Weird problem.

[nettech101]

Hi Folks. I just setup a 1605R for PPPOE, and Im seeing some weird stuff. Mainly I can't get to most internet sites that I use to be able too. Some are even hit and miss, where they might come up, or not at all. I was lucky to get here. Other sites pop right up. I don't think it's anything in my config, but prob.

Can someone take a look, and see what you think. I've been playing around with it and can't get it. GRRRRRRRRRR....

Heres the config. Thanks for any help.

Gatekeeper#sh conf
Using 1811 out of 7506 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gatekeeper
!
boot-start-marker
boot system flash c1600-nosy-mz.123-16.bin
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxx.
enable password 7 xxxxxxxxxxxxxxx
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.0.0.5
!
ip dhcp pool dhcp
network 10.0.0.0 255.0.0.0
default-router 10.0.0.5
dns-server 198.164.30.2
!
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
username xxxxxxxx password 7 xxxxxxxxxx
!
!
!
interface Ethernet0
description WAN
no ip address
ip nat outside
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1
description lan
ip address 10.0.0.5 255.0.0.0
ip nat inside
no ip mroute-cache
!
interface Dialer0
description PPPOE to xxxxxx
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username xxxxxxxx@xxxxxxxxx.net password 7 xxxxxxxxxx
!
router eigrp 1
network 10.0.0.0
auto-summary
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.0.5 80 interface Dialer0 80
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 105 deny ip 10.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 105 permit ip 10.0.0.0 0.0.0.255 any
access-list 120 permit tcp any any eq 1718
access-list 120 permit tcp any any eq www
dialer-list 1 protocol ip permit
!
route-map nonat permit 10
match ip address 105
!
!
line con 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxx
login local
!
end

Gatekeeper#

 

[nettech101]

OK, this is weird. I hope someone can shed some light on this.

Like I said in my previous post there are some web sites that I can't reach....If I connect to my work's vpn through the 1605R, I can reach those sites that I can't reach without the vpn connection. (scratching my head) Whats going on?

Anybody? Any ideas? Someone?

 

[NetworkGhost]

When you say "used to be able to" was this before you setup the router?

 

[nettech101]

yes

 

[NetworkGhost]

Are you using a proxy at all or anything in between the router and the client that is that is related to outgoing webtraffic?
Maybe DNS Servers dont have correct gateway anymore?

 

[nettech101]

No proxy.. just the client----Hub---1605r----DSL modem.

DNS is what I was thinking too, but I tried a few different ones, with the same result. Any other idea?

 

[watchguardmonkey]

route-map nonat permit 10
match ip address 105


whats this for? do you have a VPN to somewhere?

also have you the correct encap in the dialer int, ppp?

 

[nettech101]

some of that was just me playing around, trying diff things.

I've removed all my access-lists until I can figure this out.

I'll check on the encapsulation from my provider.

 

[watchguardmonkey]

also lose the eigrp, will paste up a config that should point you in he right direction, if you can confirm that this is just a simple connection via DSL to the internet?

 

[nettech101]

Yup it is just a simple (or it should be) connection. Just trying to get more then one pc on the internet at home.

Thanks for your help.

 

[watchguardmonkey]

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gatekeeper
!
boot-start-marker
boot system flash c1600-nosy-mz.123-16.bin
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxx.
enable password 7 xxxxxxxxxxxxxxx
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.0.0.5
!
ip dhcp pool dhcp
network 10.0.0.0 255.0.0.0
default-router 10.0.0.5
dns-server 198.164.30.2
!

!
!
username xxxxxxxx password 7 xxxxxxxxxx
!
!
!
interface Ethernet0
description WAN
no ip address
ip nat outside
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1
description lan
ip address 10.0.0.5 255.0.0.0
ip nat inside
no ip mroute-cache
!
interface Dialer0
description PPPOE to xxxxxx
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username xxxxxxxx@xxxxxxxxx.net password 7 xxxxxxxxxx
!
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
!
!
!
line con 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxx
login local
!
end

Gatekeeper#

 

[JOAMON]

Have you solved this yet??

Have you looked at the fact that this router is an old 10base-t ethernet router and that if connecting to a managed switch you need to lock the switch port into 10 half duplex as auto will cause all kinds of problems. Do a show interface ethernet1 and look for CRC errors. Also if you turn on terminal monitor when telnetted in you will probably see duplex mis-match error messages.

 

[nettech101]

Im at work right now, so, no I havn't tried yet.. I Did ensure that the ports are set to 10 half duplex. Thanks

 

[JOAMON]

I would still recommend doing a show interface and look at both interfaces error counters and see if there are problems there. Also issue terminal monitor when telnetted in and what for console messages that might also indicate a problem.

 

[nettech101]

Ok, i'll be sure to take a look, and let you know what I see.

 

[JOAMON]

What kind of device does E1 connect to?

Hub, unmanaged switch, managed switch?

 

[nettech101]

Ok I've tried the modified config. Same behaviour,weird..

Here's a copy of the interface stats:


Gatekeeper#sh inter
Dialer0 is up, line protocol is up (spoofing)
Hardware is Unknown
Description: PPPOE to xxxxxx
Internet address is xxx.xxx.xxx.xxx/32
MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi1
Last input never, output never, output hang never
Last clearing of "show interface" counters 2d07h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 1 packets/sec
153512 packets input, 96607067 bytes
137092 packets output, 15579540 bytes
Bound to:
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Listen: CDPCP
Open: IPCP
PPPoE vaccess, cloned from Dialer0
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di0 (Encapsulation PPP)
Last input 00:00:16, output never, output hang never
Last clearing of "show interface" counters 2d07h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
153524 packets input, 96608702 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
137105 packets output, 15579914 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Ethernet0 is up, line protocol is up
Hardware is QUICC Ethernet, address is 0001.96df.136c (bia 0001.96df.136c)
Description: WAN
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, Unknown Speed
ARP type: ARPA, ARP Timeout 04:00:00
Last input 1d06h, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
153530 packets input, 99679486 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
45 input errors, 5 CRC, 40 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
160439 packets output, 21452726 bytes, 0 underruns
0 output errors, 114 collisions, 5 interface resets
0 babbles, 0 late collision, 601 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Ethernet1 is up, line protocol is up
Hardware is QUICC Ethernet, address is 0001.96df.136d (bia 0001.96df.136d)
Description: lan
Internet address is 10.0.0.5/8
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, Unknown Speed
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:14, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
98685 packets input, 16412923 bytes, 0 no buffer
Received 4160 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
176663 packets output, 102114842 bytes, 0 underruns
5 output errors, 107 collisions, 8 interface resets
0 babbles, 0 late collision, 189 deferred
5 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Listen: CDPCP
Open: IPCP
PPPoE vaccess, cloned from Dialer0
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di0 (Encapsulation PPP)
Last input 00:00:39, output never, output hang never
Last clearing of "show interface" counters 2d07h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
153531 packets input, 96609268 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
137114 packets output, 15580194 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

 

[nettech101]

E1 is connected to an unmanaged switch.

 

[JOAMON]

I think the problem is the router itself. That old router is only capable of 10 half duplex. The unmanaged switch is attempting to auto negotiate and probably the DSL modem is fast ethernet as well. 10base-t ports really need to be either connected to an old hub of the same type or a managed switch with the port locked at 10 half. I have a 2611 router and its etherent ports are capable or 10 full duplex and when I connect to a managed switch in auto mode I have similiar problems until I lock the switch port at 10 full then everything syncs. Get yourself and old 10base-t hub and see if that helps. The output on the ethernet interfaces shows half duplex and speed unknown. Unknown is not good. May need to get a switch like the following to connect the DSL modem to the router:

http://cgi.ebay.com/Cisco-Catalyst-...ryZ51255QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

The uplink ports are fast ethernet and the others are 10base-t. Either that or look into a router like the 806, 831, or a 1720 with a Wic-1ADSL card.

 

[JOAMON]

The 806 and 831 routers I mentioned earlier are capable of 10 full duplex and still need to be connected to a managed switch.