Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
4
Replies

Please help with cisco 2620xm router as DNS server

DAVID RICHWALSKI
Level 1
Level 1

‎07-08-2016 10:43 AM - edited ‎03-08-2019 06:33 AM

Hi...I know the 2620xm is EOL.....but it works perfect on my small network...

My config is Surfboard SB6141 Cable modem ....then my 2620xm router.

I am trying to get the DNS server on the router, but I cannot get it to work...I followed Cisco documentation.

Router firmware c2600-adventerprisek9-mz.124-25d.bin

Cisco 2620XM (MPC860P) processor (revision 2.0) with 229376K/32768K bytes of memory.
Processor board ID JAE08020Z8A
M860 processor: part number 5, mask 2
2 FastEthernet interfaces
1 Serial interface
1 ATM interface
1 Virtual Private Network (VPN) Module
32K bytes of NVRAM.
49152K bytes of processor board System flash (Read/Write)

Here is my router config:


version 12.4
parser config cache interface
no service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
logging count
no logging buffered
no logging rate-limit
enable secret 5 xxxxxx
enable password 7 xxxxxx
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
memory-size iomem 10
clock timezone CST -6
clock summer-time CDT recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!
no ip bootp server
ip domain name xxxxxx
ip host xxxx xxxx
ip host xxxx  xxxx
ip inspect name basic cuseeme
ip inspect name basic dns
ip inspect name basic ftp
ip inspect name basic h323
ip inspect name basic https
ip inspect name basic icmp
ip inspect name basic imap
ip inspect name basic pop3
ip inspect name basic netshow
ip inspect name basic rcmd
ip inspect name basic realaudio
ip inspect name basic rtsp
ip inspect name basic esmtp
ip inspect name basic sqlnet
ip inspect name basic streamworks
ip inspect name basic tftp
ip inspect name basic tcp
ip inspect name basic udp
ip inspect name basic vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ddns update method sdm_ddns1
HTTP
add http://xxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3030517303
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3030517303
revocation-check none
rsakeypair TP-self-signed-3030517303
!
!
username xxxxxx privilege 15 view root secret 5 xxxxxx
!
!
ip tcp synwait-time 10
ip ssh authentication-retries 5
ip ssh port xxxx rotary 1
ip ssh logging events
ip ssh version 2
ip rcmd rcp-enable
ip rcmd remote-host sdmR84979c1a 192.168.0.15 L84979c1a enable
ip rcmd remote-username sdmR84979c1a
!
!
buffers tune automatic
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.0.50 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
no mop enabled
!
interface Serial0/0
no ip address
shutdown
!
interface ATM0/1
no ip address
shutdown
!
interface FastEthernet1/0
description TIME WARNER$FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet1/0
ip access-group 101 in
ip mask-reply
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
ip inspect basic out
speed auto
full-duplex
no cdp enable
no mop enabled
ntp disable
!
ip forward-protocol nd
!
!
no ip http server
ip http access-class 2
ip http secure-server
ip nat inside source list 1 interface FastEthernet1/0 overload
ip nat inside source static tcp xxxxx 7500 interface FastEthernet1/0 7500
ip nat inside source static tcp xxxxx 8500 interface FastEthernet1/0 8500
ip nat inside source static tcp xxxxx 40005 interface FastEthernet1/0 40005
ip nat inside source static tcp xxxxx 40004 interface FastEthernet1/0 40004
ip nat inside source static tcp xxxxx 40003 interface FastEthernet1/0 40003
ip nat inside source static tcp xxxxx 40002 interface FastEthernet1/0 40002
ip nat inside source static tcp xxxxx 40001 interface FastEthernet1/0 40001
ip nat inside source static tcp xxxxx 40000 interface FastEthernet1/0 40000
ip nat inside source static udp xxxxx 55350 interface FastEthernet1/0 55350
ip nat inside source static tcp xxxxx 55368 interface FastEthernet1/0 55368
ip nat inside source static tcp xxxxx 55369 interface FastEthernet1/0 55369
ip nat inside source static tcp xxxxx 60817 interface FastEthernet1/0 60817
!
logging trap debugging
logging source-interface FastEthernet0/0
logging xxxxx
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark ---Time Warner DHCP---
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 remark ---SSH---
access-list 101 permit tcp any any eq xxxx log
access-list 101 remark ---FTP---
access-list 101 permit tcp any any eq 7500 log
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq ftp-data established
access-list 101 permit tcp any any range 40000 40005
access-list 101 permit tcp any any eq 8500 log
access-list 101 remark ---XBOX---
access-list 101 permit udp any any eq 88
access-list 101 permit udp any any eq 3074
access-list 101 permit tcp any any eq 3074
access-list 101 remark ---uTORRENT---
access-list 101 permit tcp any any eq 60817
access-list 101 remark ---OPENVPN---
access-list 101 permit udp any any eq 55350 log
access-list 101 remark ---VNC---
access-list 101 permit tcp any any eq 55368 log
access-list 101 permit tcp any any eq 55369 log
access-list 101 remark ---ICMP---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 deny icmp any any log
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any log
snmp-server community xxxxx RW
snmp-server chassis-id xxxxx
no cdp run
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport preferred none
transport output telnet
speed 115200
line aux 0
line vty 0 4
exec-timeout 20 0
privilege level 15
password 7 xxxxx
login authentication local_auth
rotary 1
transport preferred ssh
transport input ssh
transport output ssh
!
scheduler allocate 4000 1000
ntp logging
ntp clock-period 17179791
ntp source FastEthernet0/0
ntp server xxxxx prefer
!
end

I then entered the following commands:

ip dns server
ip domain-lookup
ip name-server xxxxx (external dns server)
ip name-server xxxxx (external dns server)
ip host alan xxxxx
ip host john xxxxx
ip host wayne xxxxx
ip dns server queue limit forwarder 10

I then pointed my workstations to the router ip address......(all workstations have static ip address)

When I connect to the internet it does not work.....I would really apprecate any help you can offer

Thank you

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎07-08-2016 12:06 PM

The title of your post indicates that the problem is about the DNS server function on the router. But I wonder if that is really the issue. Your description of the problem says that when you point a workstation to the Internet that it does not work. Perhaps you can clarify what you are trying to have the workstation do (is it ping a specific resource by name, or is it attempting to browse to a web site, or is it doing something else)? And can you clarify whether the attempt to access the Internet resource is able to resolve the name to an IP address?

I suspect that your real problem is in the last line of your access list

access-list 101 deny ip any any log

You have permitted a few specific things and then you deny everything else.

HTH

Rick

HTH

Rick
0 Helpful

DAVID RICHWALSKI
Level 1
Level 1
In response to Richard Burts

‎07-08-2016 01:43 PM

Hi....thanks for the reply....

My workstations and everything on the router have for years....connected to the internet and work.

The workstations have been configured with a static IP and I have had to manually enter DNS servers for each workstation.

I do not run a DNS server on my network so to simplify the process I want to configure the router to do the DNS for me.

Thanks.......

0 Helpful

DAVID RICHWALSKI
Level 1
Level 1
In response to DAVID RICHWALSKI

‎07-08-2016 06:34 PM

ok...I got the router DNS working...........

I added the following lines...........

ip dns server
ip domain-name xxxxx
ip domain-lookup
ip name-server xxxxx
ip name-server xxxxx
ip host alan xxxxx
ip host john xxxxx
ip host wayne xxxxx
ip dns server queue limit forwarder 10

and the following access-list ACL's

access-list 101 permit udp any any eq domain
access-list 101 permit udp any eq domain any

I am worried the ACL,s may not be exactly what is needed.

I am also getting the following error... here it is from my syslog server:

Explanation >

An internal software error has occurred.

Recommended Action >

Copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. With some messages, these tools and utilities will supply clarifying information. Search for resolved software issues using the Bug Toolkit at http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl. If you still require assistance, open a case with the Technical Assistance Center via the Internet at http://www.cisco.com/cgi-bin/front.x/case_tools/caseOpen.pl, or contact your Cisco technical support representative and provide the representative with the information you have gathered. Attach the following information to your case in non-zipped, plain text (.txt) format: the output of the show logging and show tech-support commands and your pertinent troubleshooting logs.

Facility[FIB] >

IP Cisco Express Forwarding (CEF) radix tree

%FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF samecable event

If I do a NO IP CEF.....they go away....however I know that IP CEF has alot of benefits.

So I am not sure how to fix that.

Any help would be Appreciated..........

Thanks

0 Helpful

DAVID RICHWALSKI
Level 1
Level 1
In response to DAVID RICHWALSKI

‎07-09-2016 06:22 AM

Found some problems with DNS on the router after getting it to work...................so I will just go back to not using it................

thanks..........

0 Helpful
Customers Also Viewed These Support Documents