Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1420
Views
10
Helpful
8
Replies

DNS (or DNS forwarding) on an AP (aironet 1100 series)

Go to solution
roncro
Level 3
Level 3

‎04-24-2021 04:24 PM

Hello,

 

I am configuring an AP to  'snif'  IP traffic from wireless IoT devices and trying to make DNS work

 

if I try to ping, for example google, from the AP, it works with the IP address itself,  but not the host/domain name, for example:

 

AP#ping 142.250.72.68

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.250.72.68, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 18/20/24 ms
AP#ping www.google.com
Translating "www.google.com"...domain server (192.168.1.1)
% Unrecognized host or address, or protocol not running.

 

the dns-server actually is 192.168.1.1    so is it "the protocol" not running?  and  how do I turn that on?

(also,  in the dhcp pool on the ap,  I did declare a dns server:

 

ip dhcp pool V-CELL
import all
host 192.168.67.37 255.255.255.0
client-identifier aaaa.bbbb.cccc.dd
default-router 192.168.67.1
dns-server 192.168.1.1
domain-name localdomain
option 42 ip 192.168.1.1

 

 

any ideas why 192.168.67.37 doesn't know where the DNS server is?

 

thanks,

 

Ron

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
roncro
Level 3
Level 3
In response to paul driver

‎04-26-2021 01:17 PM

 

apparently there was an issue with the RHEL firewall using the new nftables backend, rhel told me to switch  the backend back to iptables, and it woked like intended.

 

thanks!

 

Ron

View solution in original post

0 Helpful
8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-24-2021 05:37 PM - edited ‎04-24-2021 05:37 PM

Does the network(192.168.67.X)  know how to reach dns-server 192.168.1.1?

 

192.168.1.1 from this DNS Server are you able to reach ping goolgle.com? ( what is this 192.168.1.1 ) DNS Server or router ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
roncro
Level 3
Level 3
In response to balaji.bandi

‎04-24-2021 06:07 PM

192.168.1.1 is the 2951 router, that also acts as the DNS server.

I can ping 192.168.1.1 from the AP (the AP's ip address is 192.168.67.6), and I can also ping 192.168.1.1 from every host (192.168.67.x) that connects wirelessly to the AP, for example from 192.168.67.37  (and 192.168.67.37 can ping everything in the LAN and WAN,  if I use an IP address.)

 

I cannot do a "ping www.google.com"   BUT  if I get it's IP address   '142.250.72.36' for example,  I can ping that address from as well the AP as anything connected to it wirelessly.

 

So I guess the problem is that,  on the AP as well as anything connected to it,  the  host/domain names do not get resolved.  Although I did mention  the dns server is the DHCP pool, as well as on the AP.

 

Ron

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9

‎04-24-2021 06:30 PM

hi,

is this a standalone AP?

try configuring:

ip name-server 192.168.1.1
ip domain-lookup

0 Helpful

Go to solution
roncro
Level 3
Level 3
In response to johnlloyd_13

‎04-24-2021 06:36 PM

I am not sure what a "standalone AP" is/means,  but I believe so.

 

I already had the "ip name-server 192.168.1.1"

instead of the "ip domain lookup" I have "ip domain lookup source-interface FastEthernet0",  since it is connected through ethernet

 

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9

‎04-24-2021 07:28 PM

hi,

standalone AP means it's not being managed by a WLC.

since you've configured the said lines, i would assume it's standalone.

did you manage to ping the FQDN www.google.com?

if not, then check your DNS server (192.168.1.1) settings.

try to temporarily use google DNS 8.8.8.8 and see if you could ping www.google.com.

no ip name-server 192.168.1.1
ip name-server 8.8.8.8

Go to solution
roncro
Level 3
Level 3
In response to johnlloyd_13

‎04-26-2021 01:16 PM

apparently there was an issue with the RHEL firewall using the new nftables backend, rhel told me to switch  the backend back to iptables, and it woked like intended.

 

thanks!

 

Ron

0 Helpful

Go to solution
paul driver
VIP
VIP

‎04-25-2021 02:23 AM

Hello

Can you post the running config of the 2951 rtr please, is it enabled as a dns forwarder?

As for the AP, It look's like the AP resides on a different subnet than the local dns-server (2951), Also If the AP is not a dhcp client itself then you dont need to import any dhcp options in the dhcp scopes.

 

AP

ip dhcp pool V-CELL
no import all
no dns-server 192.168.1.1

dns-server 192.168.67.1


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
roncro
Level 3
Level 3
In response to paul driver

‎04-26-2021 01:17 PM

 

apparently there was an issue with the RHEL firewall using the new nftables backend, rhel told me to switch  the backend back to iptables, and it woked like intended.

 

thanks!

 

Ron

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card