cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2705
Views
10
Helpful
12
Replies

Cannot Access Internet Through SR520 Router

davefieldsea
Level 1
Level 1

Good Afternoon,

I'm extremely new to the world of Cisco CLI Routers and to be completely honest I know I'm a bit out of my depth here. However, I've been asked to create a basic setup on our SR520 router to connect to a PPPoA BT Connection. Due to the fact that the Cisco Configuration Assistant doesn't support PPPoA, I've had to do this via the CLI which is proving to be a bit of a pain..

I've followed this guide http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a008071a601.shtml here which helped do a basic config but I changed a couple of things such as the vlan 75 details and the DHCP scope via the CCA.

Anyway, I have got it connected to the internet and the Rx/Tx lights are flashing with the CD light solid so I guess that's a good start! However, I'm thinking that NAT and/or the firewall settings aren't working because I cannot contact any websites or even ping the external DNS server from a client.

I would really appreciate it if someone can point me in the right configuration. I think I need to disable the dialer 0, I've shut it down but not sure if that helped? My router config is attached.

-> THIS PART IS NO LONGER AN ISSUE -- On a side note, I keep getting the following appear:

*Apr  2 15:35:38.987: %FW-6-DROP_PKT: Dropping udp session 192.168.75.11:64757 8.8.8.4:53  due to  One of the interfaces not being cfged for zoning with ip ident 0

Pretty sure this is my FW dropping packets which doesn't help but no idea how to fix it! <-

Any help would be most appreciated, thank you in advance!

Edit: LATEST CONFIG IS ALWAYS IN MY LATEST REPLY

12 Replies 12

kcnajaf
Level 7
Level 7

Hi Dave,

I have not personally worked on SR 520 router, but still could you try testing by removing the zone based firewall configuration from interface and see if you are getting the same result.

conf terminal

interface Dialer1

no zone-member security out-zone

!

interface Vlan75

no zone-member security in-zone

Regards

Najaf

Please rate when applicable or helpful !!!

Thank you very much for your reply, unfortunately it didn't seem to change anything which leads me to think that maybe my ATM/Dialer configuration is incorrect.

I appreciate that you haven't used this particular router but wondering if you could have a quick nose around the rest of the config to see if anything is obviously wrong there.


As I've made a few changes since my original post, here is my updated config attached.

Do you know if there is a way to see the status of the dialer/ATM interfaces to see whether it's picked up and IP from the ISP?

Thanks for the help so far!

Edit: Latest config is in latest reply.

Hi Dave,

show ip interface brief should show if the interface has picked up an ip address.

Regards

Najaf

Please rate when applicable or helpful !!!

Thanks for the help so far guys.

I have changed a few things in my config, like removing the packet dropping and I've checked that the IP is being picked up by the dialer.. which it's not. Here is the output from my interfaces:

show ip interface br

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0              unassigned      YES unset  up                    up     

FastEthernet1              unassigned      YES unset  up                    down   

FastEthernet2              unassigned      YES unset  up                    down   

FastEthernet3              unassigned      YES unset  up                    down   

ATM0                       unassigned      YES DHCP   up                    up     

ATM0.1                     unassigned      YES DHCP   up                    up     

SSLVPN-VIF0                unassigned      NO  unset  up                    up     

Vlan1                      unassigned      YES NVRAM  administratively down down   

Vlan75                     192.168.1.1     YES NVRAM  up                    up     

NVI0                       unassigned      YES unset  administratively down down   

Dialer0                    unassigned      YES NVRAM  administratively down down   

Dialer1                    unassigned      YES NVRAM  up                    up     

Virtual-Access1            unassigned      YES unset  up                    up     

Virtual-Access2            unassigned      YES unset  up                    down   

As you can see, it's not getting an IP from the ISP. However, I'm not sure which part to try and fix! I understand that the ATM is the actual port I plug the ADSL cable into and the Dialer 1 is the modem dialer to connect to the ISP so I'm not sure which one is meant to have an IP address (assuming dialer).

I have attached my updated config for your reference. Thanks again for your help so far.

Edit: Config attached to latest reply.

Hi Deve,

As per the message your packet is getting droped  by firewall inspection rule. you can try to test by dissbling "IP Inspact log droup-pkt".

Regards,
Saurabh

Regards, Saurabh

Not sure if you get alerts to replies to other's messages but I've tried your suggestion and unfortunately it didn't help fix the route issue (although was probably a step towards the right direction! Thanks for that )

Do you have any idea about the updated issue above?

Hi,

disabling logging for dropped-packet won't help to solve the problem, on the contrary you won't be able to see that it is not working because your packet was dropped by the firewall.

Try this:

no ip route 0.0.0.0 0.0.0.0 Dialer0

interface Dialer1

no ip address dhcp

ip address negotiated

interface ATM0

no ip address dhcp

interface ATM0.1 point-to-point

no ip address dhcp

int atm0

shut

no shut

do sh ip int br

Now you should get an IP from the ISP on the dialer1 interface

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hey there,

Thanks very much for the detailed reply. Unfortunately it's still refusing to pickup an IP address. Interfaces output:

show ip interfaces    br

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0              unassigned      YES unset  up                    up     

FastEthernet1              unassigned      YES unset  up                    down   

FastEthernet2              unassigned      YES unset  up                    down   

FastEthernet3              unassigned      YES unset  up                    down   

ATM0                       unassigned      YES NVRAM  up                    up     

ATM0.1                     unassigned      YES unset  up                    up     

SSLVPN-VIF0                unassigned      NO  unset  up                    up     

Vlan1                      unassigned      YES NVRAM  administratively down down   

Vlan75                     192.168.1.1     YES NVRAM  up                    up     

NVI0                       unassigned      YES unset  administratively down down   

Dialer0                    unassigned      YES NVRAM  administratively down down   

Dialer1                    unassigned      YES NVRAM  up                    up     

Virtual-Access1            unassigned      YES unset  up                    up     

Virtual-Access2            unassigned      YES unset  up                    down

I changed everything that you suggested and have attached my config for you. I'm not sure whether the syntax for my ADSL connections is correct? It's meant to be:

  • VPI number: 0
  • VCI number: 38
  • Authentication: CHAP
  • Modulation: G.DMT
  • Encapsulation: PPP over ATM (PPPoA); Virtual Circuit Multiplexing (VC-MUX)

Thanks again for your help so far!

Hi,

Can you follow this config: http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a008071a601.shtml

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

As mentioned in my initial post, that is what I started with. I then basically only changed the DHCP range. I'll reset it all and start again if you wish.

Will post back with findings.

Hi Alain,

I've set the router to defaults and gone through the entire setup again. The only differences to the guide you mentioned is that I used vlan75 instead of ethernet0/0 as the nat inside etc.

The config is attached with the "show ip interface brief" command at the bottom too.

Thanks again for persevering!

davefieldsea
Level 1
Level 1

This is now solved. My configuration was all correct, however I needed to put the PVC and encapsulation type etc under the ATM0.1 NOT ATM 0.

The Cisco guide was wrong in this.

Thanks to everyone who helped!

Review Cisco Networking for a $25 gift card