Trouble shooting Cisco 877 and Eircom DSL

I'm trying to hook up a Cisco 877 to eircom's DSL .

This unit will be linked back to the main office ASA via VPN tunnel over this link.

Ive already wasted a day odd because the line wasn't working properly but I'm not convinced they fixed it correctly. After eircom "fixed" the line I verified it was working with one of their own netopia boxes. Not helped by the fact my cisco knowledge is a little rusty.:)
In addition I wasted a few more hours on an incompatibility issue with the DSL firmware which I learned about in this helpful thread:).

Applying this firmware got rid of these messages when traffic acivated the dialer.

*Mar  1 07:28:15: Di0: No free dialer - starting fast idle timer

Here is the basic config I tried to verify the connection with. Missing some of the boiler plate stuff.

!
ip subnet-zero
ip name-server 213.94.190.194
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
no ftp-server write-enable
!

!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer1
ip unnumbered Loopback0
encapsulation ppp
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname eircom
ppp chap password broadband1
!
!
interface Loopback0
ip address 84.47.XXX.XXX 255.255.255.255 !!Our static address!!
hold-queue 100 out
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1

I'm fairly sure this is working as far as just getting the ATM and Dialer up.
I can see from the debug Dialer stuff that the dialer seems to be connecting.


I moved on and modified a config from one of the other branches with a similar setup. When I entered this config with all the VPN details the Dialer seems to fail again.

The CD light is on; turning on the debug messages reveals ATM is up but the Dialer is giving the same message as before.

Di0: No free dialer - starting fast idle timer

There are hundreds of these a minute this time.

Strangely enough when I tested the line with one of the standard eircom modems afterwards I get DSL sync but the internet light is red.

Any ideas what the best way to trouble shoot this? Is it possible I have somehow tripped something in the exchange because of a dodgey config on my cisco router? Purple monkey dishwasher?

EDIT: Oops is this more appropriate in the broadband forum?

Alun

I'm a bit confused. Di0 as referred to in the log file is Dialer 0 and you only appear to have Dialer 1 configured.

What do you see if you do a 'sho int di0' and 'sho int di1' ?

Alun

Alun wrote: »

I'm a bit confused. Di0 as referred to in the log file is Dialer 0 and you only appear to have Dialer 1 configured.

What do you see if you do a 'sho int di0' and 'sho int di1' ?

Yeah thats a bit confusing but the second config I'm using is Dialer0 instead.

I'll pare the config down a bit and post it in a few mins.

Here is the config. Ive omitted some of the irrelevant inspect statements and verbose ACLS.

Its similar in operation to the basic config I posted earlier with the cryto stuff added.

I fully accept I might be doing something really stupid with this config But its basicaly the same as one of the other remote offices so I dunno.

!
!
version 12.4
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname routername
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.XX.XX.1 172.XX.XX.10
ip dhcp excluded-address 172.XX.XX.101 172.XX.XX.254
!
ip dhcp pool sdm-pool1
   network 172.XX.XX.0 255.255.255.0
   dns-server 159.134.237.6 159.134.248.17
   default-router 172.XX.XX.1
   netbios-name-server 172.XX.XX.10 172.XX.XX.16
   lease infinite
!
!
ip name-server 159.134.237.6
ip name-server 159.134.248.17
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
!! REMOVED inspect statements!!
ip inspect name SDM_HIGH udp
ip ips notify SDEE
!


!
username usernamejoe privilege 15 password 0 XXXXXXXXXXXX
!
!
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_HIGH
  class sdm_p2p_gnutella
   drop
  class sdm_p2p_bittorrent
   drop
  class sdm_p2p_edonkey
   drop
  class sdm_p2p_kazaa
   drop
!
!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
crypto isakmp policy 1
 encryption aes 256
 authentication pre-share
 group 5
crypto isakmp key XXXXXXXXXXXXXXXXXXXXX address 62.77.XXX.XXX
!
!
crypto ipsec transform-set ESPNAME esp-aes 256 esp-sha-hmac
!
 crypto map SDM_CMAP_1 1 ipsec-isakmp
 
 set peer 62.77.XX.XX
 set transform-set ESPNAME
  match address 102
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
!
interface loopback0
ip address 84.47.XX.XX 255.255.255.255
!
interface Vlan1
 description $FW_INSIDE$
 ip address 172.XX.XX.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Dialer0
 description $FW_OUTSIDE$
 ip unnumbered Loopback0
 ip access-group 104 in
 ip mtu 1452
 ip nat outside
 ip inspect SDM_HIGH out
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 dialer string "*09#"
 ppp authentication chap callin
 ppp chap hostname eircom
 ppp chap password 0 broadband1
 crypto map SDM_CMAP_1
 service-policy input sdmappfwp2p_SDM_HIGH
 service-policy output sdmappfwp2p_SDM_HIGH
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.XX.XX.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 84.47.XX.XX 0.0.0.3 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark IPSec Rule
access-list 101 permit ip 172.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 101 permit udp host 62.77.XX.XX host 84.47.XX.XX eq non500-isakmp
access-list 101 permit udp host 62.77.XX.XX host 84.47.XX.XX eq isakmp
access-list 101 permit esp host 62.77.XX.XX host 84.47.XX.XX
access-list 101 permit ahp host 62.77.XX.XX host 84.47.XX.XX
access-list 101 deny   ip 172.XX.XX.0 0.0.0.255 any
access-list 101 permit icmp any host 84.47.XX.XX echo-reply
access-list 101 permit icmp any host 84.47.XX.XX time-exceeded
access-list 101 permit icmp any host 84.47.XX.XX unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 172.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 102 permit ip 172.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 102 permit ip 172.XX.XX.0 0.0.0.255 192.XX.XX.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny   ip 172.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 103 deny   ip 172.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 103 deny   ip 172.XX.XX.0 0.0.0.255 192.XX.XX.0 0.0.0.255
access-list 103 permit ip 172.XX.XX.0 0.0.0.255 any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit udp host 159.134.248.17 eq domain host 84.47.XX.XX
access-list 104 permit udp host 159.134.237.6 eq domain host 84.47.XX.XX
access-list 104 permit ahp host 62.77.XX.XX host 84.47.XX.XX
access-list 104 permit esp host 62.77.XX.XX host 84.47.XX.XX
access-list 104 permit udp host 62.77.XX.XX host 84.47.XX.XX eq isakmp
access-list 104 permit udp host 62.77.XX.XX host 84.47.XX.XX eq non500-isakmp
access-list 104 remark IPSec Rule
access-list 104 permit ip 172.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 104 permit ip 172.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 104 permit ip 192.XX.XX.0 0.0.0.255 172.XX.XX.0 0.0.0.255
access-list 104 deny   ip 172.XX.XX.0 0.0.0.255 any
access-list 104 permit icmp any host 84.47.XX.XX echo-reply
access-list 104 permit icmp any host 84.47.XX.XX time-exceeded
access-list 104 permit icmp any host 84.47.XX.XX unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any log
dialer-list 1 protocol ip permit
!
route-map SDM_RMAP_1 permit 1
 match ip address 103
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 login local
 transport input all
!
scheduler max-task-time 5000
end

Alun

So to summarize, the CD light is lit which means you've got DSL sync, but the PPP handshake isn't happening?

I assume from the use of the loopback address you actually have a fixed IP address (84.87.xx.xx) on this particular link? If not that might be causing problems. Also double check it's the right one if it is indeed fixed. Otherwise the only odd thing that jumps out at me is the dial string .. is that necessary?

Apart from that, I can only offer the advice to start with a stripped down as possible config, without any ACL's or crypto or stuff like that, aiming to just getting DSL sync and PPP handshake completed and then to add things back one by one until it breaks. At least then you'll know what area the problem is in.

Again, I'm not an expert by any stretch. Maybe some others with a bit more knowledge can step in and offer some more useful advice.

Alun

Alun wrote: »

So to summarize, the CD light is lit which means you've got DSL sync, but the PPP handshake isn't happening?

I assume from the use of the loopback address you actually have a fixed IP address (84.87.xx.xx) on this particular link? If not that might be causing problems. Also double check it's the right one if it is indeed fixed. Otherwise the only odd thing that jumps out at me is the dial string .. is that necessary?

Apart from that, I can only offer the advice to start with a stripped down as possible config, without any ACL's or crypto or stuff like that, aiming to just getting DSL sync and PPP handshake completed and then to add things back one by one until it breaks. At least then you'll know what area the problem is in.

Again, I'm not an expert by any stretch. Maybe some others with a bit more knowledge can step in and offer some more useful advice.

Yeah it complains about a lack of Dial string in the debug dialer output if not. Other forums suggest it just to shut it up as its not used apparently.

Yeah we have a fixed IP and that seems to be correct.

I'm pretty stumped at this stage. I'm proabably just going to issuse a debug all to syslog and plough through that huge amount of data see if anything strange jumps out while doing as you say.

I'm still not ruling out a problem with the line as it seems to jump up and down quite a bit. Weather this is a fault of mine or a gotcha with this router I am missing I'm not sure.

Alun

Yeah, the ST Micro chipset used in the 800 series doesn't seem to be one of the best when dealing with line problems, especially noise. Are you using the 3.0.33 firmware? That seems to be the best one in my experience at home, where I get dreadful noise problems, especially at night.

Yeah this is the adsl firmware I'm using.

ftp://ftp.cisco.com/pub/access/800/adsl_alc_20190.3-0-33.bin

Seemed to have solved the initial problem.

Apparently eircom think there may be a line fault so an engineers supposed to be coming out. very strange all the same.

Alun

What are your line stats like?

sh dsl int atm0

Sorted now almost.

"debug ppp" showed a shed load of errors with chap. Access denied errors with the result the session never getting established. Talking to a few people this seems to be a general eircom thing. Broadband support as unhelpful as ever.
When I rang them for the fifth time it eventually started working.

Now to get the VPN working..

Alun

ronoc wrote: »

"debug ppp" showed a shed load of errors with chap. Access denied errors with the result the session never getting established. Talking to a few people this seems to be a general eircom thing. Broadband support as unhelpful as ever.
When I rang them for the fifth time it eventually started working.

I've had similar situations in the past, where DSL synch is achieved no problem, but for some reason or another the CHAP authentication just refuses to complete, sometimes for an hour or so, and then all of a sudden starts working again.

I guess you were just unlucky and hit a period when it was misbehaving like that.

Can't help you with the VPN thing I'm afraid .. outside of my experience, on Cisco kit at any rate.

All running tickedy boo now.


Some slight issues with broken ACLs blocking IKE (my f*ck up) fixed easy enough.

IPSEC was failing because the ASA was configured with with the wrong encryption; that took a while to figure out.

Alun

ronoc wrote: »

All running tickedy boo now.

Great!

Some slight issues with broken ACLs blocking IKE (my f*ck up) fixed easy enough.

Bloody ACL's ... bane of my life! BTW have you tried this at all?

http://www.winagents.com/en/products/routertweak/

A handy little FREE tool for managing Cisco configs. The real bonus for me is that it allows you to edit/add/delete individual entries in ACL's on the fly without all the tedious cutting and pasting you normally have to go through, unless you use that horrible, nasty SDM abomination Cisco provide.

Alun

Alun wrote: »

Great!

Bloody ACL's ... bane of my life! BTW have you tried this at all?

http://www.winagents.com/en/products/routertweak/

A handy little FREE tool for managing Cisco configs. The real bonus for me is that it allows you to edit/add/delete individual entries in ACL's on the fly without all the tedious cutting and pasting you normally have to go through, unless you use that horrible, nasty SDM abomination Cisco provide.

Downloading it now for a look. Cheers.

Yeah ACLs are a pain in the ass. I was doing most of the config through the console cable as I was using it to see the debug messages which doesn't help when pasting stuff in.

Turns out copying the config to the router via tftp didn't wipe the existing ACLs. I'm not sure why this happened. It meant I had to "erase start" reload then copy over the config via tftp to be sure it was right

DjDangerousDave

Can you post the final configuration that was used to successfully connect to eircom?

I am thinking about getting one of these devices and setting up something with magnet business broadband as they can give out static IP's on request and will not charge extra for them. I see the 7.6 Meg package from eircom is charging 50 Euro to assign a single static IP.

Would you recommend the 877 now that you have spent some time in its configuration?

Regards,

Dave.

Alun

DjDangerousDave wrote: »

Can you post the final configuration that was used to successfully connect to eircom?

I am thinking about getting one of these devices and setting up something with magnet business broadband as they can give out static IP's on request and will not charge extra for them. I see the 7.6 Meg package from eircom is charging 50 Euro to assign a single static IP.

Would you recommend the 877 now that you have spent some time in its configuration?

Regards,

Dave.

I have one working here (actually an 877W with wireless) on eircom and am pretty happy with it. It's not for the non tech-savvy though, and Cisco experience is pretty much required to get it up and running. Getting it connected to eircom is the easy part .. ronoc's first config was fine in that regard, it just appears that eircom were having problems at their end while he was testing that clouded the issue somewhat.

The rest of the config is up to you though. The possibilities are pretty much endless as you might expect, and there isn't one particular 'correct' way to set it up.

As an example, I have mine set up for IRB (Integrated Bridge Routing) which combines all the local interfaces (4 ethernet plus two wireless networks on separate VLAN's) into a bridge group, which means they all share the same IP address space, but you could equally as well have them all in separate IP spaces and route between them.

The only thing I would say is that the STI Micro DSL chipset in it isn't probably the best at handling noisy lines, so if your SNR margins and Attenuation aren't the best you might be best off with something else.

Alun

ronoc wrote: »

Turns out copying the config to the router via tftp didn't wipe the existing ACLs. I'm not sure why this happened. It meant I had to "erase start" reload then copy over the config via tftp to be sure it was right

It's a bit difficult to explain, but what you effectively do when you do a "copy tftp: running-config" isn't to overwrite the running config, but to create a kind of "merge" of the two, in the same way as if you'd copied and pasted the complete config to the command line in a terminal session. Some commands will be the same in both configs and have no effect, some will overrule existing ones, but some are cumulative like ACL's and IP addresses on interfaces, so you need to edit the file you're copying and put "no ..." statements in wherever you need to. A bit messy, but apart from copying to the startup-config and issuing a reload, there's not much else you can do.

Another approach to the ACL problem is to maintain them all offline in separate files. For every ACL, put an equivalent "no access-list xxx" command at the top, and then either tftp them across, or copy and paste the contents to the command line.

DjDangerousDave

Alun wrote: »

I have one working here (actually an 877W with wireless) on eircom and am pretty happy with it. It's not for the non tech-savvy though, and Cisco experience is pretty much required to get it up and running. Getting it connected to eircom is the easy part .. ronoc's first config was fine in that regard, it just appears that eircom were having problems at their end while he was testing that clouded the issue somewhat.

The rest of the config is up to you though. The possibilities are pretty much endless as you might expect, and there isn't one particular 'correct' way to set it up.

As an example, I have mine set up for IRB (Integrated Bridge Routing) which combines all the local interfaces (4 ethernet plus two wireless networks on separate VLAN's) into a bridge group, which means they all share the same IP address space, but you could equally as well have them all in separate IP spaces and route between them.

The only thing I would say is that the STI Micro DSL chipset in it isn't probably the best at handling noisy lines, so if your SNR margins and Attenuation aren't the best you might be best off with something else.

I have a bit of experience with cisco, I should have more if I was bothered though.

I would like to get the hands on experance setting up a cicso on a DSL line. I know I could go for the model with the ethernet WAN port and use the magnet modem with NAT and DHCP turned off but then I would loose this aspect of the setup, and that would be one more device I had to manage.

Would set up on a magnet ADSL line be similar to the config we see with the eircom line?

Where is good to buy these 800 series routers?

Alun

DjDangerousDave wrote: »

Would set up on a magnet ADSL line be similar to the config we see with the eircom line?

I don't know Magnet's setup, but pretty much, I'd imagine, with maybe different pvc values, and a different userid/password.

Where is good to buy these 800 series routers?

I actually got mine second-hand via adverts.ie, as they're pretty expensive new, but you could try ebay .. I've seen a few on there.

DjDangerousDave

Alun wrote: »

I don't know Magnet's setup, but pretty much, I'd imagine, with maybe different pvc values, and a different userid/password.

I actually got mine second-hand via adverts.ie, as they're pretty expensive new, but you could try ebay .. I've seen a few on there.

Do you mind if I ask how much you paid?

Alun

DjDangerousDave wrote: »

Do you mind if I ask how much you paid?

Very good question, it was a while ago ... about €200 I think.

DjDangerousDave

DjDangerousDave wrote: »

Can you post the final configuration that was used to successfully connect to eircom?

I am thinking about getting one of these devices and setting up something with magnet business broadband as they can give out static IP's on request and will not charge extra for them. I see the 7.6 Meg package from eircom is charging 50 Euro to assign a single static IP.

Would you recommend the 877 now that you have spent some time in its configuration?

Regards,

Dave.

Yeah they are pretty good when you do get them configured.

They are very powerful and slot nicely in with ciscos other kit. We get them because they do the site to site VPN with our ASA.

I do a fair bit of stuff on catalyst switches and other cisco routers but it is still trickey enough to get the 877 going when I wasn't familiar with them, its been a while since I sat studied for my CCNA!

Defiantly not a box for someone that hasn't got a good working knowledge of the cisco IOS. And probably overkill for home use!

Droimeanach

I am looking to replace an existing netgear adsl router with a cisco 877

My config is

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
--More-- interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description Internallink
ip address 10.252.90.3 255.255.255.0
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname eircom
ppp chap password 7 15101903052E292526376462
--More-- !
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

results of debug

*Mar 8 17:56:34.709: %LINK-3-UPDOWN: Interface ATM0, changed state to up
*Mar 8 17:56:35.709: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up
*Mar 8 17:56:39.942: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Mar 8 17:56:39.942: Vi1 PPP: Using dialer call direction
*Mar 8 17:56:39.942: Vi1 PPP: Treating connection as a callout
*Mar 8 17:56:39.942: Vi1 PPP: Session handle[61000011] Session id[0]
*Mar 8 17:56:39.942: Vi1 PPP: Authorization required
*Mar 8 17:56:39.942: Vi1 PPP: No remote authentication for call-out
*Mar 8 17:56:39.946: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Mar 8 17:56:40.422: Vi1 PPP: No authorization without authentication
*Mar 8 17:56:40.470: Vi1 CHAP: I CHALLENGE id 255 len 30 from "srl2.bras"
*Mar 8 17:56:40.470: Vi1 CHAP: Using hostname from interface CHAP
*Mar 8 17:56:40.474: Vi1 CHAP: Using password from interface CHAP
*Mar 8 17:56:40.474: Vi1 CHAP: O RESPONSE id 255 len 27 from "eircom"
*Mar 8 17:56:40.734: Vi1 CHAP: I SUCCESS id 255 len 4
*Mar 8 17:56:41.734: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
% Incomplete command.


*Mar 8 17:57:03.353: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Mar 8 17:57:04.341: %LINK-3-UPDOWN: Interface FastEthernet3, changed state to up
*Mar 8 17:57:05.341: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to up

I connected a laptop to fa3 but i still can't get on to the internet. Any ideas how to resolve this.