03-06-2005 09:27 AM - edited 03-02-2019 10:01 PM
I have a single Windows 2003 client connected to a 1710 which is getting a dhcp address from Roadrunner through a cable modem. The client can ping the default gateway assigned to the 1710's outside interface (E0), and nslookup works fine,
but it cannot get to any websites. Maybe NAT is not setup properly? Thanks for any advice--my config is as follows:
router1#sh run
Building configuration...
Current configuration : 1467 bytes
!
version 12.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname router1
!
logging buffered 4096 debugging
enable secret xxx.
!
memory-size iomem 15
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
!
!
no ip domain-lookup
ip name-server 24.93.40.62
ip name-server 24.93.40.63
no ip dhcp conflict logging
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
ip dhcp-client network-discovery informs 2 discovers 2 period 15
!
!
!
!
interface Ethernet0
description outside_int
ip address dhcp
ip nat outside
full-duplex
no cdp enable
!
interface FastEthernet0
description inside_int
ip address 192.168.7.250 255.255.255.0
no ip proxy-arp
ip nat inside
speed auto
full-duplex
no cdp enable
!
ip nat inside source list 101 interface Ethernet0 overload
ip classless
no ip http server
ip pim bidir-enable
!
!
access-list 101 permit ip any any
no cdp run
!
snmp-server community public RO
banner login ^C
*** Unauthorized use of this system is prohibited. ***
*** Usage may be subject to security testing and monitoring, ***
*** and abuse is subject to criminal prosecution. ***
^C
!
line con 0
password xxxx
login
line aux 0
password xxx
login
line vty 0 4
access-class 2 in
password xxx
login
!
end
03-06-2005 10:00 PM
Configuration is all good except for the NAT access list. For NAT you do not want to just specify permit any for the source, because it will cause issues. You don't need to be exactly precise, but you want some IP values in there.
access-list 101 permit ip 192.168.7.0 0.0.0.255 any
Daniel
03-07-2005 05:03 AM
Thanks Daniel,
I replaced my access-list 101 with yours. No change though. I am wondering if some feature previously turned on when this 1710 was in service elsewhere in our network might be to blame...something not revealed by sh run?
03-07-2005 08:58 AM
You said that nslookup works fine so I'm not sure if this suggestion will have much effect, but can you go to a website by IP instead of domain?
Cisco is 198.133.219.25
This would indicate DNS issues, but if nslookup works I would say DNS is correct.
Daniel
03-07-2005 11:29 AM
I did try that--can't get to websites by IP either. So this seems to suggest no tcp traffic is passing. DNS definitely works.I'm using the ACL you suggested, which should allow this I believe. Thanks!
03-07-2005 12:34 PM
I probably should have mentioned this before.
What about pings? Are you able to ping web sites by name and IP?
It sounds like you are connecting to your ISP, but getting cut off before you make it to the internet.
If you are doing nslookup and using your ISP DNS servers then it will work w/out you ever having to get to the web.
Its possible that they could be assigning you an IP address that is not being allowed all the way through to the web.
Who is your ISP? If you do a traceroute to a website or anything on the internet does it always stop at a certain ip address? I would do a trace from your router and your PC.
router#trace 198.133.219.25
C:\tracert 198.133.219.25
This can help you to determine where the traffic is stopping so you can start to point fingers.
Also I know some ISPs have a registration page that you must go through before your able to actually get online.
Daniel
03-07-2005 07:40 PM
Daniel,
You are onto something, and I should have noticed! My ISP is Roadrunner in Austin TX-I am emailing via that connection right now, bypassing the router.
The router keeps getting a private IP (10.38.176.212) and sticking with that, so I guess that's why I can't get to websites, yet dns works...?
When connected directly to the cable modem, my PC first gets a 192.168.x.x private IP, then quickly gets reassigned a public address (currently 24.253.224.78). I monitor this using ipconfig /all repeatedly.
Traceroutes from the router and the router-connected PC don't always die at the same internet router, but depending on the target, they always time out after leaving *some* roadrunner router, e.g. pos5-0.austtxrdc-rtr6.texas.rr.com [24.93.33.97].
Seems the issue now is why Roadrunner's DHCP server won't behave with the 1710 the same way it does with my PCs. Is there a /release /renew command in IOS?
I've connected both of my PCs (and several others) to this cable modem and never have any problems getting to websites.
I've read posts claiming Roadrunner will provide no help with such issues, and their FAQs seem to confirm this.
Any ideas? I really appreciate all your help.
Jimmy
03-07-2005 09:42 PM
Jimmy,
Cable is a tricky technology. They can monitor by MAC what type of device you are plugging into there network.
What you can do is take the MAC address of your PC and configure it on the routers ethernet that connects to the cable modem.
mac-address xxxx.xxxx.xxxx
This should send the DHCP request using your PCs MAC. Alot of the time you have to do this on cable networks if you use a router.
Daniel
03-08-2005 06:03 AM
I set E0 to my PC's mac (00-B0-D0-C6-CF-1D), putting it in the format apparently required by IOS:
mac-address 00b0.d0c6.cf1d
I unplugged the cable modem for ~3 minutes before connecting it to the router. I did get a new dhcp lease, but still get a 10 net address. From the Client-ID below, looks like Roadrunner still knows it is a Cisco device:
router1#sh dhcp lease
Temp IP addr: 10.38.167.230 for peer on Interface: Ethernet0
Temp sub net mask: 255.255.224.0
DHCP Lease server: 24.93.41.130, state: 3 Bound
DHCP transaction id: 20BD
Lease: 3600 secs, Renewal: 1800 secs, Rebind: 3150 secs
Temp default-gateway addr: 10.38.160.1
Next timer fires after: 00:26:13
Retry count: 0 Client-ID: cisco-00b0.d0c6.cf1d-Et0
Thanks,
Jimmy
03-08-2005 07:50 AM
Jimmy,
You can put in this command and see if this makes a difference.
ip address dhcp client-id ethernet0 hostname jimmy
This will remove the Cisco hostname.
Daniel
03-08-2005 08:59 AM
Daniel,
I did as you suggested, and it did change the Client-id--see output below. No change as far as getting an IP other than 10.x.x.x, but I didn't leave the router connected for more than a 5 mins. Maybe I need to leave it connected for over 3600 secs?
Thanks,
Jimmy
router1#sh dhcp lea
Temp IP addr: 10.38.176.212 for peer on Interface: Ethernet0
Temp sub net mask: 255.255.224.0
DHCP Lease server: 24.93.41.130, state: 3 Bound
DHCP transaction id: 1150
Lease: 3600 secs, Renewal: 1800 secs, Rebind: 3150 secs
Temp default-gateway addr: 10.38.160.1
Next timer fires after: 00:24:20
Retry count: 0 Client-ID: 00b0.d0c6.cf1d
router1#sh dhcp serv
DHCP server: ANY (255.255.255.255)
Leases: 11
Offers: 11 Requests: 21 Acks: 11 Naks: 0
Declines: 0 Releases: 12 Bad: 0
DNS0: 24.93.40.62, DNS1: 24.93.40.63
Subnet: 255.255.224.0 DNS Domain: austin.rr.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide