07-21-2013 03:22 PM - edited 03-04-2019 08:30 PM
Hello all,
I've been beating my brain over a problem with my Cisco 1751. It serves as my ADSL modem and external router for my network.
The problem is this:
Windows and Mac OS X machines can consistently access Internet sites through it, as well as being able to telnet to it. Linux machines (and other non-Windows, non-Mac OS X machines) have an intermittent problem where they can always receive ping responses from the 1751, but not telnet to it or access Internet sites through it. Sometimes, a Linux machine will have Internet access through it, and then seem to randomly lose it, and sometimes, Linux machines will take 20-30 minutes to be able to access the Internet through it, just by letting them sit there. The problem affects Ubuntu 12.04, CentOS 5, CentOS 6, Slackware 13.37, NetBSD, and OS/2 Warp. Have had no such problem with Windows 7.
The problem seems to affect freshly-installed Ubuntu 12.04 and CentOS 5/6 machines, as well as those that have been customized, whether running on bare hardware or as Xen guests.
Here's the output of "show hardware" in enable mode:
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SY7-M), Version 12.3(9), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 14-May-04 15:39 by dchih
Image text-base: 0x80008120, data-base: 0x80DDF300
ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
CLOGIC_ERTR uptime is 19 minutes
System returned to ROM by reload at 22:23:19 UTC Sun Jul 14 2013
System restarted at 13:27:05 UTC Sun Jul 14 2013
System image file is "flash:c1700-sy7-mz.123-9.bin"
cisco 1751-V (MPC860P) processor (revision 0x600) with 82402K/15902K bytes of memory.
Processor board ID FOC09303CCA (3736323519), with hardware revision 0000
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Here's the output of "sh conf", also in enable mode:
Using 6801 out of 29688 bytes
!
! Last configuration change at 05:20:29 UTC Sun May 19 2013
! NVRAM config last updated at 05:20:43 UTC Sun May 19 2013
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CLOGIC_ERTR
!
boot-start-marker
boot system flash:c1700-sy7-mz.124-1a.bin
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
no ip subnet-zero
!
!
!
no ip cef
!
!
!
!
interface ATM0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.0.0.0
ip nat inside
no ip mroute-cache
speed auto
full-duplex
!
interface Dialer0
ip address 216.223.236.81 255.255.255.240
ip access-group 101 in
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxx@xxxxxx.com
ppp chap password 0 xxxxxxxx
ppp pap sent-username xxxxxx@xxxxxx.com password 0 xxxxxxxx
!
router rip
version 2
redistribute static
network 10.0.0.0
default-metric 2
!
ip nat inside source list 5 interface Dialer0 overload
ip nat inside source static tcp <inside-address> 22 <outside-address> 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
access-list 5 permit any
dialer-list 1 protocol ip permit
!
snmp-server community logicnet RO
snmp-server enable traps tty
banner motd ^C
<my motd here>
^C
!
line con 0
line aux 0
line vty 0 4
password xxxxxxx
login
!
end
There is a WIC-1ADSL in the chassis (ATM0/0) as well as the built-in Ethernet port.
Any ideas or pointers?
Thanks much in advance,
jpw
07-21-2013 03:39 PM
Hi John,
A number of very quick suggestions:
- Activate CEF using the "ip cef" global config command
- Remove the "ip access-group 101 in" from your Dialer interface. You do not have the ACL 101 currently created at all.
- Replace the ACL 5 with the following definition:
access-list 5 permit 10.0.0.0 0.255.255.255
Using "permit any" style of ACLs is not supported with NAT.
Then please check the connectivity again and let us know. In any case please post your complete updated configuration. Thank you!
Best regards,
Peter
Sent from Cisco Technical Support iPad App
07-21-2013 03:56 PM
Thanks much!
I've updated the configuration as you suggested:
Using 6793 out of 29688 bytes
!
! Last configuration change at 14:19:15 UTC Sun Jul 14 2013
! NVRAM config last updated at 14:19:29 UTC Sun Jul 14 2013
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CLOGIC_ERTR
!
boot-start-marker
boot system flash:c1700-sy7-mz.124-1a.bin
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
no ip subnet-zero
!
!
!
ip cef
!
!
!
!
interface ATM0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.0.0.0
ip nat inside
no ip mroute-cache
speed auto
full-duplex
!
interface Dialer0
ip address 216.223.236.81 255.255.255.240
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxx
ppp pap sent-username xxxxxxxxx password 0 xxxxxxx
!
router rip
version 2
redistribute static
network 10.0.0.0
default-metric 2
!
ip nat inside source list 5 interface Dialer0 overload
ip nat inside source static tcp x.x.x.x 22 x.x.x.x 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
access-list 5 permit 10.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
!
snmp-server community logicnet RO
snmp-server enable traps tty
banner motd ^C
^C
!
line con 0
line aux 0
line vty 0 4
password xxxxx
login
!
end
No change in connectivity, however.
07-21-2013 06:35 PM
How are your clients with different os get their IP address? Is there a DHCP server? Since only Linux machines have this problem then my first thought is maybe there is something wrong with your linux machines' DNS server configuration. You can run below commands in your Linux boxes to verify connectivity:
cat /etc/resolv.conf
nslookup kernel.org
traceroute -n 8.8.8.8
07-21-2013 08:27 PM
There is indeed a DHCP server; it's a 1750 with the following hardware config:
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SY-M), Version 12.1(27b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Tue 16-Aug-05 17:53 by pwade
Image text-base: 0x80008088, data-base: 0x807A9370
ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
CLOGIC_IRTR uptime is 12 weeks, 6 days, 14 hours, 23 minutes
System returned to ROM by power-on
System image file is "flash:/Others/c1700/c1700-sy-mz.121-27b.bin"
cisco 1750 (MPC860) processor (revision 0x501) with 14746K/1638K bytes of memory.
Processor board ID JAD04170BDA (1888069924), with hardware revision 0000
M860 processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
And with the following startup-config:
Using 2820 out of 29688 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname XXXXXXXXXXX
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxx
!
!
!
!
!
clock timezone MST -7
clock summer-time MDT recurring
ip subnet-zero
no ip routing
ip name-server 10.0.0.13
ip name-server 8.8.8.8
ip dhcp excluded-address 10.0.0.0 10.0.0.200
!
ip dhcp pool intdyn
network 10.0.0.0 255.0.0.0
domain-name xxxxxxxxx.com
dns-server 10.0.0.13 8.8.8.8
default-router 10.0.0.1
lease 7
!
ip dhcp pool dionysus
host xx.xx.xx.xx 255.0.0.0
hardware-address 0016.d4fa.e7ec
client-name dionysus
!
!
!
!
interface FastEthernet0
ip address 10.0.0.2 255.0.0.0
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
no cdp enable
!
interface Dialer0
no ip address
pulse-time 0
no cdp enable
!
no ip classless
no ip http server
!
no cdp run
snmp-server community logicnet RO
banner motd ^C
^C
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxxxx
login
!
end
There is also a switch with the following hardware config:
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC7, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Wed 05-Mar-03 10:26 by antonino
Image text-base: 0x00003000, data-base: 0x0034DEE8
ROM: Bootstrap program is C2900XL boot loader
CLOGIC_SW01 uptime is 6 days, 22 hours, 9 minutes
System returned to ROM by power-on
System image file is "flash:c2900xl-c3h2s-mz.120-5.WC7.bin"
cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.
Processor board ID FAB0509P180, with hardware revision 0x01
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:05:5E:4B:F9:C0
Motherboard assembly number: 73-3382-08
Power supply part number: 34-0834-01
Motherboard serial number: FAB050931NQ
Power supply serial number: PHI043806B2
Model revision number: A0
Motherboard revision number: C0
Model number: WS-C2924-XL-EN
System serial number: FAB0509P180
Configuration register is 0xF
and the following startup-config:
Using 2398 out of 32768 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CLOGIC_SW01
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
ip subnet-zero
ip name-server 10.0.0.13
ip name-server 8.8.8.8
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
switchport access vlan 2
!
interface FastEthernet0/18
switchport access vlan 2
!
interface FastEthernet0/19
switchport access vlan 2
!
interface FastEthernet0/20
switchport access vlan 2
!
interface FastEthernet0/21
switchport access vlan 2
!
interface FastEthernet0/22
switchport access vlan 2
!
interface FastEthernet0/23
switchport access vlan 2
!
interface FastEthernet0/24
switchport access vlan 2
!
interface VLAN1
ip address 10.0.0.3 255.0.0.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.0.0.1
snmp-server engineID local 00000009020000508047B300
snmp-server community private RW
snmp-server community public RO
banner motd ^C
^C
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
password xxxxxxx
login
line vty 5 15
password xxxxxxxx
login
!
end
On the switch, nothing is plugged into the ports that are configured for VLAN 2.
Linux machines are getting the 10.0.0.13 and 8.8.8.8 DNS servers correctly setup in /etc/resolv.conf, however,
when the problem happens, DNS requests don't get out at all, and all traceroutes stop at the default gateway (which is the 1751 from the original post).
There is another problem on my network, which I doubt is related... WiFi devices often don't get an address at all (that's through a WAP54G running DD-WRT with its internal DHCP server disabled).
07-21-2013 08:52 PM
that is really weird only Linux boxes' traceroutes stop at the default gateway when the problem happens. i'm out of idea but traceroute results (and their IP address) from both machines that can and can't traceroute to Internet may still helps.
i'm not familiar with the famous DD-WRT router but can devices connect to this wireless router access Internet with manually configured IP?
07-21-2013 09:07 PM
hi,
it could be an internal DNS setup issue.
kindly post nslookup output both from your linux and windows/mac machines to compare it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide