• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Misconfig question Cisco Routing

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
trekky

trekky

Member
Joined
Oct 3, 2011
ok so im been staring at this config and I don't understand why its not working

ok here is my issue
my setting up my ADSL WIC to use for my home Wan Link
I followed this
http://www.cisco.com/c/en/us/suppor...ber-line-adsl/12964-wicadsl-pppoe-client.html

and the DSL part seems to work ok
but my clients both networks cant ping 8.8.8.8 while my router can
my setup is

PC > unconfig 3550 (just basic) > 1841 DSL router > Internet
now my clients can ping both F0/1 and F0/0 (coming from 192.168.254.x side)
but cant ping 8.8.8.8 (google public DNS)
im thinking it is something with Nat but not 100% sure
(Note my Router can ping 8.8.8.8)


Startup-config (censored passwords/usernames)
Building configuration...

Current configuration : 1688 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1-DSL
!
boot-start-marker
boot-end-marker
!
enable password (no of your business)
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
ip domain name (no of your business)
ip ssh version 2
vpdn enable
!
vpdn-group pppoe
!
!
!
!
username (no of your business) password (no of your business)
!
!
!
!
!
!
interface FastEthernet0/0
description HomeLan Interface
ip address 192.168.254.19 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0/0/0.1 point-to-point
no snmp trap link-status
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface Serial0/1/0
no ip address
shutdown
!
interface Dialer0
description ADSL WAN Interface
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication pap callin
ppp pap sent-username (no of your business) password (no of your business)
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.254.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
end
 
you think its my switch?
this config is on my 1841
my 3550 is just a "dumb" switch right now
no vlans no configs just switching
but I will give that try
 
Well if you can ping from the router console, then the connection is good. It has to be something with the way your interface is configured. I know if ip routing is disabled, ip route won't do anything and you would have to use ip default-network or ip default-gateway instead.

If you manually set a device on that range with the default gateway, can you ping out?
 
I tried plugging the PC right into the 1841 and it could ping
F0/0
F0/1
dialer 0
but client could not ping 8.8.8.8 or ISP
router can ping everything
im not sure why not
because id my DSL setting were wrong like password or authentication was wrong wouldn't I not be able to ping outside?

think it could be my ACL?
 
this is what im going to do
save the config to a TFTP server
and start from the beginning maybe I missed something
 
I found the what the issue was
the Username was wrong........ I contacted my ISP and they gave me a different one they what my modem uses and now it all works
 
and man the guy I talked to was a moron
I ask which Authentication they used and he told me you don't need Authentication for PPPoe.............. and it took him 5 mins (no joke) to reply my Authentication question...
 
trekky, traditionally DSL uses radius for PPP authentication, nevertheless, it appears they have removed it from your network.


if you dont need PPP take it off, and also experiment with changing your MTU on the dialer 0 to 1500 because you dont have that PPP overhead.


also, is it a HWIC-DSL or a Wic-adsl? you could try multiqueue on the HWIC-DSL card to improve performance a little.
 
I have a wic-Adsl on a 1841 running 15 code
I changed my config some
I am planning on changing some things like PAP to Chap
and you saying in a change MTU back to 1500 if will go faster?

! Last configuration change at 00:12:59 EST Fri Mar 28 2014
! NVRAM config last updated at 00:31:23 EST Fri Mar 28 2014
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1-DSL
!
boot-start-marker
boot-end-marker
!
enable password N/A
!
no aaa new-model
!
resource policy
!
clock timezone EST -5
clock summer-time EST recurring
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.254.1 192.168.254.50
!
ip dhcp pool HomeLan
network 192.168.254.0 255.255.255.0
default-router 192.168.254.1
dns-server 8.8.8.8
!
!
ip domain name N/A
ip ssh version 2
vpdn enable
!
!
!
!
username N/A password N/A
!
!
!
!
!
!
interface FastEthernet0/0
description Home Lan
ip address 192.168.254.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description FireWall
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
interface Dialer0
description ADSL WAN InterFace Frontier Configured
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1440
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username N/A password N/A
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
end
 
trekky said:
I have a wic-Adsl on a 1841 running 15 code
I changed my config some
I am planning on changing some things like PAP to Chap
and you saying in a change MTU back to 1500 if will go faster?

! Last configuration change at 00:12:59 EST Fri Mar 28 2014
! NVRAM config last updated at 00:31:23 EST Fri Mar 28 2014
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1-DSL
!
boot-start-marker
boot-end-marker
!
enable password N/A
!
no aaa new-model
!
resource policy
!
clock timezone EST -5
clock summer-time EST recurring
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.254.1 192.168.254.50
!
ip dhcp pool HomeLan
network 192.168.254.0 255.255.255.0
default-router 192.168.254.1
dns-server 8.8.8.8
!
!
ip domain name N/A
ip ssh version 2
vpdn enable
!
!
!
!
username N/A password N/A
!
!
!
!
!
!
interface FastEthernet0/0
description Home Lan
ip address 192.168.254.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description FireWall
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
interface Dialer0
description ADSL WAN InterFace Frontier Configured
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1440
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username N/A password N/A
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
end
Click to expand...





if PPP is not needed, you wont need to do encapsulation over GRE, which is what PPP does. it takes your packet and encapsulates it, which is why DSL users have to use a lower MTU in order to exchange packets with the DSLAM.


tweak it and see where you can get, you never know. the worst case you just tune it back. oh, and good to see your using route,dns, address commands on the dialer :)



here is mine, granted i have it a little tweaked


gangaskan#sh run
Building configuration...


Current configuration : 11535 bytes
!
! Last configuration change at 10:41:18 UTC Tue May 6 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname gangaskan
!
boot-start-marker
boot system flash:c2800nm-advipservicesk9-mz.151-4.M7.bin
boot-end-marker
!
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
enable password xxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool local
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
option 150 ip 172.21.0.10 172.21.2.10
dns-server 8.8.8.8 4.4.4.3
!
ip dhcp pool games
host 192.168.1.60 255.255.255.0
client-identifier xxxxxxxxxx
dns-server 8.8.8.8 4.4.4.3
default-router 192.168.1.1
!
!
!
no ip bootp server
ip domain name myftp.org
ip name-server 8.8.8.8
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp router-traffic timeout 3600
ip ddns update method ccp_ddns1
HTTP
add http://[email protected]/nic/update?hostname=<h>&myip=<a>
remove http://[email protected]/nic/update?hostname=<h>&myip=<a>
!
login block-for 30 attempts 10 within 5
ipv6 general-prefix MyPrefix 6rd Tunnel2
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-93888423
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-93888423
revocation-check none
rsakeypair TP-self-signed-93888423
!
!
crypto pki certificate chain TP-self-signed-93888423
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39333838 38343233 301E170D 31343031 31343032 30313034
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D393338 38383432
3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B291
1EFBDE88 6FD0DDC7 6EA13558 78E2342D BF10E8EB 422B478C 6CE558B3 4729EB73
2D6CC02F 37D68A7A A4356E93 BF5506B4 1697D818 D59085C6 6F34524A 257E8375
1724C936 64B43064 1915F812 6CDB9709 D0C774B9 EDE71068 54DB0120 F8565330
A3DD76E9 D4D031A1 C9D0F941 6783B3CF A49C5351 A664A63A 40E20CAC A1570203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14530DFD 823D7FA7 B0AF1A9C 862F33F1 D89813A7 4D301D06 03551D0E
04160414 530DFD82 3D7FA7B0 AF1A9C86 2F33F1D8 9813A74D 300D0609 2A864886
F70D0101 05050003 8181003E 99F06F49 0B2A9BD3 BA85183D 8BD3142A C17E518B
49711EFC 2FA50009 9DBE213E B0533A62 F33CF672 EB6DA364 AE2F1014 DB07B49D
E2EF545E 59EAA9E8 87370601 8E46C204 039338A5 AB2218CC FC5F52D7 9E51D1D6
4FCC76D2 9A72EE29 6A2DDEBA 66893A3B 12AB3309 74919CBE 28BF51AF A572E329
53E86F37 9C06DC22 E6F4BA
quit
!
!
license udi pid CISCO2821 sn FTX1445AH0T
username xxxxxx privilege 15 password 7 xxxxxxxxxxxx
!
redundancy
!
!
no ip ftp passive
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
connect acl 100
group tunnel1 key xxxxxxxxxxx
mode client
peer xxxxxxxxxxx
virtual-interface 1
username xxxxxxx password xxxxxxxx
xauth userid mode local
!
!
!
!
!
!
!
interface Tunnel2
no ip address
ip access-group BlockIN in
no ip redirects
ip mtu 1492
ipv6 address dhcp
ipv6 address autoconfig
ipv6 mtu 1472
tunnel source Dialer1
tunnel mode ipv6ip 6rd
tunnel 6rd prefix 2602::/24
tunnel 6rd br 205.171.2.64
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address dhcp
ipv6 address MyPrefix ::61:0:0:0:1/64
ipv6 enable
no mop enabled
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1 inside
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
atm ilmi-keepalive
ipv6 enable
hold-queue 240000 in
!
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 enable
snmp trap link-status
pvc 8/35
multiqueue
encapsulation aal5snap
protocol ip inarp
protocol ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
interface Dialer1
bandwidth inherit
ip ddns update ccp_ddns1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly in max-reassemblies 64
ip virtual-reassembly out max-reassemblies 64
encapsulation ppp
no ip route-cache
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxx
ppp chap password 7 xxxxxxx
ppp pap sent-username xxxxxxxx password 7 xxxxxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 192.168.1.50 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.1.45 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.45 443 interface Dialer1 443
ip nat inside source static udp 192.168.1.60 3074 interface Dialer1 3074
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 2
!
!
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 remark CCP_ACL Category=2
access-list 104 remark IPSec Rule
access-list 104 deny ip 192.168.1.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
ipv6 route 2602::/24 Tunnel2
ipv6 route ::/0 Tunnel2 2602:CD:AB02:4000::
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
snmp-server community L0ra!nNetM0n RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps adslline
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps vstack
snmp-server enable traps license
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bfd
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps firewall serverstatus
snmp-server enable traps ipmobile
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps mpls vpn
snmp-server enable traps voice
snmp-server enable traps dnis
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
exec-timeout 5 0
transport output telnet
line aux 0
exec-timeout 0 0
transport output telnet
line vty 0 4
access-class 10 in
transport input ssh
line vty 5 15
access-class 10 in
transport input ssh
!
scheduler allocate 20000 1000
end



granted, some of it i can maybe clean up. are you using centurylink by chance? i can assist you in setting up your IPV6 BR tunnel interface with what i have in my config :)
 
Last edited:
no im using frontier the Only ISP in the area that does not have a Data limit that is 10gb....

ya I will play around with my PPP and check to see if I can push a little more out of my 1.5mb internet
 
trekky said:
no im using frontier the Only ISP in the area that does not have a Data limit that is 10gb....

ya I will play around with my PPP and check to see if I can push a little more out of my 1.5mb internet
Click to expand...



doing some research, looks like you might be able to run dual stack instead of using a boarder router.





try this :)



on gloabl


ipv6 unicast-routing


interface dialer and ATM interface p2p (your pvc)
ipv6 enable
ipv6 address autoconfig

atm 0/0/0

ipv6 enable


all other interfaces us v6 enable and v6 autoconfig


ipv6 route ::/0 dialer 0



you might have to us a prefix on local for v6 to work also i'm not sure. after that, try doing a ping www.v6.facebook.com or ipv6.google.com
 
You must log in or register to reply here.

Similar threads

trekky
Port Forwarding Cisco IOS (Solved)
Replies
1
Views
847
trekky
trekky
gangaskan
config help
Replies
8
Views
2K
gangaskan
gangaskan
Dan0512
Help with static IP
Replies
5
Views
920
Dan0512
Dan0512
grubazaba
Why not Belkin Routers (7632) - long but worthy read for those interested or bored!
Replies
7
Views
2K
grubazaba
grubazaba
C
squidguard hates me
Replies
1
Views
6K
CougarSE
C
Back