Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

1811w and DSL WAN

I current have a setup with two WAN's, one T1 and one DSL. I've got the T1 working fine, but am having trouble with the DSL connection.

Through the "Test Connection" interface, it passes the "Checking interface status", "Checking DNS settings" (wrong servers though, it looks up the ones meant for the T1), and "Checking interface IP address", but fails "Checking exit interface".

The failure reason is listed as "To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through selected interface."

Recommended action: Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface ad retest connection.

The test passes if I used the IP picked up through the PPPoE under the "User-specified" box. I'm pretty sure it's the DNS settings, as it's using the servers meant for the T1, but I don't know how to separate them. I basically went to the DNS section in "Additional Tasks" and just listed all of them there.

Can someone help me with this? As far as the configuration goes, here's what I have:

bridge irb

!

!

!

interface FastEthernet0

description Logix$ETH-LAN$$FW_OUTSIDE$

ip address 216.x.x.226 255.255.255.240

ip access-group 101 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip nat outside

ip inspect SDM_MEDIUM out

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412

duplex auto

speed auto

service-policy input sdmappfwp2p_SDM_MEDIUM

service-policy output sdmappfwp2p_SDM_MEDIUM

!

interface FastEthernet1

description Covad$ETH-WAN$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$

no ip address

ip tcp adjust-mss 1452

bridge-group 1

!

interface Async1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation slip

!

interface Dialer2

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname [hostname]

ppp chap password xxx

ppp pap sent-username [username] password [password]

!

interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address 192.168.123.18 255.255.255.0

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412

!

ip route 0.0.0.0 0.0.x.x.215.127.225

ip route 0.0.0.0 0.0.0.0 Dialer2 10

!

Also, assuming DSL is working, does my current config work for load-balancing and/or redundancy?

16 REPLIES
Hall of Fame Super Gold

Re: 1811w and DSL WAN

Hello,

Please let alone the SDM that can be confusing and often does not produce the intended results.

Do show interfaces. You should see a virtual-access. If up/up, your dsl line is working. Then do show ip route, to see if it has installed a default route. Probably you don't want that, because you're tryon load balancing and redundancy.

Let see how these tings go and then we can go for more sophistication.

Hope this helps, please rate post if it does!

New Member

Re: 1811w and DSL WAN

yes, virtual-access1 is up, link protocol is up.

show ip route returns:

C 192.168.123.0/24 is directly connected, BVI1

67.0.0.0/32 is subnetted, 2 subnets

C 67.101.64.94 is directly connected, Dialer0

C 67.101.64.94 is directly connected, Dialer0

216.215.127.0/28 is subnetted, 1 subnets

216.215.127.224 is directly connected, FastEthernet0

S* 0.0.0.0/0 m[1/0] via 216.215.127.225

I'm not sure if that says I have default route or not.

Hall of Fame Super Gold

Re: 1811w and DSL WAN

All good, your default is

S* 0.0.0.0/0 m[1/0] via 216.215.127.225

that is the router on fastethernet 0

Now, what is that you want to do with the two connections exactly?

New Member

Re: 1811w and DSL WAN

I'd like for both T1 and DSL to work on the network simultaneously.

Right now, if I set the distance metric for T1 to 1, DSL to 2, I can browse the web with no problems, but FastEthernet1 will not pass the interface exit test.

If I put T1 to 2 and DSL to 1, FastEthernet1 will pass the test, but I cannot browse the web regardless.

Hall of Fame Super Gold

Re: 1811w and DSL WAN

Ok, as I said, SDM will get confused because you have two interfaces and can't really cope with that. Beside, it will prevent you from learning how to do thing the professional way.

Use strictly the CLI for now. Do show run. You will see that you have a statement like "ip nat ... fastethernet0 overload". Do conf t and copy that statement just the same, but replace fastethernet0 with dialer0. Make sure there is "ip nat outside" under dialer0. This will be your second interface. Then, you know what you default route is now, do "ip route 0.0.0.0 0.0.0.0 dialer0 1". Do the same for the other default, but use an higher metric. Check that you can browse the internet via DSL.

Once you are happy with that, try setting both default routes to the same metric. That should do the load balancing.

Good luck, come back to report the results.

New Member

Re: 1811w and DSL WAN

Thanks for helping so far, I can't continue on this until Monday. I will report back asap.

New Member

Re: 1811w and DSL WAN

ip nat inside source list 1 interface FastEthernet0 overload

ip nat inside source list 2 interface Dialer0 overload

Those are what i have at the moment, when I tried changing both to source list 1, it says "%Dynamic mapping in use, cannot change".

Hall of Fame Super Gold

Re: 1811w and DSL WAN

To work around that, you would need to shutdown the nat inside interface, the do "clear ip nat translations. You can either do that, or configure access list 1 and 2 to be identical.

The part that matter most is having the two default routes with same metric (correctly called "administrative distance"). But first try them one at time.

New Member

Re: 1811w and DSL WAN

Sigh, the moment I tried putting them both on the same administrative distance, I'd lose Internet access.

I'm going to wait until the office is closed today and start everything over from scratch, using the CLI, starting with the DSL setup first.

Thanks for the help so far, I'll keep reporting back.

Hall of Fame Super Gold

Re: 1811w and DSL WAN

If the individual default routes works, when configured one a time, you are on the right way.

There a bit more config that you can try on the NAT, but let's wait until you positively prove the above.

New Member

Re: 1811w and DSL WAN

Bad news, I followed the included instructions which included erasing the start-up config, so now I'm just totally lost. Is there a way to bring it back to the way it was out of box? Not having a default IP address is beyond my abilities at this point.

I tried re-adding BVI 1 through the console to get the IP back, but the status of it remains down even after a "no shutdown" command.

Have to head home now, to be continued...

Hall of Fame Super Gold

Re: 1811w and DSL WAN

Never mind, it's just of a little bit of router fighting that everyone does at the beginning.

But you gave an easy round to the router erasing the config!

You partially working configuration is in your first post above. Connect via a serial cable, copy and paste it. Then manually go under each and any interface, and type "no shutdown". And you will start from there.

New Member

Re: 1811w and DSL WAN

After pasting back, I'm able to ping the router, but not able to access it through telnet or http.

Hall of Fame Super Gold

Re: 1811w and DSL WAN

Check under "line vty 0 4", do "no access-group".

Forget HTTP that gives you nothing.

New Member

Re: 1811w and DSL WAN

Seems the only available command is "no access-class". should i do "no access-class 1 in" and "no access-class 1 out"?

For the html, I do still need it, not for configuration, for later on for monitoring the firewall and traffic.

edit: I did the above, and telnet is working. :P

The T1 connection also seems to be working right now, but I can't check out the DSL since the office is using that right now to stay online while I work on the T1.

New Member

Re: 1811w and DSL WAN

Ok, figured it out, had to put "no ip http access-class 23".

thanks for all the help.

227
Views
0
Helpful
16
Replies
CreatePlease to create content