# Solved: Set up problems with my new Cisco 877



## dbctl (May 17, 2008)

I have bellsouth.net DSL and was using the westell 6100 that they supply there users with but it has been giving me some problems so I bought a Cisco 877 but I can't get it to work. I have set it up with everything that I know. Please help I have been working on this for 3 days on and off.

Dennis


----------



## JohnWill (Oct 19, 2002)

Did you try Cisco's excellent technical support?


----------



## dbctl (May 17, 2008)

Yes. That's who I contacted first. They replied

Quote

"Hi Dennis 
We have received your email at the Technical Assistance Center, however with the information you have provided we are unable to find a Maintenance Support (contract) agreement between your company and Cisco Systems."

And I also contacted the company that I bought it from but they haven't helped yet. It's been 24 hrs. so I knew I could get some help from this forum.

Thanks,
Dennis


----------



## zx10guy (Mar 30, 2008)

When you say set up, what do you mean by this? Were you able to get a successful DHCP from Bell South? What's your config? Also, you know that natively, all Cisco routers do not have any firewall type services running nor NAT.


----------



## dbctl (May 17, 2008)

To set it up I followed the wizsard and put in my bellsouth.net user name, password, VPI = 8 , VCI =35 and etc..... successful DHCP from Bell South? the OK light, ADSL CD light and the PPP light comes on.
I have tried different settings and it didn't help. I have reset the Cisco 877 just in case I set something that shouldn't be. I just need some help in starting over and getting it working. 

Thanks,
Dennis


----------



## zx10guy (Mar 30, 2008)

I haven't configured on of those before. And I've never used a GUI wizard in configuring a Cisco router. What you can do if you have a serial port on a PC is to console into the router and get into the command line there. You should have received a RJ45 to 9 pin serial cable. You can use Putty or Hyperterminal as your terminal software. I prefer Putty. You Com port settings need to be 9600 Baud, 8 data bits, no parity, 1 stop bits, and you can leave flow control to hardware.

Once you get in, hit return to establish a session. You should see a prompt. Type enable at the prompt and enter any password you might have set up in the GUI to get into priveleged mode. If you didn't set up a password, just hit enter. You should see the prompt change over to a #. Now do a....show run....to display the current configuration of the router. Copy and paste that config here.


----------



## zx10guy (Mar 30, 2008)

Oh and one more thing, just as John has mentioned, you should have support from Cisco if purchased new. You'll need to open what's called a TAC case.


----------



## dbctl (May 17, 2008)

Thanks guys I'll get the info. on the configuration shortly.

Dennis


----------



## dbctl (May 17, 2008)

Here's the configuration
I need step by step instructions.

Dennis


Current configuration : 3843 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1
 lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-3352435856
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3352435856
 revocation-check none
 rsakeypair TP-self-signed-3352435856
!
!
crypto pki certificate chain TP-self-signed-3352435856
 certificate self-signed 01
 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
 69666963 6174652D 33333532 34333538 3536301E 170D3038 30353134 32323334
 31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353234
 33353835 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
 8100B37C 063599B9 7EB20DDD 2A9C0574 6841D5F9 10B69352 58A4E728 FB77E23F
 9E979B4F DF18CA2F E56BC8DA E694BE0C C1066E54 9FFA2A17 C90C2F4C B5517497
 E4DE892E 9135EC5D E2D2062B DFF0FD56 93F427C2 98FF6C91 F3C0BAFA E40761EB
 6433BAFF 1FB1FB54 45548B32 71C281F8 EEC7A316 89A5FD18 3116C8FE AB138740
 A2550203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
 301F0603 551D2304 18301680 1420F985 0A2DE35A B9B6570A 42BD200A BCC7714B
 6C301D06 03551D0E 04160414 20F9850A 2DE35AB9 B6570A42 BD200ABC C7714B6C
 300D0609 2A864886 F70D0101 04050003 8181008E 78D74D28 6DDDE451 C87878AB
 D45F1478 E252F6AA F8455B81 97F6A832 6B7C0172 C96C31C4 1E690994 BC297457
 38348791 9CBC6B5D 9964E1F8 2FBEA90B D3973DFC DBD634F6 28F5FF4A D47FA523
 088BD150 5C85BE90 0C2563CE 4D07CC33 E2652F7A D56746EE F5BE2606 F889A3BA
 8BD09438 70C97C7F 146DF485 FC4BB885 96C313
 quit
username cisco privilege 15 secret 5 $1$pNtS$t3OLcnahuIjQuIZIBdZdR/
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 10.10.10.1 255.255.255.248
 ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end


----------



## zx10guy (Mar 30, 2008)

First it looks like your WAN port for the 877 is ATM0. You have it currently in a shut down state. To do it from the command line, first type.....config t . Then type....int ATM0 . The prompt should change to config-if>. Now type...no shut . This will bring up the WAN port interface. See if this gets you connectivity. To get back out of config mode, type....end or exit twice. Type....sho int ATM0 and see if it shows it as up and if it has an IP or not. Again, I've never configured a Cisco router or firewall to use DSL so I'm fumbling a bit here. I'll do some searching to see if there is anything else you need to do to configure the ATM0 interface.

Also, before you logout of the router, type....wr . This will save your changes to NVRAM.


----------



## dbctl (May 17, 2008)

I think I did what you asked but I still can't get to the internet. I don't it is logging on, missing some command or something.

Thanks
Dennis

*bellsouth.net#show int ATM0*

ATM0 is up, line protocol is up
Hardware is MPC ATMSAR (with Alcatel ADSL Module)
MTU 4470 bytes, sub MTU 4470, BW 352 Kbit, DLY 1040 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Encapsulation(s): AAL5 AAL2, PVC mode
10 maximum active VCs, 1024 VCs per VP, 0 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out

*bellsouth.net#show run*

Building configuration...

Current configuration : 3976 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname bellsouth.net
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-3352435856
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3352435856
revocation-check none
rsakeypair TP-self-signed-3352435856
!
!
crypto pki certificate chain TP-self-signed-3352435856
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333532 34333538 3536301E 170D3038 30353134 32323334
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353234
33353835 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B37C 063599B9 7EB20DDD 2A9C0574 6841D5F9 10B69352 58A4E728 FB77E23F
9E979B4F DF18CA2F E56BC8DA E694BE0C C1066E54 9FFA2A17 C90C2F4C B5517497
E4DE892E 9135EC5D E2D2062B DFF0FD56 93F427C2 98FF6C91 F3C0BAFA E40761EB
6433BAFF 1FB1FB54 45548B32 71C281F8 EEC7A316 89A5FD18 3116C8FE AB138740
A2550203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 1420F985 0A2DE35A B9B6570A 42BD200A BCC7714B
6C301D06 03551D0E 04160414 20F9850A 2DE35AB9 B6570A42 BD200ABC C7714B6C
300D0609 2A864886 F70D0101 04050003 8181008E 78D74D28 6DDDE451 C87878AB
D45F1478 E252F6AA F8455B81 97F6A832 6B7C0172 C96C31C4 1E690994 BC297457
38348791 9CBC6B5D 9964E1F8 2FBEA90B D3973DFC DBD634F6 28F5FF4A D47FA523
088BD150 5C85BE90 0C2563CE 4D07CC33 E2652F7A D56746EE F5BE2606 F889A3BA
8BD09438 70C97C7F 146DF485 FC4BB885 96C313
quit
username cisco privilege 15 secret 5 $1$pNtS$t3OLcnahuIjQuIZIBdZdR/
username dbctl privilege 15 secret 5 $1$xhup$g06ZEyr94Za98kjqGNeyL/
username <dbctl> privilege 15 secret 5 $1$qPee$B95Lrun8kQJBpyltfReUX1
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end


----------



## zx10guy (Mar 30, 2008)

There's one line missing in the ATM0 configuration. You need to add...pvc 8/35.

After you add the line, do a sho int atm0 again. You should see current VCCs go up to 1.


----------



## dbctl (May 17, 2008)

I still don't have it working yet check my congig. below.

Thanks,
Dennis (Lost)


Current configuration : 3843 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1
 lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-3352435856
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3352435856
 revocation-check none
 rsakeypair TP-self-signed-3352435856
!
!
crypto pki certificate chain TP-self-signed-3352435856
 certificate self-signed 01
 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
 69666963 6174652D 33333532 34333538 3536301E 170D3038 30353134 32323334
 31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353234
 33353835 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
 8100B37C 063599B9 7EB20DDD 2A9C0574 6841D5F9 10B69352 58A4E728 FB77E23F
 9E979B4F DF18CA2F E56BC8DA E694BE0C C1066E54 9FFA2A17 C90C2F4C B5517497
 E4DE892E 9135EC5D E2D2062B DFF0FD56 93F427C2 98FF6C91 F3C0BAFA E40761EB
 6433BAFF 1FB1FB54 45548B32 71C281F8 EEC7A316 89A5FD18 3116C8FE AB138740
 A2550203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
 301F0603 551D2304 18301680 1420F985 0A2DE35A B9B6570A 42BD200A BCC7714B
 6C301D06 03551D0E 04160414 20F9850A 2DE35AB9 B6570A42 BD200ABC C7714B6C
 300D0609 2A864886 F70D0101 04050003 8181008E 78D74D28 6DDDE451 C87878AB
 D45F1478 E252F6AA F8455B81 97F6A832 6B7C0172 C96C31C4 1E690994 BC297457
 38348791 9CBC6B5D 9964E1F8 2FBEA90B D3973DFC DBD634F6 28F5FF4A D47FA523
 088BD150 5C85BE90 0C2563CE 4D07CC33 E2652F7A D56746EE F5BE2606 F889A3BA
 8BD09438 70C97C7F 146DF485 FC4BB885 96C313
 quit
username cisco privilege 15 secret 5 $1$pNtS$t3OLcnahuIjQuIZIBdZdR/
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 10.10.10.1 255.255.255.248
 ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end


----------



## zx10guy (Mar 30, 2008)

You didn't add the line I said you needed in my previous post.


----------



## dbctl (May 17, 2008)

I,m sorry I couldn't figure out how to. Cisco coding is a little different than yours. I have reset the Cisco back to factory defaults again. I am sending this below from my Westell DSL Modem that works to give you a look at how it is set up.

Thanks for all your help,
Dennis

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

DSL Sync Up
Internet Connection Up
User ID [email protected]
Downstream Rate (Kbits/Sec) 7034
Upstream Rate (Kbits/Sec) 508
WAN IP Address 72.152.62.186
Gateway IP Address 65.14.248.25
MAC Address 00:0f:db:23:c6:1b
Primary DNS 205.152.37.23
Secondary DNS 205.152.144.23
Primary DNS Name dns.asm.bellsouth.net
Secondary DNS Name dns.mia.bellsouth.net
ProLine Page 1 of 1
http://192.168.1.254/broadbandBS.htm 5/14/2008

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Home Summary Help
User ID [email protected]
DSL Sync Up Device Name ProLine
Internet Connection Up Model Number C90-610030-06
WAN IP Address 72.152.62.186 Serial Number 04B412612522
Downstream Rate 7034 (Kbits/Sec) Software Version 03.08.02
Upstream Rate 508 (Kbits/Sec) DHCP Server Enabled
Warranty Date October 25, 2048
Home Network Summary
IP Address / Name MAC Address
Connection
Status
Connection
Type
192.168.1.97 / SonyLaptop 00:01:4a:c0:f6:32 Active Ethernet

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

Route - IP Interfaces Help
Address Subnet Mask Name
127.0.0.1 255.0.0.0 lo0
192.168.1.254 255.255.255.0 eth0
72.152.62.186 255.255.255.255 mainPPP
Network Routing Table
Destination Subnet Mask Gateway Interface Metric Rip
0.0.0.0 0.0.0.0 72.152.62.186 mainPPP 0 N/A
192.168.1.0 255.255.255.0 192.168.1.254 eth0 0 N/A
Host Routing Table
Destination Gateway Interface Metric Rip
72.152.62.186 127.0.0.1 lo0 0 N/A
127.0.0.1 127.0.0.1 lo0 0 N/A
192.168.1.254 127.0.0.1 lo0 0 N/A
239.255.255.250 192.168.1.254 eth0 0 N/A

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

LAN DHCP Configuration Help
Device IP Address 192.168.1.254
Subnet Mask 255.255.255.0

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

IP Statistics Help
WAN IP Address 72.152.62.186
Gateway IP Address 65.14.248.25
Primary DNS 205.152.37.23
Secondary DNS 205.152.144.23
Primary DNS Name dns.asm.bellsouth.net
Secondary DNS Name dns.mia.bellsouth.net
IP Interfaces
Address Netmask Name
127.0.0.1 255.0.0.0 lo0
192.168.1.254 255.255.255.0 eth0
Network Routing Table
Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 72.152.62.186 mainPPP
192.168.1.0 255.255.255.0 192.168.1.254 eth0
Host Routing Table
Destination Gateway Interface
72.152.62.186 127.0.0.1 lo0
127.0.0.1 127.0.0.1 lo0
192.168.1.254 127.0.0.1 lo0
239.255.255.250 192.168.1.254 eth0

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

LAN Statistics Help
Device IP Address 192.168.1.254
DHCP Netmask 255.255.255.0
DHCP Start Address 192.168.1.1
DHCP End Address 192.168.1.253
DHCP Server Status ON
DHCP Server Enabled
Devices on LAN
IP Address / Name MAC Address
Connection
Status
Connection
Type
192.168.1.97 / SonyLaptop 00:01:4a:c0:f6:32 Active Ethernet
LAN Statistics Page 1 of 1

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ATM Statistics Help
Packet Information
VPI / VCI 8/35
Protocol PPPoE
In Octets 5886208
In Errors 0
In Unicast Packets 3260
In Non Unicast Packets 0
In Discard Packets 0
Out Octets 855801
Out Errors 0
Out Unicast Packets 3149
Out Non Unicast Packets 1
Out Discard Packets 3487
PPPoE 
PPPoE Session Status UP
PPPoE Server MAC 00:03:4b:09:c0:03
Address 
PPPoE Session ID 7832

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


----------



## zx10guy (Mar 30, 2008)

There's nothing different about what I'm telling you which is different from the Cisco command set as they are the same. If what I was telling you was different, you wouldn't have been able to get into the router and do the previous commands I gave you.

The other post I put it was to get you to configure the ATM0 interface with the proper VPI/VCI settings to get the physical communication up.

The next question I was going to ask you was whether your DSL connection required PPPoE authentication which you answered with your Westell config dump. You may want to edit out some of the information you put up....particularly the user account you are using for PPPoE and your current public IP.


----------



## dbctl (May 17, 2008)

The below Config. Is from my Cisco 877 Modem. Can you please tell me how to config. or what I am doing wrong.

Thanks,
Dennis






Authorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!

User Access Verification

Username: dbctl
Password:
Bellsouth#show run
Building configuration...

Current configuration : 4723 bytes
!
! Last configuration change at 00:22:15 PCTime Mon May 19 2008 by dbctl
! NVRAM config last updated at 16:12:43 PCTime Sun May 18 2008 by cisco
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Bellsouth
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$ednN$F2vs0yLCZuP2hVy5nxqF//
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp excluded-address 10.10.10.111 10.10.10.254
!
ip dhcp pool sdm-pool1
 import all
 network 10.10.10.0 255.255.255.0
 dns-server 205.152.37.23
 default-router 10.10.10.111
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name Bellsouth.net
ip name-server 205.152.37.23
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3352435856
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3352435856
 revocation-check none
 rsakeypair TP-self-signed-3352435856
!
!
crypto pki certificate chain TP-self-signed-3352435856
 certificate self-signed 01
 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
 69666963 6174652D 33333532 34333538 3536301E 170D3038 30353135 32303437
 31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353234
 33353835 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
 8100B37C 063599B9 7EB20DDD 2A9C0574 6841D5F9 10B69352 58A4E728 FB77E23F
 9E979B4F DF18CA2F E56BC8DA E694BE0C C1066E54 9FFA2A17 C90C2F4C B5517497
 E4DE892E 9135EC5D E2D2062B DFF0FD56 93F427C2 98FF6C91 F3C0BAFA E40761EB
 6433BAFF 1FB1FB54 45548B32 71C281F8 EEC7A316 89A5FD18 3116C8FE AB138740
 A2550203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
 301F0603 551D2304 18301680 1420F985 0A2DE35A B9B6570A 42BD200A BCC7714B
 6C301D06 03551D0E 04160414 20F9850A 2DE35AB9 B6570A42 BD200ABC C7714B6C
 300D0609 2A864886 F70D0101 04050003 8181005C 821DAEFD DB217779 BEDC2C1A
 E89F4B50 F4AE2B5B 5E3F8BE9 D9CDA058 938774D7 946768C6 EC04A10D C81962DA
 B2103CBB 95C130B5 DF424D45 5DE4ADD3 742471CE 76633168 218D5E3D E3BF9032
 95CC0617 B56BD7B5 1A2CB639 A1BB150C 4A81A76A 70DFB501 2ACEC8E2 A305C180
 CB49C17D 5EE5F13D CF95A519 043BC898 9AE2F1
 quit
username dbctl privilege 15 secret 5 $1$232c$/Y7dlnVUtzkkzA2R21pkU1
!
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 pvc 8/35
 pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.111 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname [email protected]
 ppp chap password 7 12150010170508
 ppp pap sent-username [email protected] password 7 04570E010A2F48
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface Dialer0 overload
!
logging trap debugging
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end


----------



## dbctl (May 17, 2008)

zx10guy said:


> There's nothing different about what I'm telling you which is different from the Cisco command set as they are the same. If what I was telling you was different, you wouldn't have been able to get into the router and do the previous commands I gave you.
> 
> The other post I put it was to get you to configure the ATM0 interface with the proper VPI/VCI settings to get the physical communication up.
> 
> The next question I was going to ask you was whether your DSL connection required PPPoE authentication which you answered with your Westell config dump. You may want to edit out some of the information you put up....particularly the user account you are using for PPPoE and your current public IP.


What do I need to edit out? You will have to go into detail some of this is over my head and I am learning as I go along. You have gone out of your way helping me with this and I am thankful.

Thanks,
Dennis


----------



## zx10guy (Mar 30, 2008)

Sorry, been busy with things and was out of town.

Here's a document which talks about setting up PPPoE over a DSL connection from Cisco:

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/857sg_bk.pdf

I suggest walking through this document and see if you can get your connection up and running.

Here's a troubleshooting guide:

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a008071a7c2.shtml

I haven't had time to read through the configuration guide. It's unfortunate I don't have a similar router in front of me to help you through the config.


----------



## dbctl (May 17, 2008)

Thanks for your help. I finally got it working. I bought this Cisco 877 from Hardware.com and they didn't want to help me. They wouldn't reply to my request for help and when I sent more emails asking for help they got mad and told me not to email them anymore. I do not recommend doing any business with Hardware.com. 

Dennis


----------



## zx10guy (Mar 30, 2008)

So what was the final fix? Did you set up any ACLs or configure the onboard firewall? If not, your network is still unsecure.

In the defense of Hardware.com, they're in the business to sell hardware and services. Their tech support would be more limited to actual hardware issues not configuration problems. No place I know of will give configuration advice over the phone for gear like this, not CDW, not GTSI, not Provantage. Expertise costs money. That's why people like me are employed. If you have a Cisco SmartNet support contract, the Cisco engineers won't even build a configuration for you. You have to have a general idea of what you are doing and the Cisco engineers will help you fix what ever is the problem to get your there.


----------



## t1n0m3n (Sep 4, 2004)

(This is off of the above config, if you have changed your config significantly, the stuff below may not work as expected.)

First, do a write mem from the global exec prompt:
Bellsouth# wr mem
Building configuration...
[OK]
Bellsouth#

If anything breaks along the way, you can type "reload" (or just power cycle the router) and the router will reboot and the config will be back to a known working config.

I recommend that you test your connectivity at the end of each section below.

Paste this in (configuration errors/omissions I saw in the above config):
conf t
clock timezone EST -5
no clock summer-time
clock summer-time EST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
interface Dialer0
dialer string "*99#"
exit
exit

The last one is a guard against the "No dialer string set" error that you will get if the link bounces. Basically without it, your 877 will complain about it for a while until it works out that it is pppoe and doesn't actually need one. It makes the difference between less than two minutes for a full power cycle to usable internet and taking sometimes over 5 minutes to get a usable internet.

Here is how you turn on CBAC (Cisco IOS Firewall)
conf t
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 30
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw http java-list 20 timeout 3600
ip inspect name myfw netshow
ip inspect name myfw rtsp
access-list 115 remark ********Inbound Packets (Inbound on D0)
interface Vlan1
ip inspect myfw in
interface Dialer0
ip access-group 115 in
exit
exit

With a deny all (Yes there is a deny all at the end of that acl above even though you dont see it.) , this you may notice that certain things like ping no longer work...

Here is how you put an ACL on your outside interface:
access-list 115 remark ********Deny bad packets to be safe
access-list 115 deny icmp any any redirect log
access-list 115 remark ********Permit what CBAC doesn't cover
access-list 115 permit icmp any any administratively-prohibited
access-list 115 permit icmp any any echo
access-list 115 permit icmp any any echo-reply
access-list 115 permit icmp any any packet-too-big
access-list 115 permit icmp any any time-exceeded
access-list 115 permit icmp any any traceroute
access-list 115 permit icmp any any unreachable
interface Dialer0
ip access-group 115 in
exit
exit

Here is an example of port forwarding, just like you would do on a linksys or similar (for peer to peer, teamspeak, etc):
conf t
access-list 115 remark ********User Defined Servers
access-list 115 permit udp any any eq 3784
access-list 115 permit udp any any eq 6100
ip nat inside source static udp 10.10.10.50 3784 interface Dialer0 3784
ip nat inside source static udp 10.10.10.50 6100 interface Dialer0 6100
exit

Replace the 10.10.10.50 with whatever machine's IP that you want to forward the traffic to.

Finally once you test everything out and it is working great, then do a final:
Bellsouth# wr mem
Building configuration...
[OK]
Bellsouth#


----------



## t1n0m3n (Sep 4, 2004)

Here is how you would set up NTP to get time from the internet, and then serve it to all of your machines on the inside:
ntp master
ntp server 192.43.244.18 source Dialer0
ntp server 209.81.9.7 source Dialer0
ntp server 128.118.25.5 source Dialer0

Bellsouth#show ntp status
Clock is *synchronized*, *stratum 2*, reference is *192.43.244.18*
nominal freq is 250.0000 Hz, actual freq is 250.1637 Hz, precision is 2**18
reference time is CBE3835D.0D6F9E19 (*01:19:09.052 EDT Sun May 25 2008*)
clock offset is 1.1933 msec, root delay is 57.57 msec
root dispersion is 39.67 msec, peer dispersion is 25.42 msec
Bellsouth#

I have bolded the important parts:
1. You don't want it to be unsynchronized
2. You want it to be stratum 2. Sometimes if you lose all of your NTP peers, the router will use itself, and go to stratum 7 instead. (Because we are using NTP Master)
3. The IP needs to be one of your defined NTP servers. a server of 127.127.7.1 or similar means that the router is using itself for time.
4. Make sure the date and time are correct. Sometimes you have to initially set the time to something close to the real time (I set mine 5 minutes slow) so that NTP will start working. So I would enter at the global exec:
clock set 01:14:09 May 25 2008
And when NTP takes over, the time will correct itself.

About once a month I go in and audit my servers to make sure they have not gone down. I use three so that it gives me a little leeway on how often I check my NTP associations.

Bellsouth#show ntp associations

address ref clock st when poll reach delay offset disp
~127.127.7.1 127.127.7.1 7 20 64 377 0.0 0.00 0.0
*~192.43.244.18 .ACTS. 1 713 1024 377 57.6 -14.24 2.3
+~209.81.9.7 .GPS. 1 892 1024 377 100.0 16.63 2.3
~128.118.25.5 .WWV. 1 9d 1024 0 46.0 -21.86 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
Bellsouth#

Notice in the above example that the last server is "configured" but not "selected"
This tells me that I need to google "public ntp servers" and find a new one to replace this one.

One other thing:
Since the router is set to apply CBAC on inbound on VLAN1, this presents an issue. The NTP reply will not be allowed back in, because CBAC is not getting applied.
There are a couple of ways around this issue:
1. Apply CBAC outbound on dialer0 instead of inbound on VLAN1
interface Vlan1
no ip inspect myfw in
interface Dialer0
ip inspect myfw out

2. Or you could add this rule to the dialer0 ACL
access-list 115 remark ********Allowed NTP Servers
access-list 115 permit udp host 192.43.244.18 any eq ntp
access-list 115 permit udp host 209.81.9.7 any eq ntp
access-list 115 permit udp host 128.118.25.5 any eq ntp

In my particular case, I could not use method one due to some B2B VPN tunneling happening, so I use method 2.


----------



## t1n0m3n (Sep 4, 2004)

All of the above stuff, is basically a trimmed down version of what I am running on my 831. If you want to get into some fancier stuff, post up and let us know. You haven't even scratched the surface of what you can do with this router.


----------



## dbctl (May 17, 2008)

t1n0m3n said:


> (This is off of the above config, if you have changed your config significantly, the stuff below may not work as expected.)
> 
> First, do a write mem from the global exec prompt:
> Bellsouth# wr mem
> ...


This is the config now below.....................

Thanks,
Dennis

Current configuration : 6457 bytes
!
! Last configuration change at 09:22:48 PCTime Sun May 25 2008 by dbctl
! NVRAM config last updated at 09:37:11 PCTime Sat May 24 2008 by dbctl
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname DGL
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$./r0$ubjufrn9j4Rqy7M1G3aD6/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.24
ip dhcp excluded-address 10.10.10.96 10.10.10.254
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 205.152.37.23 
default-router 10.10.10.111 
lease infinite
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name Local
ip name-server 205.152.37.23
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3352435856
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3352435856
revocation-check none
rsakeypair TP-self-signed-3352435856
!
!
crypto pki certificate chain TP-self-signed-3352435856
certificate self-signed 01
30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
69666963 6174652D 33333532 34333538 3536301E 170D3038 30353135 32303437 
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353234 
33353835 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
8100B37C 063599B9 7EB20DDD 2A9C0574 6841D5F9 10B69352 58A4E728 FB77E23F 
9E979B4F DF18CA2F E56BC8DA E694BE0C C1066E54 9FFA2A17 C90C2F4C B5517497 
E4DE892E 9135EC5D E2D2062B DFF0FD56 93F427C2 98FF6C91 F3C0BAFA E40761EB 
6433BAFF 1FB1FB54 45548B32 71C281F8 EEC7A316 89A5FD18 3116C8FE AB138740 
A2550203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603 
551D1104 0D300B82 0944474C 2E4C6F63 616C301F 0603551D 23041830 16801420 
F9850A2D E35AB9B6 570A42BD 200ABCC7 714B6C30 1D060355 1D0E0416 041420F9 
850A2DE3 5AB9B657 0A42BD20 0ABCC771 4B6C300D 06092A86 4886F70D 01010405 
00038181 0057323E EEBA235F 289E0B4F 38F204DE 8B6F1A18 9DF78A5F 2E3EABD2 
49DB679B 913ED134 2E7AD384 9C58F0F8 9B7FD4A3 62866256 FC06D196 FC47277A 
D1FEF9A6 CDADD57E 9C19306F F1A2C06A 1D23622A 1C5464E2 9ED342C0 5A538916 
FD6E31EA FE7AEF07 B9D0ABCA 9E45D293 2C6DE69E 12D4AD6D D36ACB35 69ABCBBF 
928E289C CC
quit
username dbctl privilege 15 secret 5 $1$2tML$o6BmkS6j7rfnrgWJ8CjQM.
!
! 
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto 
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35 
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.111 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 12150010170508
ppp pap sent-username [email protected] password 7 011F03035E0502
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.1 50000 interface Dialer0 51023
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 205.152.37.23 eq domain any
access-list 101 permit tcp any any eq 51023
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end


----------



## dbctl (May 17, 2008)

zx10guy said:


> So what was the final fix? Did you set up any ACLs or configure the onboard firewall? If not, your network is still unsecure.
> 
> In the defense of Hardware.com, they're in the business to sell hardware and services. Their tech support would be more limited to actual hardware issues not configuration problems. No place I know of will give configuration advice over the phone for gear like this, not CDW, not GTSI, not Provantage. Expertise costs money. That's why people like me are employed. If you have a Cisco SmartNet support contract, the Cisco engineers won't even build a configuration for you. You have to have a general idea of what you are doing and the Cisco engineers will help you fix what ever is the problem to get your there.


I'm working on your reply here. I was sending a reply to you last night but this online spell check shut it down and I lost the reply. I will send it to you a little later today when I get a chance.

Thanks again,
Dennis


----------



## t1n0m3n (Sep 4, 2004)

(Bold items are cut and paste items that you can paste into your router. All of the items can be pasted into console from the global exec prompt (e.g. DGL#))
(Italics are examples of what you would see on console if you typed the command in as shown.)

It looks like SDM took care of your security stuff.
I would still paste the following because your summer time is jacked up and usually I prefer the names to be the abbreviation of the timezone for easy reading:
*conf t
clock timezone EST -5
no clock summer-time
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
exit
wr mem
*
An example of what this does is below:
When the clock is in daylight savings:
_DGL#show clock
12:59:10.245 EDT Sun May 25 2008
DGL#
_
When the clock is in standard time:
_DGL#show clock
12:59:10.245 EST Sun Dec 14 2008
DGL#
_
Other than that, if you have problems with your DSL coming up slow and you get something like this in your log files:
_DGL#show log
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled)
Console logging: level debugging, 21 messages logged, xml disabled
Monitor logging: level debugging, 0 messages logged, xml disabled
Buffer logging: level debugging, 21 messages logged, xml disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: enabled
Trap logging: level notifications, 23 message lines logged
Logging to 10.10.10.111, 23 message lines logged, xml disabled

Log Buffer (16384 bytes):

*Mar 1 00:00:06.499: Di0 DDR: Cannot place call, no dialer string set.

DGL#_

The following will fix this:
*conf t
interface Dialer0
dialer string "*99#"
exit
exit
wr mem
*

Keep in mind that even if you get this message, your router will still connect, but the time from the router being fully up and connecting to the internet will sometimes vary between 5 seconds and a couple of minutes.
With the command, the time will be consistently less than 5 seconds (provided nothing is wrong on the provider end.)
Oh, and also, the actual string doesn't matter either. I usually use "*99#" because that is the defacto standard when using Dial on Demand Routing without actual dial tone. (Like GPRS/HSDPA modems, etc.)


----------



## dbctl (May 17, 2008)

zx10guy said:


> So what was the final fix? Did you set up any ACLs or configure the onboard firewall? If not, your network is still unsecure.
> 
> In the defense of Hardware.com, they're in the business to sell hardware and services. Their tech support would be more limited to actual hardware issues not configuration problems. No place I know of will give configuration advice over the phone for gear like this, not CDW, not GTSI, not Provantage. Expertise costs money. That's why people like me are employed. If you have a Cisco SmartNet support contract, the Cisco engineers won't even build a configuration for you. You have to have a general idea of what you are doing and the Cisco engineers will help you fix what ever is the problem to get your there.


Nobody but you would help.
I did set up ciscos default fire wall. I just keep trying and reading up on it, trying again and again. Every so often I would reset it back like it was new to make sure I hadn't caused the problem. Then I finally figured it out but I am still not exactly what I did to get it to work. I have an idea. You can probably look at one of the older Config.s then the last Config and figure out what I did to fix it. I would like to know exactly what so I can learn from it.

Thanks for your help again,
Dennis


----------

