• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2149
  • Last Modified:

Cisco config

I am trying to setup a cisco 1700 series router to be used with dsl service.  The configuration i have set up is not passing any traffic. I keep getting a no DNS server are routable through this interface error.  My current config is as followed

interface Null0
 no ip unreachables
!
interface Ethernet0
 description $ETH-LAN$
 ip address 64.190.49.178 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
 full-duplex
!
interface FastEthernet0
 description $FW_INSIDE$
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
 speed auto
 full-duplex
!
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
ip http authentication local
ip http secure-server
!
!
!
logging trap debugging
logging 192.168.1.1
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip any any
no cdp run
!
!
control-plane
!
banner login ^CArmorGroup North America systems are subject to monitoring at all times to ensure proper functioning or equipment and systems including security devices and systems, to prevent unauthorized use and violations of statues and security regulati
ns, to deter criminal activity, and for other similar purpose.  Unauthorized use is PROHIBITED!^C
!
line con 0
 login authentication local_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 100 in
 password 7 071F205B1A514A5C
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end


The only other thing is we have a wireless router set up as the DHCP server could that be causing the error?

0
MrAllen
Asked:
MrAllen
  • 8
  • 4
  • 2
  • +1
1 Solution
 
grsteedCommented:
You don't have IP routing enabled. Enter this command  in privilaged mode.

 ip routing

See if that helps.

Also can you confirm that you inside interface is getting an IP with DHCP. (show interface)

Cheers,


Gary
0
 
MrAllenAuthor Commented:
ok did that then when i went to test connectivity got a failure on DNS exit interface  


Router Details

Attribute Value
Router Model  1710  
Image Name  c1710-k9o3sy-mz.124-5.bin  
IOS Version  12.4(5)  
Hostname  AGnet  


Interface Details

Attribute Value
Interface  FastEthernet0  
IP address  192.168.1.103  
Description  


Test Activity Summary

Activity Status
Checking interface status...  Up  
Checking for DNS settings...  Successful  
Checking interface IP address..  Successful  
Checking exit interface...  Failed  


Test Activity Details

Activity Status
Checking interface status...  Up  
    Interface physical status :Up  
    Line protocol status :Up  
Checking for DNS settings...  Successful  
    DNS lookup set :Yes  
    Statically configured DNS servers : 216.230.64.6 216.198.87.14 216.230.64.5  
    Dynamically imported DNS servers :None  
Checking interface IP address..  Successful  
    Interface IP address :192.168.1.103  
    Interface IP address Type :Static  
Checking exit interface...  Failed  
    Exit interface found :None  
    Exit interface found :None  
    Exit interface found :None  


Troubleshooting Results Failure Reason(s) Recommended Action(s)

 To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface.  Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface and retest connection.  
 
0
 
calvinetterCommented:
You don't need ip routing enabled.  You shouldn't have a router interface obtaining an IP via DHCP unless you *absolutely* have to (ie, WAN interface doesn't have a static IP); certainly not the *inside* interface, otherwise, how can the inside hosts have a consistent default gateway?

Once you decide on an IP for the FastEthernet0 interface (common practice is either to use .1 or .254 if your internal subnet is 255.255.255.0), make sure all your inside hosts are configured with this IP as their default gateway - you'll also need to make sure your DHCP server is giving this out as well.

  Didn't your ISP provide you with a default gateway to use for your router? Seeing the IP/subnet mask on your WAN interface, your router's default gateway should be: 64.190.49.177  (you can confirm with your ISP); once you've confirmed the ISP default gateway, do this:
  no ip route 0.0.0.0 0.0.0.0 Ethernet0
  ip route 0.0.0.0 0.0.0.0 <ISP default gateway IP>

>logging 192.168.1.1
  Seeing the above in your config, I assume your internal LAN directly connected to the router's FastEthernet0 interface is 192.168.1.x ? I see that you don't have NAT setup on your router, so your internal workstations won't be able to reach the outside.  Assuming your internal LAN is 192.168.1.x, do this:

access-list 101 permit ip 192.168.1.0 0.0.0.255 any
int e0
ip nat outside

int f0
ip nat inside

ip nat inside source list 101 int f0 overload

cheers
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
grsteedCommented:
Is this router connected to a firewall box, which is connected to your ISP?  If so, are you allowing DNS through the firewall?  You should have ports UDP 53 and TCP 53 open for DNS.

Gary
0
 
MrAllenAuthor Commented:
interface 0 is giving me the following error when i test connection
WAN troubleshooting report details



Router Details

Attribute Value
Router Model  1710  
Image Name  c1710-k9o3sy-mz.124-5.bin  
IOS Version  12.4(5)  
Hostname  AGnet  


Interface Details

Attribute Value
Interface  FastEthernet0  
IP address  192.168.1.103  
Description  


Test Activity Summary

Activity Status
Checking interface status...  Up  
Checking for DNS settings...  Successful  
Checking interface IP address..  Successful  
Checking exit interface...  Failed  


Test Activity Details

Activity Status
Checking interface status...  Up  
    Interface physical status :Up  
    Line protocol status :Up  
Checking for DNS settings...  Successful  
    DNS lookup set :Yes  
    Statically configured DNS servers : 216.230.64.6 216.198.87.14 216.230.64.5  
    Dynamically imported DNS servers :None  
Checking interface IP address..  Successful  
    Interface IP address :192.168.1.103  
    Interface IP address Type :Static  
Checking exit interface...  Failed  
    Exit interface found : Ethernet0  
    Exit interface found : Ethernet0  
    Exit interface found : Ethernet0  


Troubleshooting Results Failure Reason(s) Recommended Action(s)

 No configured DNS server(s) are routable through the selected interface.  Select 'Enter IP address or hostname' option or add a 'host specific/network specific/default' route through this interface and retest connection.  
 
0
 
MrAllenAuthor Commented:
E0 is giving me the following when i test connection

I am looking at the configuration that my DSL provider gave me and the Gateway is correct



Router Details

Attribute Value
Router Model  1710  
Image Name  c1710-k9o3sy-mz.124-5.bin  
IOS Version  12.4(5)  
Hostname  AGnet  


Interface Details

Attribute Value
Interface  Ethernet0  
IP address  64.190.49.178  
Description  


Test Activity Summary

Activity Status
Checking interface status...  Up  
Checking for DNS settings...  Successful  
Checking interface IP address..  Successful  
Checking exit interface...  Successful  
Pinging to destination host...  Failed  


Test Activity Details

Activity Status
Checking interface status...  Up  
    Interface physical status :Up  
    Line protocol status :Up  
Checking for DNS settings...  Successful  
    DNS lookup set :Yes  
    Statically configured DNS servers : 216.230.64.6 216.198.87.14 216.230.64.5  
    Dynamically imported DNS servers :None  
Checking interface IP address..  Successful  
    Interface IP address :64.190.49.178  
    Interface IP address Type :Static  
Checking exit interface...  Successful  
    Exit interface found :Ethernet0  
    Exit interface found :Ethernet0  
    Exit interface found :Ethernet0  
Pinging to destination host...  Failed  
    Destination pinged to :216.230.64.6  
    Size of the ping packet (in bytes) :100  
    Timeout interval :2  
    Number of ping packets sent to the destination address :5  
    Ping reply validated :No  
    Fragmentation allowed on ping packet :No  
    Destination pinged to :216.198.87.14  
    Size of the ping packet (in bytes) :100  
    Timeout interval :2  
    Number of ping packets sent to the destination address :5  
    Ping reply validated :No  
    Fragmentation allowed on ping packet :No  
    Destination pinged to :216.230.64.5  
    Size of the ping packet (in bytes) :100  
    Timeout interval :2  
    Number of ping packets sent to the destination address :5  
    Ping reply validated :No  
    Fragmentation allowed on ping packet :No  


Troubleshooting Results Failure Reason(s) Recommended Action(s)

 Ping to the destination host(s) failed. The possible reason may be one of the following, 1. The detected DNS servers or the IP address or hostname specified are unreachable or not responding. 2. In case of DSL interfaces, this may be due to mismatch of encapsulation at the remote end.  1. Contact your WAN administrator or ISP and check the DNS server configuration, or retry with a different IP address / hostname. 2. Contact your WAN administrator or ISP and verify the encapsulation.  
 
0
 
calvinetterCommented:
Did you setup NAT as I mentioned in my initial post?
0
 
MrAllenAuthor Commented:
Yes set it up but still getting the same error

0
 
calvinetterCommented:
Please post the results of:  sh ip int brie
And post your most current config.

What is the outside interface (Ethernet0) plugged into: a DSL modem, DSL modem/router?

cheers
0
 
MrAllenAuthor Commented:
I don't have the firewall enabled yet, was using a linksys router before which had no firewall.  
0
 
MrAllenAuthor Commented:
ethernet0 is plugged into a dsl modem
0
 
MrAllenAuthor Commented:
here is the config with changes
no aaa new-model
!
resource policy
!
memory-size iomem 15
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.150 192.168.1.254
ip dhcp excluded-address 192.168.1.101
!
ip dhcp pool AGnet
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 216.230.64.6 216.198.87.14
!
!
ip cef
ip name-server 216.230.64.6
ip name-server 216.198.87.14
ip name-server 216.230.64.5
!
!
!
crypto pki trustpoint TP-self-signed-4228250918
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4228250918
 revocation-check none
 rsakeypair TP-self-signed-4228250918
!
!
crypto pki certificate chain TP-self-signed-4228250918
 certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34323238 32353039 3138301E 170D3032 30333031 31393239
  31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32323832
  35303931 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E193 970677AE 273C992D 5916152B 1E99E126 8E8BD9BD 07616C31 0DC37BDC
  8AF65DD2 F56014EE 5C7E9882 0EFE7EF9 E52E36D3 7F6CF1AD ACEFA51B A643F671
  AF6F7C78 5296B1AC F11A134C 0088B9E2 F0C2F811 8A1D89EA 0B87073E 9F9A41C6
  0F68DF7E 36507079 5A1F42BA 69F05EDD 6FAD9D31 6FA61395 A1115012 B9915C4F
  CDFD0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
  551D1104 0A300882 0641476E 65742E30 1F060355 1D230418 30168014 F5A113F4
  CE184F1F 99216302 41B82391 748A3D05 301D0603 551D0E04 160414F5 A113F4CE
  184F1F99 21630241 B8239174 8A3D0530 0D06092A 864886F7 0D010104 05000381
  810065C3 A2EB39A9 1DAAA91B FA5FB2E2 8E91A858 866162F3 AB529835 7FEA032F
  1EC811F2 CE44B466 742017D9 7E8C60D4 10B8FB10 28BB83FF DE1DFB99 E9840823
  AABA8DFD 63C2FEEA BEBEA896 A66BD09A 84FB2519 A866CC45 1BAB7AB3 009BFA85
  7E327F8B F54E288E BAC8C91D 60579B6F 911F8011 0C76DC2A 0CD1F0E8 8CDF8967 F9B2
  quit
username admin privilege 15 password 0 paw4839
!
!
!
!
!
interface Ethernet0
 description $ETH-LAN$
 ip address 64.190.49.178 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 full-duplex
!
interface FastEthernet0
 description $ETH-LAN$
 ip address 192.168.1.101 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed auto
 full-duplex
!
ip route 0.0.0.0 0.0.0.0 64.190.49.177
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 101 interface FastEthernet0 overload
!
!
logging 192.168.1.1
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 password paw4839
 login local
 transport input telnet ssh
!
end


0
 
calvinetterCommented:
Sorry for the typo in my previous post.  The wrong interface is being used for the "NAT overload".
  Run these commands *in this order*:
no ip nat inside source list 101 int f0 overload
ip nat inside source list 101 int e0 overload

cheers
0
 
JamesMylerCommented:
Not to seem like an idiot but what kind of cable do you have between the Router and DSL Modem. Straight or cross-over?
0
 
MrAllenAuthor Commented:
cross over cable
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 8
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now