867VAE-w internet troubleshooting

Answered Question
Sep 5th, 2015
User Badges:

Hi,

I've got the attached config connected via adsl and am able to ping from the router to say google but I'm getting no internet connectivity to an attached computer. I'm not 100% sure what I'm missing.
 

Attachment: 
Correct Answer by LJ Gabrillo about 1 year 10 months ago

FINALLY haha

Anyway, to do that you can configure IP Reservation
Just do this
 

Oh yeah, make sure the IP is not leased to anyone yet to avoid issues/it not working
 

#conf t
#ip dhcp pool DEVICE1
  #host 192.168.10.101 255.255.255.0      -or use full SM
  #client-name <NAME>                     -OPTIONAL: Add description
  #client-identifier 01hh.hhhh.hhhh.hh  -NOTE: 01 -Define as Ethernet


There, NOTE the client identifier always requires 01 at the beginning 
the hh.hhhh.hhhh.hh is actually your MAC Address so let's say you have a MAC of aa:bb:cc:dd:ee:ff then your Client ID is 01aa.bbcc.ddee.ff


TIP: 01 is always included before the leased IP, you can actually See 01 on all the IP leased out just do #show ip dhcp binding

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
chinmoy.boruah1 Mon, 09/14/2015 - 00:43
User Badges:

Dear Leo,

Did you connected the LAN segment in Ethernet 0 ?

With Regards

Chinmoy Boruah

LJ Gabrillo Mon, 09/14/2015 - 20:35
User Badges:
  • Silver, 250 points or more

Upon checking your config, i assume that your WAN connection is a PPPoE type


Please do basic troubleshooting steps:
1. Verify PPPoE connectivity
     -Connect your MODEM to your laptop/PC and setup a net connection type: PPPoE
     -Verify if your computer can successfully dial/establish a connection

2. While still connected to the modem, verify if your laptop/PC can connect to the internet
    -do a ping test "ping 8.8.8.8"    -8.8.8.8 is a public DNS server
    -If pingable, try to browse, make sure you set your DNS settings on your our laptop

3. Once you have confirmed your PPPoE connect
    -Connect it back to the router
    -Verify if PPPoE is successfully connected, the ff. commands can help you
   #show pppoe session all
   #show pppoe interfaces all
   #show pppoe summary

4. Now for isolation, connect your laptop on the LAN side of your router, change TCP/IP settings as necessary. do the following test
>ping 8.8.8.8
>ping google.com

 

 

leontunnie Mon, 09/14/2015 - 20:46
User Badges:

I'm able to ping from the router itself no worries and  the laptop is dhcp'd to the router however that's as far as it goes. I'm wondering if it's something with the NAT or i've missed something else because from the laptop, i can TFTP to the router but no further than that.... I can't access the net, ping, nothing..

LJ Gabrillo Mon, 09/14/2015 - 20:58
User Badges:
  • Silver, 250 points or more

You are missing steps 1 and 2, have you confirmed that PPPoE connection is active or not?

Try doing "tracert -d 8.8.8.8" kindly display the output as well here:

Try to see where it goes, if it stops in the router then most likely you have either
1. PPPoE connection not working (w/c I think you didn't confirm)
2. Missing/Lacking configuration

Kindly check/verify your PPoE connection

leontunnie Tue, 09/15/2015 - 02:15
User Badges:

okies so i've done all of that and more (logs attached). Also I'm using the adsl modem in the router for the net. i can ping n traceroute from the router but still figuring something else possibly nat still isn't right cause the router can access the net but that isn't passed though in to the lan.

Attachment: 
LJ Gabrillo Tue, 09/15/2015 - 02:40
User Badges:
  • Silver, 250 points or more

Okay considering it works, do this configuration,

No need for complicated configuration, simplicity is beauty as they say XD
Here goes

Before proceeding, kindly remove unecessary configuration:
-All your NAT statements from dialer, let's start from scratch

Here goes:
#conf t
#interface vlan 1
  #ip nat inside

#interface dialer1
  #ip nat outside

#ip access-list extended NAT-LIST     -Using nACL since its my preferrence
  #permit ip 10.0.0.0 0.0.0.255 any   -Im assuming your network is 10.0.0.0/24

#ip nat inside source list NAT-LIST interface Dialer1 overload


And that's it

Also, since I see you have tracking involved,

#ip route 0.0.0.0 0.0.0.0 dialer1 track 1
#ip sla 1
  #icmp-echo 8.8.8.8 source-interface dialer1
  #threshold 5000                   
  #timeout 5000
  #frequency 5

#ip sla schedule 1 life forever start-time now
#track 1 ip sla 1 reachability
  #delay down 1 up 1                         -OPTIONAL: Delay log report for 1 sec.


Explaining the IP SLA and Tracking settings
1. Router monitors interface through pinging 8.8.8.8 every 5sec.
2. If any of the ff. conditions are met, route is marked inactive and removed from routing table
    A. If 8.8.8.8 stops responding for 5000ms or 5sec
    B. If response time(threshold) is equal or higher than 5000ms

->Tweak the values as desired

To verify tracking/IP SLA:
#show ip route track-table
#show track

Also, im assuming you have a backup internet link in Ethernet0, could you lower the AD? 253 is a bit too much, hahaha AD of 10 will do even 5 since the default AD is 1

Do the same configuration as above on your Eth1, no need to configure IP SLA and tracking for it :) just make sure to configure the AD

Rate or Mark as Answer helpful answers :)

leontunnie Tue, 09/15/2015 - 04:19
User Badges:

Hi,

Thanks for that. I'm just reloading the config now. Can i get you to go over it and make sure i got everything?

Attachment: 
LJ Gabrillo Tue, 09/15/2015 - 04:54
User Badges:
  • Silver, 250 points or more

Check your nACL, note that named ACLs are case sensitive

If you use NAT-LIST, make sure to use NAT-LIST not nat-list 
 

leontunnie Thu, 09/17/2015 - 01:25
User Badges:

Hey,

Sorry i've been busy with work for a couple fo days. I've made all the chances but now i can't ping from the router. The adjusted startup-config is attached and some logs...

LJ Gabrillo Thu, 09/17/2015 - 02:23
User Badges:
  • Silver, 250 points or more

Hi, 

May I ask you to connect you laptop directly to the router?

1. Check to see if you get IP from DHCP. Verify using CMD Prompt
     >ipconfig /all
     

2. Now, do verification from laptop
    >ping 10.0.0.1          -ping gateway
    >ping 8.8.8.8            -Ping a public address
    >ping google.com    -Ping an address

    >tracert -d 8.8.8.8
    >tracert -d google.com   

Kindly share your results

last one, instead of using DHCP. Manually/statistically assign an IP
IP: 10.0.0.100/24
Gate: 10.0.0.1

Do the same verification as described above


PS: checking your config, your network should get internet

leontunnie Fri, 09/18/2015 - 03:33
User Badges:

hi,

from my laptop i am able to ping the gateway - pic attached however none of the other pings work, nor am i able to ping the laptop from the gateway. i've also attached 'show ip interfaces' if that helps....

LJ Gabrillo Fri, 09/18/2015 - 03:39
User Badges:
  • Silver, 250 points or more

You didnt get all the data we want:

Kindly get
>ipconfig /all
>tracert -d 8.8.8.8
>tracert -d google.com

Additionally
>nslookup google.com
>nslookup google.com 8.8.8.8


PS: I need the data aboce to see the traffic flow


Also checking your DHCP config:

ip dhcp pool ccp-pool
 import all
 network 10.0.0.0 255.255.255.0
 default-router 10.0.0.1 
 dns-server 8.8.8.8 8.8.4.4 
 option 43 hex f104.9665.595a
 lease 0 2

  Can you remove the one's in Red? Let's just try to isolate. Let's remove any unnecessary config

LJ Gabrillo Fri, 09/18/2015 - 05:19
User Badges:
  • Silver, 250 points or more

Hmmm...weird, based on the traceroute we can see that the router that receive the packet, but it does not know where to send it next

Let's review your configuration

leontunnie Fri, 09/18/2015 - 05:48
User Badges:

okies so i removed that line as i'm not using zones but it didn't help. exactly the same results. Updated startup-config attached

Attachment: 
LJ Gabrillo Fri, 09/18/2015 - 05:52
User Badges:
  • Silver, 250 points or more

Weird it you have all the necessary config but still no good

Last one, on the router itself do the ff.

ping 8.8.8.8
show ip route
show ip route track-table
show track
show ip access-list

LJ Gabrillo Sat, 09/19/2015 - 08:26
User Badges:
  • Silver, 250 points or more

Bro, your internet is down. 

1. Your ping to 8.8.8.8 fails
2. Due to unpingable state, default route is marked down, hence no routing table entry
 

leontunnie Wed, 09/23/2015 - 03:05
User Badges:

okies i i ditched the whole config and started from scratch and now able to access the net :) My next question is  I'd like to keep the network as DHCP but for certain devices ie. access points, nas's, printer etc, i'd like to be able to allocate them an IP ?

Correct Answer
LJ Gabrillo Wed, 09/23/2015 - 05:04
User Badges:
  • Silver, 250 points or more

FINALLY haha

Anyway, to do that you can configure IP Reservation
Just do this
 

Oh yeah, make sure the IP is not leased to anyone yet to avoid issues/it not working
 

#conf t
#ip dhcp pool DEVICE1
  #host 192.168.10.101 255.255.255.0      -or use full SM
  #client-name <NAME>                     -OPTIONAL: Add description
  #client-identifier 01hh.hhhh.hhhh.hh  -NOTE: 01 -Define as Ethernet


There, NOTE the client identifier always requires 01 at the beginning 
the hh.hhhh.hhhh.hh is actually your MAC Address so let's say you have a MAC of aa:bb:cc:dd:ee:ff then your Client ID is 01aa.bbcc.ddee.ff


TIP: 01 is always included before the leased IP, you can actually See 01 on all the IP leased out just do #show ip dhcp binding

 

 

leontunnie Wed, 09/23/2015 - 05:26
User Badges:

Thanks for that! Can i load several devices in each pool or is it 1 pool - 1 device?

LJ Gabrillo Wed, 09/23/2015 - 05:47
User Badges:
  • Silver, 250 points or more

The IP reservation does not actually need a pool to be configure, as long as it detects the MAC Address it will allocate that IP to that MAC

YOu must configure one DHCP instance per reserved IP


Dont forget to rate :)

leontunnie Sat, 09/26/2015 - 16:22
User Badges:

Thanks so much! My config is now up and running :) Thank you so much for your help! I've attached a copy of it. is there a way perhaps html or something that i can easily see what devices are connected instead of having to use CLI?

Attachment: 
LJ Gabrillo Sat, 09/26/2015 - 20:22
User Badges:
  • Silver, 250 points or more

Hmmm..i dont know, the UI is very limited compared to CLI
Anyway, you can always check it XD

#conf t
#ip http server                           -HTTP
#ip http secure-server               -HTTPS
#ip http authentication local


Then UI: https://<LAN IP>

PS: Use IE, or Mozilla, 
The reason why we enabled HTTP and HTTPS is for testing
Try to go to the UI through HTTPS first, if it does not open try HTTP
 

assuranceobseques Mon, 09/28/2015 - 09:15
User Badges:

Thanks a lot too ! (Sorry for my bad english). You help me like leontunnie.

Great, thks

LJ Gabrillo Mon, 09/28/2015 - 10:18
User Badges:
  • Silver, 250 points or more

No Problem! :D

Don't forget to rate helpful posts as well ^_^

LJ Gabrillo Fri, 09/18/2015 - 05:26
User Badges:
  • Silver, 250 points or more

Wait, reviewing it again I can see that
 

interface Dialer1
 description PrimaryWANDesc_Bigpond_ATM0.1
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly in
 zone-member security WAN
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp mtu adaptive
 ppp authentication chap callin
 ppp chap hostname <username>
 ppp chap password <password>
 ppp ipcp dns request
 no cdp enable


Are you using zone based firewalling? based on your config you have no zone firewall policies/settings configured

For isolation can you remove that configuration and check again?

 

LJ Gabrillo Thu, 09/17/2015 - 00:00
User Badges:
  • Silver, 250 points or more

Don't forget to rate our suggestions so everyone can see 
​additionally, this will mark this section answered/closed :D

LJ Gabrillo Mon, 09/14/2015 - 21:03
User Badges:
  • Silver, 250 points or more

Also, why do you have two(2) NAT statements going to one interface the dialer? You only need one. Kindly remove one

If possible, just for isolation, kindly remove the 2nd route (in blue) going to Eth0

ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source route-map nat2backup interface Ethernet0 overload
ip nat inside source route-map nat2primary interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Ethernet0 253

Actions

This Discussion