No dhcp success on fe0 on the Cisco 877

Answered Question
Jun 3rd, 2012

Hi all,

I try to use fe0 as outside, with dhcp from my ISP, and fe1-fe3 as inside on my Cisco 877. I have done this successfully before but now it just will not work. This has been a long weekend . Please help me.

My ISP just forced DHCP on me (from static IP) and sent me this Xavi adsl modem.  I successfully get IP addresses using DHCP from it with workstations, but not with my cisco. With current setup I get DHCP errors (DHCP: QScan: Timed out Selecting state%Unknown DHCP problem.). DHCP log is attached.

Setup is attached too, but the main parts are:

-----------------------

interface FastEthernet0

switchport access vlan 2

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan2

ip address dhcp

ip access-group 160 in

ip nat outside

ip virtual-reassembly

no autostate

!

access-list 160 permit udp any any eq bootpc

access-list 160 permit udp any any eq bootps

ip route 0.0.0.0 0.0.0.0 dhcp

----------------------------

What am I missing here?

Without 'no autostate' vlan2 would not get line UP. I take it that is normal? Setting fe3 to trunk and attaching a cable to an (empty) switch did not bring vlan2 up either. A few related views:

B10#sh ip int br

Interface                  IP-Address      OK? Method Status                Protocol

ATM0                       unassigned      YES NVRAM  administratively down down

FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  up                    up

FastEthernet2              unassigned      YES unset  up                    down

FastEthernet3              unassigned      YES unset  up                    down

NVI0                       unassigned      YES unset  administratively down down

Vlan1                      10.10.10.1      YES NVRAM  up                    up

Vlan2                      unassigned      YES DHCP   up                    up

Vlan2 is up, line protocol is up

  Hardware is EtherSVI, address is 58bc.27b3.1a51 (bia 58bc.27b3.1a51)

  Internet address will be negotiated using DHCP

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 81

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 1 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

FastEthernet0 is up, line protocol is up

  Hardware is Fast Ethernet, address is 58bc.27b3.1a51 (bia 58bc.27b3.1a51)

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     90 packets input, 9748 bytes, 0 no buffer

     Received 8 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

/Pelle

I have this problem too.
0 votes
Correct Answer by johnlloyd_13 about 1 year 10 months ago

negate the no autostate under interface vlan 2 and the static route commands.

int vlan 2

autostate

no ip route 0.0.0.0 0.0.0.0 vlan2

ip route 0.0.0.0 0.0.0.0 dhcp

restart the xavi modem and issue the 'renew dhcp vlan 2' on the 877.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Richard Burts Sun, 06/03/2012 - 06:24

/Pelle

The biggest issue is the access list that you apply inbound on VLAN 2. It permits DHCP but nothing else. So no traffic other than DHCP would get through.

I also notice that while you do have the ip nat inside and ip nat outside configured, I do not see any configuration to actually do address translation.

HTH

Rick

zorroinc0 Sun, 06/03/2012 - 06:59

Richard,

thanks for your reply.

Yes, this is just a test setup to find out why I don't get an IP adress. Once I get an IP I will 1) perform a rain dance and 2) use a real, zone based, configuration. I thought it would be easier to analyze with a short, simple configuation.

Richard Burts Sun, 06/03/2012 - 07:10

/Pelle

Thanks for the additional information. As a test set up this makes more sense.

I do not see anything in the config that would prevent the router learning an IP address via DHCP. If it is not working I would suspect either some issue in the connection from the router to the ISP device or some issue in the ISP device.

HTH

Rick

johnlloyd_13 Sun, 06/03/2012 - 08:11

hi pelle,

since this is a test setup, could you temporarily remove ACL 160 and put back the autostate command? have you tried using a cross cable between FE0 and the ISP device.

int vl2

no ip access-group 160 in

autostate

also, remove or change the IP address on VLAN 1. i suspect the ISP device is giving out an address of 10.x.x.x subnet which could have caused an IP address conflict.

int vl1

no ip address

zorroinc0 Sun, 06/03/2012 - 08:53

John,

thanks for your reply.

For a long time I did not have any access-lists configured. Without the autostate vlan 2 would be up but line protocol down (spent a lot of time on that ).

Actually, I'm given a sharp IP adress (78.x.x.x) and the dhcp server is on a 172.x.x.x net.

No, I don't have a cross-over cable here. I have, however, confirmed that the cable I do use works.

I'm setting up ACLs to just log now, and have a syslog server receiving messages. I have, however, not gotten any messages at all from my ACL's (but debug dhcp messages, 'Configured fron console by ...' etc). I have set

* logging trap debugging

* 'log' on the end of my ACL's

* logging host my.internal.computer.ip

It feels like I'm moving backwards in my Cisco knowledge here, hehe.

/Pelle

johnlloyd_13 Sun, 06/03/2012 - 09:08

hi pelle,

thanks for confirming back on your ACL and DHCP subnet. i would strongly urge to try using a cross cable though just to isolate a cable type issue. you're just forcing your SVI (vlan 2) to be in up/up state with the 'no autostate' command.

try using this ACL to debug DHCP:

access-list 100 permit ip host 0.0.0.0 host 255.255.255.255

debug ip packet detail 100

zorroinc0 Sun, 06/03/2012 - 09:30

Woah,

before I answer you, John, I checked these commands:

-------------------------------------------------------

B10#sh access-lists

Standard IP access list 23

    10 permit 10.10.10.0, wildcard bits 0.0.0.7 (11 matches)

Extended IP access list 160

    10 permit udp any any eq bootpc log-input

    20 permit udp any any eq bootps log-input

    30 permit ip any any log-input

Extended IP access list 161

    10 permit ip any any log-input

Extended IP access list 170

    10 deny tcp any any eq 55555 log (4 matches)

    20 permit ip any any (3745 matches)

Extended IP access list 171

    10 deny tcp any any eq 55555 log

    20 permit ip any any

B10#

B10#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets

C       10.10.10.0 is directly connected, Vlan1

B10#

--------------------------------------------------------------------------

ACL 160 & 161 is for my outside vlan2. Observe that NO TRAFFIC at all has passed these rules. Hmmm. Must be hard to get DHCP to work if no traffic passes the outside interface....

'Gateway of last resort is not set.' Well, as the dhcp is not up yet perhasp that is in order. Or? In my config I have 'ip route 0.0.0.0 0.0.0.0 dhcp' set.

Now, John, seting debug ip on my rule 160 (about dhcp) actually caused a log storm for traffic between my router and my workstation (FIBipv4-packet-proc: packet routing succeeded) leading to disconnect and restart of the router .

I do know the outside network, with regards to gateway. Should I somehow set that in advance of getting an IP perhaps?

johnlloyd_13 Sun, 06/03/2012 - 10:05

you should troubleshoot more on the layer 1 issue between the 877 and the ISP device.

what ipconfig do you get when you plug a PC behind the xavi modem?

zorroinc0 Sun, 06/03/2012 - 10:21

John,

I'm leaning towards your comment too.

Ipconfig from a Windows gives:

   Anslutningsspecifika DNS-suffix . : x.net

   Beskrivning . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller

   Fysisk adress . . . . . . . . . . : 84-xxx-DA

   DHCP aktiverat. . . . . . . . . . : Ja

   Autokonfiguration aktiverat . . . : Ja

   Länklokal IPv6-adress . . . . . . : fe80::xxxa%11(Standard)

   IPv4-adress . . . . . . . . . . . : 78.x.x.x(Standard)

   Nätmask . . . . . . . . . . . . . : 255.255.254.0

   Lånet erhölls . . . . . . . . . . : den 2 juni 2012 15:46:32

   Lånet upphör. . . . . . . . . . . : den 3 juni 2012 01:04:37

   Standard-gateway. . . . . . . . . : 78.x.x.1

   DHCP-server . . . . . . . . . . . : 172.x.x.127

   IAID för DHCPv6 . . . . . . . . . : 243568489

   DUID för DHCPv6-klient. . . . . . : 00-01-00-01-xxxx-33-DA

   DNS-servrar . . . . . . . . . . . : 2a02:470::27

                                       2a02:470::28

                                       195.58.103.124

                                       213.150.135.210

   NetBIOS över TCP/IP . . . . . . . : Aktiverat

   Anslutningsspecifik söklista för DNS-suffix:

                                       y.x.net

zorroinc0 Sun, 06/03/2012 - 10:27

John,

I acutally found a crossover cable. It did not make any difference though, it seems.

:-(

I find it strange that my dhcp ACL's have not seen any traffic what-so-ever. Can I force the routing more than I do now?

johnlloyd_13 Sun, 06/03/2012 - 12:04

plug back the 877 and restart the xavi modem. try to test again.

post your current router config and show vlan-switch brief output.

zorroinc0 Sun, 06/03/2012 - 12:39

John,

I attach the config in a file, and three commands in a second file.

Vlan 2 is 'suspended'. Normal?

I think that:

* I do not get an external IP, because

* I do not get any traffic what so ever on my external interface, because

* My vlan 2 is not really up (gets marked as line UP by using no autostate, only), because

* ?

Any clues?

Richard Burts Sun, 06/03/2012 - 12:57

/Pelle

VLAN 2 suspended is not normal and I believe that this is part of the problem. I also believe that needing no autostate to get it up shows that there is a problem. I wonder if there is something else you need to define about VLAN 2 in the config.

HTH

Rick

Correct Answer
johnlloyd_13 Sun, 06/03/2012 - 15:54

negate the no autostate under interface vlan 2 and the static route commands.

int vlan 2

autostate

no ip route 0.0.0.0 0.0.0.0 vlan2

ip route 0.0.0.0 0.0.0.0 dhcp

restart the xavi modem and issue the 'renew dhcp vlan 2' on the 877.

zorroinc0 Sun, 06/03/2012 - 16:34

John,

thanks for your continued efforts!

Hahahahah! Get this!

I have been trying a whole other configuration, without general success for the last 2 hours. I did however learn about the command 'state' for interfaces. Inside interface vlan2, I could actually issue 'state active' which brought the interface up. I think traffic was actually sent on it. I did however not get an IP. In the process I changed back to an ordinary cable, since that should work and that cable was verified.

John, your suggestion above is something I have used before too (see my earlier posts..) so I did not think that would trigger anything as such. But, reloaded the very configuration that I sent to this thread a few hours ago, with route set the dhcp instead of vlan2.

What happens? I get an IP on the external interface!   What!?  I did do a factory reset inbetween there too. Could that affect anything?

I am a happy camper, but not really very much wiser than 36 hours ago. I will not forget that a vlan state can be set to suspended or active, using commands.

John, Richard: To both of you I say Thank you! You will receive private mails.

johnlloyd_13 Sun, 06/03/2012 - 16:47

Thanks for the rating and I'm glad it's now working for you. I was beginning to supect a Layer 2 issue that's why I've asked for the show vlan-switch output.

Did you by accidentally put it to suspend? Or perhaps maybe it was due to the 'no autostate' command which caused it to mess up?

877(config)#vlan 2

877(conig-vlan)#suspend

It was a pleasure troubleshooting with you. It made me stay up all night at work.

It's time for me to retire now

Sent from Cisco Technical Support iPhone App

Actions

Login or Register to take actions

This Discussion

Posted June 3, 2012 at 5:54 AM
Stats:
Replies:16 Avg. Rating:5
Views:1251 Votes:0
Shares:0
Tags: dhcp, vlan, 877w, fe0
+

Related Content

Discussions Leaderboard