Strange issue with Cisco 2821

alexthegr8 · ‎01-27-2015

I have a recently acquired Cisco 2821 for my CCNA lab. It is replacing an 1841 which seemed to be bottlenecking my bandwidth. I copied the (working) config from the 1841, and I am able to ping the internet from the router and the LAN.

The strange issue comes to when I try to resolve DNS over the internet. For some reason the router seems to filtering port 53 traffic. I set out to prove this by using nmap. With nmap, I scanned a known DNS server (which has ALL ports blocked except 53) and nmap responded that ports 80, 3128, and 8080 were open. (Which is not the case). I then connected to a different network (with working internet/dns) and performed the scan again. Results confirmed only port 53 was open.

I then also ran a port scan on 8.8.8.8 on the separate network; the results were the same. 53 was unfiltered.

My router config is very simple, all ports are supposed to be open with the given ACL

IOS ver 12.4 (13r)

Current configuration : 2087 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Reed2821
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$haDp$l7TWsu6gwtm4a21C4e7Z21
enable password 7 01000E055F04111D2848490C
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.2 10.0.0.15
!
ip dhcp pool ParDigital
network 10.0.0.0 255.255.255.0
dns-server 10.0.0.3 8.8.8.8
domain-name ParDigital.net
default-router 10.0.0.1
!
!
no ip domain lookup
ip domain name ParDigital.net
!
!
!
username paul privilege 15 password 7 0305570E1E5779
!
!
!
!
interface Loopback1
ip address 10.0.0.15 255.255.255.0
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip access-group 100 in
ip access-group 100 out
ip flow ingress
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0
ip access-group 100 in
ip access-group 100 out
ip flow egress
ip nat inside
duplex auto
speed auto
!
interface Serial0/3/0
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0
network 10.1.0.0 0.0.0.255 area 1
network 10.1.0.0 0.0.255.255 area 0
network 107.138.202.129 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 107.138.200.1 254
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.0.0.81 80 interface GigabitEthernet0/0 80
!
access-list 100 permit ip any any
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
password 7 14041A0A080B3D392D2C3430
login authentication local_auth
transport input ssh
line vty 5 15
exec-timeout 0 0
privilege level 15
login authentication local_auth
transport input ssh
!
scheduler allocate 20000 1000
ntp server 206.246.122.250
!
end

Bilal Nawaz · ‎01-27-2015

dns-server 10.0.0.3 8.8.8.8

Hello, maybe your host is trying to use 10.0.0.3 as its DNS primary server and it doesn't work? Can you maybe change this or check that 10.0.0.3 is serving DNS requests properly.

Or manually change DNS settings on your pc/laptop to point towards 8.8.8.8 or 8.8.4.4 to see if dns works...

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

alexthegr8 · ‎01-29-2015

It still did not. I ended up upgrading to ios15 and everything worked from there. Strange bug