04-04-2011 04:09 AM - edited 03-04-2019 11:58 AM
Hello,
i have a problem with a cisco 857-K9 router. We can access internet but if we ping a web server, every first ping fail but all others works...
I'm very new with cisco product, how can i fix it ?
Thank you very much
04-04-2011 04:21 AM
Sounds like the router is sending an ARP requests
confirm your ARP timeout values on the router - also check your default gateway config is correct.
HTH>
04-04-2011 04:30 AM
Thank you andrew, how can i check this ?
this router connect internet with orange by adsl in France with ip negociated.
Thank you very much
04-04-2011 04:29 AM
Just to add to Andrew's post -
what does your default-route look like ie.
ip route 0.0.0.0 0.0.0.0
or
ip route 0.0.0.0 0.0.0.0
If it's interface then you may well see the symptoms you are having. It would be better set to an IP address.
Jon
04-04-2011 04:31 AM
I can connect router by telnet but i don't know how to check this. I have made setup by wizard.
Thank you
04-04-2011 04:34 AM
post the output of "show ip route" and "show arp" when you telnet into the router.
04-04-2011 06:19 AM
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
193.253.231.0/32 is subnetted, 1 subnets
C 193.253.231.158 is directly connected, Dialer1
193.253.160.0/32 is subnetted, 1 subnets
C 193.253.160.3 is directly connected, Dialer1
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 is directly connected, Dialer1
And
Protocol Address Age (min) Hardware Addr Type Interf
Internet 192.168.1.1 149 0016.46b6.4241 ARPA Vlan1
Internet 192.168.1.3 0 0015.5d01.fa00 ARPA Vlan1
Internet 192.168.1.4 44 0014.c2c4.8d4c ARPA Vlan1
Internet 192.168.1.10 236 00e0.d80d.d125 ARPA Vlan1
Internet 192.168.1.11 0 001f.297f.c1c4 ARPA Vlan1
Internet 192.168.1.13 0 f4ce.4605.4512 ARPA Vlan1
Internet 192.168.1.15 9 0015.5d01.fa02 ARPA Vlan1
Internet 192.168.1.17 0 f4ce.4604.d15d ARPA Vlan1
Internet 192.168.1.18 12 0015.5d01.fa03 ARPA Vlan1
Internet 192.168.1.19 1 68b5.99f6.bfe3 ARPA Vlan1
Internet 192.168.1.20 1 0011.85f1.2dbb ARPA Vlan1
Internet 192.168.1.21 0 0015.5d01.fa04 ARPA Vlan1
Internet 192.168.1.22 185 0c60.7662.3e19 ARPA Vlan1
Internet 192.168.1.23 0 001c.f0f9.5606 ARPA Vlan1
Internet 192.168.1.25 178 0023.7dc6.1912 ARPA Vlan1
Internet 192.168.1.28 0 6431.5006.576d ARPA Vlan1
Internet 192.168.1.29 0 e02a.821d.93e2 ARPA Vlan1
Internet 192.168.1.30 9 00c0.ee1e.adf1 ARPA Vlan1
Internet 192.168.1.31 177 001e.2ae1.20c2 ARPA Vlan1
Internet 192.168.1.33 0 6c62.6d91.7084 ARPA Vlan1
Internet 192.168.1.38 155 001e.2ae1.22be ARPA Vlan1
Internet 192.168.1.39 2 000f.fe19.ec8f ARPA Vlan1
Internet 192.168.1.40 54 000f.fe1a.cee2 ARPA Vlan1
Internet 192.168.1.43 11 00c0.ee1e.8a8c ARPA Vlan1
Internet 192.168.1.44 1 001a.4b5a.ce30 ARPA Vlan1
Internet 192.168.1.45 14 0019.db75.0cc3 ARPA Vlan1
Internet 192.168.1.46 55 0019.db75.0cb4 ARPA Vlan1
Internet 192.168.1.48 193 0015.5d01.fa00 ARPA Vlan1
Internet 192.168.1.51 0 000f.fe18.cd3f ARPA Vlan1
Internet 192.168.1.54 256 6c62.6d91.7016 ARPA Vlan1
Internet 192.168.1.57 107 0023.8b3c.da3b ARPA Vlan1
Internet 192.168.1.58 5 0019.db76.1f74 ARPA Vlan1
Internet 192.168.1.59 1 0023.7dc6.190a ARPA Vlan1
Internet 192.168.1.60 6 0023.7dc6.1918 ARPA Vlan1
Internet 192.168.1.61 3 0023.7dc6.30e0 ARPA Vlan1
Internet 192.168.1.62 0 6c62.6d91.7016 ARPA Vlan1
Internet 192.168.1.64 122 001c.c4f4.ff65 ARPA Vlan1
Internet 192.168.1.65 6 001e.0b3d.fe15 ARPA Vlan1
Internet 192.168.1.67 80 000f.fe18.ccb1 ARPA Vlan1
Internet 192.168.1.68 16 001e.0b3e.7d0f ARPA Vlan1
Internet 192.168.1.69 114 000f.fe14.e7ac ARPA Vlan1
Internet 192.168.1.72 5 000f.fe18.a93f ARPA Vlan1
Internet 192.168.1.205 9 0000.aaa2.280f ARPA Vlan1
Internet 192.168.1.250 0 0026.551e.34e5 ARPA Vlan1
Internet 192.168.1.253 1 001a.4b4f.2213 ARPA Vlan1
Internet 192.168.1.254 - 8cb6.4fbb.eeb4 ARPA Vlan1
Thank you very much
04-04-2011 06:44 AM
OK - your issue is right there:-
S* 0.0.0.0/0 is directly connected, Dialer1
I am to assume that you are getting your IP address from your provider via either DHCP - so you will never really know what your next hop default gateway is going to be.
What you are seeing is normal for your setup.
HTH>
04-04-2011 10:17 AM
If the default route points to the dialer interface then the suggestion that the problem might relate to ARP for every destination is not the problem because there is no ARP on the dialer interface.
But I do wonder if a different form of the static default route might work better. I wonder what the result might be if the original poster would remove ip route 0.0.0.0 0.0.0.0 dialer1 and replace it with ip route 0.0.0.0 0.0.0.0 dhcp
HTH
Rick
04-04-2011 10:23 AM
Thank you Rick, Can you tell me the command to do this ?
04-04-2011 11:41 AM
Nicolas
It is a straightforward change. It would look something like this:
get into enable mode
configur term
ip route 0.0.0.0 0.0.0.0 dhcp
no ip route 0.0.0.0 0.0.0.0 dialer1
end
that would return you to privilege mode command prompt. Then do some testing to verify that you still have connectivity to the Internet. If it is working, especially if it is working better than before then save the changes using the command copy running startup
It that does not work you can return to the original by dong this
configur term
ip route 0.0.0.0 0.0.0.0 dialer1
no ip route 0.0.0.0 0.0.0.0 dhcp
end
Or worst case, if it is not working you can power cycle the router to return to the original setup.
HTH
Rick
04-04-2011 11:47 PM
Hello Rick
no luck, it does not work
here is my config
cisco#show config
Using 7156 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 10000
no logging console
enable secret 5 $1$W0RC$XXXX/
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3032259736
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3032259736
revocation-check none
rsakeypair TP-self-signed-3032259736
!
!
crypto pki certificate chain TP-self-signed-3032259736
certificate self-signed 01 nvram:IOS-Self-Sig#8.cer
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT101 cuseeme
ip inspect name DEFAULT101 ftp
ip inspect name DEFAULT101 h323
ip inspect name DEFAULT101 icmp
ip inspect name DEFAULT101 rcmd
ip inspect name DEFAULT101 realaudio
ip inspect name DEFAULT101 rtsp
ip inspect name DEFAULT101 esmtp
ip inspect name DEFAULT101 sqlnet
ip inspect name DEFAULT101 streamworks
ip inspect name DEFAULT101 tftp
ip inspect name DEFAULT101 tcp
ip inspect name DEFAULT101 udp
ip inspect name DEFAULT101 vdolive
no ip bootp server
ip domain name XXX.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
username admin privilege 15 secret 5 $1$Fx33$/XXX/
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.254 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no cdp enable
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip access-group 104 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect DEFAULT101 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname fti/xxxx@fti
ppp chap password 7 xxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.3 25 interface Dialer1 25
ip nat inside source static tcp 192.168.1.3 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.3 443 interface Dialer1 443
ip nat inside source static tcp 192.168.1.3 987 interface Dialer1 987
ip nat inside source static tcp 192.168.1.250 3389 interface Dialer1 3389
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 100 remark CCP_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 101 remark CCP_ACL Category=1
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark CCP_ACL Category=2
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 103 remark CCP_ACL Category=1
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 104 remark CCP_ACL Category=1
access-list 104 permit tcp any any eq 3389
access-list 104 permit tcp any any eq 987
access-list 104 permit tcp any any eq 443
access-list 104 permit tcp any any eq www
access-list 104 permit tcp any any eq smtp
access-list 104 deny ip 192.168.1.0 0.0.0.255 any
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.15.255.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username
Replace
want to use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Hope you can help me
04-05-2011 01:23 AM
use:-
no ip route 0.0.0.0 0.0.0.0 Dialer1
no ip route 0.0.0.0 0.0.0.0 dhcp
interface dialer1
ppp ipcp route default
See if that works for you - REMEMEBR if it does not work, revert back to the config before you changed it.
HTH>
04-06-2011 12:54 AM
Thank you Andrew, but it doesn't work...
I have tried to use DHCP instead of Ip Negociated but it doesnt connect.
04-06-2011 06:54 AM
I think you need to talk to your provider - to see how there end is configured.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide