Hello Alain,

hmmm - I don't share your optimism - what else do I want to troubleshoot?

I can't see that I have "internet connectivity" from router, because when I ping 8.8.8.8 it's till zero.

You must know much more than I do :-)

Nope, there's no connectivity to the internet from "inside" PC.

The Ethernet connection is up and running.

The WAN troubleshoorint report from CCP says "checking for DNS setting failed...".

Same story as before - I see no difference whatsoever.

This is the latest config:

= = = = = = = = = = = = = = = = = = = =

interface FastEthernet0

!

!

interface FastEthernet1

!

!

interface FastEthernet2

!

!

interface FastEthernet3

!

!

interface FastEthernet4

description $ES_WAN$$ETH-WAN$

no ip address

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1412

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$

ip address 192.168.21.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

interface Dialer0

ip address negotiated

ip mtu 1452

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname t-online-com/808100955910@t-online-com.de

ppp chap password 0 1234567

ppp pap sent-username t-online-com/808100955910@t-online-com.de password 0 1234567

no cdp enable

!

!

router rip

network 192.168.21.0

no auto-summary

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 1 interface FastEthernet4 overload

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.7

dialer-list 1 protocol ip permit

no cdp run

= = = = = = = = = = = = = = = = = = = =

dyndns = Dynamic DNS = it's set to active in the CCP menu.

I want to troubleshoot why the Cisco Router doesn't give me access to my Telekom DSL like any other "simple" router does????

Best, and mny thanks for your support!

Stefan

01-Oct

> I can ping Google's public DNS server @ 8.8.8.8 but not my providers IP. That's strange - eh???

Actually that's quite normal, ISP may want to protect its network from attacks, etc.

So, right now you are able to ping from the router but not from LAN, that means you have a NAT issue.

I see that you assigned NAT outside to Fa4, but in fact the L3 is assigned on the dialer.

Plus, in LAN you are using subnet 192.168.21.0 /24, but on ACL 1 you are allowing 10.10.10.0

I suggest to apply the following changes:

Router#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#

Router(config)#no ip nat inside source list 1 interface FastEthernet4 overload

Router(config)#

Router(config)#int fa4

Router(config-if)#no ip nat outside

Router(config-if)#interface Dialer0

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config)#

Router(config)#no access-list 1

Router(config)#access-list 1 permit 192.168.21.0 0.0.0.255

Router(config)#

Router(config)#ip nat inside source list 1 interface dialer0 overload

Router(config)#ip route 0.0.0.0 0.0.0.0 interface dialer 0

Router(config)#end

Router#wr

Hello Marco,

pls see the copy of the input attached.

All works fine, except for the last input line:

Router(config)#ip route 0.0.0.0 0.0.0.0 interface dialer 0

I get the error.

See yourself:

---------------------------------------------------------------------------------

Cisco880Router#config t

Enter configuration commands, one per line.  End with CNTL/Z.

Cisco880Router(config)#$nside list 1 inteface FastEthernet4 overload

                                        ^

% Invalid input detected at '^' marker.

Cisco880Router(config)#$nside list 1 interface FastEthernet4 overload

                                        ^

% Invalid input detected at '^' marker.

Cisco880Router(config)#$nside source list 1 interface FastEthernet4 overload

Cisco880Router(config)#int fa4

Cisco880Router(config-if)#no ip nat outside

Cisco880Router(config-if)#interface Dialer0

Cisco880Router(config-if)#ip nat outside

Cisco880Router(config-if)#interface Dialer0

Cisco880Router(config-if)#ip nat outside

Cisco880Router(config-if)#exit

Cisco880Router(config)#no access-list 1

Cisco880Router(config)#access-list 1 permit 192.168.21.0 0.0.0.255

Cisco880Router(config)#ip nat inside source list 1 interface dialer0 overload

Cisco880Router(config)#ip route 0.0.0.0 0.0.0.0 interface dialer0

                                                                        ^

% Invalid input detected at '^' marker.

Cisco880Router(config)#ip route 0.0.0.0 0.0.0.0 interface dialer0

                                                                        ^

% Invalid input detected at '^' marker.

Cisco880Router(config)#ip route 0.0.0.0 0.0.0.0 interface dialer0

                                                                        ^

% Invalid input detected at '^' marker.

Cisco880Router(config)#end

Cisco880Router#wr

Building configuration...

[OK]

Cisco880Router#

---------------------------------------------------------------------------------

The ^ is under the "i"of the interface

I see no typo error on my side.

???

Best

Stefan

Hi,

(config)# ip route 0.0.0.0 0.0.0.0 dialer0

Regards.

Alain.

Hi,

you want to ping outside addresses by name from th router ?

then issue these commands:

-config# ip domain lookup or ip domain-lookup

-config# ip name server 8.8.8.8

As of now remove your DDNS config which I think is not good.It's only use would be for you to contact your router by name from the internet and not by IP as you have a dynamic IP. Do you want to do this?

if not:

config# no ip ddns update method ccp_ddns1

Now if you want to contact internet IPs by name from your pc you must have this:

-config# ip dns server

and

config# ip dhcp pool ccp-pool1

            dns-server 192.168.21.1

on your pc: ipconfig/release then ipconfig/renew verify you have got the dns server as 192.168.21.1 with ipconfig/all then ping a name from command prompt and see if resolution is ok.

All this assuming NAT is ok and so IP connectivity from PC to internet is ok.

Regards.

Alain.

Hi again,

no, it does not work. I followed your inputs thoroughly.

Same error as before - DNS failure.

IP range is verified.

Per your input from some days ago, I am using "IP negotiated", not "Dynamic IP".

Also, I tried "dynamic IP" - does not work.

Any more ideas?

What is the real problem here? How come it's not possible to configure the router with 5 simple commands to fulfill whatever config Telekom DSL service needs. Why is this so complicated?

Best

Stefan

Here's the actual config file - after apllying the changes per your earlier email:

= = = = = = = = = = == = = = = = = = = = = = = == = = = =

ip source-route

!

!

ip dhcp excluded-address 192.168.21.100 192.168.21.254

!

ip dhcp pool ccp-pool1

   import all

   network 192.168.21.0 255.255.255.0

   default-router 192.168.21.1

   dns-server 192.168.21.1

!

!

ip cef

no ipv6 cef

!

!

multilink bundle-name authenticated

license udi pid CISCO881-SEC-K9 sn FCZ1514925F

!

!

!

shutdown vlan 3

username cp880admin privilege 15 secret 5 $1$ZAkn$1gqERgzCqu855sybC8E8J1

!

!

!

!

!

!

!

!

!

interface FastEthernet0

!

!

interface FastEthernet1

!

!

interface FastEthernet2

!

!

interface FastEthernet3

!

!

interface FastEthernet4

description $ES_WAN$$ETH-WAN$

no ip address

ip virtual-reassembly

ip tcp adjust-mss 1412

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$

ip address 192.168.21.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname t-online-com/0000000000@t-online-com.de

ppp chap password 0 12343567

ppp pap sent-username t-online-com/00000000@t-online-com.de password 0 1234567

no cdp enable

!

!

router rip

network 192.168.21.0

no auto-summary

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip dns server

ip nat inside source list 1 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 1 permit 192.168.21.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

Hi Stefan,

I don't see any of those 2 commands I told you above in your actual config.

-config# ip domain lookup or ip domain-lookup

-config# ip name server 8.8.8.8   edit : it's ip name-server 8.8.8.8

Furthermore I wouldn't focus on CCP messages but instead is your router able to ping www.google.com and is your PC capable od doing the same.if this is the case then you are ok to get internet connectivity.

Post the results of ping www.google.com from router and PC as well as ipconfig/all after you have released and renewed your DHCP lease.

Regards.

Alain.

Hi Alain & Marco,

it works!

I've implemented the chain of commands again as per above - and now it works.

I understand that I'm now using 8.8.8.8 as permanent DNS server, correct? (statically configured DNS server).

Normally, I'd expect I'd have to use Deutsche Telekom's static DNS server IP, which I don't know.

Is this correct?

Should I ask for Deutsche Telekom's static DNS server IP address and replace this IP with Google's?

I must admit that I don't understand all the commands you've given me to implement.

Here is the complete config set again for reference purpose:

= = = = = = = = = = = = = = = = = = = = = = = = = = = = =

ip source-route

!

!

ip dhcp excluded-address 192.168.21.100 192.168.21.254

!

ip dhcp pool ccp-pool1

   import all

   network 192.168.21.0 255.255.255.0

   default-router 192.168.21.1

   dns-server 192.168.21.1

!

!

ip cef

ip name-server 8.8.8.8

no ipv6 cef

!

!

multilink bundle-name authenticated

license udi pid CISCO881-SEC-K9 sn FCZ1514925F

!

!

!

shutdown vlan 3

username cp880admin privilege 15 secret 5 $1$ZAkn$1gqERgzCqu855sybC8E8J1

!

!

!

!

!

!

!

!

!

interface FastEthernet0

!

!

interface FastEthernet1

!

!

interface FastEthernet2

!

!

interface FastEthernet3

!

!

interface FastEthernet4

description $ES_WAN$$ETH-WAN$

no ip address

ip virtual-reassembly

ip tcp adjust-mss 1412

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$

ip address 192.168.21.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname t-online-com/000000000@t-online-com.de

ppp chap password 0 1234567

ppp pap sent-username t-online-com/0000000000@t-online-com.de password 0 1234567

no cdp enable

!

!

router rip

network 192.168.21.0

no auto-summary

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip dns server

ip nat inside source list 1 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 1 permit 192.168.21.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

= = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Thank for now.

Going for VDSL soon - hope this doesn't create the same kind of config problems.

Best regards,

Stefan

Hi,

You can use any public DNS, you can even enter more than 1. But if you want the one from your ISP you can ask them and they will give you the address then change it with the Google server.You can also decide not to give DNS servers to you PC via DHCP and configure the servers statically on the PC.You can also put the Google DNS server via DHCP to your PC and not use DNS anymore on your router, I think the best would be to get your ISP DNS server address and configure it under DHCP because what you've configured is your router as proxy-dns but as windows has a dns cache it isn't mandatory to configure as above.

Anyway as it is working this way you can leave it as so.

if you want infos about the commands just ask and we'll explain.

Don't forget to rate helpful posts and mark your thread as resolved.

Regards.

Alain.

Hello Alain,

OK, I understand.

1) In my currently used Router I can see that DT uses two different DNS's.

DNS 1 and DNS 2, both starting with 217.xxx.xxx.xxx. IP's.

I can also see the external IP address and the external Gateway and the Subnet. See below.

So following what you write above, I could use DNS 1 and DNS 2 for static DNS server address, correct?

How would the DNS 2 entry command(s) look like?

I don't like the idea of using Google's DNS as a proxy server.

2) "You can also decide not to give DNS servers to you PC via DHCP and  configure the servers statically on the PC.You can also put the Google  DNS server via DHCP to your PC and not use DNS anymore on your router,"

Well, this is what I've been trying to do from the vey beginning. See, these simple but easy to configure routers we've been using so far don't care abt any DNS entry. All one needs to do is configure "PPPoE", apply user_name and PW and that's it. The rest comes automatically, and this is what I've been trying to achieve with the Cisco 881 as well (but didn't work)...

The graphical user interface, the CCP, looks pretty useless to me.

I don't want to configure "servers statically on the PC side", since there are abt 12 PC's behind the Router and most of them use DHCP, that's it.

You get my point?

You can also put the Google  DNS server via DHCP to your PC and not use DNS anymore on your router, I don't understand this comment. Why? Because in the current (non-Cisco) router setup I am NOT specifying any DNS server at all, this happens automatically - I just don't know why because I lack the deeper understanding of the layer protocols.

If there's a way to configure the Cisco Router just with

- use PPPoE

- User and Password

- DHCP for the inside PC's ...

... I would be more than happy, because that's what I wanted in the 1st place.

Thanks again for your assistance - I will close and rate the ticket after your final reply.

Best regards,

Stefan

04-Oct

Thank you for this excellent support!

mny rgs

Stefan

13-Oct