Problem connecting to net via Cisco 800 series 2

[sgmiller]

Hi,

I am very new to all of this but wondered if you could help with some basic pointers as to where I have went wrong with my config.

My config allows me to ping the router IP i.e. 192.168.0.1 but not anything beyond.

When I telnet to the router, I can ping all connected devices but not anything on the net e.g. my ISP dns servers.

My dsl config seems to be correct as I am connected to my ISP and authenticated.

Any and all assistance most gratefully received.

My config is below:

Current configuration : 2024 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname testcisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$T./j$nvxrD2xSggBG66p4Fu3Be0
enable password ********
!
no aaa new-model
!
!
dot11 syslog
no ip routing
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool DHCP-POOL
network 192.168.0.0 255.255.255.0
dns-server 212.20.226.130 212.20.226.194
default-router 192.168.0.1 255.255.255.0
domain-name ******.***
lease 0 1
update arp
!
!
ip domain name ******.***
ip name-server 212.20.226.130
ip name-server 212.20.226.194
!
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
username root password 0 ********!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
description adsl interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
no shutdown
!
dsl operating-mode auto
dsl enable-training-log
hold-queue 224 in
!
interface ATM0.1 point-to-point
no ip route-cache
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
no shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 2
no cdp enable
ppp authentication chap callin
ppp chap hostname *******************
ppp chap password 0 **********
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ********
login
!

 

[burtsbees]

dialer-group 2

Make it dialer group 1.

Also, post a sh int di1 and sh ip route, as well as sh ip int bri. I am very tired right now, but it looks like right off top the dialer and that the ATM info needs to be on the subinterface (PVC, dsl operating mode auto, etc.). If you were authenticated, then we should see LCP open. You are also missing IPCP info on the dialer.

/

 

[sgmiller]

Hi, and thanks for the reply.

I have altered the config and have managed to at least get the router to be able to ping out e.g.

http://www.google.co.uk

I still cannot browse the net from a PC connected to the router, even though it does get an IP.

My new config is below. I have also included the other info that you asked for.

Thanks for looking:

Current router config:

-----------------------------------------------------------
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname testcisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password ********
!
no aaa new-model
!
!
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool DHCP-POOL
network 192.168.0.0 255.255.255.0
dns-server 212.20.226.130 212.20.226.194
default-router 192.168.0.1 255.255.255.0
domain-name lumison.net
lease 0 1
update arp
!
!
ip domain name lumison.net
ip name-server 212.20.226.130
ip name-server 212.20.226.194
ip name-server 212.20.226.131
login on-failure log
login on-success log
!
!
!
username root password 0 ********
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
description Connection to ADSL
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description Connection to LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname *************************
ppp chap password 0 *********
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
no cdp run
!
!
!
control-plane
!
banner login ^C-----------------








UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.

**test config, not to be used live until access lists updated**


-----------------^C
!
line con 0
session-timeout 10
privilege level 15
password ********
logging synchronous
login
no modem enable
line aux 0
line vty 0 4
session-timeout 10
access-class 2 in
privilege level 15
password ********
logging synchronous
login
transport input telnet
!
scheduler max-task-time 5000
ntp server 212.20.226.229 source Dialer1
end
------------------------------------------------------------
testcisco#sh int di1
Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 84.19.236.129/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:17:40
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3726 packets input, 185567 bytes
4188 packets output, 276720 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 288 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoATM vaccess, cloned from Dialer1
Vaccess status 0x44
Bound to ATM0 VCD: 1, VPI: 0, VCI: 38, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di1 (Encapsulation PPP)
Last input 00:00:52, output never, output hang never
Last clearing of "show interface" counters 00:17:09
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3734 packets input, 185691 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4198 packets output, 277468 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
------------------------------------------------------------
testcisco#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

84.0.0.0/32 is subnetted, 1 subnets
C 84.19.236.129 is directly connected, Dialer1
C 192.168.0.0/24 is directly connected, Vlan1
193.29.223.0/32 is subnetted, 1 subnets
C 193.29.223.169 is directly connected, Dialer1
S* 0.0.0.0/0 is directly connected, Dialer1
------------------------------------------------------------
testcisco#sh ip int bri
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset up up

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up down

ATM0 unassigned YES manual up up

Vlan1 192.168.0.1 YES manual up up

NVI0 192.168.0.1 YES unset up up

Dialer1 84.19.236.129 YES IPCP up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access2 unassigned YES unset up up
------------------------------------------------------------

 

[burtsbees]

int di1
ppp ipcp dns request
ppp ipcp wins request

Try that. What is connected to fa2 and fa3> Can the pc ping the router? Post an ipconfig /all (Windoze) or a cat /proc/meminfo...

/

 

[burtsbees]

Crap---I meant if it is UNIX/Linux, then please post an ifconfig -a, not cat /proc/meminfo. Sorry

/

 

[sgmiller]

Nothing connected to fa2 and fa3.

PC can ping the router but not the outside world.

Will post other info once I have tried what you suggest.

 

[sgmiller]

still nothing after adding what you suggested:

Ethernet adapter ADSL Connection:

Connection-specific DNS Suffix . : lumison.net
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

C:\Documents and Settings\Administrator.SUPPORT-TEST-PC>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : testpc
Primary Dns Suffix . . . . . . . : test.domain.lumison.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : test.domain.lumison.net
lumison.net
domain.lumison.net
lumison.net

Ethernet adapter ADSL Connection:

Connection-specific DNS Suffix . : lumison.net
Description . . . . . . . . . . . : Intel(R) PRO/100 S Desktop Adapter
Physical Address. . . . . . . . . : 00-0E-0C-58-E3-40
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 212.20.226.130
212.20.226.194
Lease Obtained. . . . . . . . . . : 17 May 2009 21:38:45
Lease Expires . . . . . . . . . . : 17 May 2009 22:38:45

 

[Minue]

Hello
Try to ping the DNS server ip address "212.20.226.130".Also post a "show ip nat translation"

Regards

 

[unclerico]

Where's access-list 1??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[sgmiller]

I removed access list 1 as I assumed that by doing so, I allowed all traffic in an out.

 

[silverhairb]

I thought the default for access is deny all. (Might not be correct.)

[the other] Bill

 

[unclerico]

your statement:

ip nat inside source list 1 interface Dialer1 overload

will perform NAT only on networks specified in ACL 1. No ACL 1, no NAT

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[sgmiller]

Hi unclerico,

OK, I will try with access list. Can you confirm that no access list is deny by default?

I think that I have not had the following in a config together:

ip nat inside source list 1 interface Dialer1 overload

&

access-list 1 permit 192.168.0.1 255.255.255.0

I can't try till Thursday though but will let you know how I got on. Thnx for the advice so far.

 

[unclerico]

yes, just make sure that your ACL is written as
access-list 1 permit 192.168.0.0 0.0.0.255

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

Whoopsie...told ya I was tired...

Uncle---how long were you sitting on the sidelines laughing?

/

 

[sgmiller]

All fixed,

I went back to work this evening and ensured that I had bot lines in, including the access list and hey presto, all fixed.

Many thanks for the help and advice.

 

[unclerico]

burt, I would never...well yeah I would :-D and hey it wasn't that long lol...sgmiller, glad you got it working.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

R-i-i-i-i-g-g-g-h-h-h-t-t-t, Uncle...lol

Bill---there is an implicit deny at the end of any EXISTING access-lists. An acl filters traffic by going down the list UNTIL A MATCH IS MADE. Is there a way to do bold text?lol

If there is not a "permit ip any any", then no match for that rule will be made. By acl law, the packet is dropped if no match is made.

Everyone else

An access-list is not only for filtering traffic through the router, per se, but to be a reference for route maps, NAT (in this case), subnetting/supernetting to lower the routing table load, etc.

/