LARTC - Nov 2007 - wan card routing

Hi,
   I am using sangoma S5141 wan card. I have connected my modem to the card
in linux machine. The linux distribution I am using is Redhat AS 4, I am
trying to replace the cisco router in my office with the sangoma S5141 wan
card. I have configured the card in CHDLC where I can able to ping the
serial IP, but with 80% of packet loss. And If I browse any http  or ftp or
any sites I cant able to browse. When I put tcpdump I am seeing the error
like one as below, which means the far end is blocking some traffic.

   IP<source IP:port> > yahoo.com: port host <destination IP>
unreachable -
admin prohibited

The protocol status Lip Dev Prot State goes UP and DOWN.

 Any ideas would be appreciated.

Thanks
Imthiyaz.


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

On 11/08/07 11:12, Imthiyaz Ahmed wrote:
> I am using sangoma S5141 wan card. I have connected my modem to the 
> card in linux machine. The linux distribution I am using is Redhat AS 
> 4, I am trying to replace the cisco router in my office with the 
> sangoma S5141 wan card. I have configured the card in CHDLC where I 
> can able to ping the serial IP, but with 80% of packet loss. And If I 
> browse any http  or ftp or any sites I cant able to browse. When I 
> put tcpdump I am seeing the error like one as below, which means the 
> far end is blocking some traffic.
I''ve not yet had the pleasure (I do want to work with it) of working 
with any WAN equipment under Linux, as such I can''t say much for sure.
> IP <source IP:port> > yahoo.com:port host <destination IP> 
> unreachable - admin prohibited
This makes me believe that someone on the remote end is rejecting your 
traffic.  Can you tell what host sent the ''host ...
unreachable''
message.  If the host that sent the message is not on the other end of 
your WAN link, chances are good that the WAN link has nothing to do with 
the problem.  Rather that someone further out in the net is blocking the 
traffic.
> The protocol status Lip Dev Prot State goes UP and DOWN.
 From some quick Googleing it looks like you are dealing with a PPP 
connection across your WAN, correct?  If this is the case, is there a 
chance that the other end of the PPP connection is unhappy with 
something about your configuration and thus taking your connection down?
> Any ideas would be appreciated.
Speculation is all I really have.



Grant. . . .

Hi

 From your description it looks like there are more problems combined or
connected.
I would recommend to first check just your serial connection to next hop
with whatever tools available and only then to try resolving that
"destination unreachable- admin prohibited" problem.

Imthiyaz Ahmed wrote:
> Hi,
>    I am using sangoma S5141 wan card. I have connected my modem to the 
> card in linux machine. The linux distribution I am using is Redhat AS 
> 4, I am trying to replace the cisco router in my office with the 
> sangoma S5141 wan card. I have configured the card in CHDLC where I 
> can able to ping the serial IP, but with 80% of packet loss
Can you show some longer ping output ? 80% loss can be 4 of 5 packets
missing but that shows nothing, longer ping run may show some
non-randomness (like line protocol going up and down you describe) maybe
pointing to encapsulation problems...
You could also try to ping with packets of small and larger sizes and
look for CRC errors...
If the packet loss is completely random, could be
hardware/cable/noise/whatever problem.
> . And If I browse any http  or ftp or any sites I cant able to browse. 
> When I put tcpdump I am seeing the error like one as below, which 
> means the far end is blocking some traffic.
>
>    IP<source IP:port> > yahoo.com <http://yahoo.com>: port
host
> <destination IP> unreachable - admin prohibited
> The protocol status Lip Dev Prot State goes UP and DOWN.
>
if you see interface going up down up down, it can be anything from
hardware to encapsulation.
maybe if you reconnected the old cisco router and tried "sh interfaces
serial", "show controllers serial" and similiar debugging
commands, and
then tried checking against output of debugging tools for your new card,
it would show some differences in setup.

hardware or encapsulation problems could confuse upper layers to the
point that other side of the link now refuses to forward packets for
you...
>  Any ideas would be appreciated.
And if you''ve got lots of time, and proper cables and experience, you
could try to connect your card directly to your old router and test your
card and setup locally, but that would require you to really know what
you are doing.
> Thanks
> Imthiyaz.
>
Good luck
john default




-- 
___________________________________
S pozdravom / Best regards

John Default

tel:     + 421 907 294 849
icq:           277 131 242
mail:    default@advaita.sytes.net
jab:     defaultadvaita@jabber.org
__________________________________