no dns request forwarding with vlan

Answered Question
Apr 2nd, 2010

Hi all,

i've setup a basic routing infrastructure with vlans, the cisco (GE0/0 208.105.69.43, GE 0/1 vlan local) is attached to the cable modem (208.105.69.41).

if i ping google from the cisco it goes fine:

blackDevil# ping google.it

Translating "google.it"...domain server (24.29.99.35) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.85.229.104, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 92/92/96 ms

blackDevil#

but from a local computer i can:

ping 10.0.102.10

PING 10.0.102.10 (10.0.102.10): 56 data bytes

64 bytes from 10.0.102.10: icmp_seq=0 ttl=255 time=1.382 ms

64 bytes from 10.0.102.10: icmp_seq=1 ttl=255 time=1.549 ms

64 bytes from 10.0.102.10: icmp_seq=2 ttl=255 time=1.345 ms

^C

--- 10.0.102.10 ping statistics ---

3 packets transmitted, 3 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 1.345/1.425/1.549/0.089 ms

but if i try to ping google.it i get "unknown host google.it"

the following is the "debug ip detail accesslist 195"

*Apr  2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10, len 55, input feature

*Apr  2 18:14:13.348:     UDP src=60800, dst=53, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

*Apr  2 18:14:13.348: FIBipv4-packet-proc: route packet from GigabitEthernet0/1.2 src 10.0.102.56 dst 10.0.102.10

*Apr  2 18:14:13.348: FIBfwd-proc: Default:10.0.102.10/32 recieve entry

*Apr  2 18:14:13.348: FIBipv4-packet-proc: packet routing failed

*Apr  2 18:14:13.348: IP: tableid=0, s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10 (GigabitEthernet0/1.2), routed via RIB

*Apr  2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10 (GigabitEthernet0/1.2), len 55, rcvd 3

*Apr  2 18:14:13.348:     UDP src=60800, dst=53

*Apr  2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10, len 55, stop process pak for forus packet

*Apr  2 18:14:13.348:     UDP src=60800, dst=53

*Apr  2 18:14:13.348: IP: s=10.0.102.56 (GigabitEthernet0/1.2), d=10.0.102.10, len 55, input feature

*Apr  2 18:14:13.348:     UDP src=46368, dst=53, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

*Apr  2 18:14:13.348: FIBipv4-packet-proc: route packet from GigabitEthernet0/1.2 src 10.0.102.56 dst 10.0.102.10

*Apr  2 18:14:13.348: FIBfwd-proc: Default:10.0.102.10/32 recieve entry

*Apr  2 18:14:13.348: FIBipv4-packet-proc: packet routing failed

as you can see it receives the dns request and the routing fails, do you think is something about vlan routing ? seams strange to me... i didn't yet tried without...here is my configuration:

blackDevil#show run

Building configuration...

Current configuration : 5176 bytes

!

! Last configuration change at 16:36:02 UTC Fri Apr 2 2010 by admin

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname blackDevil

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

ip domain list mydomain.org

ip domain name mydomain.org

ip host cisco 10.0.102.10

ip name-server 24.29.99.35

ip name-server 24.29.99.36

ip name-server 10.0.102.7

!

multilink bundle-name authenticated

!

username admin privilege 15 secret 5 $1$..B6$69fkXasdefgEyWTeeogA.

!

redundancy

!

interface GigabitEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$FW_OUTSIDE$$ETH-WAN$

ip address 208.105.69.43 255.255.255.248 secondary

ip address 208.105.69.46 255.255.255.248

ip broadcast-address 208.105.69.47

duplex auto

speed auto

!

!

interface GigabitEthernet0/1

description $FW_INSIDE$

ip address 10.0.101.1 255.255.255.0

duplex auto

speed auto

!

!

interface GigabitEthernet0/1.1

description DMZ

encapsulation dot1Q 4

ip address 10.0.104.1 255.255.255.0

!

interface GigabitEthernet0/1.2

description MZ (trace ny private zone)

encapsulation dot1Q 2

ip address 10.0.102.10 255.255.255.0

!

ip forward-protocol nd

!

ip http server

ip http access-class 1

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip default-network 208.105.69.41

ip route 0.0.0.0 0.0.0.0 208.105.69.41 permanent

!

access-list 1 permit 10.0.102.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 195 permit ip 0.0.0.56 255.255.255.0 any

!

control-plane

!

!

!

line con 0

login local

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

what do you think ?

thanks a lot!

kky

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 9 months ago

kky

Where is NAT occuring to change the 10.x.x.x addresses to public internet addresses ? Is it on the cable modem

Also what DNS server is configured on the client. If windows client can you post "ipconfig /all" from the pc.

Can you ping IP internet IP addresses from the client ?

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 04/02/2010 - 12:35

kky

Where is NAT occuring to change the 10.x.x.x addresses to public internet addresses ? Is it on the cable modem

Also what DNS server is configured on the client. If windows client can you post "ipconfig /all" from the pc.

Can you ping IP internet IP addresses from the client ?

Jon

Koblensky Fri, 04/02/2010 - 13:04

good questions ! just what i needed on a friday afternoon..

so i've configured the nat and changed the dns from the router to the cable modem and it works !

thanks !!

Actions

This Discussion