cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
643
Views
0
Helpful
10
Replies

1710 not passing http traffic

jimmyholloway
Level 1
Level 1

I have a single Windows 2003 client connected to a 1710 which is getting a dhcp address from Roadrunner through a cable modem. The client can ping the default gateway assigned to the 1710's outside interface (E0), and nslookup works fine,

but it cannot get to any websites. Maybe NAT is not setup properly? Thanks for any advice--my config is as follows:

router1#sh run

Building configuration...

Current configuration : 1467 bytes

!

version 12.2

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname router1

!

logging buffered 4096 debugging

enable secret xxx.

!

memory-size iomem 15

clock timezone CST -6

clock summer-time CDT recurring

ip subnet-zero

!

!

no ip domain-lookup

ip name-server 24.93.40.62

ip name-server 24.93.40.63

no ip dhcp conflict logging

!

ip audit notify log

ip audit po max-events 100

ip ssh time-out 120

ip ssh authentication-retries 3

ip dhcp-client network-discovery informs 2 discovers 2 period 15

!

!

!

!

interface Ethernet0

description outside_int

ip address dhcp

ip nat outside

full-duplex

no cdp enable

!

interface FastEthernet0

description inside_int

ip address 192.168.7.250 255.255.255.0

no ip proxy-arp

ip nat inside

speed auto

full-duplex

no cdp enable

!

ip nat inside source list 101 interface Ethernet0 overload

ip classless

no ip http server

ip pim bidir-enable

!

!

access-list 101 permit ip any any

no cdp run

!

snmp-server community public RO

banner login ^C

*** Unauthorized use of this system is prohibited. ***

*** Usage may be subject to security testing and monitoring, ***

*** and abuse is subject to criminal prosecution. ***

^C

!

line con 0

password xxxx

login

line aux 0

password xxx

login

line vty 0 4

access-class 2 in

password xxx

login

!

end

10 Replies 10

dbellaze
Level 4
Level 4

Configuration is all good except for the NAT access list. For NAT you do not want to just specify permit any for the source, because it will cause issues. You don't need to be exactly precise, but you want some IP values in there.

access-list 101 permit ip 192.168.7.0 0.0.0.255 any

Daniel

Thanks Daniel,

I replaced my access-list 101 with yours. No change though. I am wondering if some feature previously turned on when this 1710 was in service elsewhere in our network might be to blame...something not revealed by sh run?

You said that nslookup works fine so I'm not sure if this suggestion will have much effect, but can you go to a website by IP instead of domain?

Cisco is 198.133.219.25

This would indicate DNS issues, but if nslookup works I would say DNS is correct.

Daniel

I did try that--can't get to websites by IP either. So this seems to suggest no tcp traffic is passing. DNS definitely works.I'm using the ACL you suggested, which should allow this I believe. Thanks!

I probably should have mentioned this before.

What about pings? Are you able to ping web sites by name and IP?

It sounds like you are connecting to your ISP, but getting cut off before you make it to the internet.

If you are doing nslookup and using your ISP DNS servers then it will work w/out you ever having to get to the web.

Its possible that they could be assigning you an IP address that is not being allowed all the way through to the web.

Who is your ISP? If you do a traceroute to a website or anything on the internet does it always stop at a certain ip address? I would do a trace from your router and your PC.

router#trace 198.133.219.25

C:\tracert 198.133.219.25

This can help you to determine where the traffic is stopping so you can start to point fingers.

Also I know some ISPs have a registration page that you must go through before your able to actually get online.

Daniel

Daniel,

You are onto something, and I should have noticed! My ISP is Roadrunner in Austin TX-I am emailing via that connection right now, bypassing the router.

The router keeps getting a private IP (10.38.176.212) and sticking with that, so I guess that's why I can't get to websites, yet dns works...?

When connected directly to the cable modem, my PC first gets a 192.168.x.x private IP, then quickly gets reassigned a public address (currently 24.253.224.78). I monitor this using ipconfig /all repeatedly.

Traceroutes from the router and the router-connected PC don't always die at the same internet router, but depending on the target, they always time out after leaving *some* roadrunner router, e.g. pos5-0.austtxrdc-rtr6.texas.rr.com [24.93.33.97].

Seems the issue now is why Roadrunner's DHCP server won't behave with the 1710 the same way it does with my PCs. Is there a /release /renew command in IOS?

I've connected both of my PCs (and several others) to this cable modem and never have any problems getting to websites.

I've read posts claiming Roadrunner will provide no help with such issues, and their FAQs seem to confirm this.

Any ideas? I really appreciate all your help.

Jimmy

Jimmy,

Cable is a tricky technology. They can monitor by MAC what type of device you are plugging into there network.

What you can do is take the MAC address of your PC and configure it on the routers ethernet that connects to the cable modem.

mac-address xxxx.xxxx.xxxx

This should send the DHCP request using your PCs MAC. Alot of the time you have to do this on cable networks if you use a router.

Daniel

I set E0 to my PC's mac (00-B0-D0-C6-CF-1D), putting it in the format apparently required by IOS:

mac-address 00b0.d0c6.cf1d

I unplugged the cable modem for ~3 minutes before connecting it to the router. I did get a new dhcp lease, but still get a 10 net address. From the Client-ID below, looks like Roadrunner still knows it is a Cisco device:

router1#sh dhcp lease

Temp IP addr: 10.38.167.230 for peer on Interface: Ethernet0

Temp sub net mask: 255.255.224.0

DHCP Lease server: 24.93.41.130, state: 3 Bound

DHCP transaction id: 20BD

Lease: 3600 secs, Renewal: 1800 secs, Rebind: 3150 secs

Temp default-gateway addr: 10.38.160.1

Next timer fires after: 00:26:13

Retry count: 0 Client-ID: cisco-00b0.d0c6.cf1d-Et0

Thanks,

Jimmy

Jimmy,

You can put in this command and see if this makes a difference.

ip address dhcp client-id ethernet0 hostname jimmy

This will remove the Cisco hostname.

Daniel

Daniel,

I did as you suggested, and it did change the Client-id--see output below. No change as far as getting an IP other than 10.x.x.x, but I didn't leave the router connected for more than a 5 mins. Maybe I need to leave it connected for over 3600 secs?

Thanks,

Jimmy

router1#sh dhcp lea

Temp IP addr: 10.38.176.212 for peer on Interface: Ethernet0

Temp sub net mask: 255.255.224.0

DHCP Lease server: 24.93.41.130, state: 3 Bound

DHCP transaction id: 1150

Lease: 3600 secs, Renewal: 1800 secs, Rebind: 3150 secs

Temp default-gateway addr: 10.38.160.1

Next timer fires after: 00:24:20

Retry count: 0 Client-ID: 00b0.d0c6.cf1d

router1#sh dhcp serv

DHCP server: ANY (255.255.255.255)

Leases: 11

Offers: 11 Requests: 21 Acks: 11 Naks: 0

Declines: 0 Releases: 12 Bad: 0

DNS0: 24.93.40.62, DNS1: 24.93.40.63

Subnet: 255.255.224.0 DNS Domain: austin.rr.com

Review Cisco Networking for a $25 gift card