cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1648
Views
5
Helpful
13
Replies

881G router issue connecting to WAN from LAN

dale-sheedy
Level 1
Level 1

Hi,

 

I have a 881G router with the dialer interface up and working.

 

I have 2 vlans which are able to ping between and the router can ping the internet from the source vlan interfaces to the internet but computers on the fa interface do not. With NAT debugging turned on I do not see the NAT rule working when using a connected computer, but when pinging from the router source vlan interface I see the NAT working correctly.

 

Below is the config.

 

 

Current configuration : 2276 bytes
!
! Last configuration change at 21:27:40 UTC Mon Jul 21 2014
! NVRAM config last updated at 21:25:52 UTC Mon Jul 21 2014
! NVRAM config last updated at 21:25:52 UTC Mon Jul 21 2014
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$PG5d$DXCdlzOwSwBKmK3.jIMCH/
enable password 7 0017040F105803
!
no aaa new-model
!
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
ip name-server 8.8.8.8
no ipv6 cef
!
!
multilink bundle-name authenticated
chat-script INTERNET "" "ATDT*99*1#" TIMEOUT 30 "CONNECT"
license udi pid C881G-U-K9 sn FGL153521FJ
!
!
!
!
!
!
controller Cellular 0
!
!
!
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 101
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Cellular0
 description 3G SIM Slot 0
 no ip address
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer in-band
 dialer pool-member 1
 async mode interactive
 ppp chap hostname dummy
 ppp chap password 7 15161E010933
!
interface Vlan1
 ip address 10.10.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan101
 ip address 172.16.0.4 255.255.252.0
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation slip
 dialer pool 1
 dialer idle-timeout 0
 dialer string INTERNET
 dialer persistent
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
access-list 100 permit ip 172.16.0.0 0.0.0.255 any log-input
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
 password 7 XXXXXXXXX
 logging synchronous
 login
line aux 0
line 3
 exec-timeout 0 0
 script dialer INTERNET
 modem InOut
 no exec
 transport input all
 rxspeed 7200000
 txspeed 5760000
line vty 0 4
 password 7 XXXXXXXXXXXX
 logging synchronous
 login
 transport input all
!
end

 

 

 

 

Thanks i advanced

1 Accepted Solution

Accepted Solutions

Ok,

Probably you have a bug with IOS, so:

- Can you upgrade the IOS version? which is your actual release?

- Try remplacing your actual config with this:

router#cellular 0 gsm profile create 1 APN_from_your_ISP pap USERNAME PASSWORD
router(config)#chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
router(config)#interface cellular 0
router(config-if)#ip address negotiated
router(config-if)#ip nat outside
router(config-if)#ip virtual-reassembly in
router(config-if)#encapsulation slip
router(config-if)# dialer in-band
router(config-if)#dialer idle-timeout 0
router(config-if)#dialer string gsm
router(config-if)#dialer-group 1
router(config-if)#async mode interactive

router(config)#line 3
router(config-line)#exec-timeout 0 0
router(config-line)#password cisco
router(config-line)#script dialer gsm
router(config-line)#login
router(config-line)#modem InOut
router(config-line)#no exec
router(config-line)#transport input all

 

outer(config)#ip nat inside source list 100 interface Cellular0 overload 
router(config)#ip route 0.0.0.0 0.0.0.0 cellular0

Don´t forget to erase your dialer interface and you will need to have the APN from your ISP.

Let me know if it worked.

Regards.

 

View solution in original post

13 Replies 13

Emmanuel Valdez
Level 3
Level 3

Hi,

Add these lines and try to access Internet form a computer,

no access-list 100

access-list 100 permit ip 172.16.0.0 0.0.3.255 any

access-list 100 permit ip 10.10.0.0 0.0.0.255 any

Let me know if this worked.

Regards.

Emmanuel,

 

I added that config but still no joy. I do believe NAT is working as per below debugging

 

Jul 21 23:30:36.399: NAT*: i: tcp (172.16.0.10, 50836) -> (74.125.237.120, 443) [7164]
Jul 21 23:30:36.399: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.120 [7164]
Jul 21 23:30:36.407:  mapping pointer available mapping:0
Jul 21 23:30:36.407: NAT: [0] Allocated Port for 172.16.0.10 -> 10.162.49.144: wanted 50856 got 50856
Jul 21 23:30:36.407:  NAT*: i: tcp (172.16.0.10, 50842) -> (64.4.45.62, 443) [7176]
Jul 21 23:30:38.067: NAT*: s=172.16.0.10->10.162.49.144, d=64.4.45.62 [7176]
Jul 21 23:30:38.275: NAT*: i: tcp (172.16.0.10, 50843) -> (74.125.23.138, 443) [7177]
Jul 21 23:30:38.275: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.23.138 [7177]
Jul 21 23:30:38.319: NAT*: i: tcp (172.16.0.10, 50844) -> (64.4.45.62, 443) [7178]
Jul 21 23:30:38.319: NAT*: s=172.16.0.10->10.162.49.144, d=64.4.45.62 [7178]
Jul 21 23:30:38.363: NAT*: i: tcp (172.16.0.10, 50845) -> (74.125.23.138, 443) [7179]
Jul 21 23:30:38.363: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.23.138 [7179]
Jul 21 23:30:38.415: NAT*: i: tcp (172.16.0.10, 50846) -> (74.125.237.197, 443) [7180]
Jul 21 23:30:38.415: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.197 [7180]
Jul 21 23:30:38.435: NAT*: i: tcp (172.16.0.10, 50847) -> (74.125.237.202, 443) [7181]
Jul 21 23:30:38.435: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.202 [7181]
Jul 21 23:30:38.459: NAT*: i: tcp (172.16.0.10, 50848) -> (74.125.237.194, 443) [7182]
Jul 21 23:30:38.459: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.194 [7182]
Jul 21 23:30:38.515: NAT*: i: tcp (172.16.0.10, 50849) -> (74.125.237.216, 443) [7183]
Jul 21 23:30:38.515: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.216 [7183]
Jul 21 23:30:38.543: NAT*: i: tcp (172.16.0.10, 50850) -> (74.125.237.207, 443) [7184]
Jul 21 23:30:38.543: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.207 [7184]
Jul 21 23:30:38.607: NAT*: i: tcp (172.16.0.10, 50851) -> (74.125.237.202, 443) [7185]
Jul 21 23:30:38.607: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.202 [7185]
Jul 21 23:30:38.607: NAT*: i: tcp (172.16.0.10, 50852) -> (74.125.237.197, 443) [7186]
Jul 21 23:30:38.607: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.197 [7186]
Jul 21 23:30:38.623: NAT*: i: tcp (172.16.0.10, 50853) -> (74.125.237.194, 443) [7187]
Jul 21 23:30:38.623: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.194 [7187]
Jul 21 23:30:38.623: NAT*: i: tcp (172.16.0.10, 50854) -> (74.125.237.207, 443) [7188]
Jul 21 23:30:38.623: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.207 [7188]
Jul 21 23:30:38.623: NAT*: i: tcp (172.16.0.10, 50855) -> (74.125.237.216, 443) [7189]
Jul 21 23:30:38.623: NAT*: s=172.16.0.10->10.162.49.144, d=74.125.237.216 [7189]
Jul 21 23:30:39.407: NAT*: i: tcp (172.16.0.10, 50856) -> (206.190.36.45, 80) [7196]
Jul 21 23:30:39.407: NAT*: s=172.16.0.10->10.162.49.144, d=206.190.36.45 [7196]
Jul 21 23:30:39.419: NAT*: i: tcp (172.16.0.10, 50858) -> (173.194.72.125, 5222) [7197]
Jul 21 23:30:39.419: NAT*: s=172.16.0.10->10.162.49.144, d=173.194.72.125 [7197]
Jul 21 23:30:39.423: NAT*: i: tcp (172.16.0.10, 50857) -> (206.190.36.45, 80) [7198]
Jul 21 23:30:39.423: NAT*: s=172.16.0.10->10.162.49.144, d=206.190.36.45 [7198]
Jul 21 23:30:39.575: NAT*: i: tcp (172.16.0.10, 50859) -> (206.190.36.45, 80) [7199]
Jul 21 23:30:39.575: NAT*: s=172.16.0.10->10.162.49.144, d=206.190.36.45 [7199]
Jul 21 23:30:39.827:  mapping pointer available mapping:0
Jul 21 23:30:39.831: NAT: [0] Allocated Port for 172.16.0.10 -> 10.162.49.144: wanted 50861 got 50861
 

 

Still no web or ping replies.

Here is my IP route - 

 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Dialer1
      10.0.0.0/32 is subnetted, 1 subnets
C        10.162.49.144 is directly connected, Dialer1
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.0.0/22 is directly connected, Vlan101
L        172.16.0.4/32 is directly connected, Vlan101

some access list debug

Jul 21 23:38:26.099: IPACL-DP: Pkt matched ACL: 100 seq: 10 Action: Permit
Jul 21 23:38:26.099: IPACL-DP: Pkt matched permit it
Jul 21 23:38:26.351: IPACL-DP: Pkt matched ACL: 100 seq: 10 Action: Permit
Jul 21 23:38:26.351: IPACL-DP: Pkt matched permit it

 

 

Hi,

Maybe is a fragmentation issue, can you apply these lines to your config please?

interface Cellular0
ip tcp adjust-mss 1412

interface Dialer1
ip mtu 1452

Can you try accesing a web URL by IP, for example http://72.163.4.161/ that is cisco.com

Regards.

Thanks Emmanuel,

 

I see a line of config that differs.

 

ip nat inside source route-map Internet interface Cellular0 overload

My config it 

ip nat inside source list 100 interface Dialer1 overload

 

 

also I have the dialer and cellular both have "ip nat outside".

Does both need that statement, as I dont see a dialer interface in the link you posted.

 

Thanks

 

 

With that MTU statements appplied

 

Router#ping 72.163.4.161
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.161, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 564/596/628 ms
Router#ping 72.163.4.161 source vlan 101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.161, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 556/610/628 ms
Router#

 

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\lappy>ping 72.163.4.161

Pinging 72.163.4.161 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 72.163.4.161:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\lappy>

 

 

Hi,

Can you tell me wich is your modem model please?

You can change this:

ip nat inside source route-map internet interface Cellular0 overload

for this:

ip nat inside source list 100 interface Cellular0 overload 

Only if you followed my post, because I didn´t create a virtual interface (Dialer1) I use the physical interface to acquired the public IP address.

You don´t need ip nat outside under interface cellular0 but it is not neccesary to remove the line.

Regards. 

Can you send an output for following commands.

router# ping 4.2.2.2 source 172.16.0.4

router# ping 4.2.2.2 source interface Dialer1

vishalvyas1986 below are the results:

Router#ping 4.2.2.2 source 172.16.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 488/545/600 ms
Router#ping 4.2.2.2 source  Dialer1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.162.49.144
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 504/548/608 ms
Router#


Emmanuel

The trace route results are below:

C:\Users\lappy> tracert -d 72.163.4.161

Tracing route to 72.163.4.161 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  172.16.0.4
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.


** It fails after 30 hops

Ok,

Probably you have a bug with IOS, so:

- Can you upgrade the IOS version? which is your actual release?

- Try remplacing your actual config with this:

router#cellular 0 gsm profile create 1 APN_from_your_ISP pap USERNAME PASSWORD
router(config)#chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
router(config)#interface cellular 0
router(config-if)#ip address negotiated
router(config-if)#ip nat outside
router(config-if)#ip virtual-reassembly in
router(config-if)#encapsulation slip
router(config-if)# dialer in-band
router(config-if)#dialer idle-timeout 0
router(config-if)#dialer string gsm
router(config-if)#dialer-group 1
router(config-if)#async mode interactive

router(config)#line 3
router(config-line)#exec-timeout 0 0
router(config-line)#password cisco
router(config-line)#script dialer gsm
router(config-line)#login
router(config-line)#modem InOut
router(config-line)#no exec
router(config-line)#transport input all

 

outer(config)#ip nat inside source list 100 interface Cellular0 overload 
router(config)#ip route 0.0.0.0 0.0.0.0 cellular0

Don´t forget to erase your dialer interface and you will need to have the APN from your ISP.

Let me know if it worked.

Regards.

 

So not sure of what the issue was but after upgrading IOS and dropping back to a non binded dialer interface, it is working, below is the working config with telstra.wap settings for 3g. The 3 G passwords are not required and are just placeholders.

 


Current configuration : 1953 bytes
!
! Last configuration change at 05:43:37 UTC Tue Jul 22 2014
! NVRAM config last updated at 05:43:38 UTC Tue Jul 22 2014
! NVRAM config last updated at 05:43:38 UTC Tue Jul 22 2014
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
ip name-server 8.8.8.8
no ipv6 cef
!
!
multilink bundle-name authenticated
chat-script INTERNET "" "ATDT*99*1#" TIMEOUT 30 "CONNECT"
license udi pid C881G-U-K9 sn FGL153521FJ
!
!
!
!
!
!
controller Cellular 0
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0
 switchport access vlan 101
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Cellular0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 0
 dialer string gsm
 dialer string INTERNET
 dialer-group 1
 async mode interactive
 ppp chap hostname dummy
 ppp chap password 7 15161E010933
 ppp ipcp dns request
!
interface Vlan1
 no ip address
!
interface Vlan101
 ip address 172.16.0.4 255.255.252.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list 1 interface Cellular0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 3
 exec-timeout 0 0
 password cisco
 script dialer INTERNET
 login
 modem InOut
 no exec
 transport input all
 rxspeed 7200000
 txspeed 5760000
line vty 0 4
 login
 transport input all
!
end

 

Cellular profile entered at the global prompt

cellular 0 gsm profile create 1 telstra.wap 

 

 

Thanks everyone for your help.

 

 

buenas emmanuel, consulta. estoy teniendo problemas con un router cisco880 que al tener problemas el APN en el GGSN se pierde conectvidad y se caen todos los PDP y el router no vuelve a solicitar PDP y queda zombie hasta no reiniciarlo. Para móviles y celulares esto es transparente por que vuelven a pedir el PDP inmediatamente. Podre lograr lo mismo en el cisco880 modificando el "dialer idle-timeout" de 0 a otro valor asi lograr que el router fuerce otro PDP?

 

gracias

Hola gastonsticca,

 

El comando dialer idle-timeout nos indica cuanto tiempo permanecera activa antes de descoenctarse, en este caso 0 indica que sera una conexion permanente, puedes probar con 180 por ejemplo para que en 3 minutos se desconecte la sesion,

En tu caso entiendo que el problema es que no inicia nuevamente la sesion al restablecerse el APN, es correcto?

Que version de IOS tienes?

Saludos.

Can you post a tracert -d 72.163.4.161,

Is the ip address from the host 172.16.0.10?

In some times I had this issue and the solution was reload the router, did you try this?

Regards.

Hi,

Additional you can check this post:

https://supportforums.cisco.com/discussion/11678406/does-anyone-setup-3g-819-router

This was used for Telcel in Mexico.

Regards.

Review Cisco Networking for a $25 gift card