Announcement

Collapse
No announcement yet.

Seek general advice - how to keep internet connection active (800 series)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Seek general advice - how to keep internet connection active (800 series)

    Hi all,

    I'm looking for some GENERAL advice for the 800 series router - I have the 877, running 12.4(24)T1.

    This morning I had no internet access. There was nothing obviously wrong with the router (though I'm a newbie). I logged in and issued a reload and everything has been fine since. What I'm looking for is some general advice, particularly:
    • If this happens again, what commands should I run on the router to check the status. I looked at show int and they all looked fine.
    • Is there a simple command I can run to drop the connection and re-establish it, since reload seems a bit of a sledgehammer.
    • More importantly, is there anything I can configure on the router so that it will try to maintain the internet connection, and re-establish it if it seems to have gone.

    Looking at mrtg, my connection has been down since about 00:33 (it's now 07:51), and it just required a reload to get it going. That would be a nuisance if I was away for a few days....

    My log shows this:

    Sep 22 00:33:38 192.168.1.1 74: .Sep 22 00:33:17.230: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
    Sep 22 07:29:20 192.168.1.1 75: .Sep 22 07:28:59.765: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: root] [Source: 192.168.1.242] [localport: 22] at 07:28:59 GMT Tue Sep 22 2009
    Sep 22 07:34:28 192.168.1.1 76: .Sep 22 07:34:07.746: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: root] [Source: 192.168.1.242] [localport: 22] at 07:34:07 GMT Tue Sep 22 2009
    Sep 22 07:38:36 192.168.1.1 77: .Sep 22 07:38:11.221: %SYS-5-RELOAD: Reload requested by root on vty2 (192.168.1.242). Reload Reason: Reload Command.




    Many thanks,



    Jim
    Last edited by jimwillsher; 22nd September 2009, 08:17.

  • #2
    Re: Seek general advice - how to keep internet connection active (800 series)

    Hi,

    Please send sh run of the router

    Cheers
    DT

    Comment


    • #3
      Re: Seek general advice - how to keep internet connection active (800 series)

      Many thanks. Here's the sh run output.


      Jim

      Code:
       
      !
      ! Last configuration change at 22:15:33 GMT Sat Sep 19 2009 by XX
      ! NVRAM config last updated at 22:15:36 GMT Sat Sep 19 2009 by XX
      !
      version 12.4
      no service pad
      service timestamps debug datetime msec localtime
      service timestamps log datetime msec localtime
      service password-encryption
      !
      hostname Cisco877
      !
      boot-start-marker
      boot-end-marker
      !
      logging message-counter syslog
      logging buffered 52000
      !
      aaa new-model
      !
      !
      aaa authentication login default local
      aaa authentication ppp default local
      !
      !
      aaa session-id common
      clock timezone GMT 0
      clock summer-time GMT recurring
      !
      !
      dot11 syslog
      ip source-route
      !
      !
      no ip dhcp use vrf connected
      ip dhcp excluded-address 192.168.1.1 192.168.1.200
      ip dhcp excluded-address 192.168.1.241 192.168.1.254
      !
      ip dhcp pool CLIENTS
         network 192.168.1.0 255.255.255.0
         default-router 192.168.1.1 
         dns-server 192.168.1.1 192.168.1.254 
         lease 0 12
      !
      no ip cef
      ip domain name XX.local
      ip inspect name fw tcp timeout 3600
      ip inspect name fw udp timeout 3600
      login block-for 180 attempts 3 within 180
      login on-failure log
      login on-success log
      no ipv6 cef
      ntp server 195.74.96.12
      !
      multilink bundle-name authenticated
      !
      vpdn enable
      !
      vpdn-group 1
      ! Default PPTP VPDN group
       accept-dialin
        protocol pptp
        virtual-template 1
      !
      !
      !
      username XX privilege 15 password 7 XXXX
      username XX password 7 XXX
      ! 
      !
      !
      archive
       log config
        hidekeys
      !
      !
      ip ssh version 2
      !
      !
      !
      interface ATM0
       description ADSL Connection
       no ip address
       no atm ilmi-keepalive
       pvc 0/38 
        encapsulation aal5mux ppp dialer
        dialer pool-member 1
       !
       dsl enable-training-log 
       hold-queue 200 in
      !
      interface FastEthernet0
      !
      interface FastEthernet1
      !
      interface FastEthernet2
      !
      interface FastEthernet3
      !
      interface Virtual-Template1
       ip unnumbered Vlan1
       ip nat inside
       ip virtual-reassembly
       peer default ip address pool VPNPOOL
       no keepalive
       ppp encrypt mppe auto required
       ppp authentication ms-chap ms-chap-v2 chap
      !
      interface Vlan1
       description LAN
       ip address 192.168.0.254 255.255.255.0 secondary
       ip address 192.168.1.1 255.255.255.0
       ip nat inside
       ip nat enable
       ip virtual-reassembly
       ip tcp adjust-mss 1452
       hold-queue 100 in
       hold-queue 100 out
      !
      interface Dialer0
       bandwidth inherit
       ip address negotiated
       ip access-group 120 in
       ip access-group 121 out
       ip nat outside
       ip inspect fw out
       ip virtual-reassembly
       encapsulation ppp
       ip tcp header-compression iphc-format
       ip tcp adjust-mss 1452
       dialer pool 1
       dialer-group 1
       no cdp enable
       ppp authentication pap chap callin
       ppp chap hostname [email protected]
       ppp chap password 7 XXXX
       ppp ipcp dns request
       ppp ipcp wins request
       ip rtp header-compression iphc-format
      !
      ip local pool VPNPOOL 192.168.1.251 192.168.1.253
      ip forward-protocol nd
      ip route 0.0.0.0 0.0.0.0 Dialer0
      no ip http server
      no ip http secure-server
      !
      !
      ip dns server
      no ip nat service sip udp port 5060
      ip nat inside source static tcp 192.168.1.50 25 interface Dialer0 25
      ip nat inside source static tcp 192.168.1.50 80 interface Dialer0 80
      ip nat inside source static tcp 192.168.1.50 443 interface Dialer0 443
      ip nat inside source static tcp 192.168.1.50 995 interface Dialer0 995
      ip nat inside source static tcp 192.168.1.50 20 interface Dialer0 20
      ip nat inside source static tcp 192.168.1.50 21 interface Dialer0 21
      ip nat inside source list 102 interface Dialer0 overload
      ip nat inside source static tcp 192.168.1.20 3389 interface Dialer0 3389
      !
      ip access-list standard SNMP-ALLOWED
       permit 192.168.1.50
       deny   any
      ip access-list standard SSH-ALLOWED
       permit 192.168.0.0 0.0.0.255
       permit 192.168.1.0 0.0.0.255
       deny   any
      !
      !
      logging 192.168.1.50
      access-list 102 remark Define NAT internal ranges
      access-list 102 permit ip 192.168.1.0 0.0.0.255 any
      access-list 102 permit ip 192.168.0.0 0.0.0.255 any
      access-list 120 remark Inbound external interface
      access-list 120 remark The below set the rfc1918 private exclusions
      access-list 120 deny   ip 192.168.0.0 0.0.255.255 any
      access-list 120 deny   ip 172.16.0.0 0.15.255.255 any
      access-list 120 deny   ip 10.0.0.0 0.255.255.255 any
      access-list 120 remark Allow established sessions back in
      access-list 120 permit tcp any any established
      access-list 120 remark Any new ports opened in the IP NAT INSIDE SOURCE STATIC lines should also be added here
      access-list 120 permit tcp any any eq smtp
      access-list 120 permit tcp any any eq www
      access-list 120 permit tcp any any eq 22
      access-list 120 permit tcp any any eq 443
      access-list 120 permit tcp any any eq 995
      access-list 120 permit tcp any any eq 3389
      access-list 120 permit tcp any any eq 1723
      access-list 120 permit tcp any any eq ftp
      access-list 120 permit tcp any any eq ftp-data
      access-list 120 remark Passive FTP ports matching vsftpd config
      access-list 120 permit tcp any any range 50000 50050
      access-list 120 permit gre any any
      access-list 120 permit udp any eq domain any
      access-list 120 remark Standard acceptable icmp rules
      access-list 120 permit icmp any any echo
      access-list 120 permit icmp any any echo-reply
      access-list 120 permit icmp any any source-quench
      access-list 120 permit icmp any any packet-too-big
      access-list 120 permit icmp any any time-exceeded
      access-list 120 deny   ip any any
      access-list 121 remark Allow all outbound IP
      access-list 121 permit ip any any
      dialer-list 1 protocol ip permit
      !
      !
      !
      !
      snmp-server community AnTeallach RW SNMP-ALLOWED
      !
      control-plane
      !
      !
      line con 0
       exec-timeout 0 0
       password 7 XXXX
       no modem enable
       transport output all
      line aux 0
       transport output all
      line vty 0 4
       access-class SSH-ALLOWED in
       exec-timeout 0 0
       privilege level 15
       password 7 XXXX
       transport input ssh
       transport output all
      !
      scheduler max-task-time 5000
      scheduler allocate 20000 1000
      time-range WEEKDAY
       periodic weekdays 8:00 to 18:00
      !
      end

      Comment


      • #4
        Re: Seek general advice - how to keep internet connection active (800 series)

        Instead of "reload" you can just "shutdown" the Dialer0 interface which will disconnect your PPP session and then "no shutdown" the Dialer0 interface to re-establish.

        This will be much quicker than a reload.

        Try configuring a keepalive value on your Virtual-Template interface.
        Infrastructure Architect
        CCNA, CCNA Security, MCSE, JNCIS

        Comment


        • #5
          Re: Seek general advice - how to keep internet connection active (800 series)

          Many thanks for the shutdown keywords. I suspected there was a suitable keyword, but with the router down I couldn't google.

          re: keepalive. The Virtual Template interface is just for the VPN, and there were no VPN (PPTP) sessions at the time. The interface which dropped was Virtual-Access3, which doesn't appear anywhere in the config.


          Jim

          Comment

          Working...
          X