Configuring DHCP & NAT

Unanswered Question
Aug 17th, 2008

I am trying to configure DHCP and NAT at home on my Cisco 870. Here are the steps I used to create my DHCP:

Router(config)# interface ethernet0/0

Router(config-if)#ip address 172.168.1.1 255.255.255.224

Router(config)# ip dhcp exclude-address 172.168.1.1 172.168.1.4

Router(config)# ip dhcp pool Home

Router(dhcp-config)# network 172.168.1.0 255.255.255.224

Router(dhcp-config)#default-router 172.168.1.1

Router(dhcp-config)exit

But I cant get NAT configured on my 871. Can someone give me a step by step instruction on how this is done. Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
joseph.derrick Sun, 08/17/2008 - 05:15

Hi,

Just to clarify some things here:

1. What is the interface used to connect to the external network ?

2. What is the interface used to connect to your LAN (home network) ?

If your answer to item 1 is eth0/0 then you probably should assign a private ip address to your internal network not unless you have some servers that needs to be accessed from the outside.

Thanks,

k0rg

husycisco Sun, 08/17/2008 - 05:52

Hello Christopher,

Here is a sample config for you. I am assuming you are using a dialer interface for outside interface. If you are not, switch dialer command in each line below with your outside interface

interface e0/0

ip nat inside

access-list 10 permit 172.168.1.0 0.0.0.31

ip nat inside source list 10 interface dialerx overload

interface dialerx

ip nat outside

Regards

chrisblaze Sun, 08/17/2008 - 06:54

The dailer is what Im confused on. In class we never had a router that used a dailer. Is the "dailerx" the interface I have to use?

husycisco Sun, 08/17/2008 - 06:58

Christopher,

This interface is generally used to dial ISP and/or provide username&password. It is a vitual interface and usually is bind to an ATM (PPPOA) or an ethernet (PPPOE) interface. The 8xx series are usually used for terminating internet connection in the ways I mentioned above, thats why I advised a config that contains dialer interface.

Please post your full config, and tell us what you exactly want to achieve. If it is a simple NAT to learn NAT in class, you dont need dialer interface.

Regards

chrisblaze Sun, 08/17/2008 - 07:12

I will be using my 870 at home to pratice configuring routers. So I guess I just want to setup a simple NAT configuration.

While I dont have the router in front of me, the only problems I have is configuring DHCP and NAT. I think I have DHCP done (except I want to assign IP by MAC Address) but I was confused on the NAT.

husycisco Sun, 08/17/2008 - 07:41

Please tell us more about the practise you are in right now, and a basic info about the practise lab (what connected to which interface etc), so we will be able to make more stable suggestions on where and how to perform NAT.

chrisblaze Sun, 08/17/2008 - 08:00

Well this isnt really a pratice lab, its a Cisco 870 I bought for home use to keep me up to date. Im going to have about 6 devices connected to it through a switch.

chrisblaze Sun, 08/17/2008 - 10:30

sorry it suppose to be a private address 172.16 instead of 172.168, my typo.

husycisco Sun, 08/17/2008 - 15:22

So will these clients connect internet via that router? Is that why you need NAT? You said that you had confusion in NAT part, I am trying to understand where do you want to NAT.

chrisblaze Thu, 08/21/2008 - 19:50

Yes these client will connect to the internet so I know that I have to use NAT Overload, but I dont know how to implement it on the 871.

joseph.derrick Mon, 08/18/2008 - 21:23

Hi Chris,

Please give us an information of what do you want to achieve and the current interfaces and to which interfaces are these users.

This will allow us to give a precise answer to your inquiry.

Thanks,

k0rg

chrisblaze Thu, 08/21/2008 - 20:21

how does this NAT config look:

router(config)#ip nat inside source static 172.16.1.1 76.86.132.210

router(config)int f0/0

router(config-if) ip nat inside

router(config-if)int f0/4

route(config-if) ip nat outside

chrisblaze Thu, 08/21/2008 - 20:47

or do is this configuration correct:

router(config)# access-list 1 permit 172.16.0.0 0.0.255.255 (or should I use 0.0.0.0)

router(config)#ip nat inside source list 1 int f0/4 overload

router(config)#int f0/0

router(config-if)#ip nat inside

router(config-if)#int f0/4

router(config-if)#ip nat outside

husycisco Thu, 08/21/2008 - 21:06

Your latest config will translate 172.16.0.0/16 network to interface IP of f0/4 if traffic is destined to a network or gateway connected to f0/4. If this is what you want, config is correct. If you have other networks connected to f0/0 than 172.16.0.0/16, then you can use 0.0.0.0 to include all trafic into translation.

chrisblaze Fri, 08/22/2008 - 01:05

So to configure my router for DHCP and NAT is this correct?

Router(config)# interface ethernet0/0

Router(config-if)#ip address 172.16.1.1 255.255.255.224

Router(config)# ip dhcp exclude-address 172.16.1.1 172.16.1.4

Router(config)# ip dhcp pool Home

Router(dhcp-config)# network 172.16.1.0 255.255.255.224

Router(dhcp-config)#default-router 172.16.1.1

Router(dhcp-config)exit

and then NAT:

router(config)# access-list 1 permit 172.16.0.0 0.0.255.255 (or should I use 0.0.0.0)

router(config)#ip nat inside source list 1 int f0/4 overload

router(config)#int f0/0

router(config-if)#ip nat inside

router(config-if)#int f0/4

router(config-if)#ip nat outside

tdrais Fri, 08/22/2008 - 04:42

I assume the ethernet0/0 and the fa 0/0 is a typo? This should work fine.

You access list 1 does not really matter a lot since you have no other possible addresses you are trying to exclude. You could just use a PERMIT ANY. If you wanted to be exacting you should use PERMIT 172.16.1.0 0.0.0.31

chrisblaze Sat, 08/23/2008 - 02:25

when I tried to configure DHCP on one of the interfaces (F0-3), I got the error "% IP addresses may not be configured on L2 links". Can someone explain what that means?

chrisblaze Tue, 08/26/2008 - 00:50

After googling that error, I find out that the 871 (along with other 8 series) has an intergrated switch built into it. Some of the people suggest creating Vlans and assigning IP addresses to the Vlan, will this work? Also how would this work with NAT. Im confused :(

husycisco Tue, 08/26/2008 - 01:06

Hello Chris,

Yes you have to create vlan interface and assign IP to make DHCP work in this case. It is not that confusing, here is an example

interface ethernet0/0

no ip address 172.16.1.1 255.255.255.224

interface Vlan 10

ip address 172.16.1.1 255.255.255.224

ip nat inside

interface Fa 0

switchport mode access

switchport access vlan 10

interface Fa 1

switchport mode access

switchport access vlan 10

interface Fa 2

switchport mode access

switchport access vlan 10

interface Fa 3

switchport mode access

switchport access vlan 10

Please do not forget to rate the posts with 4 or above grades if resolved your issue.

Regards

chrisblaze Tue, 08/26/2008 - 06:09

with your example I am using Vlan10 to direct all traffic out of F0/0 correct? Well the other ports still work if I connect something to it?

How will this effect my DHCP?

Actions

This Discussion