Re: [Cug] problemi cisco 877

Sun, 20 Jan 2008 07:26:39 -0800 

bhe dai diciamo che è grave perchè dovevo fare alcuni lavori e a causa
del dicorso che navigavo a stento sono dovuto andare a prendere un
altro router per poter finire il lavoro :D cmq

intanto grazie per darmi una mano ancora una volta... lo so sono il peggiore...


> postami un sh dsl int atm0 ed eventualmente aggiorna l'ios e il modulo
> del modem adsl
>

file in allegato...


> sicuro di aver scritto il MAC addr correttamente?
>

qui potrebbero esserci dei dubbi..

nella configurazione di un dhcp pool ho notato esserci 2 voci:

hardware-address
client-identifier

io non sapendo ho configurato come descritto in questa guida postata
da Giuseppe Marocchio
http://www.areanetworking.it/index_docs.php?title=Cisco_827:_configurazione_e_approfondimenti#Il_Cisco.E2.80.AD_.E2.80.AC827.E2.80.AD_.E2.80.ACcome_server_DHCP

e ho fatto anche 2 prove...

con la configurazione che ho messo nella mail precedente mi veniva
dato l'ip 192.168.1.2

poi ho fatto una modifica impostando hardware-address e magicamente si
è cancellato client identifier....

ho ripristinato l'ip e ora mi viene dato l'ip 192.168.1.6

ho fatto un altra prova ho provato a impostare client indentifier
senza anteporre al mac address lo 01 indicante il tipo di indirizzo e
mi viene dato di nuovo il 192.168.1.6

bho a sto punto brancolo nel buio per quanto riguarda sto bind di
indirizzi ip...

> Hai ACL attive sul router?
> Secondo me con il deny implicit blocchi icmp e dns
>

e quindi che devo fare? le acl che ho attive le hai viste e per dirla
tutta al momneto mi sento abbastanza colabrodo... però finche non
risolvo tutto non mi metto a risistemare le acl...


> > 4) il servizio ddns che ho configurato non funziona...(ma credo sia
> > legato al problema precedente)
> >
>
> il DDNS per funzionare, ha bisogno che il router risolva i dns...
>

era qui il mio dubbio...

> Mi suona come Stateful Packet Inspection disattivo/misconfigured
> sotto la vlan1 hai messo:
>
> ip inspect My_FW_out out
>
> cambialo con:
>
> ip inspect My_FW_out in
>
> perche' deve fare l'inspect del traffico della lan che esce e quindi
> entra nella vlan1 (intf inside del router).
> La stessa riga, toglila sotto la dialer0.
>
> Sotto l'ATM0.1 togli
>
> ip nat outside
>
> che nel nostro caso, non si po' vede' e manco immagina' :D
>
> Sempre dalla dialer0, togli questo:
>  ip access-group sdm_dialer0_out out
> e l'acl corrispondente.
>
> per la vlan1 idem:
>  ip access-group sdm_vlan1_in in
>  ip access-group sdm_vlan1_out out
>
> con le acl corrispondenti
>
 ho fatto quel che mi hai detto ora provo a fare qualche navigata e
vedo se migliora la situazione... ti posto la mia attuale conf e anche
lo sh int dsl....

router#sh run
Building configuration...

Current configuration : 6170 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
enable secret 5 $1$dHx3$GzHxZ4GkWJ6o4aDD9soIl/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.201 192.168.1.254
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool portatile
   host 192.168.1.4 255.255.255.0
   client-identifier 0100.12f0.88de.ce
   client-name portatile
   dns-server 151.99.125.1 151.99.0.100
!
ip dhcp pool rete_casa
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 151.99.125.1 151.99.0.100
   default-router 192.168.1.1
   lease 0 23
!
!
ip inspect tcp max-incomplete host 50 block-time 10
ip inspect name My_FW_out cuseeme timeout 3600
ip inspect name My_FW_out ftp timeout 3600
ip inspect name My_FW_out h323 timeout 3600
ip inspect name My_FW_out icmp timeout 3600
ip inspect name My_FW_out netshow timeout 3600
ip inspect name My_FW_out rcmd timeout 3600
ip inspect name My_FW_out realaudio timeout 3600
ip inspect name My_FW_out rtsp timeout 3600
ip inspect name My_FW_out esmtp timeout 3600
ip inspect name My_FW_out sqlnet timeout 3600
ip inspect name My_FW_out streamworks timeout 3600
ip inspect name My_FW_out tftp timeout 3600
ip inspect name My_FW_out tcp router-traffic timeout 3600
ip inspect name My_FW_out udp timeout 3600
ip inspect name My_FW_out vdolive timeout 3600
ip inspect name My_FW_out dns timeout 3600
ip inspect name My_FW_out ntp timeout 3600
ip inspect name My_FW_out snmp timeout 3600
ip inspect name My_FW_out ssh timeout 3600
ip inspect name My_FW_out appleqtc timeout 3600
ip tcp synwait-time 10
no ip bootp server
ip domain name remoto.mine.nu
ip name-server 151.99.125.1
ip name-server 151.99.0.100
ip ssh time-out 60
ip ssh authentication-retries 2
ip ddns update method update_ddns
 HTTP
  add http://ciberkids:[EMAIL 
PROTECTED]/nic/update?system=dyndns&hostname=<h>&myip=<a>
 interval maximum 0 2 0 0
!
!
!
crypto pki trustpoint TP-self-signed-892860865
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-892860865
 revocation-check none
 rsakeypair TP-self-signed-892860865
!
!
crypto pki certificate chain TP-self-signed-892860865
 certificate self-signed 01
  3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 38393238 36303836 35301E17 0D303731 32323330 32333033
  345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3839 32383630
  38363530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  DFCB15D8 FC085DBB 64E682DC 91421945 76C7B2BA E8319944 E083B1B6 98927062
  513B4902 D87BCAFC 993F9B95 2632D24A 4B70F7B5 16F156B8 CC8FFE28 1E887CAB
  D69010F5 9F85B479 AA0E09D8 F1B310EF F39535EA A8AF8254 4F3F0AEB 41A4E33E
  FC0CD6EB 843E05E4 70A90B3B C6140C9D E087F735 1DE30BA5 F47EFE2F 76B11627
  02030100 01A37530 73300F06 03551D13 0101FF04 05300301 01FF3020 0603551D
  11041930 17821572 6F757465 722E7265 6D6F746F 2E6D696E 652E6E75 301F0603
  551D2304 18301680 1468FAEF AE52149E DC779CC6 47707A9C 443CDE67 4D301D06
  03551D0E 04160414 68FAEFAE 52149EDC 779CC647 707A9C44 3CDE674D 300D0609
  2A864886 F70D0101 04050003 818100AE 641BBA29 E71B18B2 EE3FB927 4339B77A
  F81275D0 0ADD29AA 05DDE755 2801CBA4 F28D0125 D971EC3E 2ED512ED 79B6003A
  5F17972A 0191116D 51C3A4A5 5D478486 4662E320 2B8F2FAF 22C1C9E0 6F884976
  7D84C71B A3125707 5D6D3D4D 92D5A151 B08A97A5 6AF17F61 FCF6F348 EC991B81
  62C1B41F ECED5C3C 88D7F209 5B00F7
  quit
username admin privilege 15 secret 5 $1$.C5q$wzC71/N1iMPvC.lSk1n.j.
!
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
 description Modem$FW_OUTSIDE$$ES_WAN$
 ip virtual-reassembly
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip inspect My_FW_out in
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Dialer0
 description $FW_OUTSIDE$
 ip ddns update hostname remoto.mine.nu
 ip ddns update update_ddns
 ip address negotiated
 ip access-group 101 in
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname aliceadsl
 ppp chap password 7 13041B1B0809052E3828
 ppp pap sent-username aliceadsl password 7 094D42001A0016161800
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

router#

router#sh dsl int atm0
ATM0
Alcatel 20190 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.5 (ADSL2+) Annex A
ITU STD NUM:     0x03                            0x2
Chip Vendor ID:  'STMI'                          'BDCM'
Chip Vendor Specific:  0x0000                    0x6199
Chip Vendor Country:   0x0F                      0xB5
Modem Vendor ID: 'CSCO'                          '    '
Modem Vendor Specific: 0x0000                    0x0000
Modem Vendor Country:  0xB5                      0x00
Serial Number Near:    FCZ114261SV
Serial Number Far:
Modem Version Near:    12.4(4)T8
Modem Version Far:
Capacity Used:   100%                            100%
Noise Margin:    15.0 dB                         11.5 dB
Output Power:    20.5 dBm                        12.0 dBm
Attenuation:     32.0 dB                         14.0 dB
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0x47
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:     0x00
Interrupts:      7709 (0 spurious)
PHY Access Err:  0
Activations:     1
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_25042.bin
Operation FW:    AMR-R-2.5.042.bin
FW Version:      2.542

                 DS Channel1      DS Channel0   US Channel1       US Channel0
Speed (kbps):             0             9960             0               897
Cells:                    0         19863114             0          44693534
Reed-Solomon EC:          0            18859             0                 0
CRC Errors:               0              197             0                 0
Header Errors:            0              168             0                 0
Interleave Delay:         0                6             0                 8

LOM Monitoring : Disabled


DMT Bits Per Bin
000: 0 0 0 0 0 0 0 6 8 A A A A B B B
010: B B B B C C B B B A A A A 9 A 9
020: 0 0 0 0 0 0 B D C C C C B B B C
030: B B B C A B A A 0 A A A A A A A
040: 0 A A 2 A A A A A A A B B B A 9
050: B 9 A A A A A A 9 A 9 A 9 9 9 9
060: 9 9 9 9 9 9 9 9 9 9 9 8 9 9 9 C
070: 8 8 8 8 7 8 8 7 7 7 7 7 7 7 7 7
080: 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7
090: 7 7 7 7 7 7 7 7 7 7 8 7 8 8 7 8
0A0: 9 8 9 8 8 8 8 8 9 8 8 9 8 A 9 8
0B0: 9 9 8 8 A 7 8 A 8 9 7 9 9 0 0 9
0C0: 0 8 9 8 8 8 8 7 8 8 8 8 8 8 9 9
0D0: 8 9 8 7 9 8 9 8 7 0 7 7 7 9 8 8
0E0: 7 7 7 7 7 7 7 8 7 7 7 7 7 8 7 8
0F0: 7 7 7 8 7 5 5 5 4 7 7 8 0 9 A 0
100: 9 B B A A A 9 5 A 9 9 8 A 9 A 8
110: 9 A A A A 9 A 9 A A A A A 9 9 A
120: 7 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
130: 9 9 9 8 8 8 7 8 8 8 8 A 8 8 8 8
140: 8 8 7 8 8 8 8 8 8 8 7 7 7 7 7 7
150: 7 6 7 7 7 7 7 7 7 6 7 7 7 6 6 6
160: 6 5 6 6 6 6 6 5 6 6 6 5 5 5 5 5
170: 4 5 5 5 4 4 5 5 4 5 5 4 4 4 4 4
180: 4 4 4 4 4 4 4 4 4 4 4 3 3 3 3 3
190: 3 3 4 3 3 3 3 3 3 2 3 2 0 2 2 0
1A0: 0 2 2 2 2 2 2 2 2 2 0 2 0 2 0 0
1B0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1C0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1D0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1E0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

DSL: Training log buffer capability is not enabled
router#

_______________________________________________
Cug mailing list
http://www.areanetworking.it/index_docs.php
[email protected]
http://ml.areanetworking.it/mailman/listinfo/cug

Reply via email to