1760 - No T1 WAN Connection 2

[MattSavage]

This is the first time I have worked with a cisco router, so please bear with me. We have a T1 line and currently we are using a Polycom NetEngine 6200 router on the line. I am upgrading to the 1700, but I cannot configure the WAN connection for the life of me.

I have taken these settings from our current router:

T1/E1 interface
Admin state = ENABLED
PHY state = ONLINE
Interface state = ONLINE
DataLink Protocol = Cisco compatible HDLC
Line Rate = 1544000 BPS

T1 Frame Mode = ESF
B8ZS = ENABLED
Line Build Out = 0 To 133 Feet
Tx Clock Source = External
Tx Channels Enabled = 1-24
Rx Channels Enabled = 1-24


PORT 1
MTU = 1500

IP interfaces on port 1:
ID IPAddr IPMask Priority
-- --------------- --------------- --------
0 65.86.196.226 255.255.255.252 NORMAL



10/100BaseT Ethernet interface
Ethernet Address = 00-E0-75-1C-78-66
Full Duplex = Enabled



PORT 1
MTU = 1500

IP interfaces on port 1:
ID IPAddr IPMask Priority
-- --------------- --------------- --------
0 65.86.198.1 255.255.255.224 NORMAL



Derived Timing is Disabled

Routing Table:
Network Netmask Gateway Interface
******* ******* ******* *********
65.86.196.224 255.255.255.252 65.86.196.226 65.86.196.226
65.86.196.226 255.255.255.255 65.86.196.226 65.86.196.226
65.86.198.0 255.255.255.224 65.86.198.1 65.86.198.1
65.86.198.1 255.255.255.255 65.86.198.1 65.86.198.1
0.0.0.0 0.0.0.0 0.0.0.0 65.86.196.226


The running-config on the Cisco is this:

Current configuration : 2308 bytes
!
! Last configuration change at 01:39:58 PCTimeZ Wed Feb 11 2004
!
version 12.3
no service
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname 1760
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$..Ty$EcDzN5fmi1zrdJDQoYPPM/
!
username cisco privilege 15 password 0 cisco
clock timezone PCTimeZone -5
no aaa new-
ip subnet-zero
no ip source-route
!
!
ip domain name phoenixworldwide.com
ip name-server 216.175.203.50
ip name-server 216.175.203.59
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$Phoenix LAN DHCP NAT
ip address 65.86.198.1 255.255.255.224
ip access-group sdm_fastethernet0/0_in in
ip access-group sdm_fastethernet0/0_out out
ip route-cache flow
speed auto
no cdp enable
!
interface Serial0/0
description $FW_OUTSIDE$Phoenix WAN
ip address 65.86.196.226 255.255.255.252
ip access-group sdm_serial0/0_in in
ip access-group sdm_serial0/0_out out
ip verify unicast reverse-path
ip route-cache flow
no fair-queue
no cdp enable
!
interface Ethernet1/0
description $FW_DMZ$Phoenix Servers
no ip address
ip route-cache flow
shutdown
half-duplex
no cdp enable
!
ip classless
ip http server
ip http authentication local
no ip http secure-server
!
!
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
permit tcp any any
permit ip any any
ip access-list extended sdm_fastethernet0/0_out
remark SDM_ACL Category=1
permit tcp any any
permit ip any any
ip access-list extended sdm_serial0/0_in
remark SDM_ACL Category=1
permit tcp any any
permit ip any any
ip access-list extended sdm_serial0/0_out
remark SDM_ACL Category=1
permit tcp any any
permit ip any any
logging trap debugging
logging 192.168.10.201
no cdp run
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
!
no scheduler allocate
scheduler interval 500
!
end


Can anyone see what I am doing wrong here??

 

[tschouten]

What are the ACLS for, all of them permit everything (just a curiosity)? Could you put some show commands for the interface on here as well? Otherwise things appear fine though you may want to double check your timing setup and make sure your encapsulation is set to HDLC.

 

[FANCYpete]

Matt don't worry, the default encapsulation on a serial interface is HDLC. You're not running any dynamic routing protocols, and you do NOT have a default route, you may want to add the following to your config:

ip route 0.0.0.0 0.0.0.0 65.86.196.225

Also, never paste in a config with your passwords in it! Even though your router is not hooked up yet. I would strongly recommend adding :

service password-encryption

Also, change your username password, along with changing your enable secret password. They are in plain sight on the internet now, and you don't want anyone getting in there once you get it online.

What are you trying to accomplish with the ACL's? Like schouten said they all permit everything.

I assume you are using a WIC-T1 with built in CSU/DSU card in your 1700. Please advise, and we can go over how to set up your clocking, and timeslots.


I'm the Fanciest of the Fancy...INDEED

 

[MattSavage]

FANCYpete and tschouten, thank you both for your help. Do not worry about the passwords, once I get a connection I will overhaul all of the security settings.

At this point I have received some information from my ISP that has confused me. They sent me some basic cofiguration script for setting up Frame Relay datalink protocol on this router, not HDLC. This seems odd, because my current working router shows HDLC, not Frame Relay.

I have a new running config that I would like you all to see. I did a full reset of the router, back to factory defaults, and I have simply configured the T1 WIC and Fastethernet port for the WAN. Here it is:

Current configuration : 1102 bytes
!
! Last configuration change at 02:12:22 UTC Wed Feb 11 2004
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password **********
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
!
interface FastEthernet0/0
ip address 65.86.198.1 255.255.255.224
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
service-module t1 timeslots 1-24
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial0/0.16 point-to-point
ip address 65.86.196.226 255.255.255.252
frame-relay interface-dlci 16
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 65.86.196.225
no ip http server
no ip http secure-server
!
!
!
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
!
end

My ISP also provided me with a working configuration on a Cisco 2610. I have compared mine to this and I cannot find anything wrong with mine.

Working 2610 config:
(provided by Covad)
Current configuration : 915 bytes
!
version 12.2
service config
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$Zmmi$y6tCpLyJDsof7/KtDPPz6/
enable password d0vac
!
memory-size iomem 10
ip subnet-zero
!
interface Ethernet0/0
ip address 10.0.0.1 255.0.0.0
half-duplex
no cdp enable
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
service-module t1 timeslots x-x (1-6,1-12,1-24 -- choose one)

NOTE - x-x signifies the speed of the connection 1-6 is 384,1-12 is 768 ,1-24 is 1568. The setting may need to be 6, 12, or 24 depending on the CPE.


no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
ip address 192.168.0.6 255.255.255.0
no cdp enable
frame-relay interface-dlci 16
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
ip pim bidir-enable
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
line con 0
exec-timeout 0 0
line 33 48
flowcontrol hardware
line aux 0
line vty 0 4
password d0vac
login
!
end


Can you see anything wrong? This has been frustrating me for a week now, and my provider has not been very helpful. Thanks!

 

[MattSavage]

OK the techs at my ISP have no idea what they are doing. I just received this info via email:

---------------------------------------------------
Vendor Equipment IP Address - Remote equipment: 65.xxx.xxx.225

Customer CPE address - WAN address: 65.xxx.xxx.226

LAN Block:

IP subnet allocated: 65.xxx.xxx.0/27

LAN - Gateway: 65.xxx.xxx.1

LAN - Subnet mask: 255.255.255.224

Available IP addresses: 65.xxx.xxx.2 through 65.xxx.xxx.30

DNS server 1: 216.175.203.59
DNS server 2: 216.175.203.50

As far as the Encapsulation type, they confirm that it's actually supposed to be HDLC.

Clock Source needs to be external.
--------------------------------------------------

Ok, so now that I know I need HDLC, I have configured a VERY basic setup:

Current configuration : 820 bytes
!
! Last configuration change at 13:51:31 UTC Wed Feb 11 2004
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
!
interface FastEthernet0/0
ip address 65.xxx.xxx.1 255.255.255.224
speed auto
!
interface Serial0/0
ip address 65.xxx.xxx.226 255.255.255.252
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 65.xxx.xxx.225
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
!
end
----------------------------

Should this be enough to get the WAN at least up and working? Is there anything else I need to do?

 

[FANCYpete]

Matt,glad to see you've taken the bogus ACL's out Also, glad to see the default route has been added. Your current config is good to go , except that you need to define your clocking, framing, coding, etc on SERIAL0/0. To do this configure the following for interface Serial0/0:

interface Serial0/0
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 timeslots 1-24 speed 64
service-module t1 data-coding normal
service-module t1 cablelength short 110ft
service-module t1 remote-loopback full


I'm the Fanciest of the Fancy...INDEED

 

[FANCYpete]

Matt, are you all set?

I'm the Fanciest of the Fancy...INDEED

 

[MattSavage]

I am all set. My ISP finally sent me the right config. The only difference I saw was that the config script had the command "no keepalive". I have no idea why this would make a differance but as long as it works I will not question it. Thanks for everything!