Solved

Configuring Cisco 1900 Router as DHCP Client

Posted on 2011-02-22
3
1,446 Views
Last Modified: 2012-05-11
Hello,

I am trying to configure our cisco router to access the internet using a DSL modem, which assigns an IP address automatically by DHCP when I connect a laptop to it.

It doesn't seem to work, as I can't ping to the internet, when I have the ip address dhcp command on the interface, or ip address dhcp client-id GigabitEthernet0/0.

I was wondering if you could review my configuration and suggest a possible fix to the problem.  Thanks for any help!

cisco1900#show run
Building configuration...

Current configuration : 5976 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1900
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name domain-name.com
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2187662154
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2187662154
 revocation-check none
 rsakeypair TP-self-signed-2187662154
!
!
!
interface GigabitEthernet0/0
 description DSL INTERNET INTERFACE
 ip address dhcp
 ip access-group INTERNET in
 no ip redirects
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description INSIDE INTERFACE
 ip address 10.0.0.2 255.0.0.0
 no ip redirects
 no ip unreachables
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static 10.0.10.19 PUBLIC_IP_1 route-map NAT-10.0.10.19
ip nat inside source static 10.1.1.1 PUBLIC_IP_2 route-map NAT-10.1.1.1
ip nat inside source static 10.0.100.30 PUBLIC_IP_3 route-map NAT-10.0.100.30
ip nat inside source static 10.1.1.200 PUBLIC_IP_4 route-map NAT-10.1.1.200
ip nat inside source static 10.0.1.1 PUBLIC_IP_5 route-map NAT-10.0.1.1
!
ip access-list extended INTERNET
 permit icmp any any echo
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 deny   icmp any any
 permit tcp any any range 22 telnet
 permit udp any eq domain any
 permit udp any eq ntp any
 permit tcp any host PUBLIC_IP_1 eq 22
 permit tcp any host PUBLIC_IP_2 eq www
 permit tcp any host PUBLIC_IP_2 eq ftp
 permit tcp any host PUBLIC_IP_3 eq www
 permit tcp any host PUBLIC_IP_3 eq 3389
 permit tcp any host PUBLIC_IP_4 eq smtp
 permit tcp any host PUBLIC_IP_4 eq 22
 permit tcp any host PUBLIC_IP_5 eq pop3
 permit tcp any host PUBLIC_IP_5 eq 443
 permit tcp any host PUBLIC_IP_5 eq www
 permit tcp any host PUBLIC_IP_5 eq 3389
 permit tcp any host PUBLIC_IP_5 eq smtp
 permit tcp any host PUBLIC_IP_5 eq 22
ip access-list extended NAT
 deny   ip host 10.0.1.1 any
 deny   ip host 10.0.100.30 any
 deny   ip host 10.1.1.1 any
 deny   ip host 10.0.10.19 any
 deny   ip host 10.1.1.200 any
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended NAT-10.0.1.1
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.0.1.1 any
ip access-list extended NAT-10.0.10.19
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.0.10.19 any
ip access-list extended NAT-10.0.100.30
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.0.100.30 any
ip access-list extended NAT-10.1.1.1
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.1.1.1 any
ip access-list extended NAT-10.1.1.200
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip host 10.1.1.200 any
!
access-list 23 permit 10.0.1.0 0.255.0.255
!
route-map NAT-10.0.100.30 permit 1
 match ip address NAT-10.0.100.30
!
route-map NAT-10.0.10.19 permit 1
 match ip address NAT-10.0.10.19
!
route-map NAT-10.1.1.1 permit 1
 match ip address NAT-10.1.1.1
!
route-map NAT-10.0.1.1 permit 1
 match ip address NAT-10.0.1.1
!
route-map NAT-10.1.1.200 permit 1
 match ip address NAT-10.1.1.200
!
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 5 0
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 exec-timeout 5 0
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
end
0
Comment
Question by:stephenmiller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 500 total points
ID: 34956442
You have to allow DHCP packets on outside interface.

Add:
permit udp any eq 67 any eq 68
after " permit udp any eq ntp any" in ACL INTERNET

That should do the trick.
0
 
LVL 3

Expert Comment

by:Rick_at_ptscinti
ID: 34956478
Nothing jumps out as wrong....do a "show IP interface brief" and see if you are getting an ip address.

Should look like this....
reynoldshome#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet4              96.11.XXX.XXX   YES DHCP   up                    up

Are you using a cross-over cable to connect the DSL to the router?  Most newer equipment doesn't need it but if it's an older DSL modem then it probably does.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34958253
so you need to use this that Fidelius recommended:

conf t
 ip access-list extended INTERNET
 5 permit udp any eq 67 any eq 68

interface GigabitEthernet0/0
 no ip access-group INTERNET in
 ip access-group INTERNET in

And I think you ne3ed to add firewall for use overloading NAT :

ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet


interface GigabitEthernet0/0
 ip inspect firewall in


For more information:

http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/firewall.html


Best regards,
Istvan


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 205
The purpose of using BGP 33 128
Where is running-config located at in ASR9K? 3 25
Bandwidth cap???? 8 58
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question