Cisco 877W Connecting to Internet

[darrenst]

#121012

I have purchased a Cisco 877W as a Draytek replacement and I am having problems.

I have configured it to connect to my PPPoA ISP OK and the network test in SDM reports that the connection is OK. (only after inserting the DNS servers hidden away in additional tasks).

The default route is setup and VLANs configured.

I can ping my WAN IP but get 25% on the ISP gateway address. I think the default MTU for Cisco is 1400 which is a little low. I don’t think that is the problem.

Here is my running config. ((the firewal stuff has been removed due to size restrictions))

I would appreciate any help with this problem.

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 9RTR01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$SXS/$glJdBQhXTUIX1u4vAA6vt.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name winit.local
ip name-server 212.104.130.9
ip name-server 212.104.130.65
ip ssh time-out 60
ip ssh authentication-retries 2
!

!
crypto pki trustpoint TP-self-signed-2685395840
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2685395840
revocation-check none
rsakeypair TP-self-signed-2685395840
!
!
crypto pki certificate chain TP-self-signed-2685395840
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32363835 33393538 3430301E 170D3032 30333035 31303339
32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36383533
39353834 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C430 F825CF23 717AA6D3 8ED23FD1 B047A063 E58F2B5D DB48306B DD98486A
3E9FDA6D 95B4D72F C4B50F5E 35C76EE3 5BFAA91F 1E2B2024 0C40C2E5 70FB7F3A
2A0C17F0 127B11C4 F8EF66C5 D31B25A3 B079FA95 16AD0E88 88D45ED1 853EFE6B
6E7AD3D2 C0753E5E 315B95C5 1DA358E8 7EB3F342 91B0C203 88E06C89 A2F8E7AD
66B50203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14784E11 ECA9A8C7 F608AB89 25BA4E9F 3AED62D7
5C301D06 03551D0E 04160414 784E11EC A9A8C7F6 08AB8925 BA4E9F3A ED62D75C
300D0609 2A864886 F70D0101 04050003 81810085 B89C20D2 0D92EFCC 3E199BB5
A6845DE7 2D299154 19416326 717130B5 9C182ED4 D3AF5D50 F8114365 38AD2CF6
4BC8D41B EA55713A 5C8C2F25 C504B751 E64AF284 7DB8FE18 D8125186 79033A9D
501AA66B 9118EA4D 71BD2405 59B9FE73 358C0F60 237F2CF8 D0256289 EA6EDDCB
AAC409E7 E7C00032 2FF3A697 623D7A4D 5AB50D
quit
username witadmin privilege 15 secret 5 $1$DTOC$Z4ggIL8LWmpOu8hZYyE260
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 key 1 size 40bit 7 1E1DB34A921C transmit-key
encryption vlan 1 mode wep mandatory
!
ssid nine9
vlan 1
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Dialer0
description $FW_OUTSIDE$
ip address **.**.**.** 255.255.255.252
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_MEDIUM out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname na******@adsl.eclipse.co.uk
ppp chap password 7 0706314946000A0C04061903
ppp pap sent-username na******@adsl.eclipse.co.uk password 7 08285C4B0110161E011F1E0B
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.10.254 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
router rip
network 192.168.10.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.10.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.10.1 25 interface Dialer0 25
ip nat inside source static tcp 192.168.10.1 80 interface Dialer0 80
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 91.84.41.228 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any host 91.84.41.229 eq www
access-list 101 permit tcp any host 91.84.41.229 eq smtp
access-list 101 permit tcp any host 91.84.41.229 eq 443
access-list 101 permit udp host 212.104.130.65 eq domain host 91.84.41.229
access-list 101 permit udp host 212.104.130.9 eq domain host 91.84.41.229
access-list 101 deny ip 192.168.10.0 0.0.0.255 any
access-list 101 permit icmp any host 91.84.41.229 echo-reply
access-list 101 permit icmp any host 91.84.41.229 time-exceeded
access-list 101 permit icmp any host 91.84.41.229 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

[Author]

Posts