Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
5
Helpful
2
Replies

Unable to get DNS-Resolution

CiscoChris929
Level 1
Level 1

‎08-22-2013 01:17 PM - edited ‎03-07-2019 03:04 PM

Hi everybody,

here is my current config:

Building configuration...

Current configuration : 4134 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname xxx

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

clock timezone PCTime 1

clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00

!

crypto pki trustpoint TP-self-signed-2383438077

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2383438077

revocation-check none

rsakeypair TP-self-signed-2383438077

!

!

crypto pki certificate chain TP-self-signed-2383438077

certificate self-signed 01

  30820260 308201C9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32333833 34333830 3737301E 170D3131 30323033 31363337

  34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33383334

  33383037 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BCE0 FCF7A252 6FD9F319 FEAC9148 E594D2FA 79473DE9 E5235F55 5BD1003D

  5B95C65C 2CFFE68D 02D5D083 1BACAA63 D438E2BB 511238B3 27FC08D7 1A5E33ED

  752EBEC0 E8E60BF7 12EE32A2 E6E6BDEC 21EDB64A 8CEE69D8 273F72DE C852041D

  9F00EFFE F7C05788 7AB5EC2C B5D89528 C15D9AED D10185FF 2F042CA6 72D0FC4E

  E47B0203 010001A3 81873081 84300F06 03551D13 0101FF04 05300301 01FF3031

  0603551D 11042A30 28822653 63686F6C 7A2D4369 73636F2D 43434E41 30312E53

  63686F6C 7A43434E 4130312E 6C6F6361 6C301F06 03551D23 04183016 801403E5

  F838596C C9FAC304 98978919 FF5EA6DF 5A91301D 0603551D 0E041604 1403E5F8

  38596CC9 FAC30498 978919FF 5EA6DF5A 91300D06 092A8648 86F70D01 01040500

  03818100 668B9E15 E62567A5 FCF37BC5 E383F436 EFB8CA16 5712BACD C0B93E18

  A30CBB69 D21618CF 7869ED7C AB0AD93E 6ADF5D5F B983DB13 E3CA4079 AC5E6B20

  22F2C558 349EF995 67508585 0449B6B0 403CE364 F6760470 BE5C968D EA6CBD59

  A08C2AEE 16DFAF7D 546105CF 24BF97FB B9774840 EE595D92 5754C38D A3D6333A 379672FA

        quit

dot11 syslog

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.178.1 192.168.178.9

ip dhcp excluded-address 192.168.178.251 192.168.178.254

!

ip dhcp pool sdm-pool1

   network 192.168.178.0 255.255.255.0

   domain-name xxx

   default-router 192.168.178.2

   dns-server 217.237.150.188 217.237.150.33

!

!

ip domain name xxx

!

!

!

username xxx privilege 15 password 7 xxx

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 1/32

  pppoe-client dial-pool-number 1

!

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

no ip address

speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

station-role root

!

interface Vlan1

description $ES_LAN$

ip address 192.168.178.2 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

!

interface Vlan2

no ip address

ip nat inside

ip virtual-reassembly

!

interface Dialer1

mtu 1492

ip address negotiated

ip access-group 100 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname xxx

ppp chap password 7 xxx

ppp ipcp dns request

!

interface Dialer0

no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

ip http secure-server

ip nat inside source list 11 interface Dialer1 overload

!

access-list 11 permit 192.168.178.0 0.0.0.255

access-list 100 permit ip any any

dialer-list 1 protocol ip permit

!

!

!

control-plane

!

!

line con 0

exec-timeout 0 0

logging synchronous

login local

no modem enable

line aux 0

line vty 0 4

exec-timeout 0 0

logging synchronous

login local

transport input ssh

!

scheduler max-task-time 5000

end

Now here's my Problem:

When trying to hook up a client to Fa0 i can successfully ping via ip command.

I also can browse the web via IP

The DNS-Servers can be reached - i can ping them successfully via IP

But everytime i try to go via hostname (google.com for example) i keep getting timeouts.

The DHCP-Server running on the Router does successfully annunce the correct DNS IP's to my Clients

Can you hep me?

Thank you for your Help

Greetings

Chris

Labels:
0 Helpful
2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

‎08-22-2013 04:44 PM

Chris,

On your dialer interface, remove the line "ip access-group 100 out". You don't need to allow all addresses out as that's allowed by default. If you want to restrict traffic coming back in, you can create an acl like the following:

access-list 100 permit udp any eq 53 any

access-list 100 permit udp any any eq 53

access-list 100 permit tcp any any established

You can also remove the acl on the vlan interface as well...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

CiscoChris929
Level 1
Level 1
In response to John Blakley

‎08-25-2013 04:49 AM

Hi John,

thank you for your help.

I removed the ip access-groups from the vlan interface and Dialer interface and inserted the lines you suggested.

Everything works fine now.

Thanks again - this really helped me out.

Greetings

Chris

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card