Cisco 2811 Dual ADSL

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Building configuration...

Current configuration : 2261 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$/RXq$uDF4l5Ry/rHRU3OEX9Nzy.
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
!
!
!
!
!
interface Loopback1
ip address 81.x.x.x 255.255.255.255
!
interface Loopback2
ip address 81.x.x.x 255.255.255.255
!
interface FastEthernet0/0
description Ethernet LAN
ip address 192.168.0.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface Dialer1
ip unnumbered Loopback1
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxx
ppp chap password 0 xxxxxx
!
interface Dialer2
ip unnumbered Loopback2
ip nat outside
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxxxx
ppp chap password 0 xxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2
!
ip http server
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source list 102 interface Dialer2 overload
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

xxxx#



Thanks in advance

- - - Updated - - -

With reference to the above config. I am setting up a Cisco2811 with 2 x ADSL PPPoA interfaces. Just testing one of the interfaces first which is the atm0/1/0 interface. The interface comes up and line protocol up but cannot ping out the interface to the Internet. I tried an alternative config with route maps, can anyone help me with this?



David

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

does the dialer 2 interface come up? Does your default route get added to the routing table? Can you see your client devices IP in the NAT table? i.e. are you being NAT'd to the outside interface address? Or are you only trying to ping from the router? If you traceroute to an internet address what happens? Who is your ISP? i'm pretty sure if line protocol is up it means that PPP authentication has passed, but i would also confirm this.

Just a few things that should hopefully help you begin troubleshooting as you didn't mention if you had done any yet.

 

The dialer2 interface is up and I checked that the authentication is fine. I have pinged from the router and found that I can ping to the ISP router and can also ping 2 DNS Servers but nothing else. If I do an extended ping from the router using the fa 0/0 ip address (inside source for nat) then the ping is not successful and looking at ip nat statistics there has been no NAT

 

ok well if you can ping to two other DNS servers then the link to the IPS is up. Other addresses you are pinging may just be denying the ICMP.

Can you connect a PC to the Fa0/0 interface and do testing from there? The router may remove the NAT entry frmo the table before you get the chance to check (so it may not be that the packet isn't being NAT'd). Can you add the log option to ACL 102 to check it is being hit?

 

I can connect to other sites on the Internet now from the router, but not from the local Ethernet network, which suggests a NAT problem. I cannot readily see any problem with the NAT config, can you?

 

Have you checked the NAT table on the router while attempting to open connections to websites? Have you made the ACL log matches?

What are you using as DNS server on the client on the local network?

 

ACL log matches not showing any at all, NAT Table not showing anything. Tried putting the two DNS Servers manually in the client on the local network

 

Have you tried with standard access lists?

access-list 11 permit ip 192.168.0.0 0.0.0.255
access-list 12 permit ip 192.168.0.0 0.0.0.255

and referencing those in your NAT lines?

 

I take it you have checked you are working ok locally? I.e can ping the routers Fa0/0 (192.168.0.254) interface? And you have correctly set this as your default gateway on the client?

Can you post the routing table on the router. I would possibly also remove the unused NAT config at the minute from the router, i.e. the ACL and NAT statement.

EDIT: Also stick some debugs on. Try debug ip packet (presume this isn't actually servicing anything else as this command will tax an active router to crash point!) Also debug the NAT.