Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
2
Replies

Odd 887VAW Issue With Specific Domains

gareth.rooney
Level 1
Level 1

‎06-12-2012 11:42 PM - edited ‎03-04-2019 04:39 PM

Hi

First thanks in advance for any help.

I installed the cisco 887VAW on my bt infinity line about a month or 2 ago and its worked perfectly unitl i went on holiday for 2 weeks. When i came back I noticed it wouldn't pass web traffic to most domains. This is both wired and wireless so i know its not the config on the wireless controller.

Domains that worked are

www.google.co.uk / www.city-link.co.uk / www.zen.co.uk

Domains that wouldnt work

www.bbc.co.uk / www.sky.co.uk etc

Now the odd thing is i can ping these domains fine so all the routes are there. Ive pulled my config to bits and removed all the firewall, vpn etc settings and still cant get it to work. It seems to only work on a few sites and timeout on the majority of sites

One thing while on holiday I think there was a power cut as I had all the clocks to reset when i came back so there is a chance I lost something from the running config however I remember saving my config every 5 mins when setting it up and i dont remeber having issues like this during the initial config.

Also while i was on holiday ipv6 was introduced could this have anything to do with it?

I have included the slimmed down version of my config with this issue see if anyone with a bit more skill than me can spot something

Regards

Gareth

Labels:
129670-cisco887SLIMvdsl.txt.zip
0 Helpful
2 Replies 2

gareth.rooney
Level 1
Level 1

‎06-12-2012 11:49 PM

Notepad++ messed it up here is my config..

-----------------------------

!

! Last configuration change at 18:58:39 PCTime Tue Jun 12 2012 by admin

! NVRAM config last updated at 19:00:14 PCTime Tue Jun 12 2012 by admin

! NVRAM config last updated at 19:00:14 PCTime Tue Jun 12 2012 by admin

version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname CiscoRouter

!

boot-start-marker

boot-end-marker

!

!

security authentication failure rate 3 log

security passwords min-length 6

no logging buffered

enable secret 5 $1$Q4LD$Q2aN4wnXXXXm8EuM5BsXf.

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

!

!

!

aaa session-id common

clock timezone PCTime 0 0

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-23165196XX

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-23165196XX

revocation-check none

rsakeypair TP-self-signed-23165196XX

!

!

crypto pki certificate chain TP-self-signed-23165196XX

certificate self-signed 01 nvram:IOS-Self-Sig#1.cer

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.201.101 192.168.201.254

!

ip dhcp pool MainDHCP

import all

network 192.168.201.0 255.255.255.0

dns-server 192.168.201.254

default-router 192.168.201.254

!

!

no ip bootp server

ip domain name XXX.co.uk

no ipv6 cef

!

!

license udi pid C887VA-W-E-K9 sn FCZ1612XXXX

!

!

username admin privilege 15 secret 5 $1$yFxg$msXXXX44yCz98I07k3T2k1

!

!

!

!

controller VDSL 0

!

ip tcp synwait-time 10

no ip ftp passive

!

no crypto isakmp enable

!

!

!

!

!

!

interface Null0

no ip unreachables

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

shutdown

no atm ilmi-keepalive

!

interface Ethernet0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

!

interface Ethernet0.101

encapsulation dot1Q 101

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

pppoe-client dial-pool-number 1

!

interface FastEthernet0

switchport access vlan 201

no ip address

!

interface FastEthernet1

switchport access vlan 201

no ip address

!

interface FastEthernet2

switchport access vlan 201

no ip address

!

interface FastEthernet3

switchport access vlan 201

no ip address

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport trunk native vlan 201

switchport mode trunk

no ip address

!

interface wlan-ap0

description Embedded Service module interface to manage the embedded AP

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

!

interface Vlan1

description Setup VLAN$FW_INSIDE$

ip address 10.10.10.1 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1412

shutdown

!

interface Vlan201

description Main Network VLAN$FW_INSIDE$

ip address 192.168.201.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

!

interface Dialer0

description BT Infinity Dialer$FW_OUTSIDE$

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname CXXXX16@hg23.btclick.com

ppp chap password 7 06110A2DXXXX041C5XXXX

ppp pap sent-username CXXXX16@hgXX.btclick.com password 7 0211XXXX08090XXXXD1C5A

ppp ipcp dns request accept

ppp ipcp route default

ppp ipcp address accept

no cdp enable

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip dns server

ip nat pool VLAN201POOL 192.168.201.1 192.168.201.254 netmask 255.255.255.0

ip nat inside source list 1 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no logging trap

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.201.0 0.0.0.255

access-list 23 remark CCP_ACL Category=17

access-list 23 permit 192.168.201.0 0.0.0.255

access-list 101 remark CCP_ACL Category=2

access-list 101 permit ip any any

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

!

!

banner login  Only authorized administrators have access to this device.

!

line con 0

transport output telnet

line aux 0

transport output telnet

line 2

no activation-character

no exec

transport preferred none

transport input all

stopbits 1

line vty 0 4

access-class 23 in

transport input telnet ssh

!

scheduler allocate 20000 1000

scheduler interval 500

ntp update-calendar

ntp server 130.88.200.4 prefer source Dialer0

end

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to gareth.rooney

‎06-13-2012 11:01 AM

Hello Gareth,

because PPPoE overhead is 8 bytes try to add the following to reduce MTU on outgoing Internet facing interface

interface dialer0

ip mtu 1492

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card