cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3937
Views
0
Helpful
16
Replies

No dhcp success on fe0 on the Cisco 877

zorroinc0
Level 1
Level 1

Hi all,

I try to use fe0 as outside, with dhcp from my ISP, and fe1-fe3 as inside on my Cisco 877. I have done this successfully before but now it just will not work. This has been a long weekend . Please help me.

My ISP just forced DHCP on me (from static IP) and sent me this Xavi adsl modem.  I successfully get IP addresses using DHCP from it with workstations, but not with my cisco. With current setup I get DHCP errors (DHCP: QScan: Timed out Selecting state%Unknown DHCP problem.). DHCP log is attached.

Setup is attached too, but the main parts are:

-----------------------

interface FastEthernet0

switchport access vlan 2

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan2

ip address dhcp

ip access-group 160 in

ip nat outside

ip virtual-reassembly

no autostate

!

access-list 160 permit udp any any eq bootpc

access-list 160 permit udp any any eq bootps

ip route 0.0.0.0 0.0.0.0 dhcp

----------------------------

What am I missing here?

Without 'no autostate' vlan2 would not get line UP. I take it that is normal? Setting fe3 to trunk and attaching a cable to an (empty) switch did not bring vlan2 up either. A few related views:

B10#sh ip int br

Interface                  IP-Address      OK? Method Status                Protocol

ATM0                       unassigned      YES NVRAM  administratively down down

FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  up                    up

FastEthernet2              unassigned      YES unset  up                    down

FastEthernet3              unassigned      YES unset  up                    down

NVI0                       unassigned      YES unset  administratively down down

Vlan1                      10.10.10.1      YES NVRAM  up                    up

Vlan2                      unassigned      YES DHCP   up                    up

Vlan2 is up, line protocol is up

  Hardware is EtherSVI, address is 58bc.27b3.1a51 (bia 58bc.27b3.1a51)

  Internet address will be negotiated using DHCP

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 81

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 1 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

FastEthernet0 is up, line protocol is up

  Hardware is Fast Ethernet, address is 58bc.27b3.1a51 (bia 58bc.27b3.1a51)

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     90 packets input, 9748 bytes, 0 no buffer

     Received 8 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

/Pelle

1 Accepted Solution

Accepted Solutions

negate the no autostate under interface vlan 2 and the static route commands.

int vlan 2

autostate

no ip route 0.0.0.0 0.0.0.0 vlan2

ip route 0.0.0.0 0.0.0.0 dhcp

restart the xavi modem and issue the 'renew dhcp vlan 2' on the 877.

View solution in original post

16 Replies 16

Richard Burts
Hall of Fame
Hall of Fame

/Pelle

The biggest issue is the access list that you apply inbound on VLAN 2. It permits DHCP but nothing else. So no traffic other than DHCP would get through.

I also notice that while you do have the ip nat inside and ip nat outside configured, I do not see any configuration to actually do address translation.

HTH

Rick

HTH

Rick

Richard,

thanks for your reply.

Yes, this is just a test setup to find out why I don't get an IP adress. Once I get an IP I will 1) perform a rain dance and 2) use a real, zone based, configuration. I thought it would be easier to analyze with a short, simple configuation.

/Pelle

Thanks for the additional information. As a test set up this makes more sense.

I do not see anything in the config that would prevent the router learning an IP address via DHCP. If it is not working I would suspect either some issue in the connection from the router to the ISP device or some issue in the ISP device.

HTH

Rick

HTH

Rick

hi pelle,

since this is a test setup, could you temporarily remove ACL 160 and put back the autostate command? have you tried using a cross cable between FE0 and the ISP device.

int vl2

no ip access-group 160 in

autostate

also, remove or change the IP address on VLAN 1. i suspect the ISP device is giving out an address of 10.x.x.x subnet which could have caused an IP address conflict.

int vl1

no ip address

John,

thanks for your reply.

For a long time I did not have any access-lists configured. Without the autostate vlan 2 would be up but line protocol down (spent a lot of time on that ).

Actually, I'm given a sharp IP adress (78.x.x.x) and the dhcp server is on a 172.x.x.x net.

No, I don't have a cross-over cable here. I have, however, confirmed that the cable I do use works.

I'm setting up ACLs to just log now, and have a syslog server receiving messages. I have, however, not gotten any messages at all from my ACL's (but debug dhcp messages, 'Configured fron console by ...' etc). I have set

* logging trap debugging

* 'log' on the end of my ACL's

* logging host my.internal.computer.ip

It feels like I'm moving backwards in my Cisco knowledge here, hehe.

/Pelle

hi pelle,

thanks for confirming back on your ACL and DHCP subnet. i would strongly urge to try using a cross cable though just to isolate a cable type issue. you're just forcing your SVI (vlan 2) to be in up/up state with the 'no autostate' command.

try using this ACL to debug DHCP:

access-list 100 permit ip host 0.0.0.0 host 255.255.255.255

debug ip packet detail 100

Woah,

before I answer you, John, I checked these commands:

-------------------------------------------------------

B10#sh access-lists

Standard IP access list 23

    10 permit 10.10.10.0, wildcard bits 0.0.0.7 (11 matches)

Extended IP access list 160

    10 permit udp any any eq bootpc log-input

    20 permit udp any any eq bootps log-input

    30 permit ip any any log-input

Extended IP access list 161

    10 permit ip any any log-input

Extended IP access list 170

    10 deny tcp any any eq 55555 log (4 matches)

    20 permit ip any any (3745 matches)

Extended IP access list 171

    10 deny tcp any any eq 55555 log

    20 permit ip any any

B10#

B10#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets

C       10.10.10.0 is directly connected, Vlan1

B10#

--------------------------------------------------------------------------

ACL 160 & 161 is for my outside vlan2. Observe that NO TRAFFIC at all has passed these rules. Hmmm. Must be hard to get DHCP to work if no traffic passes the outside interface....

'Gateway of last resort is not set.' Well, as the dhcp is not up yet perhasp that is in order. Or? In my config I have 'ip route 0.0.0.0 0.0.0.0 dhcp' set.

Now, John, seting debug ip on my rule 160 (about dhcp) actually caused a log storm for traffic between my router and my workstation (FIBipv4-packet-proc: packet routing succeeded) leading to disconnect and restart of the router .

I do know the outside network, with regards to gateway. Should I somehow set that in advance of getting an IP perhaps?

you should troubleshoot more on the layer 1 issue between the 877 and the ISP device.

what ipconfig do you get when you plug a PC behind the xavi modem?

John,

I'm leaning towards your comment too.

Ipconfig from a Windows gives:

   Anslutningsspecifika DNS-suffix . : x.net

   Beskrivning . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller

   Fysisk adress . . . . . . . . . . : 84-xxx-DA

   DHCP aktiverat. . . . . . . . . . : Ja

   Autokonfiguration aktiverat . . . : Ja

   Länklokal IPv6-adress . . . . . . : fe80::xxxa%11(Standard)

   IPv4-adress . . . . . . . . . . . : 78.x.x.x(Standard)

   Nätmask . . . . . . . . . . . . . : 255.255.254.0

   Lånet erhölls . . . . . . . . . . : den 2 juni 2012 15:46:32

   Lånet upphör. . . . . . . . . . . : den 3 juni 2012 01:04:37

   Standard-gateway. . . . . . . . . : 78.x.x.1

   DHCP-server . . . . . . . . . . . : 172.x.x.127

   IAID för DHCPv6 . . . . . . . . . : 243568489

   DUID för DHCPv6-klient. . . . . . : 00-01-00-01-xxxx-33-DA

   DNS-servrar . . . . . . . . . . . : 2a02:470::27

                                       2a02:470::28

                                       195.58.103.124

                                       213.150.135.210

   NetBIOS över TCP/IP . . . . . . . : Aktiverat

   Anslutningsspecifik söklista för DNS-suffix:

                                       y.x.net

John,

I acutally found a crossover cable. It did not make any difference though, it seems.

:-(

I find it strange that my dhcp ACL's have not seen any traffic what-so-ever. Can I force the routing more than I do now?

plug back the 877 and restart the xavi modem. try to test again.

post your current router config and show vlan-switch brief output.

John,

I attach the config in a file, and three commands in a second file.

Vlan 2 is 'suspended'. Normal?

I think that:

* I do not get an external IP, because

* I do not get any traffic what so ever on my external interface, because

* My vlan 2 is not really up (gets marked as line UP by using no autostate, only), because

* ?

Any clues?

/Pelle

VLAN 2 suspended is not normal and I believe that this is part of the problem. I also believe that needing no autostate to get it up shows that there is a problem. I wonder if there is something else you need to define about VLAN 2 in the config.

HTH

Rick

HTH

Rick

negate the no autostate under interface vlan 2 and the static route commands.

int vlan 2

autostate

no ip route 0.0.0.0 0.0.0.0 vlan2

ip route 0.0.0.0 0.0.0.0 dhcp

restart the xavi modem and issue the 'renew dhcp vlan 2' on the 877.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco