configurazione tiscali 4mb con cisco 877

[cadorna]

ciao a tutti e buon giorno, dopo serate e nottate a tuttoggi non sono riuscito a navigare su internet.Premesso che ho sostituito il router soho 97 con un 877, nonostante ho gli stessi parametri, con il vecchio navigo ma con il nuovo nisba.Boh, c'e' qualche anima pia che ha voglia di aiutarmi?
thanks.
allego lo show conf
ciauzzz

Building configuration...

Current configuration : 8052 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$CLC4$L3XLfPm0hULZD9EJjkaVn.
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
aaa session-id common
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-1075459781
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1075459781
revocation-check none
rsakeypair TP-self-signed-1075459781
!
!
crypto pki certificate chain TP-self-signed-1075459781
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303735 34353937 3831301E 170D3032 30333031 30303132
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30373534
35393738 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100968E 52A5AD4E F99AF2D7 60D6BF2B EE044723 8389D1EB 3A832878 4231FB17
6E5378DD A024F7C3 608EB4E5 E9435B7A 00E4D5B7 E94C220F A8DA5BF8 178B0509
7AEAF6BB CE104893 BA73FE5C 42A84631 F97A1D0C 63B376CE 038BDF38 A2C81F49
8B796D8E E7455434 3512A803 FB54F197 05A096ED B7176AF1 4C321CEF C108BBF2
7C170203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14C05542 79F8E8F4 1B185550 D212643C 0DFCCFA0
A1301D06 03551D0E 04160414 C0554279 F8E8F41B 185550D2 12643C0D FCCFA0A1
300D0609 2A864886 F70D0101 04050003 8181001A 4E41BC8E 9C5CF4F5 194B4F3D
4B821ED3 56954F0B 47C20016 811FFBAD 15AA48B2 74C1B86A E786587B 83042495
49CB150A 2D94A4E6 8DA04D43 B01EE4FF 8C602C7C 6BA907E0 564FED70 9943D46E
44732186 5DCFBE4E 3728383A D35DC370 A40FF637 0DCE3047 8E05AFAE 8D9DA59F
AFA90C4F F5D1A455 7CB1195D 1DFF2234 F1F544
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
!
!
no ip bootp server
ip domain name yourdomain.com
ip name-server 213.205.32.70
ip name-server 213.205.36.70
!
!
!
username privilege 15 secret
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
policy-map type inspect sdm-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ****
ppp chap password ****
ppp pap sent-username **** password ****
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 2 deny any
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark VTY Access-class list
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 101 in
privilege level 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

[Gianremo.Smisek]

hai la config sporcata da SDM... ti consiglierei di rifarla da 0..

ciao

[cadorna]

esiste una conf di base che puo' essere sviluppata per gradi?(quantomeno per vedere se il router funziona)
thanks

[Gianremo.Smisek]

certo.. il forum ne e' pieno di conf basi; basta fare un search

[cadorna]

il comando per cancellare l'ho imparato bene....comunque non riesco a farlo andare neanche un po'.Il problema e che le varie configurazioni non sono magari adatte al 877 e sopratutto lo show run non mi dice dove applicare le modifiche (forse sono io che non capisco).Se fosse possibile mi piacerebbe capire come fare e credetemi di post ne ho letti davvero tanti.
C'e' qualcuno che ha pazienza?
thanks

[Gianremo.Smisek]

lo sh run non serve per modificare, ma per vedere i settaggi caricati in ram. Tutti i comandi che vedi, li devi dare a manina.


ciao

[cadorna]

sono d'accordo con te , ma per un motivo o per l'altro mi danno sempre degli errori, magari non sono specifici per 877 oppure per tiscali.
Io vorrei imparare ma ho bisogno anche di capire e non di copiare.
thanks

[Gianremo.Smisek]

l'80% della config sono ugali per tutte le adsl.. cambia magari l'encaps PPPoA/PPPoE ..

http://www.areanetworking.it/index_docs ... Alice_ADSL


questo e' per PPPoA.. se sei in PPPoE, basta cambiare una sola riga nell'ATM0

ciao

[cadorna]

questa l'ho fatta io ed infatti non riesco a pingare le porte ethernet...
Come si fa a correggere i comandi cli senza dover riscrivere tutto ?
thanks
Secondo voi xche' non funge?

Router#show run
Building configuration...

Current configuration : 1532 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool Dinamico
!
ip dhcp pool Dinamic
import all
network 192.168.1.0 255.255.255.0
dns-server 213.205.32.70 213.205.36.70
default-router 192.168.1.1
lease infinite
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username *******password 0 ******
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation icmp-timeout 1
ip nat translation max-entries 1000
ip nat inside source list 1 interface Dialer0 overload
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

[Gianremo.Smisek]

manca l'ip alla vlan1 e quindi ip nat inside, acl non definita per il nat...

poi ip default-gateway non c'entra una beneamata mazza


hai una confusione enorme... ti consiglio di leggerti con calma qualche post... stai solo scopiazzando qua' e la' mettendo cose che non servono.


ciao

[cadorna]

perche' il gateway non centra niente? Come fanno i pc in una configurazione dhcp a indirizzare il traffico verso l'uscita?Perche' la vlan ha bisogno di un indirizzo ip?DEvo supporre che le interfacce fastethernet vengano viste come porte di uno switch e la vlan come la vera interfaccia ethernet?Riassumendo:
pc - porta fastethernet . vlan - matrice di routing - dialer - interfaccia atm - doppino .
Se ho scritto cavolate sono bene accetti i suggerimenti e le correzioni
thanks

[Gianremo.Smisek]

attenzione, non mi riferisco al default router della conf DHCP, ma a questo comando:
ip default-gateway 192.168.1.1

il gw lo setti con:

ip route 0.0.0.0 0.0.0.0 interfaccia/netxthop

per il resto e' esatto quel che hai detto

[cadorna]

Allora, ho creato la vlan1 assegnandogli l'ip e correggendo il gateway.Ok, ora il dhcp mi da' l'indirizzo ip. L'interfaccia atm0 sale ed anche il dialer ma se tento di pingare i dns di tiscali nisba!!!!
Ovviamente di navigare neanche per idea ma mi consola che sto' iniziando a capire qualcosa.
Dove sbaglio???
thanks

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool Dinamico
!
ip dhcp pool Dinamic
import all
network 192.168.1.0 255.255.255.0
dns-server 213.205.32.70 213.205.36.70
default-router 192.168.1.1
lease infinite
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username ******password ******!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation icmp-timeout 1
ip nat translation max-entries 1000
ip nat inside source list 1 interface Dialer0 overload
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

[Gianremo.Smisek]

togli questo

ip default-gateway 192.168.1.1

e aggiungi

access-list permit 1 192.168.1.0 0.0.0.255

altrimenti non abiliti il nat

ciao

[cadorna]

la stringa da aggiungere e' riferita al dialer?Quella stringa abilita una route tra le interfacce logiche?Spero di aver capito..
Domandona: Per cancellare una linea cli dalla configurazione c'e' qualche sistema diverso dal dover riscrivere tutto?
Sono domande forse ovvie ma per me utili
thanks