1751 intermittent problems with Linux clients

John Willis · ‎07-21-2013

Hello all,

I've been beating my brain over a problem with my Cisco 1751. It serves as my ADSL modem and external router for my network.

The problem is this:

Windows and Mac OS X machines can consistently access Internet sites through it, as well as being able to telnet to it. Linux machines (and other non-Windows, non-Mac OS X machines) have an intermittent problem where they can always receive ping responses from the 1751, but not telnet to it or access Internet sites through it. Sometimes, a Linux machine will have Internet access through it, and then seem to randomly lose it, and sometimes, Linux machines will take 20-30 minutes to be able to access the Internet through it, just by letting them sit there. The problem affects Ubuntu 12.04, CentOS 5, CentOS 6, Slackware 13.37, NetBSD, and OS/2 Warp. Have had no such problem with Windows 7.

The problem seems to affect freshly-installed Ubuntu 12.04 and CentOS 5/6 machines, as well as those that have been customized, whether running on bare hardware or as Xen guests.

Here's the output of "show hardware" in enable mode:

Cisco Internetwork Operating System Software

IOS (tm) C1700 Software (C1700-SY7-M), Version 12.3(9), RELEASE SOFTWARE (fc2)

Compiled Fri 14-May-04 15:39 by dchih

Image text-base: 0x80008120, data-base: 0x80DDF300

ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)

CLOGIC_ERTR uptime is 19 minutes

System returned to ROM by reload at 22:23:19 UTC Sun Jul 14 2013

System restarted at 13:27:05 UTC Sun Jul 14 2013

System image file is "flash:c1700-sy7-mz.123-9.bin"

cisco 1751-V (MPC860P) processor (revision 0x600) with 82402K/15902K bytes of memory.

Processor board ID FOC09303CCA (3736323519), with hardware revision 0000

MPC860P processor: part number 5, mask 2

Bridging software.

X.25 software, Version 3.0.0.

1 FastEthernet/IEEE 802.3 interface(s)

1 ATM network interface(s)

32K bytes of non-volatile configuration memory.

32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Here's the output of "sh conf", also in enable mode:

Using 6801 out of 29688 bytes

!

! Last configuration change at 05:20:29 UTC Sun May 19 2013

! NVRAM config last updated at 05:20:43 UTC Sun May 19 2013

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CLOGIC_ERTR

!

boot-start-marker

boot system flash:c1700-sy7-mz.124-1a.bin

boot-end-marker

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

no ip subnet-zero

!

no ip cef

!

interface ATM0/0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/32

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip nat inside

no ip mroute-cache

speed auto

full-duplex

!

interface Dialer0

ip address 216.223.236.81 255.255.255.240

ip access-group 101 in

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxx@xxxxxx.com

ppp chap password 0 xxxxxxxx

ppp pap sent-username xxxxxx@xxxxxx.com password 0 xxxxxxxx

!

router rip

version 2

redistribute static

network 10.0.0.0

default-metric 2

!

ip nat inside source list 5 interface Dialer0 overload

ip nat inside source static tcp <inside-address> 22 <outside-address> 22 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

!

access-list 5 permit any

dialer-list 1 protocol ip permit

!

snmp-server community logicnet RO

snmp-server enable traps tty

banner motd ^C

^C

!

line con 0

line aux 0

line vty 0 4

password xxxxxxx

login

!

end

There is a WIC-1ADSL in the chassis (ATM0/0) as well as the built-in Ethernet port.

Any ideas or pointers?

Thanks much in advance,

jpw

Peter Paluch · ‎07-21-2013

Hi John,

A number of very quick suggestions:

- Activate CEF using the "ip cef" global config command

- Remove the "ip access-group 101 in" from your Dialer interface. You do not have the ACL 101 currently created at all.

- Replace the ACL 5 with the following definition:

access-list 5 permit 10.0.0.0 0.255.255.255

Using "permit any" style of ACLs is not supported with NAT.

Then please check the connectivity again and let us know. In any case please post your complete updated configuration. Thank you!

Best regards,
Peter

Sent from Cisco Technical Support iPad App

John Willis · ‎07-21-2013

Thanks much!

I've updated the configuration as you suggested:

Using 6793 out of 29688 bytes

!

! Last configuration change at 14:19:15 UTC Sun Jul 14 2013

! NVRAM config last updated at 14:19:29 UTC Sun Jul 14 2013

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CLOGIC_ERTR

!

boot-start-marker

boot system flash:c1700-sy7-mz.124-1a.bin

boot-end-marker

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

no ip subnet-zero

!

ip cef

!

interface ATM0/0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/32

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip nat inside

no ip mroute-cache

speed auto

full-duplex

!

interface Dialer0

ip address 216.223.236.81 255.255.255.240

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxxxxxxxxxxx

ppp chap password 0 xxxxxxxxx

ppp pap sent-username xxxxxxxxx password 0 xxxxxxx

!

router rip

version 2

redistribute static

network 10.0.0.0

default-metric 2

!

ip nat inside source list 5 interface Dialer0 overload

ip nat inside source static tcp x.x.x.x 22 x.x.x.x 22 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

!

access-list 5 permit 10.0.0.0 0.255.255.255

dialer-list 1 protocol ip permit

!

snmp-server community logicnet RO

snmp-server enable traps tty

banner motd ^C

^C

!

line con 0

line aux 0

line vty 0 4

password xxxxx

login

!

end

No change in connectivity, however.

thomas.g.fan · ‎07-21-2013

How are your clients with different os get their IP address? Is there a DHCP server? Since only Linux machines have this problem then my first thought is maybe there is something wrong with your linux machines' DNS server configuration. You can run below commands in your Linux boxes to verify connectivity:

cat /etc/resolv.conf

nslookup kernel.org

traceroute -n 8.8.8.8

John Willis · ‎07-21-2013

There is indeed a DHCP server; it's a 1750 with the following hardware config:

Cisco Internetwork Operating System Software

IOS (tm) C1700 Software (C1700-SY-M), Version 12.1(27b), RELEASE SOFTWARE (fc1)

Compiled Tue 16-Aug-05 17:53 by pwade

Image text-base: 0x80008088, data-base: 0x807A9370

ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)

CLOGIC_IRTR uptime is 12 weeks, 6 days, 14 hours, 23 minutes

System returned to ROM by power-on

System image file is "flash:/Others/c1700/c1700-sy-mz.121-27b.bin"

cisco 1750 (MPC860) processor (revision 0x501) with 14746K/1638K bytes of memory.

Processor board ID JAD04170BDA (1888069924), with hardware revision 0000

M860 processor: part number 0, mask 32

Bridging software.

X.25 software, Version 3.0.0.

1 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

4096K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

And with the following startup-config:

Using 2820 out of 29688 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname XXXXXXXXXXX

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

enable password xxxxxxxxx

!

clock timezone MST -7

clock summer-time MDT recurring

ip subnet-zero

no ip routing

ip name-server 10.0.0.13

ip name-server 8.8.8.8

ip dhcp excluded-address 10.0.0.0 10.0.0.200

!

ip dhcp pool intdyn

network 10.0.0.0 255.0.0.0

domain-name xxxxxxxxx.com

dns-server 10.0.0.13 8.8.8.8

default-router 10.0.0.1

lease 7

!

ip dhcp pool dionysus

host xx.xx.xx.xx 255.0.0.0

hardware-address 0016.d4fa.e7ec

client-name dionysus

!

interface FastEthernet0

ip address 10.0.0.2 255.0.0.0

no ip route-cache

no ip mroute-cache

speed 100

full-duplex

no cdp enable

!

interface Dialer0

no ip address

pulse-time 0

no cdp enable

!

no ip classless

no ip http server

!

no cdp run

snmp-server community logicnet RO

banner motd ^C

^C

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxxxx

login

!

end

There is also a switch with the following hardware config:

Cisco Internetwork Operating System Software

IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC7, RELEASE SOFTWARE (fc1)

Compiled Wed 05-Mar-03 10:26 by antonino

Image text-base: 0x00003000, data-base: 0x0034DEE8

ROM: Bootstrap program is C2900XL boot loader

CLOGIC_SW01 uptime is 6 days, 22 hours, 9 minutes

System returned to ROM by power-on

System image file is "flash:c2900xl-c3h2s-mz.120-5.WC7.bin"

cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.

Processor board ID FAB0509P180, with hardware revision 0x01

Last reset from power-on

Processor is running Enterprise Edition Software

Cluster command switch capable

Cluster member switch capable

24 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:05:5E:4B:F9:C0

Motherboard assembly number: 73-3382-08

Power supply part number: 34-0834-01

Motherboard serial number: FAB050931NQ

Power supply serial number: PHI043806B2

Model revision number: A0

Motherboard revision number: C0

Model number: WS-C2924-XL-EN

System serial number: FAB0509P180

Configuration register is 0xF

and the following startup-config:

Using 2398 out of 32768 bytes

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CLOGIC_SW01

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

ip subnet-zero

ip name-server 10.0.0.13

ip name-server 8.8.8.8

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

switchport access vlan 2

!

interface FastEthernet0/18

switchport access vlan 2

!

interface FastEthernet0/19

switchport access vlan 2

!

interface FastEthernet0/20

switchport access vlan 2

!

interface FastEthernet0/21

switchport access vlan 2

!

interface FastEthernet0/22

switchport access vlan 2

!

interface FastEthernet0/23

switchport access vlan 2

!

interface FastEthernet0/24

switchport access vlan 2

!

interface VLAN1

ip address 10.0.0.3 255.0.0.0

no ip directed-broadcast

no ip route-cache

!

ip default-gateway 10.0.0.1

snmp-server engineID local 00000009020000508047B300

snmp-server community private RW

snmp-server community public RO

banner motd ^C

^C

!

line con 0

exec-timeout 0 0

transport input none

stopbits 1

line vty 0 4

password xxxxxxx

login

line vty 5 15

password xxxxxxxx

login

!

end

On the switch, nothing is plugged into the ports that are configured for VLAN 2.

Linux machines are getting the 10.0.0.13 and 8.8.8.8 DNS servers correctly setup in /etc/resolv.conf, however,

when the problem happens, DNS requests don't get out at all, and all traceroutes stop at the default gateway (which is the 1751 from the original post).

There is another problem on my network, which I doubt is related... WiFi devices often don't get an address at all (that's through a WAP54G running DD-WRT with its internal DHCP server disabled).

thomas.g.fan · ‎07-21-2013

that is really weird only Linux boxes' traceroutes stop at the default gateway when the problem happens. i'm out of idea but traceroute results (and their IP address) from both machines that can and can't traceroute to Internet may still helps.

i'm not familiar with the famous DD-WRT router but can devices connect to this wireless router access Internet with manually configured IP?

johnlloyd_13 · ‎07-21-2013

hi,

it could be an internal DNS setup issue.

kindly post nslookup output both from your linux and windows/mac machines to compare it.