Configuring QoS on Cisco 3845 router for Polycom Video Conferecing

Similar Messages

• Cisco 878 router for ADSL connectivity

  Hi All,
  I got a Cisco 878-k9 G.SHDSL router. I am trying to configure to get connectivity to my Service Provider.
  Earlier i have configured Cisco 877 router serval times. But Cisco 878 for the first time. There is a DSL
  controller in 878 rtr. I think i m missing something somewhere.
  Below is the config that i have done
  controller DSL 0
  mode atm
  loopback digital
  dsl-mode shdsl symmetric annex A
  line-rate auto
  line-term cpe
  line-mode 2-wire line-one
  ip cef
  ip dhcp excluded-address 192.168.10.1 192.168.10.10
  ip dhcp pool INSIDE-Pool
     import all
     network 192.168.10.0 255.255.255.0
     default-router 192.168.10.1
     dns-server 212.77.192.59 212.77.192.60
     lease 8
  interface ATM0
  description (Outside Public Interface)
  no shutdown
  no ip address
  load-interval 30
  no atm ilmi-keepalive
  pvc 8/35             
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface Dialer0
  ip address negotiated
  no ip redirects
  no ip proxy-arp
  no ip unreachables
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  ip route-cache flow
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp authentication chap callin
  ppp chap hostname p4411XXXX
  ppp chap password qatarXXXX
  ppp pap sent-username p44114032 password 0 qatarXXXX
  no sh
  ip route 0.0.0.0 0.0.0.0 Dialer0
  no ip http server
  ip nat inside source list 101 interface Dialer0 overload
  access-list 1 permit any
  access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
  access-list 101 permit ip 192.168.0.0 0.0.255.255 any
  dialer-list 1 protocol ip permit

  i have an adsl line
  i try to configure the router 878
  but no connection ,, kann u tel me how do u have resolve the probleme please
  this is the running config
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname cisco2
  boot-start-marker
  boot-end-marker
  no logging buffered
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  resource policy
  clock timezone EST -5
  clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
  ip subnet-zero
  ip cef
  ip name-server 212.217.0.1
  ip name-server 212.217.0.12
  ip name-server 212.217.1.1
  ip ddns update method sdm_ddns1
   DDNS both
  vpdn enable
  vpdn-group pppoe
  crypto pki trustpoint TP-self-signed-201735762
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-201735762
   revocation-check none
   rsakeypair TP-self-signed-201735762
  crypto pki certificate chain TP-self-signed-201735762
   certificate self-signed 01
    3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32303137 33353736 32301E17 0D303230 33303130 32353235
    375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373335
    37363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    A62304BC 27194971 2A4FAEB3 9D57240E 26EDED2A 1674FF9A 7CBBB8F2 85245C3B
    C4DDBBF8 F8A67D31 5FDCBD11 72A2735D 9E8FC84B 17B55C71 43C10E41 ACC50BEC
    FCE8D9EE 6D2B0B55 9BD5B62C 3981506F 04B92C25 CA4C307E BC6A6A5F 4FBEF0EE
    05FEFA57 C7D879FD 79EF442F 121D6393 57E96F31 5414D1D5 4FADFBC0 95C9EAB3
    02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
    11040B30 09820763 6973636F 322E301F 0603551D 23041830 16801418 6C8FED13
    FFD7B2FB F6FA47E7 682B0093 FAE2AC30 1D060355 1D0E0416 0414186C 8FED13FF
    D7B2FBF6 FA47E768 2B0093FA E2AC300D 06092A86 4886F70D 01010405 00038181
    007C867C AC28A7F0 4BDD261C 81A71F1D E0671C28 F4724F5D ED1FE702 BCE234D9
    1F85FE90 4D0AD23E 9904CBF9 D44A8CD5 0F5515BB 8FEEE4BB FF9795E1 7770B60A
    E37455CC D6606EAF E0EAEEA4 932F55E6 91C6F87F 1D022203 08AD7C78 4DCF5AEA
    819D2367 2B5054CC 695A4EF5 BC9ADA26 F7803106 E94BD666 179EB3DF 4CDE4CB8 1C
    quit
  username xxxxx privilege 15 password 0 xxxxx
  controller DSL 0
   mode atm
   line-term co
   line-mode 4-wire standard
   dsl-mode shdsl symmetric annex B
   ignore-error-duration  15
   line-rate 4608
  interface BRI0
   no ip address
   encapsulation hdlc
   shutdown
  interface ATM0
   no ip address
   ip nat outside
   ip virtual-reassembly
   no atm ilmi-keepalive
  interface ATM0.1 point-to-point
   pvc 8/35
    pppoe-client dial-pool-number 1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Vlan1
   description lan
   ip address 192.168.1.5 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat inside
   ip virtual-reassembly
   ip route-cache flow
   ip tcp adjust-mss 1412
  interface Dialer1
   ip ddns update hostname xxxx.dyndns.org
   ip ddns update sdm_ddns1
   ip address negotiated
   ip mtu 1452
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   no cdp enable
   ppp authentication chap pap callin
   ppp chap hostname xxxxx
   ppp chap password 0 xxxxx
   ppp pap sent-username xxxxx password 0 xxxxx
  interface Dialer0
   no ip address
  ip classless
  ip http server
  ip http access-class 24
  ip http authentication local
  ip http secure-server
  ip nat inside source list 1 interface Dialer0 overload
  ip access-list extended to-sip-servers
   remark --- traffic to any sip server
   permit udp 192.168.1.0 0.0.0.255 any eq 5060
  access-list 1 permit 0.0.0.0 255.255.255.0
  access-list 1 permit 192.168.1.0 0.0.0.255
  dialer-list 1 protocol ip permit
  snmp-server community public RO
  no cdp run
  control-plane
  banner motd ^CINE welcome
  banner ^C
  line con 0
   no modem enable
  line aux 0
  line vty 0 4
   password cisco
  scheduler max-task-time 5000
  end

• Configuring wireless on cisco 877w router

  Hi all
  I have a Cisco 877W wireless/ADSL router and having great difficulty with configuring wireless on this router. Here is a quick summary.
  1. The ADSL is configured to obtain public IP from the ISP
  2. Default interface vlan 1 is configured with an IP address
  3. I went into vlan database, tried to configure multi vlans and the router prompted me that it can only have max 2 vlans. Hence what's the use of up to 16 different SSID using wireless?
  4. I've setup DHCP scope on the router to give out IP address to clients (both wireless and wired)
  5. I'm able to configure WPA-PSK on the router and was able to connect wirelessly to the router but I won't be able to obtain an IP address from the router
  6. There are two scenarios that I'd like to do:
  A. Setup wireless to connect to the same subnet as what's on vlan1
  B. Setup wireless to connect to a different subnet to vlan1
  For the life of me, I could not find docs on Cisco web site that shows me how to exactly this. I found some documents that use interface F0 as a trunk port and treat the interface Dot11Radio0 with sub-interfaces. I don't connect this router to a switch (standalone router) so how can I do this? Please point me to some docs.
  Thanks in advance for your help.

  My configuration works for wireless no authentication, but failed for WPA-PSK:
  ip dhcp excluded-address 172.16.250.1
  ip dhcp pool TEST
  import all
  network 172.16.250.0 255.255.255.0
  default-router 172.16.250.1
  bridge irb
  interface FastEthernet4
  description $ES_WAN$
  ip address dhcp client-id FastEthernet4
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface Dot11Radio0
  no ip address
  ssid 111
  vlan 1
  authentication open
  authentication key-management wpa
  wpa-psk ascii 0 Cisco1234
  speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no cdp enable
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Vlan1
  no ip address
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 172.16.250.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  After I configured the same wpa-psk key on the XP computer using windows zero configuration and tried to connect to the wireless work, I got the following errors on the router:
  *Mar 1 03:00:51.623: *** Not encrypted dot1x packet from 000c.f123.25cf has been discarded
  *Mar 1 03:00:52.623: %DOT11-7-AUTH_FAILED: Station 000c.f123.25cf Authentication failed
  What could be wrong? Thanks!

• Cisco 3845 Router, SSH, Secure HTTP & CS-MARS

  Hello,
  I have a 3845 router (Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)) which I have configured SSH access through vty. Th e problem is that SSH access fails when I try to connect to it using Putty. It also fails to connect using ip http secure-server both from a browser & through CS-MARS (IOS IPS). All user names exist and are working fine with telnet.
  Does IOS 12.3 have issues with SSH * secure http?
  I get this error in MARS:
  "Error in INIT GET. Check the username/password"

  Hi -
  I searched all open/closed TAC cases for you with that error message - I found 1 similar case.
  Here's the results of their case:
  "we managed to fix the issue it was ip http authentication enable command (change to accept local usernames/passwords)."
  Can you review this and see if you need to tell SSH and HTTPs to use the local database?
  Please let us know.
  thxs
  peter

• Cisco 3725 Router for Internet Connectivity

  Hi,
  We have en existing Internet connection using our Cisco 3725 router (ISP A). The router does the NAT and here's the existing default route:
  S* 0.0.0.0/0 [1/0] via 1.2.3.153
  This router has a "16 Port 10BaseT/100BaseTX EtherSwitch".
  Now we have a new Internet connection (ISP B). What I did was to configure two ports on the Etherswitch and added route maps:
  interface FastEthernet1/0
  description "ISP B to provider"
  no switchport
  ip address 4.5.6.66 255.255.255.252
  interface FastEthernet1/1
  description "ISP B to my network"
  no switchport
  ip address 4.5.7.225 255.255.255.248
  ip policy route-map ISPBInternetTraffic
  access-list 101 permit ip 4.5.7.224 0.0.0.7 any
  route-map ISPBInternetTraffic permit 101
  match ip address 101
  set interface FastEthernet1/0
  set ip default next-hop 4.5.6.65
  What I want to happen is that when the router sees the traffic coming from the public IPs of ISP B (4.5.7.224 /29) it will direct that to go out ISP B on F1/0.
  1. Is my configuration correct?
  2. Any suggestions, recommendations?
  3. Can I do load balancing or load sharing between the two ISPs?
  Best,
  Tony

  Hi Tony,
  Your question has already been answered here: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd276a5

• Help. How to configure ASA5515 as 'one armed router' for access to DHCP server on a different VLAN

  Hi,
  My setup
       router > ASA5515(ver8.6) > 4 SGE2010p switches
   I want to put the guest WiFi users on a separate network. I have layer 2 switches and want to configure the ASA5515 as a 'router on a stick' setup for the guest vlan to have access to the DHCP server on the native vlan.
  I have
  1. created a sub-interface for the inside interface and enabled intra-interface traffic.
  2. A static route on the ASA point the guest network to the switch.
    What else do I need to configure on the ASA for inter-vlan routing?
  ASA related config:
  interface GigabitEthernet0/1
   nameif inside
   security-level 100
   ip address 10.15.xx.1 255.255.252.0 standby 10.15.xx.2
  interface GigabitEthernet0/1.2
   vlan 100
   no nameif
   no security-level
   ip address 10.100.xx.1 255.255.255.0
  C    10.15.xx.0 255.255.252.0 is directly connected, inside
  S    10.100.xx.0 255.255.255.0 [1/0] via 10.100.xx.2, inside

  Thanks for the quick response Reza.
   Actually that command is already there. Didn't include it in my post.
  So I am guessing my ASA config is correct.
  I am having trouble setting up the trunk ports on the layer2 SGE2010P switch for trunk port.
  I am used to command line layer3 switches (CLI is wasy) but not familiar with these switches GUI. I am going through the config guide right now.
  Could you help me with that too?
  Not to bother you with a completely different issue though.
  Thanks again!

• Which is better for Branch Office Cisco ASA or Cisco 1900 router for Branch Office?

  Which is a better solution ?
  Using ASA55XX or 1900 series router for WAN and Internet access for 25 - 100 users?

  Without knowing more about the environment and what the real requirements are, it is difficult to give a really good answer. If your main concern is effective stateful inspection of traffic entering and leaving the site then the ASA is optimized for that. If you want redundancy (active/active or active/standby) then the ASA is better for this. There are other potential requirements which may make the router the better choice:
  - what is the connection to the Internet? If it is Ethernet then either ASA or router will do fine. But if it is something other than Ethernet then you may need the router.
  - is there a need for services such as Policy Based Routing? These are available on the router and not on the ASA.
  - is there a need for load balancing on outbound traffic? This is available on the router and not on the ASA.
  - will there be a need to do routing on the inside network? The range of available options is wider on the router than on the ASA.
  - is there a need to run a routing protocol with the Internet provider? The usual choice for this is BGP and that is available on router and not on ASA.
  So consider these criteria as you make your choice. Or provide more detail about your environment and what your real requirements are and we may be able to give better advice.
  HTH
  Rick

• Jetpack 5510L needed for Polycom video conference - is this possible - has progress been made?

  We've has a successful connection when a static IP was available and we can at least connect to a bridge and see the template and the image of our own classroom in the top right corner, but we can not see or hear the far end and the far end cannot see or hear us.
  How should we approach this when the bridge is our only IP option to connect to?  What is required to make this connection complete on both ends?

  I would actually contact PolyCom since they are the video conference vendor that own the software you are attempting to use.  PolyCom most likely has experience dealing with VZW network connections and should be able to help you identify why their application is not working. 
  If you truly have a static and public IP address assigned to your Jetpack then the port forwarding options will be available to you.  You may have to customize the ports to get all of the video conferencing communication lines opened.
  If you can find a specific limitation from PolyCom then come back to us and let us know what it is.  We may be able to provide you with steps or suggestions on how to customize your Jetpack to work around them.  For now, the problem could be anything so VZW and the community really cant help you.

• Cisco cme paging security 3845 router password for paging access voip

  Hi,
  We have a Cisco 3845 router running CME, ephones and ephone-dn are configured, there is ephone-dn is configured for paging. The system and paging work fine. We want to give password for those who make announcement. There are currently more than 30 extensions but we only want to give paging access to three users. How can we do this?
  Thank you

  Sure. Using the same (or similar) example:
  Extensions: 2XXX
  Primary Phone: 2025552000
  We can address the need with the following:
  voice translation-rule 10
  rule 1 /^2...$/ /2025552000/
  voice translation-profile cme-to-itsp
  translate calling 10
  dial-p v 100 voip
  description Example Egress Dial Peer to ITSP
  destination-patt
  translation-profile out cme-to-itsp
  HTH.
  -Bill (http://ucguerrila.com)

• SIP over UDP routing in Cisco 3845

  dear friends,           
  How can we configure the SIP over UDP protocol by Cisco 3845 router?
  For more details please fine the attachment.

  Yes I tried but that is not helpful for me
  How can I contact those people (engage a reputable consultant, or Cisco partner)?
  Also I tried this commands in below.
  voice class codec 1
  codec preference 1 g711alaw
  dial-peer voice 3250 voip
  destination-pattern 3250
  session protocol sipv2
  session target ipv4:10.156.67.6
  session transport udp
  codec g711ulaw
  sip-ua
  retry invite 2
  retry response 2
  retry bye 2
  retry cancel 2
  no inband-alerting
  sip-server ipv4:10.156.67.6
  ip classless
  ip route 0.0.0.0 0.0.0.0 10.157.67.1
  ip route 10.157.67.0 255.255.255.0 10.167.67.225 
  access-list 101 permit ip host 10.156.67.1 host 10.156.67.100
  access-list 101 deny   udp any eq rip any
  access-list 101 deny   udp any any eq rip
  access-list 101 deny   udp any eq isakmp any
  access-list 101 deny   udp any any eq isakmp
  access-list 101 permit ip any any
  snmp-server engineID local 000000090200003094202740
  snmp-server community public RW

• Still trying to configure a Cisco 877W router

  Hi,
  I am still unable to configure my Cisco 877W router for use on a B.T. ADSL phone line.
  I can log in to the router which starts up the SDM Express. I then select the wizard and get as far as filling in the DHCP server configuration.
  When I then press next it does not go to the next step, it just stays on the DHCP config screen. I am now using a Windows XP machine to configure the router  as someone suggested, but it continues to halt at the same place.
  Can anyone help please,
  Thanks.
  Dave.

  Hi. You may check out the topics in this link instead.

• Does Cisco 3845 with NM-16A/S support OIR feature or Hot swap for this NM.

  Dear Sir
  My customer would like to implement Cisco 3845 with NM-16A/S x 4. I found that Cisco 3845 support OIR function but I am not sure OIR function that Cisco 3845 support, it support with which NM models. Can anyone tell me that NM-16A/S on Cisco 3845 support OIR function on this NM or not.
  Thank you very much
  Wisit

  Hi,
  From what I have read from the following document.
  http://www.cisco.com/en/US/products/ps5855/products_installation_guide_chapter09186a00802ccf1d.html
  Network Modules
  Network modules install directly into slots in the rear of the router. The Cisco 3845 router supports online insertion and removal (OIR, or hot swap) of network modules. The Cisco 3825 router does not support OIR.
  Caution The Cisco 3845 router supports OIR with similar modules only. If you remove a network module, along with any installed WAN or voice interface cards, install another module and card combination exactly like it.
  Interface Cards
  Cisco 3800 series routers do not support OIR (hot swap) of interface cards inserted directly into router slots. You must turn off the router before installing or removing an interface card.
  The Cisco 3825 router and the Cisco 3845 router each provide four interface card slots, labeled on the rear panel by HWIC and a number. Each slot can be occupied by one single-wide WIC, VIC, VWIC, or HWIC.
  Hope this helps
  Sarb

• Setting up SSH on a 3845 router?

  Greetings everyone!
  Just curious, how does one set up SSH on a cisco 3845 router? Specifically, how does one generate the RSA keys?
  It seems to be missing the "generate" subcommand for crypto. When I type crypto key the only sub-commands are lock and unlock. I'm unfamiliar with this and don't want to mess around too much since it's a production box.
  I'm running c3845-spservicesk9-mz.124-11.T2.bin so I should have the ability, yes? Any guidance would be appreciated. I really would prefer not to use telnet.

  you have k9 image , it should support crypto commands, are you sure you were at the configuration mode?
  try again.., here is a link for setting up ssh in IOS.
  http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
  way to do it is open two telnet sessions to the router, in one session be in the enable mode and leave the session opened. On the other telnet session work with the SSH configuration implementation. When finished do not save the config , exit the session and open a new session using ssh to ensure you can connect and login to the router via ssh... if for any reason fails you still have the other telnet session opened to undo the ssh changes or correct them.
  also for making sure your telnet sessions do not time out while working with configs permit yourself more time by entering exec-time out 60 <-- one hour for your vty lines.
  line vty 0 4
  exec-timeout 60
  you can also do the complete ssh implementation via console port as well.
  Regards
  PLS rate any helpful posts if it helps

• RADIUS and Cisco 2611 router

  Greetings. First, let me start by saying I am an idiot, I know I am an idiot, and I apologize for wasting everyone's time. I have actually RTFM, many RTFMs, in fact, and I still have not found a resolution.
  Second, I am trying to set up a RADIUS server in my test network. I have installed ClearBox RADIUS on a Windows 2000 system. I have the following configuration on my Cisco 2611 router:
  Using 2297 out of 29688 bytes
  ! Last configuration change at 17:20:27 PDT Tue May 20 2008
  ! NVRAM config last updated at 17:20:29 PDT Tue May 20 2008
  version 12.1
  no service single-slot-reload-enable
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname Tester
  logging buffered 10000 debugging
  aaa new-model
  aaa group server radius RadiusServers
  server 172.26.0.2 auth-port 1812 acct-port 1813
  aaa authentication login default group RadiusServers local
  aaa authentication login localauth local
  aaa authentication ppp default if-needed group radius local
  aaa authorization exec default group radius local
  aaa authorization network default group radius local
  aaa accounting delay-start
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa processes 6
  enable secret xxx
  username test password xxx
  clock timezone PST -8
  clock summer-time PDT recurring
  ip subnet-zero
  no ip domain-lookup
  no ip bootp server
  interface Loopback0
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/0
  description To Main Network
  ip address X.X.X.X 255.255.255.128
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  full-duplex
  no cdp enable
  interface Ethernet0/1
  description To Internal Network
  ip address 172.26.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  load-interval 30
  full-duplex
  no cdp enable
  ip nat pool test X.X.X.X X.X.X.X netmask 255.255.255.128
  ip nat inside source list 3 pool test overload
  ip nat inside destination list 3 pool test
  ip classless
  ip route 0.0.0.0 0.0.0.0 X.X.X.X
  no ip http server
  ip radius source-interface Ethernet0/1
  access-list 3 permit 172.26.0.0 0.0.0.255
  no cdp run
  snmp-server community public RO 15
  radius-server host 172.26.0.2 auth-port 1812 acct-port 1813 key secret
  radius-server retransmit 3
  radius-server key secret
  line con 0
  password xxx
  logging synchronous
  line aux 0
  line vty 0 4
  access-class 10 in
  password 7 1234567890
  logging synchronous
  ntp clock-period 17208108
  ntp server 192.43.244.18
  end
  My RADIUS server is up and responding to requests, but my router does not appear to be forwarding authentication requests to it. In fact, when I log into the router using HyperTerm, it times out, and I end up authenticating locally.
  I really don't care whether my Cisco equipment authenticates against the RADIUS server, but I do need to get it set up to authenticate my users so I can track their time online. What have I missed in my router configuration? Why isn't it forwarding user authentication requests to the RADIUS server.
  Thank you for any assistance you may be able to provide.

  I have found that if I am in the middle of composing a response, and I open the thread in another browser window (to refer to it), when I go to submit my response, it doesn't get posted. Perhaps you are running into the same thing.
  The command I shared:
  aaa authentication enable default group radius local
  ... was erroneous. The keyword should have been "enable", as you have discovered.
  Therefore use:
  aaa authentication enable default group radius enable
  When I view a Wireshark trace I see the following:
  AVP: l=18 t=User-Password(2): Decrypted: "user-PWD\000\000\000\000\000\000\000\000"
  Like you, I see the user password appended with the group of \000 grouping's.
  Note the word "Decrypted" which confirms that the password entered in Wireshark is a match with that entered on the AAA client (for what that's worth).
  I'm not sure if I suggested that this would confirm that the server and client were using the same shared secret. If I did, I miss-spoke. I think we would have to gauge the server's response to the attributes we see passed by the client.
  The Wireshark decryption is much more dramatic with TACACS+ because the whole payload is encrypted.
  My issue with your PPPoE is that I saw no "interface" on the router that is configured to perform such authentication. I do seem to recall a global authentication command with the PPP keyword perhaps. I have not attempted to do this, and am not sure whether the interfaces in your router will support this method. Perhaps someone else will weigh in with an opinion.
  However, there are other mainstream authentication methods that I think you should investigate as well.
  You could implement 802.1x on a switch so that a host has to authenticate before it can gain Layer 3 access to the LAN. Depending on the platform, you can download VLAN assignments and ACLs.
  I believe the router also supports 802.1x, but that may determine whether a host can get "through" the router. I have not had cause to investigate 802.1x on the router. I may do so in the future to authorize access to IPsec tunnels.
  The router is also likely to support Authentication Proxy. This feature intercepts a user's attempt to browse resources on the other side of the router. User specific ACLs can be downloaded to the router (from RADIUS) to control what resources a user can access.
  I think you should:
  1. Resolve the issue(s) with AAA logins on the router. It'll establish a baseline of functionality, and give you some short term joy.
  2. Investigate whether PPPoE support exists on your router's interfaces.
  3. Read up on 802.x and Authentication Proxy (docs on Cisco web site).
  4. Decide which methods appeals to you.
  5. Dive in.
  I'd lose the self-deprecation. I don't think it will serve you well. If you're treated badly, move to a newsgroup where the participants display a higher level of emotional maturity. I don't think you will have an issue on the Cisco forums. Others would probably step in.
  I'm going to be absent for several days, so if you don't receive any response, it will be for said reason.
  Good luck.

• 3845 router failing to look up routes from routing table correctly!

  Hi all,
  Got a really strange issue which I am wondering if someone can point me in the right direction for. Facts of the issue:
  - Some customers, all with a specific ISP, cannot access a hosted service we host internally
  - External user can reach service but never gets a response - hence focussing on reachability of their public IP
  - Cisco 3845 router used, peers with service provider over BGP - receives full internet routing tables
  - All affected customers receive dynamic IP addresses within the same /10 public IP range
  I received an example IP address and when doing "show ip route x.x.x.x" for this IP, the router responds "Subnet not in table". When trying to traceroute to the IP, the router doesnt even go to the next hop. However, the subnet is definitely in the routing table with the correct next hop (and, for complete information, is also within the BGP updates). Before anyone asks the question :) - yes I have definitely verified that the hosts are within this subnet.
  If I put a static /32 route in for this specific IP address, everything works fine - then fails again once its taken out.
  I literally cannot understand why the router is not correctly performing the lookup for the hosts within this subnet. I can understand a lot of potential reasons why the BGP received route wouldnt be placed in the routing table, but that is not the case here. 
  Some other factors (if applicable):
  - Nothing showing in the logs
  - Plenty memory available (despite the high number of routes)
  - Plenty CPU resource available
  - No default route is ran
  I am going to restart the router and really expect this to resolve the issue (would log a TAC but this one is a bit time precious) - but it is frankly doing my head in and I assume I am missing something!
  Any help or guidance would be appreciated!

  Hi all,
  Got a really strange issue which I am wondering if someone can point me in the right direction for. Facts of the issue:
  - Some customers, all with a specific ISP, cannot access a hosted service we host internally
  - External user can reach service but never gets a response - hence focussing on reachability of their public IP
  - Cisco 3845 router used, peers with service provider over BGP - receives full internet routing tables
  - All affected customers receive dynamic IP addresses within the same /10 public IP range
  I received an example IP address and when doing "show ip route x.x.x.x" for this IP, the router responds "Subnet not in table". When trying to traceroute to the IP, the router doesnt even go to the next hop. However, the subnet is definitely in the routing table with the correct next hop (and, for complete information, is also within the BGP updates). Before anyone asks the question :) - yes I have definitely verified that the hosts are within this subnet.
  If I put a static /32 route in for this specific IP address, everything works fine - then fails again once its taken out.
  I literally cannot understand why the router is not correctly performing the lookup for the hosts within this subnet. I can understand a lot of potential reasons why the BGP received route wouldnt be placed in the routing table, but that is not the case here. 
  Some other factors (if applicable):
  - Nothing showing in the logs
  - Plenty memory available (despite the high number of routes)
  - Plenty CPU resource available
  - No default route is ran
  I am going to restart the router and really expect this to resolve the issue (would log a TAC but this one is a bit time precious) - but it is frankly doing my head in and I assume I am missing something!
  Any help or guidance would be appreciated!