Good morning. I am trying to get my connection to work. I have been told that Protocol 41 is my problem. I am on DSL. ATT called me yesterday from their "NOC" center telling me that protocol 41 is blocked.
Hmm. I have heard that one person is using DSL and it works.
I simply wish to find out if anyone is using DSL and that it works.
If so, then maybe I can rule out the Protocol 41 issue and move on into a different direction to try another possible resolution. Maybe there is something in my setup.
Please let me know what you have.
Thanks
Thanks
I'm sure there's a bunch of people using their HE tunnel with DSL, but they don't have protocol 41 blocked.
The short answer is that unless ATT un-blocks protocol 41 for you, you can't make your HE tunnel work (or any 6in4 for that matter)
That is the question of the day.
Is protocol 41 blocked generically or randomly?
If it can be unblocked, how?? They don't seem to know what it is and are saying (millitary answer)
Privileged information (can't confirm or deny). No seriously. This is basically the answer I got from the Texas upper level tech support center.
They would have to unblock it.
At this point, if they aren't passing you protocol41, there is nothing you can do with 6in4
Have you had to have this unblocked??
I'm still trying to find the magic answer as to how to get this removed if it can be.
I don't understand why some have it and some don't.
Quote from: UltraZero on February 04, 2011, 10:02:34 AM
Have you had to have this unblocked??
I'm still trying to find the magic answer as to how to get this removed if it can be.
I don't understand why some have it and some don't.
It's your provider's choice to block proto 41, IF it is really blocked for you. Though WHY they would be blocking it is mysterious. Unfortunately there's not much you can do IF it is the case, except talk maybe to other people at the ISP's ?
BEFORE you contact them again, in my opinion you must ASSERT if proto 41 really is dumped by the ISP. ISTM you haven't tested this condition seriously, at least you didn't tell us anything to that effect. Are you sure it's not simply your ADSL end point blocking 41, and/or a router or other equipment you have at your premises ? And if it is, there may be an interface through which you could unlock it. Please describe your network and comps !
Finally, yes, I'm one of those on (A)DSL and having no problems with proto 41 (nor for that matter with any protocol that I know or care of)...
Best
--
Ninho
Good day and thanks much for the response.
My connection is basically this.
From the Wall, I have a speedstream 5100 modem. There isn't any config information in reference to blocking protocol 41 on any screens.
From there, the modem goes into my Cisco 3640.
The testing I have done are the following:
I have performed a ping test from my location to the tunnel server via ipv4. No problem
I have also performed a traceroute and that was also successful.
Same Test with IPv6, I can't even get to the first router. No response..
I have pinged my interface and it is responding.
No access list are created to block protocol 41.
I have tried removing my Cisco and putting a Window 7 system directly connected and still got the same results. Running Dual stack of course.
That is where I am with this.
My Original Wireless router was next to the modem but since I had heard people might have problems with it, I moved the unit behind the Cisco so that function is internal to the network.
My Provider is ATT. Good luck trying to penetrate the upper level tech support.
I have a neighbor who works for ATT and she is a manager and she is totally customer focused and
she got me the call into the "NOC" of ATT. They called me and told me in a military style conversation that they were blocking it on all DSL connections. This of course happened before I finally started getting responses back about people having DSL and it working so I could not challange the answer.
Semens Speedstream Modem Modem 4100
Prior to answering the last message, i was in the process of doing some research about my modem.
I didn't think the modem could be the problem. After all, I thought it was a dumb device.
Maybe I was wrong. I read an article about a person who had the same problem and he had a speedstream 441 modem. I actually have this unit but am not using it. He could not get his connection to work either. After removing the unit, he installed a D-Link DSL-2320B which is a modem. I'm not too fond of D-link because they don't seem to last very long. Basically made to last the warranty period and then the start acting up. Well, he changed his modem out and he is now working.
I guess I will look a little more into this issue to see if this is the problem.
FYI.
Here are 2 more things to try before changing modem.
1) Setup the DMZ on the 5100 and put your computer in it and try to setup the tunnel.
2) put the 5100 into bridge mode and try to setup the tunnel.
Good luck.
Man. You make i so hard. I am killing myself at the moment. Between the tunnel issue and my studying for my Cert test, I'm dying here. Hmm. Bridge mode.
I have a question. Why bridge mode?? I guess I should print my config out before doing so just in case it blows up in my face and I have to start from scratch..
Because bridge mode would send all traffic to the devices behind it.
Good morning.
Why would a modem block something like protocol 41 and in bridge mode it would not.
Just trying to understand. I don't see any option to block protocol 41 in the current mode so why would bridge mode allow it to happen. If it works, great, but, I would like to be one the wiser and not someone who just said it's fixed and not know why.
Thanks
i'm sure you won't see the option to block a protocol..most people don't need to.
I assume as it's currently set up, your modem is handing out DHCP? In this case, it's acting like a router. If you're going to use a device behind the modem as a router, why would you want the modem to also act as a router? You wouldn't, it just creates more problems.
Well, the modem I have from what I can see gets a DHCP IP from the provider. I make a NAT conversion from my inside ip addresses to the outside. ATT does after some time keep cycling my IP address out frequently which I think is silly, (OK in the since for security where my used ip address isn't constant) but, makes it hard for projects like the tunneling (Constantly have to updat HEs client info)
I think before I try to make the switch in the modem, I will really need to make sure I copy down all the info so in the event it doesn't work, I can back out.
BTW - I didn't notice anything in the modem that would reflect any protcol blocking what so ever.
Is anyone running their tunnel connection with a router behind their modem and the modem is in bridge mode??
If so, are you running bridge mode because you could not get the connection to work in regular pppoe mode?
Thanks
When I had DSL I had my modem in bridge mode because I had statics and that's the way they did it. It was preferred that way anyway so I could use my iptables firewall instead of the speedtouch.
I have it running, Speedstream 4300 bridge mode => Netgear WNR3500L running DD-WRT.
The Netgear has the tunnel and provides full dual stack to my home network.
I have had it running with the 4200 and 4300 modems unbridged but always in the DMZ.
I'm just trying to figure out why the need to put the modem in bridge mode. I've tried it, but, with no success. My problem is configuring the connection. I'll keep trying . I know I am either mixing something up or missing something. Between PPPoe, Dialer, user IDs, DHCP, access lists, I've got my hands full.
Anyway, the non ppp connection has always seemed to work. I am trying to figure out why i can't connect to HE via a tunnel. I wish there was someone who could tell me why bridge mode would work vs standard mode.
I just like to know why (if this is the problem) protocol 41 seems to be blocked, but, in bridge mode it might not be.
Thanks
When you put your modem in bridge mode, it will pass all traffic through untouched, instead of acting as a router and possibly filtering something.
Though, there might be some miscommunication in terms here. If your modem is not acting as a router (ie, handing out DHCP addresses to your internal network and performing NAT), then it is very unlikely to be the culprit. If AT&T has stated that they are blocking protocol41 traffic, then you need to yell at them to stop filtering your internet traffic. It is impossible to set up a 6in4 tunnel with protocol41 being blocked (as protocol41 is the ipv6-in-ipv4 protocol number).
Thanks for the repsonse.
My modem is currently setup to negotiate PPPoe and to obtain an IP address address. I setup my router to perform the NAT process. I guess I am kinda stumped (Rip Van Winkle again, sleep for 10 years and modems change) I thought a modem modulates/demodulates and that's all. The unit I have I as far as I know does pppoe or not. Semens 5100 modified by ATT. What I don't understand is some people are running fine with DSL. Given I am not in the Bay Area, I would think ATT would have the same policies for running their network regarding protocol 41 everywhere.
((I am thinking)) it is either my modem or ATT. I have tried this with Windows 7 direct connect to the modem and the same thing happens. Pinging IPv4 is o.k. but not IPv6.
the best thing is for you is create pppoe dialer on cisco 3640 and turn your modem in bridge mode. you do not need to forward any thing. enable nat on your cisco router and done.
i also have the same problem but i have not any cisco router at home. i am using gogo6.net tunnel i am able to get connected with it. and you dont need to update your ip address again and again.
I don't understand why this thread is so long.
You said in your original post that ATT won't pass you protocol 41...no protocol 41 means no 6in4.
Well, the reason is because I spoke to someone at HE who has ATT DSL and it works for him. Also, someone else online has DSL. Soooo.
Something is rotten in Denmark. Get my drift??? ::) ::)
If people have DSL and so do I and they are working, I want to know how and why.
I think a good technician tried to find out the problem and not simply make changes because someone said there is a problem.
I was going to call up and order Cable internet. But, I thought about this and It would be really funny to find out that those again with cable are working and my connection would still not work because of a configuration goof up on my part.
So I am still trying to figure this out.
The potocol 41 issue seems to be a problem which no one has a straight forward answer. Unfortunately, because of the lack of communication between the ATT powers that be, one person says no at ATT and then a customer says it's working. That tells me something is either wrong with my equipment (Configuration issue ) or maybe Protocol 41 is blocked in my area.
I can't get a IPv6 traceroute out past my router. I can't see any thing past my box. If there is a way to detect or figure out what is the problem, Please, I'd like to know.
The only way to tell if AT&T is blocking protocol 41 is for them to tell you if they are or not. Unfortunately I suspect most of their front line support techs have no idea what an IP protocol number is let alone if their systems are blocking any of them. So getting a straight answer from them may be a challenge.
Now that's what I've been saying all along.
Thanks
Sooo.... I'm new to these forums but not new to networking. I talked to some folks on the commercial side of AT&T and they told me they aren't blocking protocol 41 intentionally. They weren't sure about the consumer side but saw no reason why it would be blocked their either. I can tell you that I have found several articles regarding AT&T DSL and IPv6 and several of them imply poor DSL modems are the bulk of the root causes. I'm on AT&T consumer at home and I'll be setting up my IPv6 tunnel tonight. I can't handle being stuck with the "newbie" certification. :) I'll follow up with my results. For now I'm using a Cisco 1841 ISR with a DSL modem provided by the ISP. If that doesn't work, I'll flip to a WIC-1-ADSL card for my router.
Are you basing your position off what the front level support folks told you? One of the blogs I read mentioned not being able to tracert to 192.88.99.1. What specific symptoms are you seeing?
Hey. Nice to hear someone working on the same issue.
Well, the phone call I got was from the ATT "NOC" in Texas. My nieghbor is a manager at ATT and she is a go getter when it comes to resolving issues with ATT for customers.
The phone call was like a bad military movie. "I can't confirm or deny the problems you have and I can not discuss the in depth issue s you are having, but, we are blocking protocol 41. Case closed.
I also have a Cisco WIC-1ADSL unit that I can put into my router. The only problem with doing so is I read the unit doesn't support over 4 meg and I have 6. I also thought I saw the upload speeds were not so hot either. Please let me know what you find. If you have a new unit, maybe you have an HWIC-ADSL2 (something like that) which supports I think up to 24 meg DSL.
specs for that unit. http://www.cisco.com/warp/public/146/kits/smb/dsl_strategy/ADSL_WIC_ds.pdf
If AT&T NOC says that they are blocking protocol41, you'll have to take them at their word. Sorry.
Have a look at 6to4, Sixxs, or Gogo6. They use different methods of providing tunnels/connectivity, so one of those might work for you.
Quote from: jrochaHave a look at 6to4, Sixxs, or Gogo6. They use different methods of providing tunnels/connectivity, so one of those might work for you.
6to4 is protocol 41 as well, perhaps you meant Teredo. Most likely it is something in the modem, and if it cannot be changed out, or put into a proper bypass, there isn't much that can be done on our end.
Can I still use HE with those tunnel options?
thanks
Quote from: broquea on February 14, 2011, 07:38:59 PM
6to4 is protocol 41 as well, perhaps you meant Teredo. Most likely it is something in the modem, and if it cannot be changed out, or but into a proper bypass, there isn't much that can be done on our end.
Yes, Teredo, of course. That's what I get for posting before dinner.
Quote from: UltraZero on February 14, 2011, 07:41:15 PM
Can I still use HE with those tunnel options?
No, our service is only 6in4 tunnels. If you can figure out the protocol41 issue, though, it sounds like everything else looks good.
Quote from: UltraZero on February 14, 2011, 07:41:15 PM
Can I still use HE with those tunnel options?
thanks
Seeing as we aren't sixxs or gogo6, no. While we do operate 6to4 and teredo relays, you cannot specify them for use. They work of the anycasted ranges for both services, and your provider might not prefer their announcements from our network.
Well, I guess I can put the modem into Bridge mode. I was trying to stay away from that.
(I don't know how to set it up.) No problem. I guess I'll have to work on a config on paper, transfer it over to another router to test, then implement. If it doesn't work, Does anyone have any suggestions as to a router that is known to work?? Maybe something not a Dlink..I've had problem with the longevity of Dlink Products.
Thanks
Jrocha - I thought I could agree with ya, but, one of your co-workers has DSL and he is running fine from home, so, if he can, then I figure either ATT is lying or they don't know their head from their pineapples.
(or they just don't know)
LOL..
If protocol 41 is being filtered by the modem itself then it may only be an issue with certain modem models. AT&T probably doesn't keep exact records of exactly what model they gave every single customer nor do they probably keep track of what models block or allow protocol 41. And I seriously doubt that protocol 41 support was high on AT&T's list of priorities when they sat down and decided what specific DSL modems they wanted to buy by the thousands for distribution to customers. I suspect that a cheap and crappy built in SPI firewall may be at fault here.
So it may simply be a question of weather or not you were lucky enough get a modem that doesn't block protocol 41. I think switching your modem to bridge mode is probably your best bet. Personally, I refuse to use any ISP that won't give me a publicly routable IP on the WAN interface of my router.
yeah. I understand. I am wondering if I should pull an all nighter to try to figure if I can setup PPPoe on the Cisco. This way, if I need to take the net down, it won't affect my wife. The only problem I see is PPPoe wants no ip address on an interface and the same interface has ip DHCP on it. I don't know how to get around this.
If someone has a sample config with PPPoe and Nat on the same interface running their modem in bridge mode, I would appreciate it. I think I got the router configured once, but, I know something was wrong because it wasn't performing the PPPoe function. I think this is because of the ip address dhcp issue.
I'll keep searching for answers..
UltraZero,
Bad news. I was going to flip the home DSL but instead I dumped AT&T and am flipping to Charter cable (12Mbps) this afternoon so I didn't do anything. I thought I would be at least a few months more on the DSL but Charter did a rate change and I'm gonna take advantage of it.
Good news. By coincidence, I am setting up a 6to4 tunnel in my lab at work. This will be to HE or another public provider and will be using AT&T DSL. The only difference is that the router will be a Cisco 2851 with a WIC-1-ADSL instead of a smaller router at home. The connection is only 1.5Mbps. It's just for playing around with but the concept is the same. I'm hoping to have it up and running in the next few hours. If so, I'll forward my config and results to the group. Give me till 10 or 11am CST. If I don't have it running, I have several resources at AT&T that I can't get some official answers from that might be better than the front line support.
Back in a few hours....
Awesome. AT&T consumer DSL has informed me that they don't support IPv6/6to4/Teredo/anything. This is very interesting. I spoke with two different supervisors and got the same answer. What they couldn't clarify for me was what they meant.
CHenson "So, are you saying you don't support IPv6 as in you won't support the customer or are you saying you are blocking it somehow? These are two very different answers...."
AT&T "Yes."
I have reached out to our AT&T account team. We have a pretty big AT&T WAN and a pretty tight relationship. They may be able to at least give us a more solid answer. I don't see how/why this would be geographical but it could be. Just like commercial vs. consumer have different policies. It doesn't make sense but a lot of things don't make sense these days. I'll keep everyone posted.
Hopefully, I'll have my Charter CM tunnel up tonight or tomorrow....
From what I gather with ATT, they treat the DSL as one entity. Business and residential are treated the same except for residential customers get a dynamic IP and Businesses get static IPs. (And can request more) Residential I think can request static IPs at lease at one time one could for an additional fee just like the business side.
I didn't want to switch simply because I really like my existing setup and I don't want to have to put any more holes in the house for any reason. Now, understand, I am looking to find out why the current connection works for some and not for others.
I think I will research the modem more today to see what could be the issue. If I can't find anything, then I guess I will be going to my favorite Eye candy store Frys Electronics for a new modem. If that doesn't work, then, Cable, here I come..
I'd hate to make the change also because I have had the same Email since 1993. I'd hate to loose it, but, Oh well. Tradition, Progression..Hmmm.
1. Are you able to ping or traceroute to 192.88.99.1? You should be able to.
2. If you hook up a WIN7 laptop (Or anything back to XP SP2 I think) directly to the modem do you (a) get your proper Internet IPv6 address and then (b) do you get a dynamically built IPv6 tunnel thanks to Microsoft?
Yes. I can ping IPv4, but not IPv6..
I was doing testing with Win 7 some weeks ago and I still could not get IPv6 to ping. IPv4 wasn't a problem.
I'm actually looking in to a new modem as we speak. Fallback plan after the modem exchange is to go to cable. I have a question. Are you looking at a dynamic IP address for cable or are you going to get a static address?
thanks
I was asking specifically about 192.88.99.1. That is the IPv4 anycast address of the 6to4 GW. So it will basically answer with your closest relay. Can you ping that address?
When you tested with Win7 previously do you remember if the dynamic 6to4 tunnel was established? Like in ipconfig /all?
I am planning on getting the dynamic address setup. Not paying extra for the static. Going out after lunch to pickup a docsis3 modem.
yes. I can ping it. Just did.
I still have the ipconfig /all let me look for it.
Interesting. You are better off than I am. I'm still waiting on the account team (shocker) for official word. I'm leaving early this afternoon. Tomorrow, I'll throw Win7 on a laptop and go straight to the DSL and see if I can see anything. I'm unable to ping that address which is kinda step 1 in the world of setting up your HE tunnel. I can't ping it from my laptop behind my PIX nor can I ping it directly from the router with the ADSL card. But I can ping other IPv4 addresses just fine. Frustrating. And yes, the inconsistency is adding to the frustration. It shouldn't be this hard. Debugging the IOS has not revealed anything local to be the issue.
Is this what you were asking for??
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
Physical Address. . . . . . . . . : 00-0C-F1-86-5D-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:xxx:xxx::2(Preferred)
Link-local IPv6 Address . . . . . : fe80::xxx:8b1e:xcdc:a3ff%12(Preferred)
IPv4 Address. . . . . . . . . . . : xx.xx.xx.xx(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 28, 2011 2:03:22 PM
Lease Expires . . . . . . . . . . : Friday, January 28, 2011 2:43:22 PM
Default Gateway . . . . . . . . . : 76.247.204.75
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 285215985
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C7-94-68-00-0C-F1-86-5D-6D
DNS Servers . . . . . . . . . . . : 192.168.0.1
192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.domain_not_set.invalid:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I hear ya.
For me, I am trying to work with what I have. I have done several modifications to my network to get my primary cisco router out of my bedroom.
That 3640 is loud. Not to mention, I have another one in here (only use it when i am working on something. I have connections running all over my house. I've got well over 5 active network segments and I am really not interested in having a new network connection to be installed. No 1, I would not know where to put it. No to mention, I just don't like having strangers come into my house and seeing things the might want to have their friend pick up for. Get my drift. Given, I do have a big Rottweiler who likes meat.
Anyway, If I could solve my issue with what I have, then I would be happy. I could close up the walls for the existing changes i have made and life would be good. Nice to have been in construction so punching holes isn't a problem. I can easily fix them.
Back to networking... I am looking at a Dlink 520B which is a straight modem. Has a firewall, but maybe it can be disabled. I am thinking of running a Pix firewall, but, I am having concerns about IPv6 and the firewall. Finding a Pix with a higher version of the IOS is a task unto itself.
Can you even still purchase Cisco IOS for a Pix Firewall??
If you have an active service contract with Cisco you can still download firmware updates for the PIX series firewalls. However Cisco stopped releasing new firmware updates for the PIX line several years ago. If you want something that is still actively supported by Cisco you will need to get an ASA. I made a post about IPv6 support on the PIX/ASA series firewalls here (http://www.tunnelbroker.net/forums/index.php?topic=278.msg6323#msg6323).
Antillie is correct. PIX is no longer available for sell directly from Cisco. You can still buy FWSM but I don't think that's the direction you want to go. :) The ASA comes in models all the way down to a 5505 and they all support IPv6.
Your ipconfig was what I wanted to see. With Win7, if you are directly connected to your Internet and have a public IPv4 address (with a generic OS install) the OS will attempt to dynamically build an IPv6 tunnel. So you would see the Teredo interface or an IPv6 interface with an IPv6 address on it. Since you don't see either I'm thinking that the tunnel was unable to successfully establish.
Anyone correct me if I'm wrong here....
So, I guess I should sell my car in order to pay for an ASA5510? Can ou tell me if an ASA5505 has enough processing power to keep up with a small network?? I don't want any lag from the firewall. Not to mention, I am going to increase my connection speed and possibly put up a webserver that will generate some traffic.
I need and OC3 to my house.. Too many things I want to do that generate a lot of traffic. LOL
I know, sounds crazy but, remember, we were using a 1200bps modem at one time and though a 9600 was way too fast and look at us now..
Back to routing..... Bought a new modem last night. Was up til 1:00 trying to set the stupid thing up..
If course the weather didn't help. Winds, gusts were around 60 MPH Id say. Link kept droppnig.. Was unstable. I was able to connect to the net with a laptop and did some test to check out my speed, but, that was a joke. Speeds were around 1 meg up and .15 down. Then I lost the connection til now.
Hmm. This morning, seeing the connection is back online, I'll try again..
Nice to know the inconsistencies of 1 mfg terminology vs another. Hopefully I can get the new modem in place so I can test with the tunnel.
A 5505 is plenty. I'm running a DR center with one and have had no problems. If you need gigabit speeds though, you're better off using a layer 3 switch attached to your 5505 and use it to VLAN.
So.. what you mean is that little box can handle the job?? (reworded)
I thought that little box was for small networks. (That's what I get for not reading up on it)
I thought it was pretty pricey at that. How man users would you say that box can handle heavy users..
Thanks
lol good call on the re-wording.
The number of users doesn't matter as much as the traffic. If you have 50 users only doing web traffic, you won't have an issues.
Now, if you have 50 users moving 15gb files around all day, you might see a problem.
What are you planning on putting behind it? If you're only using this for your house, go for it. I wouldn't have a problem using it for a 50 user dental office.
A 5505 is plenty for the home. Unless you are running Japanese Internet speeds at home. I flipped to Charter yesterday as mentioned. I am running a DOCSIS3 modem into an 1841 ISR. The ISR feeds into an ASA 5505. I was getting 30Mbps + on speedtest. That doesn't guarantee anything in itself but the ASA will not hurt you. Even with multiple VPNs and IPv6 and IPv6 running across it.
As for my previous adventure with AT&T, I have an update. Although I ripped AT&Ts crappy 3Mbps DSL from the house, I still have it in my lab at the office. I am up and running with IPv6.
First: Learning curve. I was completely confusing "6to4" with "6in4". From my AT&T DSL it doesn't not appear that AT&T supports 6to4 which involves using the 192.88.99.1 anycast that would be managed by the carrier. However, AT&T does support (at least for me) 6in4 which utilizes protocol 41 and requires both endpoints to be defined. This is what is used by HE for their setup. I apologize to everyone who I may have previously confused with my posts. Thanks to Packetmail and some additional reading I managed to get my wires straight.
So, as stated, I am up and running with my tunnel to HE over AT&T. Once I got my wires straight it was pretty simple.
UltraZero,
Now that I have a better picture on what I was doing wrong, where are you at with your effort? Any progress? If not, what symptoms are you seeing with the new modem?
Hi. I am back online with the new modem. I can't seem to get the new modem to work with my network.
If it's not one thing, it is another.
I am about to try to see if I can get my Windows 7 machine to establish the tunnel.
If I can't establish the tunnel with the new modem, then I am going to take the two of them out side,
use a nail gun and tack them on the fence, go back about 50 yards and take a cross bow to them both.... :o
Then, I'm going to call and get cable internet. LOL..
WAIT! You have a crossbow?
:)
Well, although the 5505 won't terminate a 6in4 tunnel it will do full 100 mbps speed firewall duties at layers 3 and 4 in IPv4 and IPv6 just fine. Its also a nice hardware accelerated 100 mbps IPSec VPN device too.
As far as max users goes it depends on what license you purchase for it. The "base" model 5505 allows 10 hosts behind the firewall to talk to the outside world at a time. This is more than enough for a home or even a small branch office. There are 50 user and unlimited user licenses as well. But the 100 mpbs speed is available by default on all 5505s. The 5505 is technically capable of 150 mbps aggregate throughput between layer 3 interfaces but since its Ethernet interfaces are limited to 100 mbps you would need a network with at least three layer 3 segments to actually hit the throughput limit of the firewall. So if you just have "inside" and "outside" the 5505 is all you need for firewall duties at speeds up to 100 mbps.
I use a 5505 myself at home with a 2621xm on a cable modem. The 2621xm sits on the cable modem and handles PAT for IPv4 and the tunnel to HE.net while the 5505 is just behind the 2621xm and takes care of firewall duties in IPv4 and IPv6, it works great.
Crossbow??
Doesn't everyone??
Anyway, I'm back online. Man.... What a morning. Well, here is what happened.
Windows 7 just didn't happen. got some strange duplicate ID error in the Netsh command. Never saw that one before. Not to mention. Whenever I try to make a change, I get an ip address labeled 99.xxx.xxx.xxx from ATT and nothing works. I switch back and I get my normal range of IP addresses.
Really funny. Only does it when I put the new modem online.
After trying to fall back to the ATT modem (didn't touch any of the configurations) I lost PPPoe.. No connection what so ever. I had to call ATT, Got reconnected with the reconnect button in the modem (boy, I missed that BIG BLUE BUTTON) but, the modem would not hold a connection. Finally forced the modem to stay up, then a super fast switch of the ethernet wire and a 5 minute wait for all of the routes to be upudated in the Cisco and here I am.
Hmm. Where are my arrows..
So, I really want to rule out ATT before I move to another provider. Don't really want to spend the money and then find out I'm the bonehead who missed something.
Now..
RE PIX. I read the forwarded info about the Pix. I think there was something that stated IOS version 6.x won't have any IPV6 support. Need to to upgrade memory on the Pix units in order to support version s 7.x and 8.x which do support IPv6 somewhat. I guess having the Pix as a firewall behind the router isn't too bad except that means dual stack needs to be run and if you are a straight IPv6 network, you can forget using the unit. Bummer. I read about the up grade about a month ago and figured I could upgrade the IOS via Cisco. I was hoping the upgrade cost would not be too much of a pain. I guess that not going to happen.
Anyone looking for some old Cisco equipment?? LOL..
Antillie - Are you still running access list/firewall software on the cisco in order to protect it as well?
So.. If you were to run in a non dual stack mode, IPv6 only, the 5505 would or would not work??
BTW - You wrote me a reply some time ago about my configuration. You said I didn't have any unicast address in my config. That which you were talking about was just for the purposes of routing internally from subnet to subnet and out onto the tunnel. Which wasn't the issue with fixing the not pinging issue. correct??
That was on feb 2.
Thanks
UltraZero you are seriously having an adventure over there. I'm not sure what to tell you. 99.x.x.x addressing? Dropping PPoE? I am not there so I'm not sure what approach to take. Obviously pulling all the gear out and starting just laptop to modem is your first start. Verifying IPv4. Yada yada. But it sounds like you've done that about 14 times and just getting things stable is a struggle. Do you live on a fault line?
ISPs are like NFL kickers. There is no loyalty to them. You are the coach. If he keeps going wide right... dump him. If he's on target most of the time... It might be worth it to keep him. That call is totally up to you. The arguments for DSL vs Cable can get pretty deep too. In the end. You just need to decide what you want. Personally, I would have dumped them. Just like I did yesterday.
As far as the home network. Once you get "stable" with the modem and laptop. Step one layer back. Just an IOS based router. No firewall. I honestly can't remember from this thread if you have an IOS router or not. I may be mixing you up with someone else. But if you do. Just go with the router. Get IPv4 setup with your dialer or FE interface. Then get your IOS NAT set up. Run a few speed tests. Make sure things look good. Once you are comfortable with everything. Go ahead and look into your tunneling setup for IPv6. I spent two days writing an elaborate config for my tunnel and then got lazy and just selected Cisco from the drop down menu on the HE website for my tunnel. Pretty darn nice setup they have. If you get the tunnel up and running and you've tested your "routable" /64 vs your "tunnel" /64, then move on to the PIX.
NOTE: I'm currently testing a PIX 525 with 7.2(4) code. I put a /80 behind the FW and tested. SLAC worked fine. Got an address on the test laptop. I was able to ping all the way thru to IPv6 addresses on the Internet. Oddly, even with properly configured IPv6 DNS I still had resolution issues. I'll be working on that over the next few days.
NOTE: I'm testing STRICT IPv6 right now. Not dual stacked networks so I'm not messing with DNS v6-v4 glue and whatnot yet. All in time.
FINAL NOTE: If you are well beyond my comments don't be offended. I'm just offering help.
Quote from: UltraZero on February 16, 2011, 01:57:14 PM
Antillie - Are you still running access list/firewall software on the cisco in order to protect it as well?
Short answer, not really. Access to the router itself is limited to SSH only and SSH user authentication is handled by a backend RADIUS server with account lockout policies. The router just routes, it doesn't really filter much. Basically the router just blindly forwards everything to the 5505. The 5505 then decides what to allow in and what to drop based on its ACL rules and stateful firewall inspection engine.
Long answer, kinda. For IPv4 I have port 22 forwarded to the 5505 which in turn is configured to limit SSH access to only 3 certain external IPs that I personally trust. In IPv6 the router has an ACL on the tunnel interface that drops port 22 and allows everything else. So if you try and SSH to any of my IPv6 addresses the router will drop the traffic. If you try to SSH to my IPv4 address you hit the 5505 which won't talk to you anyway. That way random people can't try and brute force their way into any of my network devices over SSH.
If you send me IPv6 traffic on any other port you pass straight through the router and hit the 5505's firewall rules. If you send me IPv4 traffic on some other port you'll have to pass through the router's PAT table (which isn't hard) but then you hit the 5505 and its stateful inspection engine and firewall rules again.
Quote from: UltraZero on February 16, 2011, 01:57:14 PM
So.. If you were to run in a non dual stack mode, IPv6 only, the 5505 would or would not work??
The 5505 would work just fine in an IPv6 only network for the most part. The only thing it really needs IPv4 connectivity for is for AAA servers (like RADIUS) or DNS name servers. Neither of those things are strictly needed to make it work as a firewall though.
Quote from: UltraZero on February 16, 2011, 01:57:14 PM
BTW - You wrote me a reply some time ago about my configuration. You said I didn't have any unicast address in my config. That which you were talking about was just for the purposes of routing internally from subnet to subnet and out onto the tunnel. Which wasn't the issue with fixing the not pinging issue. correct??
Well without a global unicast address on given interface an IOS router can't route public IPv6 traffic on that interface. So in order for hosts on your LAN to hit ipv6.google.com your IOS router will need a global unicast address on its tunnel interface and on its LAN facing interface. (and a default route for IPv6 traffic) But if you are just trying to ping ipv6.google.com from the router itself all you need is a global unicast address on the tunnel interface and a default route for IPv6 traffic pointing to the address on the other side of the tunnel. You can take a look at most of my router config in this post (http://www.tunnelbroker.net/forums/index.php?topic=1474.msg8580#msg8580). I removed the VPN and IPv4 port forwarding stuff for simplicity's sake but all the basic IPv6 connectivity config is there. You can even see the IPv6 ACL that drops port 22.
Re: your config, I have had this sitting on my desktop for some time. I just wanted to get to this after I figured out the modem issue.
BTW - No go on the Dlink modem. I spend the better part of today on trying to get that thing to connect the way I have my existing unit to connect. I guess I will have to sit down and figure out PPPoe w/NAT overload and possibly dhcp on the same interface. I think there is a conflict with the ip address line where one statement wants no ip address, the other wants dhcp and the other wants negotiated. So, I need to sit down and sort this out so I can get past the PPPoe issue and move on.
I see there isn't any PPPoe in your config. What is your network connection. Are you performing the PPPoe via the modem??
Also, I see you are running Radius software. I have run radius back in the early 90s when I ran a small ISP out of my house. Who makes a good software now a days. Back then, it was shareware and I think it can still be obtained as such..
Thanks
I am not using PPPoE. My internet connection is a cable modem from Time Warner Cable. This makes things a bit simpler for me as my cable modem is just a dumb layer 1 and 2 bridge device that translates between RJ45/Ethernet and Coax/DOCSIS. I honestly don't have much experience with PPPoE or DSL. Unfortunately this may make my router config a bad example when using DSL or PPPoE. Hopefully it will still be a useful example in some way or another.
My back end RADIUS device is a Windows Server 2008 R2 box running active directory. Win2k8 R2 can act as a RADIUS server out of the box via the Network Policy Server role. Older versions of Windows Server can do it as well. I choose to tie RADIUS to AD to make user account management easier (one login for everything) and to make it easy to implement account lockout policies across my network for PCs, network devices, VPN access, and wifi access. Yes, my home LAN is a little crazy. ;)
Since RADIUS is an open standard I'm sure there are plenty of open source implementations out there for just about any platform you might want to use.
I think chenson's advice is good. Get your IPv4 connectivity working first and then worry about playing with IPv6. Take it slow, step by step. My LAN is the product of 3 years of evolutionary tweaking, upgrading, and learning. I didn't go from 2 WinXP boxes with a Linksys WRT54g to a fully Cisco powered network with internal DNS, AD, RADIUS, WPA2-Enterprise, IPv6, and VPN access in a day. ;)
Hmm. I've always gone in head first.
I am basically Rip Van Winkle. Many years ago, I was a netware admin. 1990s. I use to have 25 pcs, running under netware and windows nt 3.5. I also had linux when it first came out. man those were the days. Having to compile the operating system to fit ones needs was pretty fun. Also, I ran SCO Unix. All systems were tied together with NFS. This way, I could have a whopping 60 gig of disk space tied together. I use to run a BBS as well. I was doing this before the internet became public. I also had a fractional frame relay connection in my house supporting a small ISP. Man, that was fun.
So.. slowly that went away.. 2001 I fell asleep. Dot com bust happened, and I left the industry completely. PCs went away due to age. Well, I woke up this past December with an itch.
I thought i had a pretty large home network back then. Now, I see some people have small datacenters in their house. 10s of terabytes of storage. Routers, Racks Servers. Hmmm.. I like it..
Getting a large network connection is really expensive,but, a T1 pretty much has not changed in price. A little slow,but, several can be put together. I personally would not mind having a T3 to the home.
Anyway... I'm scratching it. Again head first. Nice to know old auction contacts.
Netware is dead although I still have my netware servers which haven't been started since about 2001. Software is still expensive. Windows 2008 i have only seen shortly. Windows 2003 is not bad. I supported a Heavily used netware server that stayed online and was not taken down for 370 days. We took it offline because we needed I needed to perform a UPS Upgrade for a datacenter and all systems had to be brought offline (1am maint. Done a few of them)
I think Netware was far better than Windows. Microsoft gained ground when Novells stock dropped. Microsoft saw an oppertunity to kick a company when they were down for 1 day and took the market share by heavy advertisement from Novell. I guess thats how the cookie crumbles. The company I worked for bowed down and went that route. It's much better than it use to be....
Nice to see some old school folks still around. My start was similar. However, I stayed in the IT game. Moved into Networking and Security mostly. You are right about home LANs. 15 years ago my "home LAN" was an RJ-11 cable I used to dial into systems with. Now, I have a DMZd wifi for my kids PSPs and DSIs. My wifes MAC uses it as well as my netbook and multiple laptops. Then, hardwired, I have a half rack in the basement with my networking equipment and servers. I've had small business deployments with less technology and features deployed. :)
IPv6 is just an animal I have dodged for no other reason than I didn't need to deal with it and I had plenty of other stuff to deal with. Now it's time to get a better understanding of it. My cable modem at home with Charter is a dynamic IP. There is an interesting thread regarding some perl scripts being used to manage dynamic IPs. I will get to that later. Right now, my focus is my AT&T DSL in my work lab. We have the tunnel up and we are running fine with the routed 64. However, I am using the complimentary /48 behind my PIX and having several issues. About the only thing working there is SLAC. So I'm focusing on that right now. Nothing to do with my HE tunnel. This is a Cisco issue.
Anyway, keep us posted on your progress. It's like riding a bike. Yes, SCO and Netware are mostly conversation pieces these days. But the logic never changes.
Man.. You hit the nail on the head.
In reference to you DSL setup at work, I think you said you are running a Cisco router. What are you using for the DSL modem.
- In reference to my home network, I use to work for a 2 billion dollar company who had a terrible network. They had presence all over the world,but, their network in the Corporate office was slow and needed to be updated. No backups on their servers. (they did but, the hardware was old and so was the software. I think I got the job because on my resume, I listed the hardware and software I owned and that I could take home any of their projects and test it out on my network. I also told them if I needed to obtain additional disk space, I would foot the bill to do it.
Now, my network isn't as impressive as what I hear people have. I have a wireless net, but, I'm not impressed with it. Security is on my mind constantly. In the last 2 months. I went from having a simple DSL connection with 1 wireless computer and 1 hard wired computer to, (went into the garage) Pulled out my old PCs, Pulled out my original Cisco 2621 and went from there. Mind you, Even though I was Rip Van Winkle, I had 1 sleepy hand hanging out the of the bed typing on ebay buying Cisco equipment. That being said, certain rooms get loud and warm.
I will say this, I have in the last 2 months, stated studying for my Cisco Certs. In a few weeks, I hope I can take my first test. then it's on to the CCNP. Now there's something i need equipment for. Need several more switches. Routers I got covered. I can create router wise a pretty large CCIE lab. I'm thinking of after my CCNP dabbling a little in Juniper just to see what is there. I think Security is going to be a problem as someone mention with NAT going away, networks will not be able to hide under the dynamic IP numbers. Funny enough, I started looking into the total amount of IP addresses. I saw a number of 18 Quintillion and I thought that was large, But, being a person who likes to think ahead, I thought we would run out of IPv6 number in my lifetime. Even though the number is so large, I figured since the beginning of computers, we have always pinholed ourselves by thinking "Oh, we will never be able to use that much memory 640K barrier, or Oh. no one could ever fill a 10 gig hard drive" For those who have not been around that early in the game.
Well I thought for sure, seeing is China hasn't really come online with the internet. The US uses 75 percent of the IP address scheme. I figures a quintillion will surely be eaten up in 20 years. Really, think about the plan. Every item is going to have an IP address. Cars, Watches, TVs Coke machines (already have them) I'm sure the new Social Security Numbers will be and IP Address. (Just made that last one up)
then....... I stumbled on the real possible number that just blew my mind 340 Undecillion. The number is so large, my spelling check is having a conniption. O.K. I've totally drifted as usual. One you get my fingers going, they don't want stop..
Back to the task at hand.
I really want to know what you are using in the lab for the modem. If you are using a WIC card or a external modem, I'd like to know. Also are you in bridge mode on the external modem and if so, are you using PPPoe with NAT and DHCP. If so, I have issues with that because I am running into a conflict with these being on 1 interface. the NO IP address vs IP address DHCP vs IP Address Negociated is my hangup for the configuration in order for me to put the modem in bridge or at least move the PPPoe function/firewall functions over to the router.
let me know.
Whew... That was a mouth full..
man.. i could talk all day about the old days. Especially the Novell Netware vs Microsoft Windows NT conversion.. Someone during that time could not stay online past 1 month without being rebooted. Hmm I wonder who that was..
DSL@WORK - Cisco 2851ISR with WIC-1-ADSL card. The hardest part was explaining to the AT&T Consumer support folks that I needed the VPI/VCI values to configure the ATM p2p subinterface. They were like... "Huh?". :) Once they did some checking in their knowledge base they found a few numbers and read them for me and I was up running fine. I definetly like the DSL being native to the router so I can really see what's going on.
And then your post went all over the place..... :)
And here is my sanitized router config for your viewing pleasure. Including the IPv6 stuff.
PS: Studying - Look into GNS3. Think VMWare for IOS. I run between 10 and 15 virtual routers with full MPLSS/OSPF/BGP topologies on a single HP server. It's all wired up for my studies. It's just a file. You can lay your topology out any way you want. I baseline configs in a virtual sandbox before deploying them to production. Doesn't cost me anything. I could go on forever about it but that's an different forum. Just check it out. You'll be thankful you did.
CONFIG:
###########################################################################
RTR-1>
RTR-1>
RTR-1>ena
RTR-1#sho run
Building configuration...
Current configuration : 1785 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RTR-1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
vpdn enable
!
!
ipv6 unicast-routing
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:7:B67::2/64
ipv6 enable
tunnel source 65.15.158.25
tunnel destination 216.66.22.2
tunnel mode ipv6ip
!
interface GigabitEthernet0/0
ip address 65.15.158.25 255.255.255.248
duplex auto
speed auto
ipv6 address 2001:470:8:B67:DEAD::1/64
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 13
!
!
interface Dialer1
mtu 1492
ip address 192.168.1.10 255.255.255.0
encapsulation ppp
dialer pool 13
ppp chap hostname myname@myemail.net
ppp chap password 0 youllhavetoguess
ppp pap sent-username myname@myemail.net password 0 itoldyoutoguess
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
no ip http secure-server
!
ip access-list extended DENY-EVERYTHING
deny ip any any
deny icmp any any
!
ipv6 route 2001:470:E375:BAD1::/64 2001:470:8:B67:DEAD::2
ipv6 route ::/0 Tunnel0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class DENY-EVERYTHING in
no login
transport input none
line vty 5 15
access-class DENY-EVERYTHING in
login
transport input none
!
scheduler allocate 20000 1000
!
end
RTR-1#
###########################################################################
Did you say earlier, your connection speed is around 1.5 on the DSL??
BTW - I know. I talk to much. Remember, I just woke up and have a lot of years to catch up on..
LOL>>
Thanks
BTW - should have new net connection tomorrow. hopefully this will resolve the problem. Still keeping DSL for a while. I still want to figure out why I can't get the connection to work.
That's right. It's just a junk DSL for testing stuff out. It's 1.5Mbps.
Hey. If you can connect to the net, it's better than nothing.
Besides. It works.
I considered making the connection this way seeing is I have that same card, but, since I have a 6 meg connection, I thought it was going to give me issues due to speed difference and the fact that speed would not work for my wife and I watching alot of videos on hulu and youtube. LOL..
Well, when the other connection gets in, I think I will have more time to take that connection offline to actually play with it. IF I can get the DSL to work in bridge mode, maybe I'll shut off the cable.. Hmm. I guess that depends on which one is cheaper vs faster.. and less headaches..
Good Afternoon/Evening.
I just thought I'd give you folks an update.
No 1. I still can't get the ATT DSL side of my connection to work. If I could find the instructions for the altered Semens 5100 modem, i would put the unit into bridge mode and go for it, but, I just didn't
want to get stuck.
ATT has a funny little querk. There is an issue about wanting a hostname for getting a DHCP address. solved that problem, but, still would not connect with to a tunnel.
No 2. I went out and purchased a new Dlink (Really didn't want to but, I didn't find anything that looked like it was any better and not to mention, not too many choices of modems without the router. Well, after spending $50.00, I could not get that unit to work. I could get the modem to connect to my Laptop with no problem, but, I could not get it to connect to my network. Go figure.
Pause... Had an Idea, tried it,but, no such luck. I thought there was an issue with the authentication of my old config for the ATT unit that was conflicting with the modem. No such luck.
I simply could not get the DHCP to issue a number to my router. Again... Go figure. Semens did (ATT), Dlink would not.
No 3. I obtain a new ISP today. Charter Cable. the installer was pretty good. He let me do whatever I wanted to. Extra cable in case I needed to move the box. He was good about that. Even made me some extra extension cables. I got the 12meg connection. Faster then the DSL 3 or 6. Did some test to speedtest and I am hitting between 11 and 22. Roughly 15 is where it sits. No complaints there.
No 4. Here is the biggie..
I noticed after the connection was established and after the tech left, that my router config had the wrong address in the source tunnel field.
Man what a bone head. I was keeping notes as to the changes and updating the website and making changes to the router,but, I forgot the tunnel address 1 time. Well, I tested the first time before I caught that little issue and the tunnel didn't work. I was getting angry at myself because I knew at this point it had to be me. After calling HE and asking what could I be doing wrong and sending the config in, I saw it. I made the change and Bam... Pinging IPv6.
So to make a long story short. I backtracked to ATT and updated everything and it still didn't work.
Either, it's the modem or, they are blocking protocol 41 and that's it.
I will keep ATT I guess til the end of the month. I will try to put another Cisco router on that connection and play with it to see if I can find something out.
Anyway.....
Everyone....... Thanks for all the help. Also, thanks for the help I hope i will get in the future.
;D ;D ;D
BTW - I lost my car keys about 3 weeks ago and around the time this happened, I found them. Guess where... In the ignition of my mustang. I put them there when I moved it during all this wiring I was doing.. Whew.. What a week.
Anyway. Now I can get back to trying to get my printer online and practice exams for Cisco...... ;D ::) ::)
Glad you got it working. Good luck on the exams.
Sorry. I was swinging the connection back to Charter.
Yeah.. thanks much..
glad to finally pass that little bolder in my path. Now... Where's the next one..
;D ;D ;D
Have a great weekend.
Quote from: UltraZero on February 10, 2011, 11:13:51 AM
Is anyone running their tunnel connection with a router behind their modem and the modem is in bridge mode??
If so, are you running bridge mode because you could not get the connection to work in regular pppoe mode?
Thanks
Yes to all of the above. I am an AT&T DSL customer (but in the old BellSouth region). I was able to expose my client PC to the outside using IP Passthrough and get my tunnel to work, but that is totally insecure, so I looked for a better way to do it. In the end, here is what worked for me:
1) Flashed my router to an IPv6-capable version of dd-wrt. (This was an adventure in itself.)
2) Bridged my DSL modem. This required a complete restructuring of my LAN. The modem now connects to the WAN port of the router. The router now maintains the PPPoE connection. And a regular ethernet port of the router is connected to the ethernet switch. All client PC's are also connected to the switch. All hosts had to obtain new NAT addresses.
3) Enabled IPv6 in the router. Unblocked external anonymous requests to the router.
4) Enabled IPv6 in the firewall of the client PC. Used HE's commands to define a link between the client IPv6 address given by HE to the IPv4
NAT address of the client PC.
I do not believe that AT&T is blocking Protocol 41 in any way. I think you were just talking to people who have no idea what they're talking about and are BS'ing their way through.
Tim
UltraZero, I think your problem is your modem.
I have AT&T U-Verse internet service which uses VDSL. The home gateway they give you with U-Verse can't be put into a true bridge mode, but it can be set to allow a device on the LAN side to be a "DMZ" device. I have a Cisco 2811 behind the home gateway as the DMZ device, and my HE tunnel is working perfectly.
At least on the U-Verse internet service, protocol 41 is not blocked.
However, U-Verse does not use PPPoE, it uses straight DHCP. I feel your Speedstream may not be capable of passing protocol 41 unless it's in bridge mode and you set up PPPoE on your Cisco.
howdy folks.
Thanks for the info.
I actually would like to get the ATT connection to work. Currently, It's sitting on the desk, on with a wire hanging out of it. I moved to Cable.
I've been testing the connection and depending upon where I am on my lan, the speeds change. Over wireless, I get about 16mbps and on wired, I get around 5mbps. Go figure. Well, given the machine on the lan is an old machine with 512meg of memory. The others are dual core/quad core. Etc.
Anyway...
If anyone knows where I can get the commands for a Semens Speedstream 5100, I would appreciate it. Since I still have the connection, I would like to finish that project and actually know if it was the modem or Protocol 41. I hate not knowing..
I'm glad to hear your connection is running. I went through a lot of issues trying to get mine to work.
Well, I've got other issues to deal with like routing protocols and why I can get my computers that are on my lower subnets to get to the net.