Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 1801 - Only DNS requests getting through.

Status
Not open for further replies.
Roadstone

Roadstone

Technical User
Apr 24, 2002
24
GB
Hi all,

I'm trying to configure up a replacement DSL router for home. I have a Cisco 1801 which I have configured with 3 VLANS on the inside (from the config below, I am currently only expecting traffic from VLAN102 to traverse the firewall). That said, whilst PPP negotiation appears to complete successfully, and I am assigned an IP from the ISP, the only traffic that seems to get though are DNS requests to the ISP public name servers (I have a host on 192.168.3.10 and am using dig to make these requests. Wireshark dumps confirms this traffic flow). That said, when I try and establish TCP sessions, I see no see no SYN ACK responses coming back).

I will mention that the ISP in question is BT, since I have come across some other posts along similar lines where problems at the BT exchange were causing issues. That said, I suspect it might be something in my config.

Interestingly, if I disable the "ip nat outside" on the PPP interface and then ping that negotiated IP from the router, I get 0 successes. I am also unable to ping the route that is negotiated.

I would appreciate any feedback, as I have been staring at this problem all day.

Many thanks,

Rob

[tt]
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
logging console
!
aaa new-model
!
crypto pki trustpoint TP-self-signed-XXXXXXXXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXX
revocation-check none
rsakeypair TP-self-signed-XXXXXXXXXX
!
!
crypto pki certificate chain TP-self-signed-XXXXXXXXXX
certificate self-signed 01
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX
quit
dot11 syslog
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
username adminuser privilege 15 password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXX
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1
switchport access vlan 100
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
switchport access vlan 102
!
interface FastEthernet6
switchport access vlan 102
!
interface FastEthernet7
switchport access vlan 102
!
interface FastEthernet8
switchport access vlan 102
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan102
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
description External DSL Interface
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname XXXXXXXXXXXXXXX@btopenworld.com
ppp chap password 7 XXXXX
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=VLAN102
access-list 1 permit 192.168.3.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input ssh
!
end
[/tt]
 
Sort by date Sort by votes
Hey Rob,

Everything looks like it should work to me :)

You are seeing that you are pulling an IP to your dialer interface when running "sh ip int bri"?

From the router itself you can you successfully ping out and get a responses back from internet hosts?

what does "debug ip packet" show when you are attempting to get out?





Visit www.netwerkin.com
MCSE MCSA MCTS MCITP MCP CCNA CCA A+ N+
 
Upvote 0 Downvote
I was looking through routers I configured for PPPoA or PPPoE in the past and came across what was a working PPPoE configuration, it's very similar to your PPPoA config


vpdn enable
no vpdn logging
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0/0
ip address 192.168.254.1 255.255.255.0
ip nat inside
no ip mroute-cache
!
!
!
!
interface FastEthernet0/1
no ip address
pppoe enable
pppoe-client dial-pool-number 1
!
!
interface Dialer1
ip address negotiated
ip nat outside
ip mtu 1492
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication pap
ppp pap sent-username ***** password *****
!
!
dialer-list 1 protocol ip permit
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 dialer1
access-list 1 permit 192.168.254.0 0.0.0.255

 
Upvote 0 Downvote
Hi all,

Thanks for coming back to me. As you suggested there was nothing wrong with the config. After some debugging on the router, I noticed that PPPoA would successfully negotiated, but then keep re-negotiating ever few minutes. After a bit more searching around forums, I came across a couple of posts suggesting compatibility issues between the firmware of the 1801 ATM modem and certain types of DSLAM equipment. Whilst I have yet to contact Cisco to get an updated firmware for the ATM modem, I have tested the router on another DSL connection which terminates at a different exchange, and all works fine. Note, I did upgrade to the latest version of IOS as suggested in one post, but that did not resolve the issue.

Should I get anything conclusive back from Cisco, I will post details here.

Many thanks anyway,

Rob
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
226
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
211
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
206
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
210
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
267
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top