Re: Not getting internet on Cisco 887 Multi-mode VDSL2/ADSL2+ over POTS

leo12 · ‎01-07-2019

Hi, i am trying to configure cisco 887 router and here is my config file. if you could please guide me why am i not getting internet. I get the ip assigned from ISP and i can ping outer internet from the router but not from inside the network. thanks

controller VDSL 0
!
controller Cellular 0
no cdp run
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ

!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string hspa-R7
!
interface Ethernet0
no ip address
!
interface Ethernet0.1
description PrimaryWANDesc_bt bb
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface Wlan-GigabitEthernet0
no ip address
!
interface wlan-ap0
no ip address
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname some@some.btclick.com
ppp chap password 0 pass?wo/rd
ppp pap sent-username some@some.btclick.com password 0 pass?wo/rd
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default

Georg Pauwen · ‎01-07-2019

Hello,

change:

ip nat inside source list nat-list interface Dialer1 overload

to

ip nat inside source list 1 interface Dialer1 overload

Martin · ‎01-07-2019

As above, you have not referanced any ACL with the NAT-LIST command, change to scource list 1 which you have an acl for and should work

leo12 · ‎01-08-2019

Hi Thanks for a quick reply and it worked however, my internet is very slow. Google is fast as but rest is dead slow. I have tried to play around with mtu but no success. Can you please have look and if you could guide me how to improve the performance of my VDSL. thanks

controller VDSL 0
!
controller Cellular 0
no cdp run
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string hspa-R7
!
interface Ethernet0
no ip address
!
interface Ethernet0.1
description PrimaryWANDesc_bt bb
encapsulation dot1Q 101
ip mtu 1452
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface Wlan-GigabitEthernet0
no ip address
!
interface wlan-ap0
no ip address
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname dsfsdf@hgsdf.btclick.com
ppp chap password 0 sdfsdf
ppp pap sent-username sdfsdf@hgsdfsdf.btclick.com password 0 sdfsdf
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default

paul driver · ‎01-08-2019

Hello

I can see ipcp dns being used so it telling the router to use the the ISP for dns resolution.

interface Dialer 1
ppp ipcp dns request

However but i don't see any dhcp server scope for you internal clients so at present what dns server are your internal clients using?

So to make sure its not dns resolution that is making slow response, enable dns server locally so clients will be pointed to use your local router for dns requests which then your local router will use its ISP dns .

conf t
ip dns server

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎01-08-2019

Hello,

you could also try a different MTU setting and add the ip tcp adjust-mss (as marked in bold):

interface Dialer1
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly in
encapsulation ppp

ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname dsfsdf@hgsdf.btclick.com
ppp chap password 0 sdfsdf
ppp pap sent-username sdfsdf@hgsdfsdf.btclick.com password 0 sdfsdf
ppp ipcp dns request
no cdp enable