08-22-2013 01:17 PM - edited 03-07-2019 03:04 PM
Hi everybody,
here is my current config:
Building configuration...
Current configuration : 4134 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2383438077
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2383438077
revocation-check none
rsakeypair TP-self-signed-2383438077
!
!
crypto pki certificate chain TP-self-signed-2383438077
certificate self-signed 01
30820260 308201C9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32333833 34333830 3737301E 170D3131 30323033 31363337
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33383334
33383037 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BCE0 FCF7A252 6FD9F319 FEAC9148 E594D2FA 79473DE9 E5235F55 5BD1003D
5B95C65C 2CFFE68D 02D5D083 1BACAA63 D438E2BB 511238B3 27FC08D7 1A5E33ED
752EBEC0 E8E60BF7 12EE32A2 E6E6BDEC 21EDB64A 8CEE69D8 273F72DE C852041D
9F00EFFE F7C05788 7AB5EC2C B5D89528 C15D9AED D10185FF 2F042CA6 72D0FC4E
E47B0203 010001A3 81873081 84300F06 03551D13 0101FF04 05300301 01FF3031
0603551D 11042A30 28822653 63686F6C 7A2D4369 73636F2D 43434E41 30312E53
63686F6C 7A43434E 4130312E 6C6F6361 6C301F06 03551D23 04183016 801403E5
F838596C C9FAC304 98978919 FF5EA6DF 5A91301D 0603551D 0E041604 1403E5F8
38596CC9 FAC30498 978919FF 5EA6DF5A 91300D06 092A8648 86F70D01 01040500
03818100 668B9E15 E62567A5 FCF37BC5 E383F436 EFB8CA16 5712BACD C0B93E18
A30CBB69 D21618CF 7869ED7C AB0AD93E 6ADF5D5F B983DB13 E3CA4079 AC5E6B20
22F2C558 349EF995 67508585 0449B6B0 403CE364 F6760470 BE5C968D EA6CBD59
A08C2AEE 16DFAF7D 546105CF 24BF97FB B9774840 EE595D92 5754C38D A3D6333A 379672FA
quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.178.1 192.168.178.9
ip dhcp excluded-address 192.168.178.251 192.168.178.254
!
ip dhcp pool sdm-pool1
network 192.168.178.0 255.255.255.0
domain-name xxx
default-router 192.168.178.2
dns-server 217.237.150.188 217.237.150.33
!
!
ip domain name xxx
!
!
!
username xxx privilege 15 password 7 xxx
!
!
archive
log config
hidekeys
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 1/32
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
!
interface Vlan1
description $ES_LAN$
ip address 192.168.178.2 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
!
interface Vlan2
no ip address
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address negotiated
ip access-group 100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxx
ppp chap password 7 xxx
ppp ipcp dns request
!
interface Dialer0
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http secure-server
ip nat inside source list 11 interface Dialer1 overload
!
access-list 11 permit 192.168.178.0 0.0.0.255
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input ssh
!
scheduler max-task-time 5000
end
Now here's my Problem:
When trying to hook up a client to Fa0 i can successfully ping via ip command.
I also can browse the web via IP
The DNS-Servers can be reached - i can ping them successfully via IP
But everytime i try to go via hostname (google.com for example) i keep getting timeouts.
The DHCP-Server running on the Router does successfully annunce the correct DNS IP's to my Clients
Can you hep me?
Thank you for your Help
Greetings
Chris
08-22-2013 04:44 PM
Chris,
On your dialer interface, remove the line "ip access-group 100 out". You don't need to allow all addresses out as that's allowed by default. If you want to restrict traffic coming back in, you can create an acl like the following:
access-list 100 permit udp any eq 53 any
access-list 100 permit udp any any eq 53
access-list 100 permit tcp any any established
You can also remove the acl on the vlan interface as well...
HTH,
John
*** Please rate all useful posts ***
08-25-2013 04:49 AM
Hi John,
thank you for your help.
I removed the ip access-groups from the vlan interface and Dialer interface and inserted the lines you suggested.
Everything works fine now.
Thanks again - this really helped me out.
Greetings
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide