Solved

Configuring Cisco 1900 Router as DHCP Client

Posted on 2011-02-22
3
1,433 Views
Last Modified: 2012-05-11
Hello,

I am trying to configure our cisco router to access the internet using a DSL modem, which assigns an IP address automatically by DHCP when I connect a laptop to it.

It doesn't seem to work, as I can't ping to the internet, when I have the ip address dhcp command on the interface, or ip address dhcp client-id GigabitEthernet0/0.

I was wondering if you could review my configuration and suggest a possible fix to the problem.  Thanks for any help!

cisco1900#show run
Building configuration...

Current configuration : 5976 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1900
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name domain-name.com
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2187662154
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2187662154
 revocation-check none
 rsakeypair TP-self-signed-2187662154
!
!
!
interface GigabitEthernet0/0
 description DSL INTERNET INTERFACE
 ip address dhcp
 ip access-group INTERNET in
 no ip redirects
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description INSIDE INTERFACE
 ip address 10.0.0.2 255.0.0.0
 no ip redirects
 no ip unreachables
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static 10.0.10.19 PUBLIC_IP_1 route-map NAT-10.0.10.19
ip nat inside source static 10.1.1.1 PUBLIC_IP_2 route-map NAT-10.1.1.1
ip nat inside source static 10.0.100.30 PUBLIC_IP_3 route-map NAT-10.0.100.30
ip nat inside source static 10.1.1.200 PUBLIC_IP_4 route-map NAT-10.1.1.200
ip nat inside source static 10.0.1.1 PUBLIC_IP_5 route-map NAT-10.0.1.1
!
ip access-list extended INTERNET
 permit icmp any any echo
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 deny   icmp any any
 permit tcp any any range 22 telnet
 permit udp any eq domain any
 permit udp any eq ntp any
 permit tcp any host PUBLIC_IP_1 eq 22
 permit tcp any host PUBLIC_IP_2 eq www
 permit tcp any host PUBLIC_IP_2 eq ftp
 permit tcp any host PUBLIC_IP_3 eq www
 permit tcp any host PUBLIC_IP_3 eq 3389
 permit tcp any host PUBLIC_IP_4 eq smtp
 permit tcp any host PUBLIC_IP_4 eq 22
 permit tcp any host PUBLIC_IP_5 eq pop3
 permit tcp any host PUBLIC_IP_5 eq 443
 permit tcp any host PUBLIC_IP_5 eq www
 permit tcp any host PUBLIC_IP_5 eq 3389
 permit tcp any host PUBLIC_IP_5 eq smtp
 permit tcp any host PUBLIC_IP_5 eq 22
ip access-list extended NAT
 deny   ip host 10.0.1.1 any
 deny   ip host 10.0.100.30 any
 deny   ip host 10.1.1.1 any
 deny   ip host 10.0.10.19 any
 deny   ip host 10.1.1.200 any
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended NAT-10.0.1.1
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.0.1.1 any
ip access-list extended NAT-10.0.10.19
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.0.10.19 any
ip access-list extended NAT-10.0.100.30
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.0.100.30 any
ip access-list extended NAT-10.1.1.1
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.1.1.1 any
ip access-list extended NAT-10.1.1.200
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.1.1.200 any
!
access-list 23 permit 10.0.1.0 0.255.0.255
!
route-map NAT-10.0.100.30 permit 1
 match ip address NAT-10.0.100.30
!
route-map NAT-10.0.10.19 permit 1
 match ip address NAT-10.0.10.19
!
route-map NAT-10.1.1.1 permit 1
 match ip address NAT-10.1.1.1
!
route-map NAT-10.0.1.1 permit 1
 match ip address NAT-10.0.1.1
!
route-map NAT-10.1.1.200 permit 1
 match ip address NAT-10.1.1.200
!
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 5 0
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 exec-timeout 5 0
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
end
0
Comment
Question by:stephenmiller
3 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 500 total points
Comment Utility
You have to allow DHCP packets on outside interface.

Add:
permit udp any eq 67 any eq 68
after " permit udp any eq ntp any" in ACL INTERNET

That should do the trick.
0
 
LVL 3

Expert Comment

by:Rick_at_ptscinti
Comment Utility
Nothing jumps out as wrong....do a "show IP interface brief" and see if you are getting an ip address.

Should look like this....
reynoldshome#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet4              96.11.XXX.XXX   YES DHCP   up                    up

Are you using a cross-over cable to connect the DSL to the router?  Most newer equipment doesn't need it but if it's an older DSL modem then it probably does.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
so you need to use this that Fidelius recommended:

conf t
 ip access-list extended INTERNET
 5 permit udp any eq 67 any eq 68

interface GigabitEthernet0/0
 no ip access-group INTERNET in
 ip access-group INTERNET in

And I think you ne3ed to add firewall for use overloading NAT :

ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet


interface GigabitEthernet0/0
 ip inspect firewall in


For more information:

http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/firewall.html


Best regards,
Istvan


0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now