Solved

Problems connecting to Internet with Cisco 877W and BT Broadband

Posted on 2010-08-14
18
660 Views
Last Modified: 2012-05-10
Dear Experts,

I am trying to replace a Draytek router supplied by BT with a Cisco 877W and I am having a number of issues.

I can ping my OpenDNS server from the router itself and from the PC.  Unfortunately, I can't access any websites or do any browsing and I just can't figure out why.

I've included my full config below. Any suggestions or advice would be much appreciated.

Thanks in advance,

Nick
CISCO877#sh run

Building configuration...



Current configuration : 5973 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO877

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-3641892774

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-3641892774

 revocation-check none

 rsakeypair TP-self-signed-3641892774

!

!

dot11 syslog

ip cef

!

!

ip domain name XXX

ip name-server XXX

!

!

!

username admin privilege 15 secret 5 xxx

!

!

archive

 log config

  hidekeys

!

!

!

bridge irb

!

!

interface ATM0

 description BT ADSL connection

 no ip address

 no atm ilmi-keepalive

 dsl operating-mode auto

!

interface ATM0.1 point-to-point

 description $ES_WAN$

 pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

 !

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

 no ip address

 shutdown

 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

 station-role root

!

interface Vlan1

 description $ETH-DATA-NETWORK$

 ip address 192.168.16.1 255.255.255.0

 ip access-group 122 in

 ip nat inside

 ip virtual-reassembly

 ip tcp adjust-mss 1452

!

interface Vlan2

 description $ETH-VOICE-NETWORK$

 ip address 172.16.16.1 255.255.255.0

 ip access-group 133 in

 ip nat inside

 ip virtual-reassembly

!

interface Dialer0

 ip address negotiated

 ip nat outside

 ip virtual-reassembly

 encapsulation ppp

 dialer pool 1

 dialer idle-timeout 0

 dialer-group 1

 no cdp enable

 ppp authentication chap pap callin

 ppp chap hostname XXX@hg23.btclick.com

 ppp chap password 0 XXXXXX

 ppp pap sent-username XXX8@hg23.btclick.com password 0 XXXXXX

 ppp ipcp dns request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

ip flow-top-talkers

 top 5

 sort-by bytes

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

!

ip access-list extended NAT

 permit ip 192.168.16.0 0.0.0.255 any

!

access-list 1 permit 192.168.16.0 0.0.0.255

access-list 122 permit ip 192.168.16.0 0.0.0.255 any

access-list 133 permit ip 172.16.16.0 0.0.0.255 any

dialer-list 1 protocol ip permit

no cdp run

!

!

!

Open in new window

0
Comment
Question by:nkewney
  • 8
  • 5
  • 4
  • +1
18 Comments
 
LVL 14

Expert Comment

by:anoopkmr
Comment Utility
is ur adsl interface   showing up up  ? .  did u get the IP  to interface dialer 0?

ur config seems to be ok
0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
Yes, it is up and has a public IP address assigned to it.

I just can't figure this one out.  Do you think it has anything to do with the MTU or "adjust-mss" values as I don't know what these do :s

Thanks for any help you can give me :)
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
please show us:

sh ip int brief
sh users
sh ip route
0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
Thanks.

I've included it below.

I can get internet access but it takes a long time to resolve domain names and eventually gives up completely.

Nick
CISCO877#sh ip int brief

Interface                  IP-Address      OK? Method Status                Protocol

ATM0                       unassigned      YES NVRAM  up                    up

ATM0.1                     unassigned      YES unset  up                    up

Dialer0                    213.120.103.39  YES IPCP   up                    up

Dot11Radio0                unassigned      YES NVRAM  administratively down down

FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  up                    down

FastEthernet2              unassigned      YES unset  up                    down

FastEthernet3              unassigned      YES unset  up                    down

NVI0                       unassigned      YES unset  administratively down down

Virtual-Access1            unassigned      YES unset  up                    up

Virtual-Access2            unassigned      YES unset  up                    up

Vlan1                      192.168.16.1    YES NVRAM  up                    up

Vlan2                      172.16.16.1     YES NVRAM  up                    down

CISCO877#

CISCO877#

CISCO877#

CISCO877#

CISCO877#

CISCO877#sh users

    Line       User       Host(s)              Idle       Location

*  0 con 0     admin      idle                 00:00:00



  Interface    User               Mode         Idle     Peer Address

  Vi2                             PPPoATM      00:00:00 81.134.96.1



CISCO877#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route



Gateway of last resort is 0.0.0.0 to network 0.0.0.0



     81.0.0.0/32 is subnetted, 1 subnets

C       81.134.96.1 is directly connected, Dialer0

     213.120.103.0/32 is subnetted, 1 subnets

C       213.120.103.39 is directly connected, Dialer0

C    192.168.16.0/24 is directly connected, Vlan1

S*   0.0.0.0/0 is directly connected, Dialer0

Open in new window

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
HI,

It shows that you connected to ISP.... and the config seems good...

what is the ip address PC?
0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
192.168.16.123 / 255.255.255.0

It works but takes a long time to resolve new domains and sometimes crashes out completely.

Nick
0
 
LVL 7

Expert Comment

by:joelvp
Comment Utility
Your problem is not with routing but with name resolving. What is the dns server used by the pc? Is properly reachable? Who is actually assigning the ip addresses (and also the dns server). Did you switch provider? If so the other provider will have other dns servers, or you can of course use the google dns 8.8.8.8
0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
We have an SBS set up which is acting as a DNS server (this is on 192.168.16.2.

The SBS looks to the router for external DNS.

I have set up openDNS on this router.

Does this make sense?

Nick
0
 
LVL 7

Expert Comment

by:joelvp
Comment Utility
Can you just try for a test to assign 8.8.8.8 as the dns server for the pc?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
You able to chech the DNS on SBS server with the 'nslookup' program
0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
It's just as slow. It's taking forever. How can I find out the CPU utilisation on the router? Could this be to blame?

Thanks again for your input everyone!
0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
ikalmar,

It is taking about 5-10 seconds to look up the first time (then after this it's much faster or immediate)

Nick
0
 
LVL 7

Assisted Solution

by:joelvp
joelvp earned 333 total points
Comment Utility
how is the performance when you lookup from the router? Ie ping www.bt.com from the router?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
sh proccess cpu
sh proccess cpu his
0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
I can resolve domain names but it's taking an awful long time.

I've attached sh int below and also the CPU history.

Can anybody suggest anything?
CISCO877#  sh int

ATM0 is up, line protocol is up

  Hardware is MPC ATMSAR (with Alcatel ADSL Module)

  Description: BT ADSL connection

  MTU 4470 bytes, sub MTU 4470, BW 448 Kbit/sec, DLY 820 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ATM, loopback not set

  Encapsulation(s): AAL5  AAL2, PVC mode

  10 maximum active VCs, 1024 VCs per VP, 1 current VCCs

  VC Auto Creation Disabled.

  VC idle disconnect time: 300 seconds

  Last input never, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: Per VC Queueing

  5 minute input rate 1000 bits/sec, 1 packets/sec

  5 minute output rate 1000 bits/sec, 1 packets/sec

     1082 packets input, 365071 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     1232 packets output, 469328 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

ATM0.1 is up, line protocol is up

  Hardware is MPC ATMSAR (with Alcatel ADSL Module)

  Description: $ES_WAN$

  MTU 4470 bytes, BW 448 Kbit/sec, DLY 820 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ATM

     1082 packets input, 369399 bytes

     1232 packets output, 469328 bytes

     0 OAM cells input, 0 OAM cells output

  AAL5 CRC errors : 0

  AAL5 SAR Timeouts : 0

  AAL5 Oversized SDUs : 0

  Last clearing of "show interface" counters never

Dialer0 is up, line protocol is up (spoofing)

  Hardware is Unknown

  Internet address is 213.120.103.39/32

  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation PPP, loopback not set

  Keepalive set (10 sec)

  DTR is pulsed for 1 seconds on reset

  Interface is bound to Vi2

  Last input never, output never, output hang never

  Last clearing of "show interface" counters 00:03:32

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/16 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

     Available Bandwidth 42 kilobits/sec

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     1072 packets input, 364873 bytes

     1222 packets output, 464176 bytes

Bound to:

Virtual-Access2 is up, line protocol is up

  Hardware is Virtual Access interface

  MTU 1500 bytes, BW 448 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation PPP, LCP Open

  Open: IPCP

  PPPoATM vaccess, cloned from Dialer0

  Vaccess status 0x44

  Bound to ATM0.1 VCD: 1, VPI: 0, VCI: 38, loopback not set

  Keepalive set (10 sec)

  DTR is pulsed for 5 seconds on reset

  Interface is bound to Di0 (Encapsulation PPP)

  Last input 00:00:33, output never, output hang never

  Last clearing of "show interface" counters 00:02:48

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     1083 packets input, 365085 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     1233 packets output, 464414 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions





CISCO877#sh process cpu his



CISCO877   04:53:48 AM Friday Mar 1 2002 UTC







             2222288888     222221111111111555552222233333333331

100

 90

 80

 70

 60

 50

 40

 30

 20

 10               *****                    *****

   0....5....1....1....2....2....3....3....4....4....5....5....6

             0    5    0    5    0    5    0    5    0    5    0

               CPU% per second (last 60 seconds)





    18

    06

100

 90  *

 80  *

 70  *

 60  *

 50  *

 40  *

 30  *

 20  #

 10 *#

   0....5....1....1....2....2....3....3....4....4....5....5....6

             0    5    0    5    0    5    0    5    0    5    0

               CPU% per minute (last 60 minutes)

              * = maximum CPU%   # = average CPU%









100

 90

 80

 70

 60

Open in new window

0
 
LVL 1

Author Comment

by:nkewney
Comment Utility
My latest config is below too:
CISCO877#sh run

Building configuration...



Current configuration : 6343 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO877

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-3641892774

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-3641892774

 revocation-check none

 rsakeypair TP-self-signed-3641892774

!

!

crypto pki certificate chain TP-self-signed-3641892774

 certificate self-signed 02

  30820253 308201BC A0030201 02020102 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33363431 38393237 3734301E 170D3032 30333031 30303231

  31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343138

  39323737 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100D158 D1FF7577 F8D16218 3B5D4913 4AB7C1AD FCCF3DDE B730AFF8 CE5828F6

  D55554AC 93462FBA F2D2B7B5 6758E8C1 FA27FE65 A2DA74D6 48BCEE94 E4909303

  46D639B0 14A0E5F2 8F01509F 7D39E8B1 6AA0B94A D4B816B9 51070636 E2156E68

  C9BFFC3A A4E056D5 29AC9F03 598D9D8C 76BD1405 8E77EA75 EEB141C0 A70F8D61

  D03F0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603

  551D1104 1F301D82 1B434953 434F3837 372E656D 61696C2E 6A686C63 6F6D6D73

  2E636F6D 301F0603 551D2304 18301680 14D447BE DA95820A 2F48A5C1 D88B5666

  4BB0B35C D0301D06 03551D0E 04160414 D447BEDA 95820A2F 48A5C1D8 8B56664B

  B0B35CD0 300D0609 2A864886 F70D0101 04050003 81810092 AFDC38CB 39C6A49D

  0F387073 8DB972E6 2DBB6238 2FC0E278 2BEBB0CB 781C4363 0E846A50 4A457A45

  302F9FE0 D031F373 248A31F9 15855FAA 63883255 A8BDE7A7 83A955CA 1A416925

  E5A083ED C6484B07 21F9158F A02368F4 ABC8F4A8 D71DA7B0 6648D8F3 1B73434C

  407BE7D8 176AAA79 C54A5D12 F274C090 A4391C53 663A64

        quit

dot11 syslog

ip cef

!

!

ip domain name XXX

ip name-server XXX

!

!

!

username admin privilege 15 secret 5 XXX

!

!

archive

 log config

  hidekeys

!

!

!

bridge irb

!

!

interface ATM0

 description BT ADSL connection

 no ip address

 no atm ilmi-keepalive

 dsl operating-mode auto

!

interface ATM0.1 point-to-point

 description $ES_WAN$

 pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

 !

!

interface FastEthernet0

!

interface FastEthernet1

 switchport access vlan 2

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

 no ip address

 shutdown

 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

 station-role root

!

interface Vlan1

 description $ETH-DATA-NETWORK$$ES_LAN$

 ip address 192.168.16.1 255.255.255.0

 ip access-group 122 in

 ip nat inside

 ip virtual-reassembly

 ip tcp adjust-mss 1452

!

interface Vlan2

 description $ETH-VOICE-NETWORK$

 ip address 172.16.16.1 255.255.255.0

 ip access-group 133 in

 ip nat inside

 ip virtual-reassembly

!

interface Dialer0

 ip address negotiated

 ip mtu 1492

 ip nat outside

 ip virtual-reassembly

 encapsulation ppp

 dialer pool 1

 dialer idle-timeout 0

 dialer-group 1

 no cdp enable

 ppp authentication chap pap callin

 ppp chap hostname XXX

 ppp chap password 0 XXX

 ppp pap sent-username XXX password 0 XXX

 ppp ipcp dns request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

ip flow-top-talkers

 top 5

 sort-by bytes

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.16.2 80 interface ATM0.1 81

!

ip access-list extended NAT

 permit ip 192.168.16.0 0.0.0.255 any

!

access-list 1 permit 192.168.16.0 0.0.0.255

access-list 122 permit tcp 192.168.16.0 0.0.0.255 172.16.16.0 0.0.0.255 eq www

access-list 122 deny   ip 192.168.16.0 0.0.0.255 172.16.16.0 0.0.0.255

access-list 122 permit ip any any

access-list 133 permit tcp 172.16.16.0 0.0.0.255 192.168.16.0 0.0.0.255 eq www

access-list 133 deny   ip 172.16.16.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 133 permit ip any any

dialer-list 1 protocol ip permit

no cdp run

!

!

!

control-plane

Open in new window

0
 
LVL 7

Accepted Solution

by:
joelvp earned 333 total points
Comment Utility
do you have the command "ip dns server" in?
are all name-servers you specified properly reachable? (ping them and check the response times).
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 167 total points
Comment Utility
the config is good, and no problem with the cpu, it is a DNS error, please try other DNS server, and it will be faster!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now