[c-nsp] Weird Web Browsing Issues On ADSL Circuit

Dominic dominic at broadconnect.ca
Thu Apr 29 12:13:35 EDT 2010 

Hi Everyone:

I have an ADSL customer who uses a Cisco 1841 CPE for Bonded ADSL. Circuit has worked perfectly  for the past one year, but all of a sudden, out of nowhere, web browsing suddenly stopped working! yesterday

Now, every other type of traffic -VPN, FTP, SMTP, PING, DNS, etc -  still works just fine! In fact, web browsing  also works fine for the first ONE minute after the router it started. After one minute, all web browsing stops! Doesn't matter if you are going through NAT or not. Doesn't matter if you connect the entire LAN, or just one PC.

Interesting .. when I use a different CPE  to terminate the circuit -Netopia- web browsing works just fine! But when I plug the Cisco 1841, web browsing stops.

No, defective hardware is ruled out. Already swapped the Cisco 1841.  And no, nothing has changed on the ISP side. And yes, there are many other customers on the same ADSL network who are using the exact same CPE configuration.


Any ideas? Please help:   LNS-Side and CPE config below.

Dominic



LNS CONFIG
vpdn-group Telco1-ADSL
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  ...
 ip pmtu
 ip mtu adjust
-------------------
interface Virtual-Template1
 description Telco1-ADSL-STATIC
 mtu 1492
 ...
 ip verify unicast reverse-path
 ip tcp adjust-mss 1420
 ...
 ppp mtu adaptive
 ppp multilink
-----------------------



CPE CONFIG 

shwo config config
Using 4863 out of 196600 bytes
!

!
version 15.0
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxx
!
boot-start-marker
boot system flash:c1841-ipbasek9-mz.150-1.M.bin
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 XXXXX
!
no aaa new-model
clock timezone est -5
clock summer-time edt recurring
dot11 syslog
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.20
!
ip dhcp pool LANSUBNET
   network 192.168.1.0 255.255.255.0
   dns-server X.X.X.X X.X.X.X
   default-router 192.168.1.1 
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name XXXXX
ip name-server XXXXX
ip name-server XXXXX
multilink bundle-name authenticated
!
license udi pid CISCO1841 sn FHK100350RD
archive
 log config
  hidekeys
 path ftp://XXXXX/cisco.customer.backups/XXXXX.runningconfig
 write-memory
 time-period 43200
username XXXXX privilege 15 secret 5 XXXXX
!
!
ip tcp synwait-time 10
ip ftp username XXXXX
ip ftp password 7 XXXXX
ip ssh time-out 60
ip ssh version 2
!
 
class-map match-all to.XXXVOIP.CLASS
 description Traffic to XXXVOIP
 match access-group 100
class-map match-all from.XXXVOIP.CLASS
 description Traffic From BCT VOIP
 match access-group 101
!
!
policy-map from.XXXVOIP.POLICY
 class from.XXXVOIP.CLASS
    priority percent 75
policy-map to.XXXVOIP.POLICY
 class to.XXXVOIP.CLASS
    priority percent 75
!
!
!
!
!
interface FastEthernet0/0
 description LAN Network
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 no ip virtual-reassembly
 duplex auto
 speed auto
 no mop enabled
 service-policy output from.XXXVOIP.POLICY
!
interface FastEthernet0/1
 description Public Lan Interface
 ip address X.X.X.X 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
 no mop enabled
 service-policy output from.XXXVOIP.POLICY
!
interface ATM0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl enable-training-log 
 hold-queue 224 in
 bundle enable
 !
!
interface ATM0/0/0.1 point-to-point
 description ADSL #2 XXXXX
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 pvc 0/35 
  pppoe-client dial-pool-number 1
 !
!
interface ATM0/1/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 !
interface ATM0/1/0.1 point-to-point
 description ADSL #1 XXXXX
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 pvc 0/35 
  pppoe-client dial-pool-number 1
 !
!
interface Dialer1
 ip address negotiated
 ip nat outside
 no ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username XXXXX at DOMAIN password 7 XXXXX
 ppp ipcp dns request
 ppp multilink
 ppp multilink links maximum 2
 ppp multilink links minimum 1
 ppp multilink load-threshold 1 either
 ppp multilink interleave
 ppp multilink fragment delay 10
 no cdp enable
 service-policy output to.XXXVOIP.POLICY
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
logging trap debugging
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 99 permit XXXXX
access-list 99 permit XXXXX
access-list 100 permit ip any X.X.X.X 0.0.0.31
access-list 101 permit ip X.X.X.X 0.0.0.31 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run

!
!
control-plane
!
banner login ^CCC==============================================
= WARNING! WARNING! WARNING! WARNING! =
= UNAUTHORIZED ACCESS STRICTLY PROHIBITED! =
= All connections and keystrokes logged =
==============================================
^C
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 99 in
 login local
 transport input ssh
line vty 5 15
 access-class 99 in
 no login
 transport input ssh
!
scheduler allocate 4000 1000
end

More information about the cisco-nsp mailing list