06-12-2012 11:42 PM - edited 03-04-2019 04:39 PM
Hi
First thanks in advance for any help.
I installed the cisco 887VAW on my bt infinity line about a month or 2 ago and its worked perfectly unitl i went on holiday for 2 weeks. When i came back I noticed it wouldn't pass web traffic to most domains. This is both wired and wireless so i know its not the config on the wireless controller.
Domains that worked are
www.google.co.uk / www.city-link.co.uk / www.zen.co.uk
Domains that wouldnt work
www.bbc.co.uk / www.sky.co.uk etc
Now the odd thing is i can ping these domains fine so all the routes are there. Ive pulled my config to bits and removed all the firewall, vpn etc settings and still cant get it to work. It seems to only work on a few sites and timeout on the majority of sites
One thing while on holiday I think there was a power cut as I had all the clocks to reset when i came back so there is a chance I lost something from the running config however I remember saving my config every 5 mins when setting it up and i dont remeber having issues like this during the initial config.
Also while i was on holiday ipv6 was introduced could this have anything to do with it?
I have included the slimmed down version of my config with this issue see if anyone with a bit more skill than me can spot something
Regards
Gareth
06-12-2012 11:49 PM
Notepad++ messed it up here is my config..
-----------------------------
!
! Last configuration change at 18:58:39 PCTime Tue Jun 12 2012 by admin
! NVRAM config last updated at 19:00:14 PCTime Tue Jun 12 2012 by admin
! NVRAM config last updated at 19:00:14 PCTime Tue Jun 12 2012 by admin
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CiscoRouter
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
enable secret 5 $1$Q4LD$Q2aN4wnXXXXm8EuM5BsXf.
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone PCTime 0 0
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-23165196XX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-23165196XX
revocation-check none
rsakeypair TP-self-signed-23165196XX
!
!
crypto pki certificate chain TP-self-signed-23165196XX
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.201.101 192.168.201.254
!
ip dhcp pool MainDHCP
import all
network 192.168.201.0 255.255.255.0
dns-server 192.168.201.254
default-router 192.168.201.254
!
!
no ip bootp server
ip domain name XXX.co.uk
no ipv6 cef
!
!
license udi pid C887VA-W-E-K9 sn FCZ1612XXXX
!
!
username admin privilege 15 secret 5 $1$yFxg$msXXXX44yCz98I07k3T2k1
!
!
!
!
controller VDSL 0
!
ip tcp synwait-time 10
no ip ftp passive
!
no crypto isakmp enable
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Ethernet0.101
encapsulation dot1Q 101
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pppoe-client dial-pool-number 1
!
interface FastEthernet0
switchport access vlan 201
no ip address
!
interface FastEthernet1
switchport access vlan 201
no ip address
!
interface FastEthernet2
switchport access vlan 201
no ip address
!
interface FastEthernet3
switchport access vlan 201
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 201
switchport mode trunk
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan1
description Setup VLAN$FW_INSIDE$
ip address 10.10.10.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
shutdown
!
interface Vlan201
description Main Network VLAN$FW_INSIDE$
ip address 192.168.201.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
description BT Infinity Dialer$FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname CXXXX16@hg23.btclick.com
ppp chap password 7 06110A2DXXXX041C5XXXX
ppp pap sent-username CXXXX16@hgXX.btclick.com password 7 0211XXXX08090XXXXD1C5A
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat pool VLAN201POOL 192.168.201.1 192.168.201.254 netmask 255.255.255.0
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no logging trap
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.201.0 0.0.0.255
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 192.168.201.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
banner login Only authorized administrators have access to this device.
!
line con 0
transport output telnet
line aux 0
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
transport input telnet ssh
!
scheduler allocate 20000 1000
scheduler interval 500
ntp update-calendar
ntp server 130.88.200.4 prefer source Dialer0
end
06-13-2012 11:01 AM
Hello Gareth,
because PPPoE overhead is 8 bytes try to add the following to reduce MTU on outgoing Internet facing interface
interface dialer0
ip mtu 1492
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide