Rick

Thanks for your help, really appreciated!

I can ping both DNS servers from the notebook. Also the unknown host error message is still appearing when I ping on names.

However, when I ping names via the console then it works.

br

Peter

Gentlemen,

I apologize if I am breaking into your discussion abruptly. I have been following this thread and Rick has been providing an outstanding support. With the last Rick's suggestion to add the dns-server command into the DHCP pool, I would like to add a small but significant remark: Peter, in order for this command to have effect on your Mac, you need to release and renew your IP settings on the Mac so that when new IP settings are obtained from the DHCP server on your Cisco router, the DNS setting is passed along to your Mac.

Best regards,

Peter

Thanks to both of you! I released and relearnt IP address. Still no change.

From the network utility I get the following stats. Do they give a hint?

Thanks

Peter

Routing tables

Internet:

Destination        Gateway            Flags        Refs      Use   Netif Expire

default            10.10.10.1         UGSc            3        0     en0

10.10.10/24        link#7             UCS             5        0     en0

10.10.10.1         30:e4:db:ea:37:e1  UHLWIi          1       38     en0   1149

10.10.10.8         localhost          UHS             0        0     lo0

10.10.10.255       ff:ff:ff:ff:ff:ff  UHLWbI          0        6     en0

127                localhost          UCS             0        0     lo0

localhost          localhost          UH              3     2345     lo0

169.254            link#7             UCS             1        0     en0

169.254.255.255    30:e4:db:ea:37:e1  UHLSWi          0        0     en0   1083

Internet6:

Destination        Gateway            Flags         Netif Expire

localhost          link#1             UHL             lo0

fe80::%lo0         localhost          UcI             lo0

localhost          link#1             UHLI            lo0

fe80::%en1         link#4             UCI             en1

fe80::da30:62ff:fe d8:30:62:47:e1:e   UHLWIi          en1

fe80::%en0         link#7             UCI             en0

peter-hubers-macbo c8:2a:14:13:37:f   UHLI            lo0

ff01::%lo0         localhost          UmCI            lo0

ff01::%en1         link#4             UmCI            en1

ff01::%en0         link#7             UmCI            en0

ff02::%lo0         localhost          UmCI            lo0

ff02::%en1         link#4             UmCI            en1

ff02::%en0         link#7             UmCI            en0

Net Statistics

tcp:

113872 packets sent

50340 data packets (55849274 bytes)

191 data packets (45905 bytes) retransmitted

0 resends initiated by MTU discovery

43585 ack-only packets (237 delayed)

0 URG only packets

0 window probe packets

12869 window update packets

6916 control packets

115728 packets received

36596 acks (for 55819528 bytes)

2193 duplicate acks

0 acks for unsent data

82893 packets (101147805 bytes) received in-sequence

490 completely duplicate packets (281509 bytes)

0 old duplicate packets

0 packets with some dup. data (0 bytes duped)

1334 out-of-order packets (655572 bytes)

0 packets (0 bytes) of data after window

0 window probes

181 window update packets

428 packets received after close

0 bad resets

0 discarded for bad checksums

0 discarded for bad header offset fields

0 discarded because packet too short

3627 connection requests

2 connection accepts

0 bad connection attempts

0 listen queue overflows

3460 connections established (including accepts)

3659 connections closed (including 197 drops)

125 connections updated cached RTT on close

125 connections updated cached RTT variance on close

25 connections updated cached ssthresh on close

32 embryonic connections dropped

23135 segments updated rtt (of 21313 attempts)

535 retransmit timeouts

13 connections dropped by rexmit timeout

0 connections dropped after retransmitting FIN

0 persist timeouts

0 connections dropped by persist timeout

24 keepalive timeouts

0 keepalive probes sent

19 connections dropped by keepalive

10502 correct ACK header predictions

73664 correct data packet header predictions

4 SACK recovery episodes

3 segment rexmits in SACK recovery episodes

2971 byte rexmits in SACK recovery episodes

58 SACK options (SACK blocks) received

197 SACK options (SACK blocks) sent

0 SACK scoreboard overflow

udp:

16486 datagrams received

0 with incomplete header

0 with bad data length field

0 with bad checksum

167 dropped due to no socket

73 broadcast/multicast datagrams dropped due to no socket

0 dropped due to full socket buffers

0 not for hashed pcb

16246 delivered

8851 datagrams output

ip:

136398 total packets received

0 bad header checksums

0 with size smaller than minimum

0 with data size < data length

0 with ip length > max ip packet size

0 with header length < data size

0 with data length < header length

0 with bad options

0 with incorrect version number

0 fragments received

0 fragments dropped (dup or out of space)

0 fragments dropped after timeout

0 packets reassembled ok

133205 packets for this host

1478 packets for unknown/unsupported protocol

0 packets forwarded (0 packets fast forwarded)

13 packets not forwardable

1702 packets received for unknown multicast group

0 redirects sent

126932 packets sent from this host

0 packets sent with fabricated ip header

0 output packets dropped due to no bufs, etc.

157 output packets discarded due to no route

0 output datagrams fragmented

0 fragments created

0 datagrams that can't be fragmented

0 tunneling packets that can't find gif

5 datagrams with bad address in header

0 packets dropped due to no bufs for control data

icmp:

167 calls to icmp_error

0 errors not generated 'cuz old message was icmp

Output histogram:

destination unreachable: 167

0 messages with bad code fields

0 messages < minimum length

0 bad checksums

0 messages with bad length

0 multicast echo requests ignored

0 multicast timestamp requests ignored

Input histogram:

echo reply: 3598

destination unreachable: 10

0 message responses generated

ICMP address mask responses are disabled

igmp:

2 messages received

0 messages received with too few bytes

0 messages received with wrong TTL

0 messages received with bad checksum

0 V1/V2 membership queries received

0 V3 membership queries received

0 membership queries received with invalid field(s)

0 general queries received

0 group queries received

0 group-source queries received

0 group-source queries dropped

2 membership reports received

0 membership reports received with invalid field(s)

2 membership reports received for groups to which we belong

0 V3 reports received without Router Alert

29 membership reports sent

ipsec:

0 inbound packets processed successfully

0 inbound packets violated process security policy

0 inbound packets with no SA available

0 invalid inbound packets

0 inbound packets failed due to insufficient memory

0 inbound packets failed getting SPI

0 inbound packets failed on AH replay check

0 inbound packets failed on ESP replay check

0 inbound packets considered authentic

0 inbound packets failed on authentication

0 outbound packets processed successfully

0 outbound packets violated process security policy

0 outbound packets with no SA available

0 invalid outbound packets

0 outbound packets failed due to insufficient memory

0 outbound packets with no route

ip6:

1161 total packets received

0 with size smaller than minimum

0 with data size < data length

0 with bad options

0 with incorrect version number

0 fragments received

0 fragments dropped (dup or out of space)

0 fragments dropped after timeout

0 fragments that exceeded limit

0 packets reassembled ok

1141 packets for this host

0 packets forwarded

7 packets not forwardable

0 redirects sent

1166 packets sent from this host

0 packets sent with fabricated ip header

0 output packets dropped due to no bufs, etc.

0 output packets discarded due to no route

0 output datagrams fragmented

0 fragments created

0 datagrams that can't be fragmented

0 packets that violated scope rules

7 multicast packets which we don't join

Input histogram:

hop by hop: 1

TCP: 5

UDP: 1136

ICMP6: 17

Mbuf statistics:

0 one mbuf

two or more mbuf:

lo0= 940

221 one ext mbuf

0 two or more ext mbuf

0 packets whose headers are not continuous

0 tunneling packets that can't find gif

0 packets discarded due to too may headers

0 failures of source address selection

0 forward cache hit

0 forward cache miss

0 packets dropped due to no bufs for control data

icmp6:

0 calls to icmp_error

0 errors not generated because old message was icmp error or so

0 errors not generated because rate limitation

Output histogram:

router solicitation: 65

neighbor solicitation: 26

neighbor advertisement: 26

MLDv2 listener report: 68

0 messages with bad code fields

0 messages < minimum length

0 bad checksums

0 messages with bad length

Input histogram:

MLDv1 listener report: 1

neighbor solicitation: 5

neighbor advertisement: 5

Histogram of error messages to be generated:

0 no route

0 administratively prohibited

0 beyond scope

0 address unreachable

0 port unreachable

0 packet too big

0 time exceed transit

0 time exceed reassembly

0 erroneous header field

0 unrecognized next header

0 unrecognized option

0 redirect

0 unknown

0 message responses generated

0 messages with too many ND options

0 messages with bad ND options

0 bad neighbor solicitation messages

0 bad neighbor advertisement messages

0 bad router solicitation messages

0 bad router advertisement messages

0 bad redirect messages

0 path MTU changes

ipsec6:

0 inbound packets processed successfully

0 inbound packets violated process security policy

0 inbound packets with no SA available

0 invalid inbound packets

0 inbound packets failed due to insufficient memory

0 inbound packets failed getting SPI

0 inbound packets failed on AH replay check

0 inbound packets failed on ESP replay check

0 inbound packets considered authentic

0 inbound packets failed on authentication

0 outbound packets processed successfully

0 outbound packets violated process security policy

0 outbound packets with no SA available

0 invalid outbound packets

0 outbound packets failed due to insufficient memory

0 outbound packets with no route

rip6:

0 messages received

0 checksum calcurations on inbound

0 messages with bad checksum

0 messages dropped due to no socket

0 multicast messages dropped due to no socket

0 messages dropped due to full socket buffers

0 delivered

0 datagrams output

pfkey:

0 requests sent to userland

0 bytes sent to userland

0 messages with invalid length field

0 messages with invalid version field

0 messages with invalid message type field

0 messages too short

0 messages with memory allocation failure

0 messages with duplicate extension

0 messages with invalid extension type

0 messages with invalid sa type

0 messages with invalid address extension

0 requests sent from userland

0 bytes sent from userland

0 messages toward single socket

0 messages toward all sockets

0 messages toward registered sockets

0 messages with memory allocation failure

Hi Peter,

So you can ping external addresses by IP but not by names.You added the dns servers in the dhcp pool, you released/renewed dhcp lease and the problem still persists?

Can you post the output of lookupd  -d and lookupd  -configuration

Regards.

Alain.

Hi Alain

Lookupd does not exist anymore on Leopard. I tried to use dscacheutil instead. -d does not exist anymore, -configuration points me to /local/default but tells me "unable to get cache configuration information".

However, when using a different router, I don't have a problem connecting to the internet.

Regards

Peter

Thanks, I will add.

In addition, I just found out, that I get an internet connection, when I add the DNS addresses directly into the network configuration of my Mac.

So it seems like the DNS servers are not automatically forwarded to the notebook. Any idea, why this could happen?

Thanks

Peter

I can access the internet now. Thank you all for your help. Really, really appreciated.

One more question though: when I connect a notebook to the network, the router does not automatically assign a new ip address but I need to enter iconfig /renew in the notebook. Any idea what I would need to change?

Thanks

Peter

Hi Peter,

Thanks for your feedback and I'm glad it's working for you now. Just curious what changes did you make? Could you post your running config?

Regarding your issue earlier, I suspect you just need to do a force update either by clear ip dhcp binding or the renew dhcp command suggested eariler.

You don't need to do anything on your PC since DHCP settings are automatically obtained.

Don't forget to rate helpful posts and mark as resolved. Thanks!

Sent from Cisco Technical Support iPhone App

Hi

I think the "import all" command of the DHCP config gave the final touch after quite some problems which were addressed with the replies earlier.

Big thanks for all the help! Below the current configuration. In case you still see room for optimisation, please let me know.

Thank you!

Peter

Current configuration : 7163 bytes

!

! Last configuration change at 12:01:11 Berlin Sun Sep 25 2011 by phuber

! NVRAM config last updated at 12:01:12 Berlin Sun Sep 25 2011 by phuber

! NVRAM config last updated at 12:01:12 Berlin Sun Sep 25 2011 by phuber

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname habsburg

!

boot-start-marker

boot-end-marker

!

!

logging buffered 4096

enable secret 5 $1$MoY/$8a0962QftXIOGcDALI39X/

enable password XXXXX

!

no aaa new-model

!

clock timezone Berlin 1 0

clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00

!

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool ccp-pool1

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

!

!

multilink bundle-name authenticated

!

parameter-map type inspect global

log dropped-packets enable

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1139877488

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1139877488

revocation-check none

rsakeypair TP-self-signed-1139877488

!

!

crypto pki certificate chain TP-self-signed-1139877488

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31313339 38373734 3838301E 170D3131 30393232 32303039

  33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31333938

  37373438 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  81009781 CB60A527 8B809C47 DC331EC5 2D7271E3 34FF9D89 167928BD 4E810C16

  F0A4BAB0 10954AFF 88F8C409 9C3E0BF9 91E4A24A B2E1149D 2DEA157E 3D8118B0

  7A33B1C2 A678E459 DFBDB3E6 6D24044F BE469FC1 522B28C8 F2B8D81E 6195A59B

  607540AD 3A9F7010 DF6E95C9 4CDC3CBD E1FFA7CB E7B14657 94155B32 FA2DCFBE

  BD2F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14538718 6BA50169 1FD5A5A5 BF0A3B65 8A577033 80301D06

  03551D0E 04160414 5387186B A501691F D5A5A5BF 0A3B658A 57703380 300D0609

  2A864886 F70D0101 05050003 8181000E 5BB064C1 9738637F 70074CA6 F140CC2D

  B61A79AB 8C0DED4D F79854E1 BE61B5C0 CBD10F4F E48305E9 272122E6 09C51198

  735A743F 3935DB44 C4DC5575 AD8F7006 232971C3 C7709BF9 359FB0BC 2C0822BB

  F544A8B9 E79F72A8 CDA7862F E7F265DC 4F61AE8F 375575CC 1E9E3B48 8899CF8D

  5CCAFE83 839E2A46 30F137E6 21ED9C

            quit

license udi pid CISCO1921/K9 sn FCZ1535C0XL

license boot module c1900 technology-package securityk9

!

!

username phuber privilege 15 secret 5 $1$1S2h$E9snHLA6FIjmj9lQnrd0I.

!

redundancy

!

!

!

!

!

class-map type inspect match-any SDM_BOOTPC

match access-group name SDM_BOOTPC

class-map type inspect match-any SDM_DHCP_CLIENT_PT

match class-map SDM_BOOTPC

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

class-map type inspect match-any sdm-cls-bootps

match protocol bootps

class-map type inspect match-any ccp-cls-insp-traffic

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

class-map type inspect match-any ccp-h323-inspect

match protocol h323

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect match-any ccp-sip-inspect

match protocol sip

class-map type inspect match-all ccp-protocol-http

match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect sdm-cls-bootps

  pass

class type inspect ccp-icmp-access

  inspect

class class-default

  pass

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

class type inspect ccp-protocol-http

  inspect

class type inspect ccp-insp-traffic

  inspect

class type inspect ccp-sip-inspect

  inspect

class type inspect ccp-h323-inspect

  inspect

class type inspect ccp-h323annexe-inspect

  inspect

class type inspect ccp-h225ras-inspect

  inspect

class type inspect ccp-h323nxg-inspect

  inspect

class type inspect ccp-skinny-inspect

  inspect

class class-default

  drop

policy-map type inspect ccp-permit

class type inspect SDM_DHCP_CLIENT_PT

  pass

class class-default

  drop

!

zone security in-zone

zone security out-zone

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ES_WAN$$FW_OUTSIDE$

ip address dhcp client-id GigabitEthernet0/0

ip nat outside

ip virtual-reassembly in

zone-member security out-zone

duplex auto

speed auto

!

interface GigabitEthernet0/1

description $ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

zone-member security in-zone

duplex auto

speed auto

no mop enabled

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 80.219.128.1

ip route 0.0.0.0 0.0.0.0 80.219.128.1 254

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

!

ip access-list extended SDM_BOOTPC

remark CCP_ACL Category=0

permit udp any any eq bootpc

!

logging trap debugging

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

!

!

!

!

!

snmp-server community public RO

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

password XXXXX

login local

transport input telnet ssh

transport output telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

transport output telnet ssh

!

scheduler allocate 20000 1000

end

Peter H

This has been an interesting thread with multiple people contributing suggestions. My thanks to the multiple colleagues who have contributed to finding a solution. Thank you for using the rating system to mark this question as answered - and thanks for the points. It makes the forum more useful when people can read about a problem and can know that a solution was found. Your marking has contributed to this process.

Early on I had thought about suggesting the import all and then decided to focus on what seemed a more direct solution to what I thought was the problem by specifying the DNS servers in the DHCP pool. I am glad that John suggested import all and that it turned out to be the better solution.

In addition to John's good suggestion about changing the SNMP community I do have one other suggestion for your configuration. You have three configured static default routes, which represent various phases of finding a solution:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 80.219.128.1

ip route 0.0.0.0 0.0.0.0 80.219.128.1 254

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

The first two are essentially doing the same thing (specifying a next hop with or without specifying an interface) and I suggest that they are redundant. I suggest that you remove them

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 80.219.128.1

no ip route 0.0.0.0 0.0.0.0 80.219.128.1 254

and just leave the entry which identifies the outbound interface and the parameter that it is learned from DHCP.

HTH

Rick