Solved: ISR4331 cEdge assistance

craddockchristopher · ‎03-01-2024

Dear Community,

I am manually trying to onboard a 4331 onto our SDWAN Fabric. I am in the process of getting the underlay configured (WAN IP, Default Route, DNS server etc.). I have dozens of these in the past with no issues. However, this router is having an issue. Eventhough I have entered the WAN IP, Default Router and DNS servers, the router is unable to resolve URL's. The router is in Controller Mode. This will cause the router to not be able to resolve the vbond URL. When I try to ping www.cisco.com (or any URL) I get the following error:

Router#ping www.cisco.com
% Unrecognized host or address, or protocol not running.

I am able to ping out to the internet though:

Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/8 ms
Router#

Any ideas?

Running Config Below:

Router#show sdwan run
system
admin-tech-on-failure
!
memory free low-watermark processor 67460
call-home
contact-email-addr sch-smart-licensing@cisco.com
profile CiscoTAC-1
active
destination transport-method http
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no service tcp-small-servers
no service udp-small-servers
platform qfp utilization monitor load 80
hostname Router
username admin privilege 15 secret 5 $1$R6w3$Klwh5dl1RDvxt6ztEy26p1
vrf definition 65500
address-family ipv4
exit-address-family
!
!
vrf definition Mgmt-intf
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no ip finger
no ip rcmd rcp-enable
no ip rcmd rsh-enable
ip dhcp pool PnPWebUI1
vrf 65500
dns-server 192.168.1.1
host 192.168.1.3 255.255.255.0
client-identifier 7765.6275.69
exit
no ip dhcp use class
ip name-server 8.8.8.8 187.102.222.46
ip route 0.0.0.0 0.0.0.0 189.57.x.89
ip ssh version 2
ip tftp source-interface GigabitEthernet0
ip http authentication local
ip http server
ip http secure-server
ip nat settings central-policy
ip nat settings gatekeeper-size 1024
interface GigabitEthernet0
no shutdown
vrf forwarding Mgmt-intf
negotiation auto
exit
interface GigabitEthernet0/0/0
no shutdown
ip address 189.57.x.91 255.255.255.248
negotiation auto
exit
interface GigabitEthernet0/0/1
no shutdown
negotiation auto
exit
interface GigabitEthernet0/0/2
no shutdown
negotiation auto
exit
aaa authentication enable default enable
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
login on-success log
line aux 0
!
line con 0
stopbits 1
!
line vty 0 4
!
line vty 5 80
!
sdwan
appqoe
no tcpopt enable
no dreopt enable
!
omp
no shutdown
graceful-restart
no as-dot-notation
address-family ipv4
advertise connected
advertise static
!
address-family ipv6
advertise connected
advertise static
!
!
!
licensing config enable false
licensing config privacy hostname false
licensing config privacy version false
licensing config utility utility-enable false
security
ipsec
integrity-type ip-udp-esp esp
!
!
sslproxy
no enable
rsa-key-modulus 2048
certificate-lifetime 730
eckey-type P256
ca-tp-label PROXY-SIGNING-CA
settings expired-certificate drop
settings untrusted-certificate drop
settings unknown-status drop
settings certificate-revocation-check none
settings unsupported-protocol-versions drop
settings unsupported-cipher-suites drop
settings failure-mode close
settings minimum-tls-ver TLSv1
dual-side optimization enable
!

Router#

balaji.bandi · ‎05-01-2024

i was in guess same, glad all good, if all ok no further assitance required, mark as solution.

this help other community members.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Torbjørn · ‎03-01-2024

I believe you need to specify the DNS servers to be used with the ip name-server {ip address} command.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Ruben Cocheno · ‎03-01-2024

@craddockchristopher

This should make it work, or adjust to your internal DNS servers.

conf t

ip name-server 8.8.8.8

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

balaji.bandi · ‎03-02-2024

Router#ping www.cisco.com
% Unrecognized host or address, or protocol not running.

I am able to ping out to the internet though:

Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/8 ms
Router#

Device has IP reachability to Internet and but does not resolve the DNS resolution.

ip name-server 8.8.8.8 187.102.222.46

i can see the DNS name server configured.

% Unrecognized host or address, or protocol not running

But i do not see domain-lookup config ?

Try add domain lookup and test it :

ip domain-lookup

Hope that help you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

craddockchristopher · ‎05-01-2024

Hey everyone, sorry for the late response. This ended up being an ISP issue with them filtering traffic. Once they made changes to their ACL's the router was able to resolve URLs.

balaji.bandi · ‎05-01-2024

i was in guess same, glad all good, if all ok no further assitance required, mark as solution.

this help other community members.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help