10-07-2012 12:27 PM - edited 03-07-2019 09:19 AM
I'm trying to set-up a Cisco 800 series router (C887VA-W-E-K9 ) (see setup in attach). Connecting via the PPPoE over ATM works flawlessly (see settings in config). I get an IP, DNS and route via the settings (ppp ipcp dns request accept - ppp ipcp route default - ppp ipcp address accept).
The only problem I have, is from my host machine, I can NOT browse the web.
What is weird to me, is that from the host machine behind the router I can ping & traceroute to IP-adresses (e.g. 8.8.8.8). The router can ping to the host machine's IP (handed out via DHCP). From the #sh ip nat tr command, I can see that NAT translations are right. When I look at the NAT access-list, all entries got through.
Is it correct to use the int vlan 1 as a router for the dhcp pool?
Thanks in advance for helping me out.
Config:
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service password-recovery
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone Paris 1 0
crypto pki token default removal timeout 0
!
no ip source-route
ip cef
!
!
!
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
lease 8
!
ip dhcp pool vlan4
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
!
ip dhcp pool vlan5
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
!
!
no ip domain lookup
ip domain name ykh
no ipv6 cef
!
!
license boot module c800 level advipservices
!
!
archive
path flash:archived-config
maximum 3
write-memory
time-period 1440
memory reserve console 2048
!
!
!
!
controller VDSL 0
!
ip ssh authentication-retries 5
ip ssh source-interface Loopback0
ip ssh version 2
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface ATM0
description ADSL2+ interface
no ip address
no atm ilmi-keepalive
pvc internet-vc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface Ethernet0
no ip address
pppoe-client dial-pool-number 1
no fair-queue
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip address 192.168.45.1 255.255.255.0
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Vlan4
description vlan4 wireless BSUP
ip address 192.168.4.1 255.255.255.0
!
interface Vlan5
description vlan5 wireless BSUV
ip address 192.168.5.1 255.255.255.0
!
interface Dialer1
description Scarlet ADSL2+ dial-in interface
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap /deleted/
ppp chap /deleted/
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
ip nat inside source list nat_acl interface Dialer1 overload
!
ip access-list extended nat_acl
permit ip 192.168.1.0 0.0.0.255 any
permit ip any any
!
dialer-list 1 protocol ip permit
!
end
Solved! Go to Solution.
10-08-2012 03:43 PM
Had another thought, is DNS working?
Add / change
DNS-server 8.8.8.8 4.2.2.4
to your dhcp config
Try ping www.google.com
Does it work ?
Sent from Cisco Technical Support iPad App
10-07-2012 02:58 PM
Have you tried lowering the mtu on the dialer. Some pppoe can not take 1500?
10-07-2012 10:54 PM
Hi Stuart, thanks for the suggestion.
In my config I have set it only to 1452. This evening I will try, with lower settings.
On my PC, I have also tried to ping with different packet sizes (as mentioned on
http://www.dslreports.com/faq/5793), with the ping -l option. The maximal packet size I can send was 1464.
10-08-2012 03:43 PM
Had another thought, is DNS working?
Add / change
DNS-server 8.8.8.8 4.2.2.4
to your dhcp config
Try ping www.google.com
Does it work ?
Sent from Cisco Technical Support iPad App
10-08-2012 11:09 PM
Hi Stuart,
thanks for the suggestion, adding this DNS to the DHCP pool config fixed my problem.
Just a another quick question. When adding the DNS-server to the DHCP pool, it only gets applied to that pool. And when adding the 'ip name-server' in the config, it is valid for the whole router?
And another question .
Maybe you saw the 'ppp ipcp dns request accept' command under the dialer interface. Shouldn't the router request a DNS via this command when establishing the PPPoE session? And import it into the DHCP settings of the LAN pool through the 'import all' command? I will also check this using the debugging, to see if a DNS is found during the PPP negotiation.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: