Hi,

Thank you for your reply.

With reagrds to your first questions, I can tell you that we have DNS resolution from the UC540 CLI and there is an access-list (access-list 104 in) on the WAN interface.

I have tried removing this in the past but it has not resolved the problem.

I can try things in the CLI but I was hoping for a CCA based solution if at all possible. The reason for this is that we are informed that only changes made within CCA are officially supported therefore, from a support perspective, we would rather keep things within CCA if possible.

We will try upgrading to the latest software pack (we are on 8.1.0 currently) and try again but if there are any other suggestions in the mean time they would be gratefully received.

Many thanks.

Hi Craig,

OK a couple of questions to be asked here and I am confident we can get to the bottom of it

First:

Is the Edge router in Bridge mode and the UC-500 is doing the PPPoE/A authentication?

or

Is the Modem in routed mode, not authenticating and the UC-500 is attempting Authentication??

I suspect that if you go on the command line and do a "sh ip route" potentially the last hop is not right.

My recommendation:

If the UC-500 is the network concentrator, then go the full hodge and put the modem in full Bridge mode, have the UC-500 authenticate and also route, this way you have one source for fault finding, by having the modem in routed mode, you will need to diagnose on the UC end and then on the modem end... The downside to this is that you wont have access to the modem anymore unless your mode has the capabilities to put one of the LAN side ports in a routable state with a static IP on it. Or if you can and if it is not already the case, get a Cisco 800 series modem that way you at least still have console access.

If you are getting the unreachable host message when trying to ping to the outside world, from an end point that is routed by the UC, it means there is no defined route, a common mistake that I have on more than one occasion fallen into and still do from time to tim... CCA can resolve this for you straight away if this is the case

Cheers,

David.

Hi David,

Thank you for your reply.

The modem is in bridged mode and the UC540 is configured to do the PPPoE authentication.

I've copied and pasted some output from the CLI that includes a successful ping to a public IP, an FQDN and the output of 'show ip route'. Note that I have masked our public IP's.

UC_540_ANALOG#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/45/52 ms
UC_540_ANALOG#ping www.google.co.uk

Translating "www.google.co.uk"...domain server (212.23.6.100) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.85.229.147, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/60/96 ms
UC_540_ANALOG#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 82.70.XX.XX to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 82.70.XX.XX
      10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C        10.1.1.0/24 is directly connected, BVI100
L        10.1.1.1/32 is directly connected, BVI100
C        10.1.10.0/30 is directly connected, Loopback0
S        10.1.10.1/32 is directly connected, Integrated-Service-Engine0/0
L        10.1.10.2/32 is directly connected, Loopback0
      62.0.0.0/32 is subnetted, 1 subnets
C        62.3.XX.XX is directly connected, Dialer0
      82.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        82.70.XX.XX/29 is directly connected, Dialer0
L        82.70.XX.XX/32 is directly connected, Dialer0
      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, BVI1
L        192.168.10.1/32 is directly connected, BVI1
UC_540_ANALOG#

To give you an idea of how our client is configured, see the following output from a Windows command line:

C:\Documents and Settings\survey>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : pc135
        Primary Dns Suffix  . . . . . . . : domain.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
roller
        Physical Address. . . . . . . . . : 00-1C-23-1D-5A-01
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.25
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.1
        DHCP Server . . . . . . . . . . . : 192.168.10.1
        DNS Servers . . . . . . . . . . . : 212.23.6.100
                                            212.23.3.100
        Lease Obtained. . . . . . . . . . : 05 August 2011 08:58:18
        Lease Expires . . . . . . . . . . : 06 August 2011 08:58:18

C:\Documents and Settings\survey>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:

Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.
Reply from 192.168.10.1: Destination host unreachable.

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\survey>ping www.google.co.uk
Ping request could not find host www.google.co.uk. Please check the name and try
again.

C:\Documents and Settings\survey>

Thank you in advance for any additional assistance.

It's probably a NAT related issue.  Could you put your running config in a text file and post it here.  Please remove all sensitive information like passwords and static ip addresses.

Here is our running config. As explained earlier, this is all CCA generated so no manual modifications have been made via the CLI.

Hi Craig,

I looked at your running config and is your NAT pointing to fastethernet0/0 (

ip nat inside source list 1 interface FastEthernet0/0 overload) . Since you have Dialer0 as the WAN interface try to reconfigure NAT by launching NAT dialog and delete NAT setting and recreate new one. If it still doesn't work change the this line "ip nat inside source list 1 interface FastEthernet0/0 overload" to "ip nat inside source list 1 interface Dialer0" and should take care of the issue.

regards

Kishan

Hi Padumane,

Thank you for your advice. You're right, changing the NAT setting did resolve the problem - many thanks!

no ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 1 interface Dialer0 overload

Solved it.

I had to do this via the command line. When I tried to do this via CCA it stopped working when I deleted the NAT settings and there was no clear way of getting them back. Once I deleted the NAT settings in CCA, re-issuing the command...

ip nat inside source list 1 interface Dialer0 overload

...also did not fix the issue so I had to resort to reloading the box without saving the config.

Are you able to supply any additional advice on this? Should we be able to do this via CCA?

Craig

Hi Craig,

It looks like CCA has problem mapping to Dialer interface and it maps to

either FastEthernet 0/0 or GigabitEthernet 0/0.

Regards

Kishan

On 8/10/11 5:10 AM, "craig.letheren"

Hi Padumane,

That does appear to be the case. I would hope this will be changed so it can be implemented via CCA. As I mentioned in a previous post we are looking for a totally CCA based configuration for all of the units we supply. If we are selling the use of the UC500 as an internet gateway to customers we'll have to then complete part of the config using CLI (albeit a very small part) which, I'm told, is not officially supported.

Regards,

Craig

Hi Craig,

Can you get a snapshot of your Static Routing page in CCA please?

It should look like the following image (But not exactly the same):

You get to this section by clicking on the Routing tab, then static routing.

although your running configuration reveals what is going on, it would be good to see if CCA is reading it properly, and in this section you would add in there " ip route 0.0.0.0 0.0.0.0 Dialer0" this can usually be done in CCA you shouldn't have to use CLI at all to make the changes and I suspect CCA will write the config different to how I have posed it anyway.

Let us know if you have any issues with making the changes.

Cheers,

David.

Hi David,

Thank you for your reply, however the routing table seems correct. Padumane has correctly identified that we have a NAT issue.

I appreciate you taking the time to respond.

Craig

Hi All,

using the following config solved the problem:

ip nat inside source list 1 interface Dialer0 overload

Should we be able to do this via CCA?

Craig

If you are using FastEthernet/GigabitEthernet 0/0 for your WAN then CCA will be able to do this. Since you are using Dialor0 for WAN CCA fails to recognize that configure properly NAT mapping on that interface.