 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5
130: 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5
140: 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5
150: 5 5 5 5 5 5 5 5 5 5 4 5 4 4 4 4
160: 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
170: 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
180: 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
190: 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
1A0: 4 4 4 4 4 4 4 3 4 3 4 3 3 3 3 3
1B0: 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2
1C0: 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
1D0: 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
1E0: 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
1F0: 2 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2

DSL: Training log buffer capability is not enabled

a voi la palla

[Gianremo.Smisek]

porca miseria, mi e' sfuggito shutdown sull'ATM0!

cmq i parametri della portante sono buoni.

Prosegui togliendo dialer-group dalla dialer0 e mettendo l'ACL e la regola di NAT.

ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit INDIRIZZO_RETE WC_MASK_RETE

ciao

[k1ll3r]

scusa la domanda ma devo solo aggiungerla la acl o anche applicarla a qualche interfaccia?
comunque fatto...altro da fare o posso passare alla prova?