stephenmiller
asked on
Configuring Cisco 1900 Router as DHCP Client
Hello,
I am trying to configure our cisco router to access the internet using a DSL modem, which assigns an IP address automatically by DHCP when I connect a laptop to it.
It doesn't seem to work, as I can't ping to the internet, when I have the ip address dhcp command on the interface, or ip address dhcp client-id GigabitEthernet0/0.
I was wondering if you could review my configuration and suggest a possible fix to the problem. Thanks for any help!
cisco1900#show run
Building configuration...
Current configuration : 5976 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1900
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name domain-name.com
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2187662154
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-21876 62154
revocation-check none
rsakeypair TP-self-signed-2187662154
!
!
!
interface GigabitEthernet0/0
description DSL INTERNET INTERFACE
ip address dhcp
ip access-group INTERNET in
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description INSIDE INTERFACE
ip address 10.0.0.2 255.0.0.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static 10.0.10.19 PUBLIC_IP_1 route-map NAT-10.0.10.19
ip nat inside source static 10.1.1.1 PUBLIC_IP_2 route-map NAT-10.1.1.1
ip nat inside source static 10.0.100.30 PUBLIC_IP_3 route-map NAT-10.0.100.30
ip nat inside source static 10.1.1.200 PUBLIC_IP_4 route-map NAT-10.1.1.200
ip nat inside source static 10.0.1.1 PUBLIC_IP_5 route-map NAT-10.0.1.1
!
ip access-list extended INTERNET
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
deny icmp any any
permit tcp any any range 22 telnet
permit udp any eq domain any
permit udp any eq ntp any
permit tcp any host PUBLIC_IP_1 eq 22
permit tcp any host PUBLIC_IP_2 eq www
permit tcp any host PUBLIC_IP_2 eq ftp
permit tcp any host PUBLIC_IP_3 eq www
permit tcp any host PUBLIC_IP_3 eq 3389
permit tcp any host PUBLIC_IP_4 eq smtp
permit tcp any host PUBLIC_IP_4 eq 22
permit tcp any host PUBLIC_IP_5 eq pop3
permit tcp any host PUBLIC_IP_5 eq 443
permit tcp any host PUBLIC_IP_5 eq www
permit tcp any host PUBLIC_IP_5 eq 3389
permit tcp any host PUBLIC_IP_5 eq smtp
permit tcp any host PUBLIC_IP_5 eq 22
ip access-list extended NAT
deny ip host 10.0.1.1 any
deny ip host 10.0.100.30 any
deny ip host 10.1.1.1 any
deny ip host 10.0.10.19 any
deny ip host 10.1.1.200 any
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended NAT-10.0.1.1
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.0.1.1 any
ip access-list extended NAT-10.0.10.19
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.0.10.19 any
ip access-list extended NAT-10.0.100.30
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.0.100.30 any
ip access-list extended NAT-10.1.1.1
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.1.1.1 any
ip access-list extended NAT-10.1.1.200
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.1.1.200 any
!
access-list 23 permit 10.0.1.0 0.255.0.255
!
route-map NAT-10.0.100.30 permit 1
match ip address NAT-10.0.100.30
!
route-map NAT-10.0.10.19 permit 1
match ip address NAT-10.0.10.19
!
route-map NAT-10.1.1.1 permit 1
match ip address NAT-10.1.1.1
!
route-map NAT-10.0.1.1 permit 1
match ip address NAT-10.0.1.1
!
route-map NAT-10.1.1.200 permit 1
match ip address NAT-10.1.1.200
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 5 0
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
exec-timeout 5 0
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
I am trying to configure our cisco router to access the internet using a DSL modem, which assigns an IP address automatically by DHCP when I connect a laptop to it.
It doesn't seem to work, as I can't ping to the internet, when I have the ip address dhcp command on the interface, or ip address dhcp client-id GigabitEthernet0/0.
I was wondering if you could review my configuration and suggest a possible fix to the problem. Thanks for any help!
cisco1900#show run
Building configuration...
Current configuration : 5976 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1900
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name domain-name.com
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2187662154
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-2187662154
!
!
!
interface GigabitEthernet0/0
description DSL INTERNET INTERFACE
ip address dhcp
ip access-group INTERNET in
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description INSIDE INTERFACE
ip address 10.0.0.2 255.0.0.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static 10.0.10.19 PUBLIC_IP_1 route-map NAT-10.0.10.19
ip nat inside source static 10.1.1.1 PUBLIC_IP_2 route-map NAT-10.1.1.1
ip nat inside source static 10.0.100.30 PUBLIC_IP_3 route-map NAT-10.0.100.30
ip nat inside source static 10.1.1.200 PUBLIC_IP_4 route-map NAT-10.1.1.200
ip nat inside source static 10.0.1.1 PUBLIC_IP_5 route-map NAT-10.0.1.1
!
ip access-list extended INTERNET
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
deny icmp any any
permit tcp any any range 22 telnet
permit udp any eq domain any
permit udp any eq ntp any
permit tcp any host PUBLIC_IP_1 eq 22
permit tcp any host PUBLIC_IP_2 eq www
permit tcp any host PUBLIC_IP_2 eq ftp
permit tcp any host PUBLIC_IP_3 eq www
permit tcp any host PUBLIC_IP_3 eq 3389
permit tcp any host PUBLIC_IP_4 eq smtp
permit tcp any host PUBLIC_IP_4 eq 22
permit tcp any host PUBLIC_IP_5 eq pop3
permit tcp any host PUBLIC_IP_5 eq 443
permit tcp any host PUBLIC_IP_5 eq www
permit tcp any host PUBLIC_IP_5 eq 3389
permit tcp any host PUBLIC_IP_5 eq smtp
permit tcp any host PUBLIC_IP_5 eq 22
ip access-list extended NAT
deny ip host 10.0.1.1 any
deny ip host 10.0.100.30 any
deny ip host 10.1.1.1 any
deny ip host 10.0.10.19 any
deny ip host 10.1.1.200 any
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended NAT-10.0.1.1
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.0.1.1 any
ip access-list extended NAT-10.0.10.19
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.0.10.19 any
ip access-list extended NAT-10.0.100.30
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.0.100.30 any
ip access-list extended NAT-10.1.1.1
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.1.1.1 any
ip access-list extended NAT-10.1.1.200
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip host 10.1.1.200 any
!
access-list 23 permit 10.0.1.0 0.255.0.255
!
route-map NAT-10.0.100.30 permit 1
match ip address NAT-10.0.100.30
!
route-map NAT-10.0.10.19 permit 1
match ip address NAT-10.0.10.19
!
route-map NAT-10.1.1.1 permit 1
match ip address NAT-10.1.1.1
!
route-map NAT-10.0.1.1 permit 1
match ip address NAT-10.0.1.1
!
route-map NAT-10.1.1.200 permit 1
match ip address NAT-10.1.1.200
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 5 0
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
exec-timeout 5 0
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
so you need to use this that Fidelius recommended:
conf t
ip access-list extended INTERNET
5 permit udp any eq 67 any eq 68
interface GigabitEthernet0/0
no ip access-group INTERNET in
ip access-group INTERNET in
And I think you ne3ed to add firewall for use overloading NAT :
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
interface GigabitEthernet0/0
ip inspect firewall in
For more information:
http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/firewall.html
Best regards,
Istvan
conf t
ip access-list extended INTERNET
5 permit udp any eq 67 any eq 68
interface GigabitEthernet0/0
no ip access-group INTERNET in
ip access-group INTERNET in
And I think you ne3ed to add firewall for use overloading NAT :
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
interface GigabitEthernet0/0
ip inspect firewall in
For more information:
http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/firewall.html
Best regards,
Istvan
Should look like this....
reynoldshome#sh ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet4 96.11.XXX.XXX YES DHCP up up
Are you using a cross-over cable to connect the DSL to the router? Most newer equipment doesn't need it but if it's an older DSL modem then it probably does.