cancel
Showing results for 
Search instead for 
Did you mean: 

cisco 877 have to reload the router after line was dropped

fansn
Newbie
Posts: 5
Registered: ‎12-06-2013

cisco 877 have to reload the router after line was dropped

Hi, I need help on my cisco 877 router. I have been with O2 for 5 years before left for plusnet and no problem to use cisco 877, very stable. But I have seen issue when I first use plusnet. I successfully connected the router to plusnet yesterday, however, if the net was dropped, it cannot connect back again, even restart the atm interface. The only way is to power cycle/reload the router. I have debugged PPP, the problem is it doesn't receive any response when re-establish the ppp connection:
*Aug 26 03:00:31.832: PPP: Alloc Context [85389F50]
*Aug 26 03:00:31.832: ppp49 PPP: Phase is ESTABLISHING
*Aug 26 03:00:31.832: ppp49 PPP: Using AAA Unique Id = 69
*Aug 26 03:00:31.832: Vi3 PPP: Authorization NOT required
*Aug 26 03:00:31.836: Vi3 PPP: Using dialer call direction
*Aug 26 03:00:31.836: Vi3 PPP: Treating connection as a callout
*Aug 26 03:00:31.836: Vi3 PPP: Session handle[E3000037] Session id[49]
*Aug 26 03:00:31.836: Vi3 LCP: Event[OPEN] State[Initial to Starting]
*Aug 26 03:00:31.836: Vi3 PPP: No remote authentication for call-out
*Aug 26 03:00:31.836: Vi3 LCP: O CONFREQ [Starting] id 1 len 10
*Aug 26 03:00:31.836: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:31.836: Vi3 LCP: Event[UP] State[Starting to REQsent]
*Aug 26 03:00:34.052: Vi3 LCP: O CONFREQ [REQsent] id 2 len 10
*Aug 26 03:00:34.052: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:34.052: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:35.856: Vi3 LCP: O CONFREQ [REQsent] id 3 len 10
*Aug 26 03:00:35.856: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:35.856: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:37.933: Vi3 LCP: O CONFREQ [REQsent] id 4 len 10
*Aug 26 03:00:37.933: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:37.933: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:39.889: Vi3 LCP: O CONFREQ [REQsent] id 5 len 10
*Aug 26 03:00:39.889: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:39.889: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:41.905: Vi3 LCP: O CONFREQ [REQsent] id 6 len 10
*Aug 26 03:00:41.905: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:41.905: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:43.921: Vi3 LCP: O CONFREQ [REQsent] id 7 len 10
*Aug 26 03:00:43.921: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:43.921: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:45.938: Vi3 LCP: O CONFREQ [REQsent] id 8 len 10
*Aug 26 03:00:45.938: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:45.938: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:47.974: Vi3 LCP: O CONFREQ [REQsent] id 9 len 10
*Aug 26 03:00:47.974: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:47.974: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:49.966: Vi3 LCP: O CONFREQ [REQsent] id 10 len 10
*Aug 26 03:00:49.966: Vi3 LCP:    MagicNumber 0xF09F3AAF (0x0506F09F3AAF)
*Aug 26 03:00:49.966: Vi3 LCP: Event[Timeout+] State[REQsent to REQsent]
*Aug 26 03:00:51.982: Vi3 PPP DISC: LCP failed to negotiate

I believe my configuration is correct as when I reboot it it can connect without any problem. And I don't think it's plusnet's problem as I have tried 2 routers both have no issue. Don't know if this is the problem of cisco 877. I have upgraded the most recent IOS but no use. This problem is so strange.
My show run:
Building configuration...
Current configuration : 13593 bytes
!
! Last configuration change at 23:56:11 BST Thu Aug 25 2011
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname sinonguk
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable secret 5 $1$rUSm$rYs245ipFYQPc7oYAr9sG.
enable password 7 15141802247B727371
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
clock timezone London 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
crypto pki token default removal timeout 0
!
!
no dot11 syslog
!
dot11 ssid SINONGFAN
max-associations 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 0134332168384B2615
!
no ip source-route
!
!
ip dhcp excluded-address 192.168.0.253 192.168.0.254
ip dhcp excluded-address 192.168.0.129 192.168.0.200
!
ip dhcp pool dhcp-pool
  import all
  network 192.168.0.128 255.255.255.128
  domain-name SINONG.LOCAL
  default-router 192.168.0.254
  dns-server 192.168.0.254 8.8.8.8
  lease 7
!
ip dhcp pool T43w
  host 192.168.0.159 255.255.255.128
  client-identifier 0100.166f.8b0e.3a
!
!
!
no ip cef
ip domain name dyndns.org
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip ddns update method sdm_ddns1
HTTP
  add http://xxx:xxx@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
  remove http://xxx:xxx@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
!
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
vpdn authen-before-forward
vpdn session-limit 5
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
l2tp tunnel timeout no-session 15
!
!
!
username xxxxx privilege 15 secret 5 xxxxx
username vpn password 7 xxxxxxx
!
!
ip ssh authentication-retries 5
ip ssh version 2
!
class-map match-any voip-vlan-in
match access-group name voip
match protocol sip
match protocol rtp audio
class-map match-any voip-atm-out
match  precedence 5
class-map match-any p2p-vlan-in
match access-group name p2p
match protocol bittorrent
match protocol edonkey
class-map match-any p2p-atm-out
match  precedence 1
class-map type inspect match-any lan-to-wan-stateful
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any wan-to-lan-stateful
match protocol http
match protocol https
match protocol smtp
match protocol pop3
match protocol sip
match protocol rtsp
match access-group name wan-to-lan-acl
class-map type inspect match-any pass-through
match access-group name pass-through-acl
class-map match-any web-vlan-in
match access-group name web
class-map match-any web-atm-out
match  precedence 4
class-map type inspect match-any wan-to-self
match access-group name wan-to-self-acl
class-map type inspect match-any self-to-wan
match protocol tcp
match protocol udp
match protocol icmp
!
!
policy-map type inspect lan-to-wan
class type inspect pass-through
  pass
class type inspect lan-to-wan-stateful
  inspect
class class-default
  drop
policy-map type inspect wan-to-lan
class type inspect pass-through
  pass
class type inspect wan-to-lan-stateful
  inspect
class class-default
  drop
policy-map qos-packet-tagging
class p2p-vlan-in
  set precedence 1
class web-vlan-in
  set precedence 4
class voip-vlan-in
  set precedence 5
class class-default
  set precedence 2
policy-map type inspect self-to-lan
class class-default
  pass
policy-map type inspect lan-to-self
class class-default
  pass
policy-map qos-packet-queueing
class voip-atm-out
  priority 96
class web-atm-out
  bandwidth remaining percent 50
class p2p-atm-out
  bandwidth remaining percent 10
  police 100000 15000 16000 conform-action set-prec-transmit 2 exceed-action set-prec-transmit 1 violate-action drop
class class-default
  bandwidth remaining percent 40
  fair-queue
policy-map type inspect self-to-wan
class class-default
  pass
policy-map type inspect wan-to-self
class type inspect wan-to-self
  pass
class type inspect pass-through
  pass
class class-default
  drop
!
zone security WAN
zone security LAN
zone-pair security WAN-LAN source WAN destination LAN
service-policy type inspect wan-to-lan
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect lan-to-wan
zone-pair security LAN-SELF source LAN destination self
service-policy type inspect lan-to-self
zone-pair security SELF-LAN source self destination LAN
service-policy type inspect self-to-lan
zone-pair security WAN-SELF source WAN destination self
service-policy type inspect wan-to-self
zone-pair security SELF-WAN source self destination WAN
service-policy type inspect self-to-wan
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key sinong address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 60 periodic
!
crypto ipsec security-association lifetime seconds 600
!       
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
match address ipsec-acl
qos pre-classify
!
!
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
bridge irb
!
!
!
interface Loopback0
ip address 192.168.1.254 255.255.255.0
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
zone-member security LAN
peer default ip address pool pptp
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Dot11Radio0
no ip address
ip virtual-reassembly in
no dot11 extension aironet
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers tkip
!
broadcast-key change 180 membership-termination
!
broadcast-key vlan 1 change 45
!
!
ssid SINONGFAN
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2452
station-role root
world-mode dot11d country GB both
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
bandwidth 448
ip ddns update hostname sinonguk.dyndns.org
ip ddns update sdm_ddns1
ip address negotiated
no ip redirects
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security WAN
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx@plusdsl.net
ppp chap password 7 xxxxxxxxxxxxx
ppp pap sent-username xxxxx@plusdsl.net password 7 xxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
no cdp enable
crypto map SDM_CMAP_1
service-policy output qos-packet-queueing
!
interface BVI1
description $FW_INSIDE$
ip address 192.168.0.254 255.255.255.128
ip nat inside
ip virtual-reassembly in
zone-member security LAN
service-policy input qos-packet-tagging
!
ip local pool pptp 192.168.1.129 192.168.1.130
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat translation timeout 120
ip nat translation tcp-timeout 300
ip nat translation udp-timeout 150
ip nat translation finrst-timeout 20
ip nat translation dns-timeout 30
ip nat translation icmp-timeout 30
ip nat inside source static tcp 192.168.0.148 22 interface Dialer0 2222
ip nat inside source static tcp 192.168.0.148 3128 interface Dialer0 3128
ip nat inside source static tcp 192.168.0.148 80 interface Dialer0 80
ip nat inside source static tcp 192.168.0.148 25 interface Dialer0 25
ip nat inside source static tcp 192.168.0.148 110 interface Dialer0 110
ip nat inside source static tcp 192.168.0.138 46138 interface Dialer0 46138
ip nat inside source static udp 192.168.0.138 46138 interface Dialer0 46138
ip nat inside source static tcp 192.168.0.139 46139 interface Dialer0 46139
ip nat inside source static udp 192.168.0.139 46139 interface Dialer0 46139
ip nat inside source static tcp 192.168.0.148 46148 interface Dialer0 46148
ip nat inside source static udp 192.168.0.148 46148 interface Dialer0 46148
ip nat inside source static tcp 192.168.0.149 46149 interface Dialer0 46149
ip nat inside source static udp 192.168.0.149 46149 interface Dialer0 46149
ip nat inside source static tcp 192.168.0.158 46158 interface Dialer0 46158
ip nat inside source static udp 192.168.0.158 46158 interface Dialer0 46158
ip nat inside source static tcp 192.168.0.159 46159 interface Dialer0 46159
ip nat inside source static udp 192.168.0.159 46159 interface Dialer0 46159
ip nat inside source static tcp 192.168.0.147 46147 interface Dialer0 46147
ip nat inside source static udp 192.168.0.147 46147 interface Dialer0 46147
ip nat inside source static tcp 192.168.0.149 80 interface Dialer0 81
ip nat inside source static tcp 192.168.0.158 69 interface Dialer0 69
ip nat inside source static udp 192.168.0.158 69 interface Dialer0 69
ip nat inside source static tcp 192.168.0.199 46199 interface Dialer0 46199
ip nat inside source static udp 192.168.0.199 46199 interface Dialer0 46199
ip nat inside source static udp 192.168.0.199 46202 interface Dialer0 46202
ip nat inside source static udp 192.168.0.199 46201 interface Dialer0 46201
ip nat inside source static udp 192.168.0.199 46200 interface Dialer0 46200
ip nat inside source static udp 192.168.0.138 46140 interface Dialer0 46140
ip nat inside source static tcp 192.168.0.138 5900 interface Dialer0 5900
ip nat inside source static tcp 192.168.0.138 5901 interface Dialer0 5901
ip nat inside source static tcp 192.168.0.138 21 interface Dialer0 21
ip nat inside source static tcp 192.168.0.138 20 interface Dialer0 20
ip nat inside source static tcp 192.168.0.208 46208 interface Dialer0 46208
ip nat inside source static udp 192.168.0.208 46208 interface Dialer0 46208
ip nat inside source static tcp 192.168.0.138 3389 interface Dialer0 3389
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.2.128 255.255.255.128 192.168.0.138
ip route 192.168.3.128 255.255.255.128 192.168.0.138
ip route 192.168.4.128 255.255.255.128 192.168.0.138
!
ip access-list extended ipsec-acl
permit ip 192.168.0.128 0.0.0.127 192.168.0.0 0.0.0.127
ip access-list extended nat-acl
deny  ip 192.168.0.128 0.0.0.127 192.168.0.0 0.0.0.127
deny  ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.127
permit ip 192.168.0.128 0.0.0.127 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.128 0.0.0.127 any
permit ip 192.168.3.128 0.0.0.127 any
ip access-list extended p2p
permit tcp any range 46129 46253 any
permit udp any range 46129 46253 any
permit tcp any any range 46129 46253
permit udp any any range 46129 46253
ip access-list extended pass-through-acl
permit gre any any
permit ip 192.168.0.0 0.0.0.127 192.168.0.128 0.0.0.127
permit ip 192.168.0.128 0.0.0.127 192.168.0.0 0.0.0.127
ip access-list extended voip
permit tcp any any range 5060 5082
permit udp any any range 5060 5082
permit tcp any any range 16384 16482
permit udp any any range 16384 16482
permit tcp any range 5060 5082 any
permit udp any range 5060 5082 any
permit tcp any range 16384 16482 any
permit udp any range 16384 16482 any
ip access-list extended wan-to-lan-acl
permit tcp any any range 46129 46253
permit udp any any range 46129 46253
permit tcp any any range 5060 5082
permit udp any any range 5060 5082
permit tcp any any range 16384 16482
permit udp any any range 16384 16482
permit tcp any any eq 1723
permit tcp any any eq 2222
permit tcp any any eq 3128
permit udp any any eq ntp
permit tcp any any range 5900 5910
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq 3389
ip access-list extended wan-to-self-acl
permit icmp any any
permit esp any any
permit ahp any any
permit tcp any any eq 22
permit tcp any any eq 1723
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit udp any eq bootps any eq bootpc
permit udp any any eq ntp
permit tcp any any eq www
permit tcp any eq www any
permit udp any eq ntp any
permit udp any any eq tftp
permit udp any eq domain any
ip access-list extended web
permit icmp any any
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq pop3
permit tcp any any eq smtp
permit tcp any any eq ftp
permit tcp any any eq 22
permit tcp any any eq 2222
permit tcp any any eq ftp-data
permit tcp any any eq 3389
permit udp any any eq domain
permit tcp any eq www any
permit tcp any eq 443 any
permit tcp any eq ftp any
permit tcp any eq ftp-data any
permit tcp any eq smtp any
permit tcp any eq pop3 any
permit tcp any eq 22 any
permit tcp any eq 2222 any
permit tcp any eq domain any
permit tcp any eq 3389 any
permit gre any any
!
logging esm config
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address nat-acl
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!       
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 60 0
transport input ssh
!
scheduler max-task-time 5000
end
6 REPLIES 6
MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: cisco 877 have to reload the router after line was dropped

It's not the 'long timeouts on pppoe sessions' problem is it ? http://community.plus.net/forum/index.php/topic,114808.0.html
Sometimes it can take a few minutes to reconnect, maybe by the time you've rebooted it the timeout has expired.
 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

fansn
Newbie
Posts: 5
Registered: ‎12-06-2013

Re: cisco 877 have to reload the router after line was dropped

That looks helpful, many thanks, I'll read through it. By the way the Technicolor router from plusnet doesn't seem to have this problem. I'll do some test again tonight.
MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: cisco 877 have to reload the router after line was dropped

No, the Technicolor doesn't seem to have the problem, most of the other routers seem to though, very strange!

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

fansn
Newbie
Posts: 5
Registered: ‎12-06-2013

Re: cisco 877 have to reload the router after line was dropped

Yes. Tried DG834GT just now and it didn't connect at all, prompting CHAP authentication failed. I would give up. The Technicolor one could have some special code in firmware to resolve this problem. It is well made and fast enough however it doesn't meet my requirements, otherwise it's a very good router. At the moment my cisco 877 is very stable, I get 14M with noise margin @10db.
fansn
Newbie
Posts: 5
Registered: ‎12-06-2013

Re: cisco 877 have to reload the router after line was dropped

Update: a very good solution to this problem, hope it's useful for all cisco router users like me!
Solution: using ip sla detecting link status, and use EEM to do actions! add the following code into your setup. The idea is to ping two IP address on Internet regually(10s in my example), if both of them are responsive, reboot the server. I use google DNS 8.8.8.8 and plusnet's DNS 212.159.13.49 in my example. Tested working! Internet connection was dropped this morning and the router rebooted itself to Internet.
e.g.
ip sla 1
icmp-echo 8.8.8.8
threshold 3000
timeout 3000
frequency 10
ip sla schedule 1 life forever start-time after 00:10:00
ip sla 2
icmp-echo 212.159.13.49
threshold 3000
timeout 3000
frequency 10
ip sla schedule 2 life forever start-time after 00:10:00

track 1 ip sla 1 reachability
delay down 60 up 10
track 2 ip sla 2 reachability
delay down 60 up 10
event manager applet planet-ADSL-Down
event tag PingDown1 track 1 state down
event tag PingDown2 track 2 state down
trigger
  correlate event PingDown1 and event PingDown2
action 1 syslog msg "********** WARNING! ADSL Line Down! **********"
action 2 reload
event manager applet planet-ADSL-Up
event tag PingUp1 track 1 state up
event tag PingUp2 track 2 state up
trigger
  correlate event PingUp1 or event PingUp2
action 1 syslog priority debugging msg "********** ADSL Line UP **********"
fansn
Newbie
Posts: 5
Registered: ‎12-06-2013

Re: cisco 877 have to reload the router after line was dropped

please also note the firmware should be AMR-E-0.0.026.bin this can be downloaded from cisco website.