Solved

Problems connecting to Internet with Cisco 877W and BT Broadband

Posted on 2010-08-14
18
663 Views
Last Modified: 2012-05-10
Dear Experts,

I am trying to replace a Draytek router supplied by BT with a Cisco 877W and I am having a number of issues.

I can ping my OpenDNS server from the router itself and from the PC.  Unfortunately, I can't access any websites or do any browsing and I just can't figure out why.

I've included my full config below. Any suggestions or advice would be much appreciated.

Thanks in advance,

Nick
CISCO877#sh run
Building configuration...

Current configuration : 5973 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3641892774
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3641892774
 revocation-check none
 rsakeypair TP-self-signed-3641892774
!
!
dot11 syslog
ip cef
!
!
ip domain name XXX
ip name-server XXX
!
!
!
username admin privilege 15 secret 5 xxx
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 description BT ADSL connection
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $ETH-DATA-NETWORK$
 ip address 192.168.16.1 255.255.255.0
 ip access-group 122 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan2
 description $ETH-VOICE-NETWORK$
 ip address 172.16.16.1 255.255.255.0
 ip access-group 133 in
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname XXX@hg23.btclick.com
 ppp chap password 0 XXXXXX
 ppp pap sent-username XXX8@hg23.btclick.com password 0 XXXXXX
 ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip flow-top-talkers
 top 5
 sort-by bytes
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended NAT
 permit ip 192.168.16.0 0.0.0.255 any
!
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 122 permit ip 192.168.16.0 0.0.0.255 any
access-list 133 permit ip 172.16.16.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!

Open in new window

0
Comment
Question by:nkewney
  • 8
  • 5
  • 4
  • +1
18 Comments
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33437396
is ur adsl interface   showing up up  ? .  did u get the IP  to interface dialer 0?

ur config seems to be ok
0
 
LVL 1

Author Comment

by:nkewney
ID: 33437409
Yes, it is up and has a public IP address assigned to it.

I just can't figure this one out.  Do you think it has anything to do with the MTU or "adjust-mss" values as I don't know what these do :s

Thanks for any help you can give me :)
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33437481
please show us:

sh ip int brief
sh users
sh ip route
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:nkewney
ID: 33437487
Thanks.

I've included it below.

I can get internet access but it takes a long time to resolve domain names and eventually gives up completely.

Nick
CISCO877#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES NVRAM  up                    up
ATM0.1                     unassigned      YES unset  up                    up
Dialer0                    213.120.103.39  YES IPCP   up                    up
Dot11Radio0                unassigned      YES NVRAM  administratively down down
FastEthernet0              unassigned      YES unset  up                    up
FastEthernet1              unassigned      YES unset  up                    down
FastEthernet2              unassigned      YES unset  up                    down
FastEthernet3              unassigned      YES unset  up                    down
NVI0                       unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up
Virtual-Access2            unassigned      YES unset  up                    up
Vlan1                      192.168.16.1    YES NVRAM  up                    up
Vlan2                      172.16.16.1     YES NVRAM  up                    down
CISCO877#
CISCO877#
CISCO877#
CISCO877#
CISCO877#
CISCO877#sh users
    Line       User       Host(s)              Idle       Location
*  0 con 0     admin      idle                 00:00:00

  Interface    User               Mode         Idle     Peer Address
  Vi2                             PPPoATM      00:00:00 81.134.96.1

CISCO877#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     81.0.0.0/32 is subnetted, 1 subnets
C       81.134.96.1 is directly connected, Dialer0
     213.120.103.0/32 is subnetted, 1 subnets
C       213.120.103.39 is directly connected, Dialer0
C    192.168.16.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 is directly connected, Dialer0

Open in new window

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33437500
HI,

It shows that you connected to ISP.... and the config seems good...

what is the ip address PC?
0
 
LVL 1

Author Comment

by:nkewney
ID: 33437511
192.168.16.123 / 255.255.255.0

It works but takes a long time to resolve new domains and sometimes crashes out completely.

Nick
0
 
LVL 7

Expert Comment

by:joelvp
ID: 33437534
Your problem is not with routing but with name resolving. What is the dns server used by the pc? Is properly reachable? Who is actually assigning the ip addresses (and also the dns server). Did you switch provider? If so the other provider will have other dns servers, or you can of course use the google dns 8.8.8.8
0
 
LVL 1

Author Comment

by:nkewney
ID: 33437544
We have an SBS set up which is acting as a DNS server (this is on 192.168.16.2.

The SBS looks to the router for external DNS.

I have set up openDNS on this router.

Does this make sense?

Nick
0
 
LVL 7

Expert Comment

by:joelvp
ID: 33437552
Can you just try for a test to assign 8.8.8.8 as the dns server for the pc?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33437560
You able to chech the DNS on SBS server with the 'nslookup' program
0
 
LVL 1

Author Comment

by:nkewney
ID: 33437574
It's just as slow. It's taking forever. How can I find out the CPU utilisation on the router? Could this be to blame?

Thanks again for your input everyone!
0
 
LVL 1

Author Comment

by:nkewney
ID: 33437576
ikalmar,

It is taking about 5-10 seconds to look up the first time (then after this it's much faster or immediate)

Nick
0
 
LVL 7

Assisted Solution

by:joelvp
joelvp earned 333 total points
ID: 33437607
how is the performance when you lookup from the router? Ie ping www.bt.com from the router?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33439200
sh proccess cpu
sh proccess cpu his
0
 
LVL 1

Author Comment

by:nkewney
ID: 33440699
I can resolve domain names but it's taking an awful long time.

I've attached sh int below and also the CPU history.

Can anybody suggest anything?
CISCO877#  sh int
ATM0 is up, line protocol is up
  Hardware is MPC ATMSAR (with Alcatel ADSL Module)
  Description: BT ADSL connection
  MTU 4470 bytes, sub MTU 4470, BW 448 Kbit/sec, DLY 820 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ATM, loopback not set
  Encapsulation(s): AAL5  AAL2, PVC mode
  10 maximum active VCs, 1024 VCs per VP, 1 current VCCs
  VC Auto Creation Disabled.
  VC idle disconnect time: 300 seconds
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Per VC Queueing
  5 minute input rate 1000 bits/sec, 1 packets/sec
  5 minute output rate 1000 bits/sec, 1 packets/sec
     1082 packets input, 365071 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1232 packets output, 469328 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
ATM0.1 is up, line protocol is up
  Hardware is MPC ATMSAR (with Alcatel ADSL Module)
  Description: $ES_WAN$
  MTU 4470 bytes, BW 448 Kbit/sec, DLY 820 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ATM
     1082 packets input, 369399 bytes
     1232 packets output, 469328 bytes
     0 OAM cells input, 0 OAM cells output
  AAL5 CRC errors : 0
  AAL5 SAR Timeouts : 0
  AAL5 Oversized SDUs : 0
  Last clearing of "show interface" counters never
Dialer0 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is 213.120.103.39/32
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi2
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:03:32
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1072 packets input, 364873 bytes
     1222 packets output, 464176 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1500 bytes, BW 448 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoATM vaccess, cloned from Dialer0
  Vaccess status 0x44
  Bound to ATM0.1 VCD: 1, VPI: 0, VCI: 38, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Interface is bound to Di0 (Encapsulation PPP)
  Last input 00:00:33, output never, output hang never
  Last clearing of "show interface" counters 00:02:48
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1083 packets input, 365085 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1233 packets output, 464414 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions


CISCO877#sh process cpu his

CISCO877   04:53:48 AM Friday Mar 1 2002 UTC



             2222288888     222221111111111555552222233333333331
100
 90
 80
 70
 60
 50
 40
 30
 20
 10               *****                    *****
   0....5....1....1....2....2....3....3....4....4....5....5....6
             0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)


    18
    06
100
 90  *
 80  *
 70  *
 60  *
 50  *
 40  *
 30  *
 20  #
 10 *#
   0....5....1....1....2....2....3....3....4....4....5....5....6
             0    5    0    5    0    5    0    5    0    5    0
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%




100
 90
 80
 70
 60

Open in new window

0
 
LVL 1

Author Comment

by:nkewney
ID: 33440700
My latest config is below too:
CISCO877#sh run
Building configuration...

Current configuration : 6343 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3641892774
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3641892774
 revocation-check none
 rsakeypair TP-self-signed-3641892774
!
!
crypto pki certificate chain TP-self-signed-3641892774
 certificate self-signed 02
  30820253 308201BC A0030201 02020102 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363431 38393237 3734301E 170D3032 30333031 30303231
  31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343138
  39323737 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100D158 D1FF7577 F8D16218 3B5D4913 4AB7C1AD FCCF3DDE B730AFF8 CE5828F6
  D55554AC 93462FBA F2D2B7B5 6758E8C1 FA27FE65 A2DA74D6 48BCEE94 E4909303
  46D639B0 14A0E5F2 8F01509F 7D39E8B1 6AA0B94A D4B816B9 51070636 E2156E68
  C9BFFC3A A4E056D5 29AC9F03 598D9D8C 76BD1405 8E77EA75 EEB141C0 A70F8D61
  D03F0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
  551D1104 1F301D82 1B434953 434F3837 372E656D 61696C2E 6A686C63 6F6D6D73
  2E636F6D 301F0603 551D2304 18301680 14D447BE DA95820A 2F48A5C1 D88B5666
  4BB0B35C D0301D06 03551D0E 04160414 D447BEDA 95820A2F 48A5C1D8 8B56664B
  B0B35CD0 300D0609 2A864886 F70D0101 04050003 81810092 AFDC38CB 39C6A49D
  0F387073 8DB972E6 2DBB6238 2FC0E278 2BEBB0CB 781C4363 0E846A50 4A457A45
  302F9FE0 D031F373 248A31F9 15855FAA 63883255 A8BDE7A7 83A955CA 1A416925
  E5A083ED C6484B07 21F9158F A02368F4 ABC8F4A8 D71DA7B0 6648D8F3 1B73434C
  407BE7D8 176AAA79 C54A5D12 F274C090 A4391C53 663A64
        quit
dot11 syslog
ip cef
!
!
ip domain name XXX
ip name-server XXX
!
!
!
username admin privilege 15 secret 5 XXX
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 description BT ADSL connection
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
 switchport access vlan 2
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $ETH-DATA-NETWORK$$ES_LAN$
 ip address 192.168.16.1 255.255.255.0
 ip access-group 122 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan2
 description $ETH-VOICE-NETWORK$
 ip address 172.16.16.1 255.255.255.0
 ip access-group 133 in
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname XXX
 ppp chap password 0 XXX
 ppp pap sent-username XXX password 0 XXX
 ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip flow-top-talkers
 top 5
 sort-by bytes
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.16.2 80 interface ATM0.1 81
!
ip access-list extended NAT
 permit ip 192.168.16.0 0.0.0.255 any
!
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 122 permit tcp 192.168.16.0 0.0.0.255 172.16.16.0 0.0.0.255 eq www
access-list 122 deny   ip 192.168.16.0 0.0.0.255 172.16.16.0 0.0.0.255
access-list 122 permit ip any any
access-list 133 permit tcp 172.16.16.0 0.0.0.255 192.168.16.0 0.0.0.255 eq www
access-list 133 deny   ip 172.16.16.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 133 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane

Open in new window

0
 
LVL 7

Accepted Solution

by:
joelvp earned 333 total points
ID: 33440795
do you have the command "ip dns server" in?
are all name-servers you specified properly reachable? (ping them and check the response times).
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 167 total points
ID: 33440797
the config is good, and no problem with the cpu, it is a DNS error, please try other DNS server, and it will be faster!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question