Cisco 1841 dual adsl setup
in [Cisco]
|
From: svdleer on 8 Mar 2006 15:01 Hello, We have an Cisco 1841 dual adsl setup at our office, but we run in a few strange problems 1) The wan IP of the second adsl interface isn't pingable from outside world (we guess the return routing isn't setup correctly 2) The connection of the seconds adsl interface is beeing dropped after a few hours after the following error : 210007: Mar 7 15:58:58.343 CET: IP ARP req filtered src <gateway dsl2> 0090.1a40.e40f, dst <dsl 2 wan ip> 0000.0000.0000 wrong cable, interface FastEthernet0/0 Few notes 1) Wan 1 is a pppoa ADSL wic 2) Wan 2 is connected to an external fastethernet port 0/0 on a external adsl modem using dhcp Both IP's are static. Output of sh conf Using 9317 out of 196600 bytes ! ! Last configuration change at 19:33:03 CET Wed Mar 8 2006 by admin ! NVRAM config last updated at 19:41:37 CET Wed Mar 8 2006 by admin ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname rtr ! boot-start-marker boot system flash c1841-advsecurityk9-mz.124-5a.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 204800 debugging logging console critical enable secret 5 <cut> ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ! resource policy ! clock timezone CET 1 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip cef ! ! ip tcp synwait-time 10 ip dhcp excluded-address 10.0.0.1 10.0.0.199 ! ! no ip bootp server ip domain name <cut>.local ip name-server 194.109.6.66 ip ssh time-out 60 ip ssh authentication-retries 2 ! password encryption aes ! crypto pki trustpoint TP-self-signed-2157425520 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2157425520 revocation-check none rsakeypair TP-self-signed-2157425520 ! crypto pki trustpoint tti revocation-check crl rsakeypair tti ! ! crypto pki certificate chain TP-self-signed-2157425520 certificate self-signed 01 nvram:IOS-Self-Sig#3001.cer crypto pki certificate chain tti crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group Beheer key 6 <cut> dns 10.75.101.10 194.109.6.66 pool SDM_POOL_1 acl 198 include-local-lan netmask 255.255.255.0 ! crypto isakmp client configuration group VPNLogin key 6 <cut> pool SDM_POOL_1 acl split-acl include-local-lan max-users 15 max-logins 2 netmask 255.255.255.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! bridge irb ! ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$ ip address dhcp <cut> no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto arp timeout 1800 no mop enabled ! interface FastEthernet0/1 description $ETH-LAN$ ip address 10.75.100.10 255.255.255.0 ip access-group 198 out no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip policy route-map demon-rmap duplex auto speed auto no mop enabled ! interface ATM0/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0/0/0.1 point-to-point no snmp trap link-status pvc 8/48 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface ATM0/1/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto bridge-group 1 bridge-group 1 spanning-disabled pvc 0/35 encapsulation aal5snap ! ! interface Dialer0 ip address negotiated ip access-group 199 in ip access-group 195 out ip nbar protocol-discovery ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username <Cut> password <cut> crypto map SDM_CMAP_1 ! interface BVI1 mac-address 0000.0cd3.5ce0 ip address dhcp hostname <cut> ip nat outside ip virtual-reassembly shutdown ! ip local pool SDM_POOL_1 10.75.105.100 10.75.105.115 ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 10.75.101.0 255.255.255.0 10.75.100.1 ip route 10.75.102.0 255.255.255.0 10.75.100.1 ip route 10.75.103.0 255.255.255.0 10.75.100.1 ip route 10.75.104.0 255.255.255.0 10.75.100.1 ip route 10.75.106.0 255.255.255.0 10.75.100.1 ip route 10.75.150.0 255.255.255.0 10.75.100.1 ! no ip http server no ip http secure-server ip nat inside source route-map demon-dsl interface FastEthernet0/0 overload ip nat inside source static tcp 10.75.101.10 25 interface Dialer0 25 ip nat inside source route-map xs4all-dsl interface Dialer0 overload ip nat inside source static tcp 10.75.150.15 22 interface Dialer0 2222 ! ip access-list extended split-acl permit ip 10.75.101.0 0.0.0.255 any ! ! map-class frame-relay pri frame-relay interface-queue fair queue-limit 32 frame-relay interface-queue priority high ! map-class frame-relay def access-list 66 permit 10.75.150.15 access-list 100 deny ip any host 10.75.105.100 access-list 100 deny ip any host 10.75.105.101 access-list 100 deny ip any host 10.75.105.102 access-list 100 deny ip any host 10.75.105.103 access-list 100 deny ip any host 10.75.105.104 access-list 100 deny ip any host 10.75.105.105 access-list 100 deny ip any host 10.75.105.106 access-list 100 deny ip any host 10.75.105.107 access-list 100 deny ip any host 10.75.105.108 access-list 100 deny ip any host 10.75.105.109 access-list 100 deny ip any host 10.75.105.110 access-list 100 deny ip any host 10.75.105.111 access-list 100 deny ip any host 10.75.105.112 access-list 100 deny ip any host 10.75.105.113 access-list 100 deny ip any host 10.75.105.114 access-list 100 deny ip any host 10.75.105.115 access-list 100 permit ip 10.75.100.0 0.0.0.255 any access-list 100 permit ip 10.75.101.0 0.0.0.255 any access-list 100 permit ip 10.75.102.0 0.0.0.255 any access-list 100 permit ip 10.75.104.0 0.0.0.255 any access-list 100 permit ip 10.75.150.0 0.0.0.255 any access-list 101 permit ip 10.75.103.0 0.0.0.255 any access-list 102 permit ip 10.75.106.0 0.0.0.255 any access-list 195 deny tcp any any eq 6667 access-list 195 deny tcp any any eq nntp access-list 195 deny udp any any eq 119 access-list 195 permit ip any any access-list 198 permit tcp 10.75.105.0 0.0.0.255 host 10.75.101.10 eq 3389 access-list 198 permit tcp 10.75.105.0 0.0.0.255 host 10.75.101.15 eq 3389 access-list 198 permit tcp 10.75.105.0 0.0.0.255 host 10.75.101.20 eq 3389 access-list 198 permit tcp 10.75.105.0 0.0.0.255 host 10.75.101.10 eq www access-list 198 deny ip 10.75.105.0 0.0.0.255 any access-list 198 permit ip any any access-list 199 permit gre any any access-list 199 permit ip host 80.126.206.215 any access-list 199 permit ip host 82.161.50.76 any access-list 199 permit tcp 80.84.224.0 0.0.0.255 any eq smtp access-list 199 deny tcp any any eq smtp access-list 199 permit tcp any any eq 2222 access-list 199 permit udp any any eq isakmp access-list 199 permit udp any any eq non500-isakmp access-list 199 permit tcp any any established access-list 199 permit udp any any access-list 199 permit icmp any any access-list 199 deny ip any any dialer-list 1 protocol ip permit snmp-server community frujerfiff RO no cdp run route-map xs4all-dsl permit 1 match ip address 100 101 ! route-map demon-dsl permit 1 match ip address 102 ! route-map demon-rmap permit 10 match ip address 102 set interface FastEthernet0/0 set ip next-hop 83.160.32.1 ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^CC Authorized access only! Disconnect IMMEDIATELY if you are not an authorized user! ^C ! line con 0 transport output telnet line aux 0 transport output telnet line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! scheduler allocate 4000 1000 ntp clock-period 17178463 ntp server 194.109.22.18 end Who can help us out :) Thanks in advance
From: Merv on 8 Mar 2006 15:25 for the first problem - that the IP address is not pingable - go to a Internet looking glass (telnet -based) - like AT&T's telnet://route-server.ip.att.net sh ip route <your ISP-provided address> trace <your ISP-provided address>
From: svdleer on 8 Mar 2006 15:57 Tracing stops at the isp's router. Routing entry for 83.160.32.0/23 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via FastEthernet0/0 Route metric is 0, traffic share count is 1
From: Merv on 8 Mar 2006 16:17 For the ADSL disconnect issue try: int dialer 1 dialer idle-timeout 0 exit
From: svdleer on 8 Mar 2006 16:50 Thats not useable for the dsl timeout, since the dsl line with problems is ethernet connected using DHCP, and gives the following error : 210007: Mar 7 15:58:58.343 CET: IP ARP req filtered src <gateway dsl2> 0090.1a40.e40f, dst <dsl 2 wan ip> 0000.0000.0000 wrong cable, interface FastEthernet0/0
|
Next
|
Last
Pages: 1 2 3 4 Prev: load balancing with a failover Next: How to assign DHCP reservation to MAC Address of host |