×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

New Cisco 887 routing question

Unanswered Question
Nov 15th, 2013
User Badges:

    I'm new to cisco 887 routers, I seem to have successfully setup dhcp and can connect to it with a workstation.

The 887 can ping internet hosts and telnet to internet hosts but the dhcp workstations cannot.

Can some please help me see my mistake.


Thank you


Robert


Layout

10.10.10.0  Vlan1 FE1,2,3  to Vlan10 208.23.6.130 to FE0  Routes to 208.23.6.1 Internet router( internet )


My config follows:

      
!                                                                              
version 15.0                                                                   
no service pad                                                                 
service timestamps debug datetime msec                                         
service timestamps log datetime msec                                           
no service password-encryption                                                 
!                                                                              
hostname yourname                                                              
!                                                                              
boot-start-marker                                                              
boot-end-marker                                                                
!                                                                              
logging buffered 51200 warnings                                                
!                                                                              
no aaa new-model                                                               
memory-size iomem 10                                                           
!                                                                              
crypto pki trustpoint TP-self-signed-330327606                                 
enrollment selfsigned                                                         
subject-name cn=IOS-Self-Signed-Certificate-330327606                         
revocation-check none                                                         
rsakeypair TP-self-signed-330327606                                           
!                                                                              
!                                                                              
crypto pki certificate chain TP-self-signed-330327606                          
certificate self-signed 01 nvram:IOS-Self-Sig#4.cer                           
ip source-route                                                                
!                                                                              
!                                                                              
ip dhcp excluded-address 10.10.10.1                                            
!                                                                              
ip dhcp pool ccp-pool                                                          
   import all                                                                  
   network 10.10.10.0 255.255.255.248                                          
   default-router 10.10.10.1                                                   
   lease 0 2                                                                   
!                                                                              
!                                                                              
ip cef                                                                         
no ip domain lookup                                                            
ip domain name yourdomain.com                                                  
no ipv6 cef                                                                    
!                                                                              
!                                                                              
license udi pid CISCO887-K9 sn FTX151601PN                                     
!                                                                              
!                                                                              
vtp mode transparent                                                           
          
username name privilege 15 secret 5 $1$o49Z$KzpiJQjgR5VYyTP2ADUKY.           
!                                                                              
!                                                                              
vlan 10                                                                        
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
interface BRI0                                                                 
no ip address                                                                 
encapsulation hdlc                                                            
shutdown                                                                      
isdn termination multidrop                                                    
!                                                                              
interface ATM0                                                                 
no ip address                                                                 
no atm ilmi-keepalive                                                         
!                                                                              
interface FastEthernet0                                                        
switchport access vlan 10                                                     
!                                                                              
interface FastEthernet1                                                        
!                                                                              
interface FastEthernet2                                                        
!                                                                              
interface FastEthernet3                                                        
!                                                                              
interface Vlan1                                                                
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$                              
ip address 10.10.10.1 255.255.255.248                                         
ip nat inside                                                                 
ip virtual-reassembly                                                         
ip tcp adjust-mss 1452                                                        
!                                                                              
interface Vlan10                                                               
description Public Internet                                                   
ip address 208.23.6.130 255.255.0.0                                           
ip nat outside                                                                
ip virtual-reassembly                                                         
!                                                                              
ip forward-protocol nd                                                         
ip http server                                                                 
ip http access-class 23                                                        
ip http authentication local                                                   
ip http secure-server                                                          
ip http timeout-policy idle 60 life 86400 requests 10000                       
!                                                                              
ip nat inside source list NAT interface Vlan10 overload                        
ip route 0.0.0.0 0.0.0.0 208.23.6.1                                            
ip route 10.10.10.0 255.255.255.248 208.23.6.1                                 
!                                                                              
access-list 23 permit 10.10.10.0 0.0.0.7                                       
no cdp run                                                                     
                                                                               
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
control-plane                                                                  
!                                                                              
          
!                                                                              
line con 0                                                                     
login local                                                                   
no modem enable                                                               
line aux 0                                                                     
line vty 0 4                                                                   
access-class 23 in                                                            
privilege level 15                                                            
login local                                                                   
transport input telnet ssh                                                    
!                                                                              
scheduler max-task-time 5000                                                   
end                                                  

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.8 (6 ratings)
Loading.
Collin Clark Fri, 11/15/2013 - 17:02
User Badges:
  • Purple, 4500 points or more

I see a couple of things. The first is that your NAT statement calls the access list named NAT, but the ACL does not exist.


ip access-list standard NAT

permit 10.10.10.0 0.0.0.7


Second, you should remove this statement


ip route 10.10.10.0 255.255.255.248 208.23.6.1


Third, you'll want to add some DNS servers in your DHCP pool. A couple of public ones are 4.2.2.1, 4.2.2.2, 8.8.8.8


Hope it helps.

Maher Abdelshkour Fri, 11/15/2013 - 19:32
User Badges:
  • Silver, 250 points or more

Rob,

Please do the following:


1-  ip dhcp pool ccp-pool                                                          

   import all                                                                  

   network 10.10.10.0 255.255.255.248                                          

   default-router 10.10.10.1                                                   

   dns-server 8.8.8.8 8.8.4.4  

   lease 0 2


2- Romove ip route 10.10.10.0 255.255.255.248 208.23.6.1


3- ip route 0.0.0.0 0.0.0.0 vlan10


4- change 'ip nat inside source list NAT interface Vlan10 overload' to 'ip nat inside source list 23interface Vlan10 overload'

Actions

This Discussion