unrecognised command or protocol when pinging external DNS Names

Troy Graham
Troy Graham used Ask the Experts™
on
Cisco Router Model: ISR-4331

When I try and ping any external DNS hostnames from the Cisco CLI I receive the following error. I can seem to ping external IP Addresses ok

tfs-mt-r1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/6 ms
tfs-mt-r1#ping google.com.au
% Unrecognized host or address, or protocol not running.

tfs-mt-r1#ping news.com.au
% Unrecognized host or address, or protocol not running.

Cisco Config is as follows:
Current configuration : 5242 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 300000
!
hostname tfs-mt-r1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!



no ip domain lookup
ip domain name totalfire.com.au
ip dhcp excluded-address 192.168.0.1 192.168.0.20
!
ip dhcp pool tfs-mt-lan
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 61.9.194.49
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4331/K9 sn FDO21320SXJ
!
spanning-tree extend system-id
!
username nettkoadmin privilege 15 secret 5 $1$AbSJ$86I135KUtiQezkTfl91ey1
!
redundancy
 mode none
!
crypto ikev2 proposal azure-proposal
 encryption aes-cbc-256 aes-cbc-128 3des
 integrity sha1
 group 2
!
crypto ikev2 policy azure-policy
 proposal azure-proposal
!
crypto ikev2 keyring azure-keyring
 peer 23.101.213.101
  address 23.101.213.101
  pre-shared-key qigPJd5MFswI5AApL9A0tlpM4ABk8i2d
 !
!
!
crypto ikev2 profile azure-profile
 match address local interface GigabitEthernet0/0/0
 match identity remote address 23.101.213.101 255.255.255.255
 authentication local pre-share
 authentication remote pre-share
 keyring local azure-keyring
!
!
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
 delay down 10 up 10
!
!
class-map type inspect match-any FIREOUT
 match protocol http
 match protocol https
 match protocol icmp
 match protocol ftp
!
policy-map type inspect INTERNET-POLICY
 class type inspect FIREOUT
  inspect
 class class-default
!
zone security inside
 description tfs LAN
zone security outside
 description Internet
zone-pair security TFS source inside destination outside
 service-policy type inspect INTERNET-POLICY
zone-pair security tfs-wan-lan source outside destination inside
!
!
!
!
!
!
!
crypto ipsec transform-set azure-ipsec-proposal-set esp-aes 256 esp-sha-hmac
 mode tunnel
!
!
crypto ipsec profile vti
 set transform-set azure-ipsec-proposal-set
 set ikev2-profile azure-profile
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
 ip address 169.252.0.1 255.255.255.0
 ip tcp adjust-mss 1350
 tunnel source GigabitEthernet0/0/0
 tunnel mode ipsec ipv4
 tunnel destination 23.101.213.101
 tunnel protection ipsec profile vti
!
interface GigabitEthernet0/0/0
 description Telstra WAN
 ip address 110.145.157.250 255.255.255.252
 ip nat outside
 ip tcp adjust-mss 1412
 negotiation auto
 ip virtual-reassembly
!
interface GigabitEthernet0/0/1
 description TFS MT Lan
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip tcp adjust-mss 1412
 negotiation auto
 ip virtual-reassembly
!
interface GigabitEthernet0/0/2
 ip address dhcp
 ip nat outside
 ip tcp adjust-mss 1412
 negotiation auto
 ip virtual-reassembly
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat inside source static tcp 192.168.0.100 443 interface GigabitEthernet0/0/0 443
ip nat inside source static tcp 192.168.0.100 8000 interface GigabitEthernet0/0/0 8000
ip nat inside source static tcp 192.168.0.100 80 interface GigabitEthernet0/0/0 8080
ip nat inside source static tcp 192.168.0.100 5963 interface GigabitEthernet0/0/0 8001

ip nat inside source route-map nat2tid interface GigabitEthernet0/0/0 overload
ip nat inside source route-map net2wireless interface GigabitEthernet0/0/2 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 110.145.157.249 track 1
ip route 0.0.0.0 0.0.0.0 110.145.157.249
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/2 10
ip route 8.8.4.4 255.255.255.255 GigabitEthernet0/0/0 permanent
ip route 172.16.0.0 255.255.0.0 Tunnel1
!
!
ip access-list extended nat-to-outside
 permit ip 192.168.0.0 0.0.0.255 any
!
ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
 frequency 5
ip sla schedule 1 life forever start-time now
access-list 101 permit tcp any any eq 3389
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 102 permit icmp any host 8.8.4.4
access-list 102 permit icmp any host 8.8.8.8
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
!
route-map track-primary-if permit 10
 match ip address 102
 set interface GigabitEthernet0/0/0
!
route-map nat2tid permit 10
 match ip address nat-to-outside 101
 match interface GigabitEthernet0/0/0
!
route-map nat2wireless permit 10
 match ip address 101
 match interface GigabitEthernet0/0/2
!
!
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 privilege level 15
 transport input ssh
!
event manager applet NAT_CLEAR
 event track 1 state any
 action 0.0 cli command "enable"
 action 1.0 cli command "clear ip nat trans *"
!
end

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018
Commented:
So your router/switch cannot resolve names (translate names to IP addresses).

You need to set that up.
Datacenter Technician
Top Expert 2012
Commented:
As @noci says.
Remove your line 50:
no ip domain lookup

Open in new window

and specify some dns servers:
ip name-server 8.8.8.8

Open in new window

Troy GrahamIT Manager

Author

Commented:
Hi TimotiSt,

Thanks for your help. This seems to have done the trick.

Cheers

Troy

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial