01-07-2019 02:41 PM - edited 03-08-2019 04:58 PM
Hi, i am trying to configure cisco 887 router and here is my config file. if you could please guide me why am i not getting internet. I get the ip assigned from ISP and i can ping outer internet from the router but not from inside the network. thanks
controller VDSL 0
!
controller Cellular 0
no cdp run
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string hspa-R7
!
interface Ethernet0
no ip address
!
interface Ethernet0.1
description PrimaryWANDesc_bt bb
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface Wlan-GigabitEthernet0
no ip address
!
interface wlan-ap0
no ip address
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname some@some.btclick.com
ppp chap password 0 pass?wo/rd
ppp pap sent-username some@some.btclick.com password 0 pass?wo/rd
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
01-07-2019 02:47 PM
Hello,
change:
ip nat inside source list nat-list interface Dialer1 overload
to
ip nat inside source list 1 interface Dialer1 overload
01-07-2019 02:58 PM
As above, you have not referanced any ACL with the NAT-LIST command, change to scource list 1 which you have an acl for and should work
01-08-2019 03:00 PM
Hi Thanks for a quick reply and it worked however, my internet is very slow. Google is fast as but rest is dead slow. I have tried to play around with mtu but no success. Can you please have look and if you could guide me how to improve the performance of my VDSL. thanks
controller VDSL 0
!
controller Cellular 0
no cdp run
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string hspa-R7
!
interface Ethernet0
no ip address
!
interface Ethernet0.1
description PrimaryWANDesc_bt bb
encapsulation dot1Q 101
ip mtu 1452
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface Wlan-GigabitEthernet0
no ip address
!
interface wlan-ap0
no ip address
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname dsfsdf@hgsdf.btclick.com
ppp chap password 0 sdfsdf
ppp pap sent-username sdfsdf@hgsdfsdf.btclick.com password 0 sdfsdf
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
01-08-2019 03:52 PM - edited 01-08-2019 03:54 PM
Hello
I can see ipcp dns being used so it telling the router to use the the ISP for dns resolution.
interface Dialer 1
ppp ipcp dns request
However but i don't see any dhcp server scope for you internal clients so at present what dns server are your internal clients using?
So to make sure its not dns resolution that is making slow response, enable dns server locally so clients will be pointed to use your local router for dns requests which then your local router will use its ISP dns .
conf t
ip dns server
01-08-2019 04:14 PM
Hello,
you could also try a different MTU setting and add the ip tcp adjust-mss (as marked in bold):
interface Dialer1
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname dsfsdf@hgsdf.btclick.com
ppp chap password 0 sdfsdf
ppp pap sent-username sdfsdf@hgsdfsdf.btclick.com password 0 sdfsdf
ppp ipcp dns request
no cdp enable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide