Solved

DHCP Problem on a Cisco 837

Posted on 2006-07-22
7
1,126 Views
Last Modified: 2011-09-20
I have a Cisco 837 and i have just upgraded the IOS and competely reconfigured the device, however the last thing i need is DHCP working on the local lan. has anyone got any ideas why i cant get dhcp addresses?

here is my running-config

!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ADSL_Router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 group radius local
aaa authentication login sdm_vpn_xauth_ml_2 group radius local
aaa authentication login sdm_vpn_xauth_ml_3 group radius local
aaa authorization exec local_author local
aaa authorization network sdm_vpn_group_ml_1 group radius
aaa authorization network sdm_vpn_group_ml_2 group radius
aaa authorization network sdm_vpn_group_ml_3 local
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
ip cef
ip domain name xxxxxxxxxx.co.uk
ip name-server 192.168.x.3
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
no ip bootp server
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW smtp
ip inspect name SDM_LOW sip
ip ips po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
username root privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
!
class-map match-any CM-Signal
 match protocol rtcp
class-map match-any CM-Voice
 match protocol rtp audio
class-map match-any CM-Service
 match protocol sip
 match protocol dns
 match protocol ntp
!
!
policy-map WAN-OUT
 class CM-Voice
  set dscp ef
  priority 80
 class CM-Signal
  bandwidth remaining percent 20
  set dscp af31
 class CM-Service
  bandwidth remaining percent 20
  set dscp cs2
policy-map WAN-IN
 class CM-Voice
  set dscp ef
 class CM-Signal
  set dscp af31
 class CM-Service
  set dscp cs2
 class class-default
   police 2048000 192000 384000 conform-action transmit  exceed-action drop
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxx address 0.0.0.0 0.0.0.0
no crypto isakmp ccm
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group bbtap
 key xxxxxxxxxxxxxx
 dns 192.168.x.3
 wins 192.168.x.3
 domain xxxxxxxxxxxx.co.uk
 pool SDM_POOL_1
 include-local-lan
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA1
 reverse-route
 qos pre-classify
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_3
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Null0
 no ip unreachables
!
interface Ethernet0
 description $FW_INSIDE$
 ip address 192.168.x.1 255.255.255.0
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 no ip mroute-cache
 no cdp enable
 hold-queue 100 out
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no ip mroute-cache
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
interface Dialer1
 description $FW_OUTSIDE$
 bandwidth 256
 ip address negotiated
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 service-policy input WAN-IN
 service-policy output WAN-OUT
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxx@xxxxxxxxxxx.co.uk
 ppp chap password 7 xxxxxxxxxxxxxxxxxxxxx
 crypto map SDM_CMAP_1
 hold-queue 224 in
!
ip local pool SDM_POOL_1 10.0.x.30 10.0.x.40
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.x.0 255.255.255.0 Null0 250
!
ip http server
ip http access-class 2
no ip http secure-server
!
ip nat pool BBT_PAT_POOL 192.168.x.190 192.168.x.195 netmask 255.255.255.0
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip nat inside source static udp 192.168.x.94 22 interface Dialer1 22
ip nat inside source static tcp 192.168.x.94 80 interface Dialer1 8080
ip nat inside source static tcp 192.168.x.3 25 interface Dialer1 25
ip nat inside source static tcp 192.168.x.3 443 interface Dialer1 443
ip nat inside source static tcp 192.168.x.3 80 interface Dialer1 80
ip nat inside source static tcp 192.168.x.3 3389 interface Dialer1 3389
ip nat inside source static udp 192.168.x.94 5060 interface Dialer1 5060
!
logging trap debugging
access-list 1 remark The local LAN.
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.x.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 192.168.x.3 eq 1645 host 192.168.x.1
access-list 101 permit udp host 192.168.x.3 eq 1646 host 192.168.x.1
access-list 101 permit udp host 0.0.0.0 host 255.255.255.0 eq bootpc
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq telnet
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq 22
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq www
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq 443
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq cmd
access-list 101 permit udp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq snmp
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip 192.168.x.0 0.0.0.255 any
access-list 101 deny   ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.30 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.31 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.32 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.33 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.34 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.35 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.36 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.37 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.38 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.39 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.40 any
access-list 102 remark Auto generated by SDM for NTP (123) time.nist.gov
access-list 102 permit udp host 192.43.244.18 eq ntp any eq ntp
access-list 102 permit udp any any eq non500-isakmp
access-list 102 permit esp any any
access-list 102 permit ahp any any
access-list 102 permit ip 192.168.x.0 0.0.0.255 any
access-list 102 remark Trixbox SSH Inbound Permit
access-list 102 permit udp any eq 22 host 192.168.x.94 eq 22
access-list 102 remark Trixbox Admin Inbound
access-list 102 permit tcp any eq 8080 host 192.168.x.94 eq 8080
access-list 102 deny   esp any any
access-list 102 remark IPSEC UDP VPN Inbound Allow
access-list 102 permit udp any any eq isakmp
access-list 102 remark TCP SIP Inbound Permit
access-list 102 permit tcp any any eq 5060
access-list 102 remark UDP SIP Inbound Permit
access-list 102 permit udp any any eq 5060
access-list 102 remark RTP Inbound Permit
access-list 102 permit udp any any range 8000 10000
access-list 102 remark SMTP Inbound Permit
access-list 102 permit tcp any any eq smtp
access-list 102 remark HTTPS OWA & OMA Inbound Permit
access-list 102 permit tcp any any eq 443
access-list 102 remark RDP Inbound Permit
access-list 102 permit tcp any any eq 3389
access-list 102 remark DNS Inbound Permit from 195.x.4.4
access-list 102 permit udp host 195.x.4.4 eq domain any
access-list 102 remark DNS Inbound Permit from 195.x.4.7
access-list 102 permit udp host 195.x.4.7 eq domain any
access-list 102 remark 192.168.x.0 Inbound Block
access-list 102 deny   ip 192.168.x.0 0.0.0.255 any
access-list 102 remark ICMP Reply Inbound Permit
access-list 102 permit icmp any any echo-reply
access-list 102 remark ICMP Time Exceeded Inbound Permit
access-list 102 permit icmp any any time-exceeded
access-list 102 remark ICMP Unreachable Inbound Permit
access-list 102 permit icmp any any unreachable
access-list 102 remark 10.0.0.0 Inbound Block
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 remark 172.16.0.0 Inbound Block
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 remark 192.168.0.0 Inbound Block
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 remark 127.0.0.0 Inbound Block
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 remark 255.255.255.255 Inbound block
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 remark 0.0.0.0 Inbound Block
access-list 102 deny   ip host 0.0.0.0 any
access-list 102 remark All Other IP Inbound Block
access-list 102 deny   ip any any log
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.x.0 0.0.0.255 any
access-list 103 deny   ip any any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny   ip any host 10.0.x.30
access-list 104 deny   ip any host 10.0.x.31
access-list 104 deny   ip any host 10.0.x.32
access-list 104 deny   ip any host 10.0.x.33
access-list 104 deny   ip any host 10.0.x.34
access-list 104 deny   ip any host 10.0.x.35
access-list 104 deny   ip any host 10.0.x.36
access-list 104 deny   ip any host 10.0.x.37
access-list 104 deny   ip any host 10.0.x.38
access-list 104 deny   ip any host 10.0.x.39
access-list 104 deny   ip any host 10.0.x.40
access-list 104 deny   ip any host 192.168.x.190
access-list 104 deny   ip any host 192.168.x.191
access-list 104 deny   ip any host 192.168.x.192
access-list 104 deny   ip any host 192.168.x.193
access-list 104 deny   ip any host 192.168.x.194
access-list 104 deny   ip any host 192.168.x.195
access-list 104 deny   ip any host 192.168.x.196
access-list 104 deny   ip any host 192.168.x.197
access-list 104 deny   ip any host 192.168.x.198
access-list 104 deny   ip any host 192.168.x.199
access-list 104 deny   ip any host 192.168.x.200
access-list 104 deny   ip any host 192.168.x.1
access-list 104 deny   ip any host 192.168.x.2
access-list 104 deny   ip any host 192.168.x.3
access-list 104 deny   ip any host 192.168.x.4
access-list 104 deny   ip any host 192.168.x.5
access-list 104 deny   ip any host 192.168.x.6
access-list 104 deny   ip any host 192.168.x.7
access-list 104 deny   ip any host 192.168.x.8
access-list 104 deny   ip any host 192.168.x.9
access-list 104 deny   ip any host 192.168.x.10
access-list 104 permit ip 192.168.x.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
route-map SDM_RMAP_1 permit 1
 match ip address 104
!
radius-server host 192.168.x.3 auth-port 1645 acct-port 1646 timeout 15 key 7 106A58150744001F
!
control-plane
!
banner login This Service is Provisioned and Maintained by Brxxxxxxxxx xxx x
This Service is for Authorised Users Only!
Disconnect IMMEDIATELY if you are not an authorized user!

For Support Please Call +44 (0) xxxx xxxxxx
!
line con 0
 login authentication local_authen
 no modem enable
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 102 in
 password 7 xxxxxxxxxxxxxx
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
ntp server 192.43.244.18 source Dialer1 prefer
end
0
Comment
Question by:fuzzysb
  • 5
  • 2
7 Comments
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17161687
ip dhcp pool ipv4-dhcp
   network 192.168.1.0 255.255.255.0
   subnet prefix-length 24
   default-router 192.168.1.1
   netbios-node-type h-node
   domain-name hugo.vanderkooij.org
   dns-server 192.168.1.2
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17161701
That is how to config your 837 as a DHCP server.  If that is not what you are asking for, make a little stick drawing.


Server with DHCP---------Router-----VPN ------------RouterCisco837-------------local lan
0
 
LVL 4

Author Comment

by:fuzzysb
ID: 17161717
sorry i have posted the wrong running-config it was one i saved pror to adding the DHCP options. rickhobbs the running-config on the router contains all of that that you have put down. sorry to have wasted your time.

i need the router to act as a dhcp server, for the local lan, however it wont work as i believe that i have got an ACL restricting it. i did put in the following acl but to no avail

access-list 101 permit udp host 0.0.0.0 host 255.255.255.0 eq bootpc

my little stick drawing is:

Cisco 837 with DHCP ------------ local lan

none of the pc's on the local lan obtain an address.

here is the correct running-config that is currently on the router

!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ADSL_Router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 group radius local
aaa authentication login sdm_vpn_xauth_ml_2 group radius local
aaa authentication login sdm_vpn_xauth_ml_3 group radius local
aaa authorization exec local_author local
aaa authorization network sdm_vpn_group_ml_1 group radius
aaa authorization network sdm_vpn_group_ml_2 group radius
aaa authorization network sdm_vpn_group_ml_3 local
aaa session-id common
ip subnet-zero
no ip source-route
!
ip dhcp excluded-address 192.168.x.1 192.168.x.19
ip dhcp excluded-address 192.168.x.51 192.168.x.254
!
ip dhcp pool BBTAP_DHCP
   import all
   network 192.168.x.0 255.255.255.0
   domain-name broadbandtap.co.uk
   dns-server 192.168.x.3
   default-router 192.168.x.1
   netbios-name-server 192.168.x.3
   lease 3

!
ip tcp synwait-time 10
ip cef
ip domain name xxxxxxxxxx.co.uk
ip name-server 192.168.x.3
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
no ip bootp server
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW smtp
ip inspect name SDM_LOW sip
ip ips po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
username root privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
!
class-map match-any CM-Signal
 match protocol rtcp
class-map match-any CM-Voice
 match protocol rtp audio
class-map match-any CM-Service
 match protocol sip
 match protocol dns
 match protocol ntp
!
!
policy-map WAN-OUT
 class CM-Voice
  set dscp ef
  priority 80
 class CM-Signal
  bandwidth remaining percent 20
  set dscp af31
 class CM-Service
  bandwidth remaining percent 20
  set dscp cs2
policy-map WAN-IN
 class CM-Voice
  set dscp ef
 class CM-Signal
  set dscp af31
 class CM-Service
  set dscp cs2
 class class-default
   police 2048000 192000 384000 conform-action transmit  exceed-action drop
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxx address 0.0.0.0 0.0.0.0
no crypto isakmp ccm
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group bbtap
 key xxxxxxxxxxxxxx
 dns 192.168.x.3
 wins 192.168.x.3
 domain xxxxxxxxxxxx.co.uk
 pool SDM_POOL_1
 include-local-lan
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA1
 reverse-route
 qos pre-classify
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_3
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Null0
 no ip unreachables
!
interface Ethernet0
 description $FW_INSIDE$
 ip address 192.168.x.1 255.255.255.0
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 no ip mroute-cache
 no cdp enable
 hold-queue 100 out
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no ip mroute-cache
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
interface Dialer1
 description $FW_OUTSIDE$
 bandwidth 256
 ip address negotiated
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 service-policy input WAN-IN
 service-policy output WAN-OUT
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxx@xxxxxxxxxxx.co.uk
 ppp chap password 7 xxxxxxxxxxxxxxxxxxxxx
 crypto map SDM_CMAP_1
 hold-queue 224 in
!
ip local pool SDM_POOL_1 10.0.x.30 10.0.x.40
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.x.0 255.255.255.0 Null0 250
!
ip http server
ip http access-class 2
no ip http secure-server
!
ip nat pool BBT_PAT_POOL 192.168.x.190 192.168.x.195 netmask 255.255.255.0
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip nat inside source static udp 192.168.x.94 22 interface Dialer1 22
ip nat inside source static tcp 192.168.x.94 80 interface Dialer1 8080
ip nat inside source static tcp 192.168.x.3 25 interface Dialer1 25
ip nat inside source static tcp 192.168.x.3 443 interface Dialer1 443
ip nat inside source static tcp 192.168.x.3 80 interface Dialer1 80
ip nat inside source static tcp 192.168.x.3 3389 interface Dialer1 3389
ip nat inside source static udp 192.168.x.94 5060 interface Dialer1 5060
!
logging trap debugging
access-list 1 remark The local LAN.
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.x.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 192.168.x.3 eq 1645 host 192.168.x.1
access-list 101 permit udp host 192.168.x.3 eq 1646 host 192.168.x.1
access-list 101 permit udp host 0.0.0.0 host 255.255.255.0 eq bootpc
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq telnet
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq 22
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq www
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq 443
access-list 101 permit tcp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq cmd
access-list 101 permit udp 192.168.x.0 0.0.0.255 host 192.168.x.1 eq snmp
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip 192.168.x.0 0.0.0.255 any
access-list 101 deny   ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.30 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.31 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.32 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.33 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.34 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.35 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.36 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.37 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.38 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.39 any
access-list 102 remark Access for VPN Clients to Access LAN
access-list 102 permit ip host 10.0.x.40 any
access-list 102 remark Auto generated by SDM for NTP (123) time.nist.gov
access-list 102 permit udp host 192.43.244.18 eq ntp any eq ntp
access-list 102 permit udp any any eq non500-isakmp
access-list 102 permit esp any any
access-list 102 permit ahp any any
access-list 102 permit ip 192.168.x.0 0.0.0.255 any
access-list 102 remark Trixbox SSH Inbound Permit
access-list 102 permit udp any eq 22 host 192.168.x.94 eq 22
access-list 102 remark Trixbox Admin Inbound
access-list 102 permit tcp any eq 8080 host 192.168.x.94 eq 8080
access-list 102 deny   esp any any
access-list 102 remark IPSEC UDP VPN Inbound Allow
access-list 102 permit udp any any eq isakmp
access-list 102 remark TCP SIP Inbound Permit
access-list 102 permit tcp any any eq 5060
access-list 102 remark UDP SIP Inbound Permit
access-list 102 permit udp any any eq 5060
access-list 102 remark RTP Inbound Permit
access-list 102 permit udp any any range 8000 10000
access-list 102 remark SMTP Inbound Permit
access-list 102 permit tcp any any eq smtp
access-list 102 remark HTTPS OWA & OMA Inbound Permit
access-list 102 permit tcp any any eq 443
access-list 102 remark RDP Inbound Permit
access-list 102 permit tcp any any eq 3389
access-list 102 remark DNS Inbound Permit from 195.x.4.4
access-list 102 permit udp host 195.x.4.4 eq domain any
access-list 102 remark DNS Inbound Permit from 195.x.4.7
access-list 102 permit udp host 195.x.4.7 eq domain any
access-list 102 remark 192.168.x.0 Inbound Block
access-list 102 deny   ip 192.168.x.0 0.0.0.255 any
access-list 102 remark ICMP Reply Inbound Permit
access-list 102 permit icmp any any echo-reply
access-list 102 remark ICMP Time Exceeded Inbound Permit
access-list 102 permit icmp any any time-exceeded
access-list 102 remark ICMP Unreachable Inbound Permit
access-list 102 permit icmp any any unreachable
access-list 102 remark 10.0.0.0 Inbound Block
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 remark 172.16.0.0 Inbound Block
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 remark 192.168.0.0 Inbound Block
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 remark 127.0.0.0 Inbound Block
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 remark 255.255.255.255 Inbound block
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 remark 0.0.0.0 Inbound Block
access-list 102 deny   ip host 0.0.0.0 any
access-list 102 remark All Other IP Inbound Block
access-list 102 deny   ip any any log
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.x.0 0.0.0.255 any
access-list 103 deny   ip any any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny   ip any host 10.0.x.30
access-list 104 deny   ip any host 10.0.x.31
access-list 104 deny   ip any host 10.0.x.32
access-list 104 deny   ip any host 10.0.x.33
access-list 104 deny   ip any host 10.0.x.34
access-list 104 deny   ip any host 10.0.x.35
access-list 104 deny   ip any host 10.0.x.36
access-list 104 deny   ip any host 10.0.x.37
access-list 104 deny   ip any host 10.0.x.38
access-list 104 deny   ip any host 10.0.x.39
access-list 104 deny   ip any host 10.0.x.40
access-list 104 deny   ip any host 192.168.x.190
access-list 104 deny   ip any host 192.168.x.191
access-list 104 deny   ip any host 192.168.x.192
access-list 104 deny   ip any host 192.168.x.193
access-list 104 deny   ip any host 192.168.x.194
access-list 104 deny   ip any host 192.168.x.195
access-list 104 deny   ip any host 192.168.x.196
access-list 104 deny   ip any host 192.168.x.197
access-list 104 deny   ip any host 192.168.x.198
access-list 104 deny   ip any host 192.168.x.199
access-list 104 deny   ip any host 192.168.x.200
access-list 104 deny   ip any host 192.168.x.1
access-list 104 deny   ip any host 192.168.x.2
access-list 104 deny   ip any host 192.168.x.3
access-list 104 deny   ip any host 192.168.x.4
access-list 104 deny   ip any host 192.168.x.5
access-list 104 deny   ip any host 192.168.x.6
access-list 104 deny   ip any host 192.168.x.7
access-list 104 deny   ip any host 192.168.x.8
access-list 104 deny   ip any host 192.168.x.9
access-list 104 deny   ip any host 192.168.x.10
access-list 104 permit ip 192.168.x.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
route-map SDM_RMAP_1 permit 1
 match ip address 104
!
radius-server host 192.168.x.3 auth-port 1645 acct-port 1646 timeout 15 key 7 106A58150744001F
!
control-plane
!
banner login This Service is Provisioned and Maintained by Brxxxxxxxxx xxx x
This Service is for Authorised Users Only!
Disconnect IMMEDIATELY if you are not an authorized user!

For Support Please Call +44 (0) xxxx xxxxxx
!
line con 0
 login authentication local_authen
 no modem enable
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 102 in
 password 7 xxxxxxxxxxxxxx
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
ntp server 192.43.244.18 source Dialer1 prefer
end
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 4

Author Comment

by:fuzzysb
ID: 17161750
I figured it out, the acl i tried was the wrong one it should have been bootps not bootpc

e.g. access-list 101 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps

it is 1:30 in the morning and i am tired, sorry to have put you all out
0
 
LVL 22

Accepted Solution

by:
rickhobbs earned 500 total points
ID: 17161799
Your acl should not be bootpc...change it to bootps
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17161801
damn...I should have refreshed before I bothered to add that.
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17163614
Thanks!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now