Solved: Re: Understanding C887VA-W-E-K9

Yorick Poels · ‎10-07-2012

I'm trying to set-up a Cisco 800 series router (C887VA-W-E-K9 ) (see setup in attach). Connecting via the PPPoE over ATM works flawlessly (see settings in config). I get an IP, DNS and route via the settings (ppp ipcp dns request accept - ppp ipcp route default - ppp ipcp address accept).

The only problem I have, is from my host machine, I can NOT browse the web.

What is weird to me, is that from the host machine behind the router I can ping & traceroute to IP-adresses (e.g. 8.8.8.8). The router can ping to the host machine's IP (handed out via DHCP). From the #sh ip nat tr command, I can see that NAT translations are right. When I look at the NAT access-list, all entries got through.

Is it correct to use the int vlan 1 as a router for the dhcp pool?

Thanks in advance for helping me out.

Config:

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

no service password-recovery

!

hostname router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

clock timezone Paris 1 0

crypto pki token default removal timeout 0

!

no ip source-route

ip cef

!

ip dhcp pool LAN

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.1.1

lease 8

!

ip dhcp pool vlan4

network 192.168.4.0 255.255.255.0

default-router 192.168.4.1

!

ip dhcp pool vlan5

network 192.168.5.0 255.255.255.0

default-router 192.168.5.1

!

no ip domain lookup

ip domain name ykh

no ipv6 cef

!

license boot module c800 level advipservices

!

archive

path flash:archived-config

maximum 3

write-memory

time-period 1440

memory reserve console 2048

!

controller VDSL 0

!

ip ssh authentication-retries 5

ip ssh source-interface Loopback0

ip ssh version 2

!

interface Loopback0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface ATM0

description ADSL2+ interface

no ip address

no atm ilmi-keepalive

pvc internet-vc 8/35

encapsulation aal5snap

pppoe-client dial-pool-number 1

!

interface Ethernet0

no ip address

pppoe-client dial-pool-number 1

no fair-queue

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

no ip address

!

interface wlan-ap0

description Embedded Service module interface to manage the embedded AP

ip address 192.168.45.1 255.255.255.0

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1412

!

interface Vlan4

description vlan4 wireless BSUP

ip address 192.168.4.1 255.255.255.0

!

interface Vlan5

description vlan5 wireless BSUV

ip address 192.168.5.1 255.255.255.0

!

interface Dialer1

description Scarlet ADSL2+ dial-in interface

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap /deleted/

ppp ipcp dns request accept

ppp ipcp route default

ppp ipcp address accept

no cdp enable

!

ip forward-protocol nd

no ip http server

ip http secure-server

!

ip nat inside source list nat_acl interface Dialer1 overload

!

ip access-list extended nat_acl

permit ip 192.168.1.0 0.0.0.255 any

permit ip any any

!

dialer-list 1 protocol ip permit

!

end

Stuart Gall · ‎10-08-2012

Had another thought, is DNS working?

Add / change

DNS-server 8.8.8.8 4.2.2.4

to your dhcp config

Try ping www.google.com

Does it work ?

Sent from Cisco Technical Support iPad App

View solution in original post

Stuart Gall · ‎10-07-2012

Have you tried lowering the mtu on the dialer. Some pppoe can not take 1500?

Yorick Poels · ‎10-07-2012

Hi Stuart, thanks for the suggestion.

In my config I have set it only to 1452. This evening I will try, with lower settings.

On my PC, I have also tried to ping with different packet sizes (as mentioned on

http://www.dslreports.com/faq/5793), with the ping -l option. The maximal packet size I can send was 1464.

Stuart Gall · ‎10-08-2012

Had another thought, is DNS working?

Add / change

DNS-server 8.8.8.8 4.2.2.4

to your dhcp config

Try ping www.google.com

Does it work ?

Sent from Cisco Technical Support iPad App

Yorick Poels · ‎10-08-2012

Hi Stuart,

thanks for the suggestion, adding this DNS to the DHCP pool config fixed my problem.

Just a another quick question. When adding the DNS-server to the DHCP pool, it only gets applied to that pool. And when adding the 'ip name-server' in the config, it is valid for the whole router?

And another question .

Maybe you saw the 'ppp ipcp dns request accept' command under the dialer interface. Shouldn't the router request a DNS via this command when establishing the PPPoE session? And import it into the DHCP settings of the LAN pool through the 'import all' command? I will also check this using the debugging, to see if a DNS is found during the PPP negotiation.