11-27-2008 06:36 AM - edited 03-06-2019 02:42 AM
Hi All,
I have just configure an ADSL interface on a router to dynamically connect to BT network for internet connection.
Below is my running config:
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
dialer pool-member 1
protocol ppp dialer
!
!
!
interface Dialer1
description ADSL Interface
ip address DHCP
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Question:
1. Please How do I configure my Dialer1 interface to automatically request a DNS from the BT network?
2. Which do I need to configure on my Dialer1 interface, is it "ip address DHCP" or "ip address negociated"
3. Do I need to configure an "ip nat pool"?
Cheers!
Solved! Go to Solution.
12-03-2008 03:36 AM
Hi Law,
Guiseppe, there is an access-list misconfiguration for NAT, the correct access-list would be
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
This will permit all address from major networks to be NAtted to the public address.
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
Remember I gave you that access-list (currently in your config) previously as an example.
Also make sure you set your DNS server on the PC and give it a go.
HTH
Lejoe
11-28-2008 12:25 AM
Hi Lawrence,
1)Please How do I configure my Dialer1 interface to automatically request a DNS from the BT network?
ppp ipcp dns request
2. Which do I need to configure on my Dialer1 interface, is it "ip address DHCP" or "ip address negociated"
ip address negotiated
Do I need to configure an "ip nat pool"?
Yes you'll need to configure NAT
Steps
1) Configure your LAN interface as
ip nat inside
2) Under the dialer interface
dialer-group 1 (assign the dialer interface to dialer group
All in global configuration
3) Configure access-list to specify traffic that will be NAT-ted. Assuming your LAN range is 192.168.0.0/24
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
ip nat inside source list 100 interface dialer 1 overload
4)Specify interesting packets that can trigger a call
dialer-list 1 protocol ip permit
5) Add a default route to point everything through the dialer interface
ip route 0.0.0.0 0.0.0.0 dialer 1
HTH
Lejoe
11-28-2008 01:59 AM
Dear Lejoe,
Thanks very much for your time! Its well appreciated.
Please find below, my new config. I have done exactly as you directed.
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname xxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxx
ppp pap sent-username xxxxxxxx
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
Question:
1) As you can see in the above config, do I need the following on the dialer 1 interface?
dialer pool 1
ppp ipcp route default
ppp ipcp address accept
Or I should delete them.
2) Why using Access-list 100 and not Access-list 1.
Regards,
Law
11-28-2008 03:52 PM
Hi Law,
1) As you can see in the above config, do I need the following on the dialer 1 interface?
dialer pool 1
ppp ipcp route default
ppp ipcp address accept
Yes you need all the above in your dialer interface configuration. Since you're automatically inserting a dynamic default route through IPCP negotiations (ppp ipcp route default), remove the line
ip route 0.0.0.0 0.0.0.0 Dialer1
2) Why using Access-list 100 and not Access-list 1.
For specifying the traffic (internal LAN range) that will NATed, an extended access-list is used. Extended access-list begins from 100, which can deny or permit packets based on source and destination address, port numbers and upper layer protocols allows greater control and flexibility. Please note that this number (100) is referenced in the statement
ip nat inside source list 100 interface Dialer1 overload
A standard access-list which begins at 1, allows only to permit or deny based on source address or the entire TCP/IP protocol suite. We could also use a standard access-list to specify the NAT traffic, but I mostly prefer extended ACLs because of the control.
HTH
Lejoe
11-30-2008 10:37 AM
Thanks Lejoe,
I have the following interface on the router:
interface FastEthernet0/0
description LAN Interface
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
Question:
1) If I should connect a PC configure for 192.168.2.2/24,to the above interface, will I be able to brouse the internet?
2) Do I have to configure an internal DNS on the router to be able to brouse the net fron my internal pcs?
3) Does it mean that the two commands below are same, hence I should remove one?
ppp ipcp route default
ip route 0.0.0.0 0.0.0.0 Dialer1
Thanks a miilion
11-30-2008 02:01 PM
1) If I should connect a PC configure for 192.168.2.2/24,to the above interface, will I be able to brouse the internet?
No, since are you're not running DHCP, you'll have to configure default gateway and DNS on the PC before you can browse.
default gateway : 192.168.2.1/24
DNS Server : ISP obtained
2) Do I have to configure an internal DNS on the router to be able to brouse the net fron my internal pcs?
Yes, DNS is required. You can configure DNS address the same as that you obtain from your ISP on the PCs.
3) Does it mean that the two commands below are same, hence I should remove one?
(obtains default route dynamically through ppp/ipcp negotiations)
ppp ipcp route default
(statically setting a default route)
ip route 0.0.0.0 0.0.0.0 Dialer1
You can remove either of the above lines.
HTH
Lejoe
12-01-2008 06:29 AM
Thanks Lejoe,
Finally I can ping the internet from my router (i.e ping www.yahoo.com). But I can NOT browse from my internal network, which is connected to the interface f0/0
Please do I need a static NATing? or what can I do to be able to browse the net from my LAN?
Below is my running config:
interface FastEthernet0/0
description LAN Interface
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/2/0
switchport access vlan 2
!
interface FastEthernet0/2/1
switchport access vlan 3
!
interface FastEthernet0/2/2
switchport access vlan 4
!
interface FastEthernet0/2/3
switchport access vlan 5
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
dialer pool-member 1
protocol ppp dialer
!
!
interface Dot11Radio0/3/0
no ip address
!
encryption mode ciphers aes-ccm
!
ssid xxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2412
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan2
description USER VLAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan3
description SERVER VLAN
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan4
description TRAINING VLAN
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan5
description DMZ VLAN
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname xxx
ppp chap password 0 xxxx
ppp pap sent-username xxxx
ppp ipcp dns request
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
gateway
timer receive-rtp 1200
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Law
12-01-2008 07:16 AM
Hello Law,
you may need to add manually the ISP DNS server on your PC LAN settings.
I see that you are not using DHCP so the PC has to be configured manually with a default gateway = 192.168.1.1 and with a DNS server.
Hope to help
Giuseppe
12-01-2008 08:19 AM
I have got a DHCP/DNS server on my LAN.
I have configuremy PC with static IP and using 192.168.2.1 as my GW. Yet I cannot browse the net.
May be I need to configure an IP NAT Pool (name), using my the IP Addreses that my ISP gave to me.......I don't know.
Thanks
12-01-2008 09:05 AM
i think f0/0 belongs to vlan1. why you don't give the IP address 192.168.2.1 to vlan1 instead of f0/0
12-01-2008 01:43 PM
Hi Law,
The issue of browsing is merely related to DNS. You have already configured NAting on the router, so most of your configuration on the router is correct.
Since you said you run an internal DHCP/DNS server, what I would suggest is
On one of your computers in the internal LAN, get details such as default gateway, DNS.
1) Verify the default gateway is indeed the f0/0 int of the router
2) Verify the DNS server is the address of the internal server
3) Ping the default gateway and DNS server
4) Verify the DNS server, which might be mostly configured as a forwarder is correctly forwarding name resolution queries to a public DNS server.
HTH
Lejoe
12-02-2008 08:23 AM
Thank you all for all your efforts in helping to solve my problem. However I have tried all your suggestions but no luck yet.
Below is my "sh ip route" when connecting the router to the internet:
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 217.47.30.74 to network 0.0.0.0
81.0.0.0/32 is subnetted, 1 subnets
C 81.135.169.26 is directly connected, Dialer1
217.47.30.0/32 is subnetted, 1 subnets
C 217.47.30.74 is directly connected, Dialer1
C 192.168.2.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 217.47.30.74
is directly connected, Dialer1
Again I can ping the internet from the router but I cannot browse the net (from my PC) whenever I connect to the f0/0 interface.
12-02-2008 02:52 PM
Hi Law,
Please host the output of the following commands
show host
show running-config
HTH
Lejoe
12-02-2008 08:54 PM
Hi,
The show host, will show you the address of the name-server. Use this address as the dns server on your PC and try if things work.
HTH
Lejoe
12-03-2008 01:43 AM
Thanks Lejoe,
#sh hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 255.255.255.255
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
As you can see above, nothing is shown in the "sh host" command.
Question:
Do I need to configure a static name-servers (of my ISP) on the router?
Also attached is the running-config.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: