Configuring DHCP & NAT

Unanswered Question
Aug 17th, 2008
User Badges:

I am trying to configure DHCP and NAT at home on my Cisco 870. Here are the steps I used to create my DHCP:


Router(config)# interface ethernet0/0

Router(config-if)#ip address 172.168.1.1 255.255.255.224

Router(config)# ip dhcp exclude-address 172.168.1.1 172.168.1.4

Router(config)# ip dhcp pool Home

Router(dhcp-config)# network 172.168.1.0 255.255.255.224

Router(dhcp-config)#default-router 172.168.1.1

Router(dhcp-config)exit


But I cant get NAT configured on my 871. Can someone give me a step by step instruction on how this is done. Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
joseph.derrick Sun, 08/17/2008 - 05:15
User Badges:

Hi,


Just to clarify some things here:


1. What is the interface used to connect to the external network ?

2. What is the interface used to connect to your LAN (home network) ?


If your answer to item 1 is eth0/0 then you probably should assign a private ip address to your internal network not unless you have some servers that needs to be accessed from the outside.


Thanks,


k0rg

husycisco Sun, 08/17/2008 - 05:52
User Badges:
  • Gold, 750 points or more

Hello Christopher,

Here is a sample config for you. I am assuming you are using a dialer interface for outside interface. If you are not, switch dialer command in each line below with your outside interface


interface e0/0

ip nat inside


access-list 10 permit 172.168.1.0 0.0.0.31


ip nat inside source list 10 interface dialerx overload


interface dialerx

ip nat outside


Regards

chrisblaze Sun, 08/17/2008 - 06:54
User Badges:

The dailer is what Im confused on. In class we never had a router that used a dailer. Is the "dailerx" the interface I have to use?


husycisco Sun, 08/17/2008 - 06:58
User Badges:
  • Gold, 750 points or more

Christopher,

This interface is generally used to dial ISP and/or provide username&password. It is a vitual interface and usually is bind to an ATM (PPPOA) or an ethernet (PPPOE) interface. The 8xx series are usually used for terminating internet connection in the ways I mentioned above, thats why I advised a config that contains dialer interface.

Please post your full config, and tell us what you exactly want to achieve. If it is a simple NAT to learn NAT in class, you dont need dialer interface.


Regards

chrisblaze Sun, 08/17/2008 - 07:12
User Badges:

I will be using my 870 at home to pratice configuring routers. So I guess I just want to setup a simple NAT configuration.

While I dont have the router in front of me, the only problems I have is configuring DHCP and NAT. I think I have DHCP done (except I want to assign IP by MAC Address) but I was confused on the NAT.

husycisco Sun, 08/17/2008 - 07:41
User Badges:
  • Gold, 750 points or more

Please tell us more about the practise you are in right now, and a basic info about the practise lab (what connected to which interface etc), so we will be able to make more stable suggestions on where and how to perform NAT.

chrisblaze Sun, 08/17/2008 - 08:00
User Badges:

Well this isnt really a pratice lab, its a Cisco 870 I bought for home use to keep me up to date. Im going to have about 6 devices connected to it through a switch.

chrisblaze Sun, 08/17/2008 - 10:30
User Badges:

sorry it suppose to be a private address 172.16 instead of 172.168, my typo.

husycisco Sun, 08/17/2008 - 15:22
User Badges:
  • Gold, 750 points or more

So will these clients connect internet via that router? Is that why you need NAT? You said that you had confusion in NAT part, I am trying to understand where do you want to NAT.

chrisblaze Thu, 08/21/2008 - 19:50
User Badges:

Yes these client will connect to the internet so I know that I have to use NAT Overload, but I dont know how to implement it on the 871.

joseph.derrick Mon, 08/18/2008 - 21:23
User Badges:

Hi Chris,


Please give us an information of what do you want to achieve and the current interfaces and to which interfaces are these users.


This will allow us to give a precise answer to your inquiry.


Thanks,

k0rg

chrisblaze Thu, 08/21/2008 - 20:21
User Badges:

how does this NAT config look:


router(config)#ip nat inside source static 172.16.1.1 76.86.132.210

router(config)int f0/0

router(config-if) ip nat inside

router(config-if)int f0/4

route(config-if) ip nat outside

chrisblaze Thu, 08/21/2008 - 20:47
User Badges:

or do is this configuration correct:


router(config)# access-list 1 permit 172.16.0.0 0.0.255.255 (or should I use 0.0.0.0)

router(config)#ip nat inside source list 1 int f0/4 overload

router(config)#int f0/0

router(config-if)#ip nat inside

router(config-if)#int f0/4

router(config-if)#ip nat outside

husycisco Thu, 08/21/2008 - 21:06
User Badges:
  • Gold, 750 points or more

Your latest config will translate 172.16.0.0/16 network to interface IP of f0/4 if traffic is destined to a network or gateway connected to f0/4. If this is what you want, config is correct. If you have other networks connected to f0/0 than 172.16.0.0/16, then you can use 0.0.0.0 to include all trafic into translation.

chrisblaze Fri, 08/22/2008 - 01:05
User Badges:

So to configure my router for DHCP and NAT is this correct?


Router(config)# interface ethernet0/0

Router(config-if)#ip address 172.16.1.1 255.255.255.224

Router(config)# ip dhcp exclude-address 172.16.1.1 172.16.1.4

Router(config)# ip dhcp pool Home

Router(dhcp-config)# network 172.16.1.0 255.255.255.224

Router(dhcp-config)#default-router 172.16.1.1

Router(dhcp-config)exit


and then NAT:


router(config)# access-list 1 permit 172.16.0.0 0.0.255.255 (or should I use 0.0.0.0)

router(config)#ip nat inside source list 1 int f0/4 overload

router(config)#int f0/0

router(config-if)#ip nat inside

router(config-if)#int f0/4

router(config-if)#ip nat outside


tdrais Fri, 08/22/2008 - 04:42
User Badges:
  • Blue, 1500 points or more

I assume the ethernet0/0 and the fa 0/0 is a typo? This should work fine.


You access list 1 does not really matter a lot since you have no other possible addresses you are trying to exclude. You could just use a PERMIT ANY. If you wanted to be exacting you should use PERMIT 172.16.1.0 0.0.0.31

chrisblaze Sat, 08/23/2008 - 02:25
User Badges:

when I tried to configure DHCP on one of the interfaces (F0-3), I got the error "% IP addresses may not be configured on L2 links". Can someone explain what that means?

chrisblaze Tue, 08/26/2008 - 00:50
User Badges:

After googling that error, I find out that the 871 (along with other 8 series) has an intergrated switch built into it. Some of the people suggest creating Vlans and assigning IP addresses to the Vlan, will this work? Also how would this work with NAT. Im confused :(

husycisco Tue, 08/26/2008 - 01:06
User Badges:
  • Gold, 750 points or more

Hello Chris,

Yes you have to create vlan interface and assign IP to make DHCP work in this case. It is not that confusing, here is an example



interface ethernet0/0

no ip address 172.16.1.1 255.255.255.224


interface Vlan 10

ip address 172.16.1.1 255.255.255.224

ip nat inside


interface Fa 0

switchport mode access

switchport access vlan 10


interface Fa 1

switchport mode access

switchport access vlan 10


interface Fa 2

switchport mode access

switchport access vlan 10


interface Fa 3

switchport mode access

switchport access vlan 10


Please do not forget to rate the posts with 4 or above grades if resolved your issue.


Regards

chrisblaze Tue, 08/26/2008 - 06:09
User Badges:

with your example I am using Vlan10 to direct all traffic out of F0/0 correct? Well the other ports still work if I connect something to it?

How will this effect my DHCP?

Actions

This Discussion