06-29-2007 06:51 AM - edited 03-03-2019 05:40 PM
I current have a setup with two WAN's, one T1 and one DSL. I've got the T1 working fine, but am having trouble with the DSL connection.
Through the "Test Connection" interface, it passes the "Checking interface status", "Checking DNS settings" (wrong servers though, it looks up the ones meant for the T1), and "Checking interface IP address", but fails "Checking exit interface".
The failure reason is listed as "To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through selected interface."
Recommended action: Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface ad retest connection.
The test passes if I used the IP picked up through the PPPoE under the "User-specified" box. I'm pretty sure it's the DNS settings, as it's using the servers meant for the T1, but I don't know how to separate them. I basically went to the DNS section in "Additional Tasks" and just listed all of them there.
Can someone help me with this? As far as the configuration goes, here's what I have:
bridge irb
!
!
!
interface FastEthernet0
description Logix$ETH-LAN$$FW_OUTSIDE$
ip address 216.x.x.226 255.255.255.240
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
interface FastEthernet1
description Covad$ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
interface Dialer2
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname [hostname]
ppp chap password xxx
ppp pap sent-username [username] password [password]
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.123.18 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
ip route 0.0.0.0 0.0.x.x.215.127.225
ip route 0.0.0.0 0.0.0.0 Dialer2 10
!
Also, assuming DSL is working, does my current config work for load-balancing and/or redundancy?
06-29-2007 12:45 PM
Hello,
Please let alone the SDM that can be confusing and often does not produce the intended results.
Do show interfaces. You should see a virtual-access. If up/up, your dsl line is working. Then do show ip route, to see if it has installed a default route. Probably you don't want that, because you're tryon load balancing and redundancy.
Let see how these tings go and then we can go for more sophistication.
Hope this helps, please rate post if it does!
06-29-2007 01:56 PM
yes, virtual-access1 is up, link protocol is up.
show ip route returns:
C 192.168.123.0/24 is directly connected, BVI1
67.0.0.0/32 is subnetted, 2 subnets
C 67.101.64.94 is directly connected, Dialer0
C 67.101.64.94 is directly connected, Dialer0
216.215.127.0/28 is subnetted, 1 subnets
216.215.127.224 is directly connected, FastEthernet0
S* 0.0.0.0/0 m[1/0] via 216.215.127.225
I'm not sure if that says I have default route or not.
06-29-2007 02:06 PM
All good, your default is
S* 0.0.0.0/0 m[1/0] via 216.215.127.225
that is the router on fastethernet 0
Now, what is that you want to do with the two connections exactly?
06-29-2007 02:12 PM
I'd like for both T1 and DSL to work on the network simultaneously.
Right now, if I set the distance metric for T1 to 1, DSL to 2, I can browse the web with no problems, but FastEthernet1 will not pass the interface exit test.
If I put T1 to 2 and DSL to 1, FastEthernet1 will pass the test, but I cannot browse the web regardless.
06-29-2007 02:34 PM
Ok, as I said, SDM will get confused because you have two interfaces and can't really cope with that. Beside, it will prevent you from learning how to do thing the professional way.
Use strictly the CLI for now. Do show run. You will see that you have a statement like "ip nat ... fastethernet0 overload". Do conf t and copy that statement just the same, but replace fastethernet0 with dialer0. Make sure there is "ip nat outside" under dialer0. This will be your second interface. Then, you know what you default route is now, do "ip route 0.0.0.0 0.0.0.0 dialer0 1". Do the same for the other default, but use an higher metric. Check that you can browse the internet via DSL.
Once you are happy with that, try setting both default routes to the same metric. That should do the load balancing.
Good luck, come back to report the results.
06-29-2007 03:21 PM
Thanks for helping so far, I can't continue on this until Monday. I will report back asap.
07-02-2007 06:19 AM
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source list 2 interface Dialer0 overload
Those are what i have at the moment, when I tried changing both to source list 1, it says "%Dynamic mapping in use, cannot change".
07-02-2007 07:35 AM
To work around that, you would need to shutdown the nat inside interface, the do "clear ip nat translations. You can either do that, or configure access list 1 and 2 to be identical.
The part that matter most is having the two default routes with same metric (correctly called "administrative distance"). But first try them one at time.
07-02-2007 08:46 AM
Sigh, the moment I tried putting them both on the same administrative distance, I'd lose Internet access.
I'm going to wait until the office is closed today and start everything over from scratch, using the CLI, starting with the DSL setup first.
Thanks for the help so far, I'll keep reporting back.
07-02-2007 08:49 AM
If the individual default routes works, when configured one a time, you are on the right way.
There a bit more config that you can try on the NAT, but let's wait until you positively prove the above.
07-02-2007 04:15 PM
Bad news, I followed the included instructions which included erasing the start-up config, so now I'm just totally lost. Is there a way to bring it back to the way it was out of box? Not having a default IP address is beyond my abilities at this point.
I tried re-adding BVI 1 through the console to get the IP back, but the status of it remains down even after a "no shutdown" command.
Have to head home now, to be continued...
07-03-2007 01:37 AM
Never mind, it's just of a little bit of router fighting that everyone does at the beginning.
But you gave an easy round to the router erasing the config!
You partially working configuration is in your first post above. Connect via a serial cable, copy and paste it. Then manually go under each and any interface, and type "no shutdown". And you will start from there.
07-03-2007 06:41 AM
After pasting back, I'm able to ping the router, but not able to access it through telnet or http.
07-03-2007 06:44 AM
Check under "line vty 0 4", do "no access-group".
Forget HTTP that gives you nothing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide