1811w and DSL WAN

Unanswered Question
Jun 29th, 2007

I current have a setup with two WAN's, one T1 and one DSL. I've got the T1 working fine, but am having trouble with the DSL connection.

Through the "Test Connection" interface, it passes the "Checking interface status", "Checking DNS settings" (wrong servers though, it looks up the ones meant for the T1), and "Checking interface IP address", but fails "Checking exit interface".

The failure reason is listed as "To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through selected interface."

Recommended action: Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface ad retest connection.

The test passes if I used the IP picked up through the PPPoE under the "User-specified" box. I'm pretty sure it's the DNS settings, as it's using the servers meant for the T1, but I don't know how to separate them. I basically went to the DNS section in "Additional Tasks" and just listed all of them there.

Can someone help me with this? As far as the configuration goes, here's what I have:

bridge irb




interface FastEthernet0

description Logix$ETH-LAN$$FW_OUTSIDE$

ip address 216.x.x.226

ip access-group 101 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip nat outside

ip inspect SDM_MEDIUM out

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412

duplex auto

speed auto

service-policy input sdmappfwp2p_SDM_MEDIUM

service-policy output sdmappfwp2p_SDM_MEDIUM


interface FastEthernet1

description Covad$ETH-WAN$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1



interface Vlan1


no ip address

ip tcp adjust-mss 1452

bridge-group 1


interface Async1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation slip


interface Dialer2

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname [hostname]

ppp chap password xxx

ppp pap sent-username [username] password [password]


interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412


ip route 0.0.x.x.215.127.225

ip route Dialer2 10


Also, assuming DSL is working, does my current config work for load-balancing and/or redundancy?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Fri, 06/29/2007 - 12:45


Please let alone the SDM that can be confusing and often does not produce the intended results.

Do show interfaces. You should see a virtual-access. If up/up, your dsl line is working. Then do show ip route, to see if it has installed a default route. Probably you don't want that, because you're tryon load balancing and redundancy.

Let see how these tings go and then we can go for more sophistication.

Hope this helps, please rate post if it does!

winstoncheng Fri, 06/29/2007 - 13:56

yes, virtual-access1 is up, link protocol is up.

show ip route returns:

C is directly connected, BVI1 is subnetted, 2 subnets

C is directly connected, Dialer0

C is directly connected, Dialer0 is subnetted, 1 subnets is directly connected, FastEthernet0

S* m[1/0] via

I'm not sure if that says I have default route or not.

Paolo Bevilacqua Fri, 06/29/2007 - 14:06

All good, your default is

S* m[1/0] via

that is the router on fastethernet 0

Now, what is that you want to do with the two connections exactly?

winstoncheng Fri, 06/29/2007 - 14:12

I'd like for both T1 and DSL to work on the network simultaneously.

Right now, if I set the distance metric for T1 to 1, DSL to 2, I can browse the web with no problems, but FastEthernet1 will not pass the interface exit test.

If I put T1 to 2 and DSL to 1, FastEthernet1 will pass the test, but I cannot browse the web regardless.

Paolo Bevilacqua Fri, 06/29/2007 - 14:34

Ok, as I said, SDM will get confused because you have two interfaces and can't really cope with that. Beside, it will prevent you from learning how to do thing the professional way.

Use strictly the CLI for now. Do show run. You will see that you have a statement like "ip nat ... fastethernet0 overload". Do conf t and copy that statement just the same, but replace fastethernet0 with dialer0. Make sure there is "ip nat outside" under dialer0. This will be your second interface. Then, you know what you default route is now, do "ip route dialer0 1". Do the same for the other default, but use an higher metric. Check that you can browse the internet via DSL.

Once you are happy with that, try setting both default routes to the same metric. That should do the load balancing.

Good luck, come back to report the results.

winstoncheng Fri, 06/29/2007 - 15:21

Thanks for helping so far, I can't continue on this until Monday. I will report back asap.

winstoncheng Mon, 07/02/2007 - 06:19

ip nat inside source list 1 interface FastEthernet0 overload

ip nat inside source list 2 interface Dialer0 overload

Those are what i have at the moment, when I tried changing both to source list 1, it says "%Dynamic mapping in use, cannot change".

Paolo Bevilacqua Mon, 07/02/2007 - 07:35

To work around that, you would need to shutdown the nat inside interface, the do "clear ip nat translations. You can either do that, or configure access list 1 and 2 to be identical.

The part that matter most is having the two default routes with same metric (correctly called "administrative distance"). But first try them one at time.

winstoncheng Mon, 07/02/2007 - 08:46

Sigh, the moment I tried putting them both on the same administrative distance, I'd lose Internet access.

I'm going to wait until the office is closed today and start everything over from scratch, using the CLI, starting with the DSL setup first.

Thanks for the help so far, I'll keep reporting back.

Paolo Bevilacqua Mon, 07/02/2007 - 08:49

If the individual default routes works, when configured one a time, you are on the right way.

There a bit more config that you can try on the NAT, but let's wait until you positively prove the above.

winstoncheng Mon, 07/02/2007 - 16:15

Bad news, I followed the included instructions which included erasing the start-up config, so now I'm just totally lost. Is there a way to bring it back to the way it was out of box? Not having a default IP address is beyond my abilities at this point.

I tried re-adding BVI 1 through the console to get the IP back, but the status of it remains down even after a "no shutdown" command.

Have to head home now, to be continued...

Paolo Bevilacqua Tue, 07/03/2007 - 01:37

Never mind, it's just of a little bit of router fighting that everyone does at the beginning.

But you gave an easy round to the router erasing the config!

You partially working configuration is in your first post above. Connect via a serial cable, copy and paste it. Then manually go under each and any interface, and type "no shutdown". And you will start from there.

winstoncheng Tue, 07/03/2007 - 06:41

After pasting back, I'm able to ping the router, but not able to access it through telnet or http.

winstoncheng Tue, 07/03/2007 - 07:09

Seems the only available command is "no access-class". should i do "no access-class 1 in" and "no access-class 1 out"?

For the html, I do still need it, not for configuration, for later on for monitoring the firewall and traffic.

edit: I did the above, and telnet is working. :P

The T1 connection also seems to be working right now, but I can't check out the DSL since the office is using that right now to stay online while I work on the T1.

winstoncheng Tue, 07/03/2007 - 08:51

Ok, figured it out, had to put "no ip http access-class 23".

thanks for all the help.


This Discussion