Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco 871W - NAT/DHCP issue

So I purchased a Cisco 871W SOHO router for my home. I thought I had it all configured and ready to go until I connected it to my broadband modem. The issue is the WAN interface receives its IP from my ISP no problem. My wired workstation also receives an IP from my ISP and not the DHCP pool I set up. Wireless clients are receiving the correct IP from the pool. Could someone take a look at my config and see where I went wrong?

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.07.02 17:02:58 =~=~=~=~=~=~=~=~=~=~=~=

sh run

Building configuration...

Current configuration : 4643 bytes

!

! Last configuration change at 08:43:28 EST Sat Feb 2 2013 by admin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

clock timezone EST -5 0

clock summer-time EDT recurring

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-911360573

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-911360573

revocation-check none

rsakeypair TP-self-signed-911360573

!

!

crypto pki certificate chain TP-self-signed-911360573

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 39313133 36303537 33301E17 0D313330 32303231 33343331

  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3931 31333630

  35373330 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  C52C05D4 083DC8B9 671E45FD DCDC64A9 8B133EC9 D2FB2049 688BB51D A73EA0CA

  270A9ADF F6C45429 18A19FEA FBB6DAA5 3F4135B5 92C858C1 E20F8DA5 46AB0513

  F4C09455 8840DEA4 C4D1FE71 849A5E66 E42222E6 90410594 81712006 E7775254

  984F4296 76758EFC FEA8BADA 8D67F418 1363C6C9 97EFE1AE 4436474D 73ABF031

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 168014C7 47249603 0708F01A D4ADF637 DE09A6E8 CB6DB730 1D060355

  1D0E0416 0414C747 24960307 08F01AD4 ADF637DE 09A6E8CB 6DB7300D 06092A86

  4886F70D 01010505 00038181 0035375C EFAA6E5A 964C4D00 FC8B4046 B902F128

  16409420 BB20EBA6 46773E7F D7F142F2 83EE7699 14A507A5 89596453 CCACB109

  18794B04 3A349180 D83A7DA7 206B01DA 6C17F148 AA91BA05 D6D3D2AA 2464233A

  0CEBEE81 7DB3605E 0B711CF4 0E9CD1E1 BA15F715 F3DA2FE4 5C85E87C 282C3C6C

  2D70C2E4 F276CA6A 19834618 82

      quit

dot11 syslog

!

dot11 ssid [my ssid]

vlan 1

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 094E5B001A0E100712

!

ip source-route

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.49

!

ip dhcp pool DHCP-POOL

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 8.8.8.8 8.8.4.4

!

!

!

ip cef

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

username admin privilege 15 secret 4 Q3ixttsveGEmBIULtVu7zqaBEoCuhrE8Ko.6zJO0wok

!

!

!

!

!

!

bridge irb

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

ip nat outside

ip virtual-reassembly in

!

interface FastEthernet0

no ip address

spanning-tree portfast

!

interface FastEthernet1

no ip address

spanning-tree portfast

!

interface FastEthernet2

no ip address

spanning-tree portfast

!

interface FastEthernet3

no ip address

spanning-tree portfast

!

interface FastEthernet4

description WAN-CONNECTION

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

bridge-group 1

!

interface Dot11Radio0

no ip address

!

encryption mode ciphers aes-ccm

!

encryption vlan 1 mode ciphers aes-ccm

!

ssid [my ssid]

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2437

station-role root

rts threshold 2312

!

interface Dot11Radio0.1

description Wireless VLAN 1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

description INTERNAL-NETWORK

ip nat inside

ip virtual-reassembly in

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

description INTERNAL BRIDGE WIRED-TO-WIRELESS

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 1 interface FastEthernet4 overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 5 0

login local

no modem enable

transport output all

line aux 0

exec-timeout 5 0

login local

transport input telnet ssh

transport output all

line vty 0 4

exec-timeout 5 0

privilege level 15

login local

transport input telnet ssh

transport output all

!

end

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Cisco 871W - NAT issue

Hi Brian,

I don't think you need any bridge group configuration under your WAN interface. Try taking that out as below and check

interface FastEthernet4

no bridge-group 1

Also which port you are using to connect the wired client?

Regards

Najaf

Please rate when applicable or helpful !!!

3 REPLIES
Gold

Cisco 871W - NAT issue

Hi Brian,

I don't think you need any bridge group configuration under your WAN interface. Try taking that out as below and check

interface FastEthernet4

no bridge-group 1

Also which port you are using to connect the wired client?

Regards

Najaf

Please rate when applicable or helpful !!!

Community Member

Cisco 871W - NAT issue

Thanks Najaf! I will give that a try tonight.

I was connecting my workstation into FastEthernet1.

I will report back when I know more.

Brian

Community Member

Cisco 871W - NAT issue

For persons who are new to the Cisco 871W, I will post my configuration here. When I bought this router, I was tired of the same crappy consumer grade routers dieing on me all the time. Since this router has been online, I have had zero issues. Thanks Najaf for yor help! This configuration has a basic firewall setup, some crypto to implement a VPN at a later date, and WPA2 security for 802.11g. GOOD LUCK!

Building configuration...

Current configuration : 7944 bytes

!

! Last configuration change at 15:15:06 EST Sat Jan 25 2014 by admin

! NVRAM config last updated at 15:15:07 EST Sat Jan 25 2014 by admin

! NVRAM config last updated at 15:15:07 EST Sat Jan 25 2014 by admin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname HOSTNAME OF YOUR ROUTER

!

boot-start-marker

boot-end-marker

!

!

no logging buffered

!

no aaa new-model

!

clock timezone EST -5 0

clock summer-time EDT recurring

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-911360573

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-911360573

revocation-check none

rsakeypair TP-self-signed-911360573

!

!

crypto pki certificate chain TP-self-signed-911360573

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 39313133 36303537 33301E17 0D313330 32303231 33343331

  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3931 31333630

  35373330 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  C52C05D4 083DC8B9 671E45FD DCDC64A9 8B133EC9 D2FB2049 688BB51D A73EA0CA

  270A9ADF F6C45429 18A19FEA FBB6DAA5 3F4135B5 92C858C1 E20F8DA5 46AB0513

  F4C09455 8840DEA4 C4D1FE71 849A5E66 E42222E6 90410594 81712006 E7775254

  984F4296 76758EFC FEA8BADA 8D67F418 1363C6C9 97EFE1AE 4436474D 73ABF031

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 168014C7 47249603 0708F01A D4ADF637 DE09A6E8 CB6DB730 1D060355

  1D0E0416 0414C747 24960307 08F01AD4 ADF637DE 09A6E8CB 6DB7300D 06092A86

  4886F70D 01010505 00038181 0035375C EFAA6E5A 964C4D00 FC8B4046 B902F128

  16409420 BB20EBA6 46773E7F D7F142F2 83EE7699 14A507A5 89596453 CCACB109

  18794B04 3A349180 D83A7DA7 206B01DA 6C17F148 AA91BA05 D6D3D2AA 2464233A

  0CEBEE81 7DB3605E 0B711CF4 0E9CD1E1 BA15F715 F3DA2FE4 5C85E87C 282C3C6C

  2D70C2E4 F276CA6A 19834618 82

      quit

dot11 syslog

!

dot11 ssid YOUR SSID NAME

vlan 1

authentication open

authentication key-management wpa

guest-mode

mbssid guest-mode

wpa-psk ascii YOUR WIRELESS PASSWORD

!

ip source-route

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.49

!

ip dhcp pool DHCP-POOL

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 8.8.8.8 8.8.4.4

lease 30

!

!

!

ip cef

ip name-server 8.8.8.8

ip name-server 8.8.4.4

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

username admin privilege 15 secret YOUR ROUTER MANAGEMENT PASSWORD

!

!

!

class-map type inspect match-any SDM_BOOTPC

match access-group name SDM_BOOTPC

class-map type inspect match-any SDM_DHCP_CLIENT_PT

match class-map SDM_BOOTPC

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

class-map type inspect match-any sdm-cls-bootps

match protocol bootps

class-map type inspect match-any ccp-cls-insp-traffic

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

class-map type inspect match-any ccp-h323-inspect

match protocol h323

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect match-any ccp-sip-inspect

match protocol sip

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect sdm-cls-bootps

  pass

class type inspect ccp-icmp-access

  inspect

class class-default

  pass

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

class type inspect ccp-insp-traffic

  inspect

class type inspect ccp-sip-inspect

  inspect

class type inspect ccp-h323-inspect

  inspect

class type inspect ccp-h323annexe-inspect

  inspect

class type inspect ccp-h225ras-inspect

  inspect

class type inspect ccp-h323nxg-inspect

  inspect

class type inspect ccp-skinny-inspect

  inspect

class class-default

  drop

policy-map type inspect ccp-permit

class type inspect SDM_DHCP_CLIENT_PT

  pass

class class-default

  drop

!

zone security in-zone

zone security out-zone

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

!

!

!

!

bridge irb

!

!

!

interface Loopback0

description $FW_INSIDE$

ip address 1.1.1.1 255.255.255.255

ip nat outside

ip virtual-reassembly in

zone-member security in-zone

!

interface FastEthernet0

no ip address

spanning-tree portfast

!

interface FastEthernet1

no ip address

spanning-tree portfast

!

interface FastEthernet2

no ip address

spanning-tree portfast

!

interface FastEthernet3

no ip address

spanning-tree portfast

!

interface FastEthernet4

description WAN-CONNECTION$FW_OUTSIDE$

ip address dhcp

ip nat outside

ip virtual-reassembly in

zone-member security out-zone

duplex auto

speed auto

no cdp enable

!

interface Dot11Radio0

no ip address

!

encryption mode ciphers aes-ccm

!

encryption vlan 1 mode ciphers aes-ccm

!

broadcast-key vlan 1 change 30

!

!

ssid YOUR WIRELESS SSID

!

mbssid

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2437 YOUR 802.11g FREQUENCY (2437 IS CHANNEL 6)

station-role root

rts threshold 2312

!

interface Dot11Radio0.1

description WIRELESS VLAN 1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

ip virtual-reassembly in

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

description $FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

zone-member security in-zone

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 1 interface FastEthernet4 overload

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip access-list extended SDM_BOOTPC

remark CCP_ACL Category=0

permit udp any any eq bootpc

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

!

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 5 0

login local

no modem enable

transport output all

line aux 0

exec-timeout 5 0

login local

transport input telnet ssh

transport output all

line vty 0 4

exec-timeout 5 0

privilege level 15

login local

transport input telnet ssh

transport output all

!

ntp server 3.north-america.pool.ntp.org

ntp server 1.north-america.pool.ntp.org

ntp server 0.north-america.pool.ntp.org prefer

ntp server 2.north-america.pool.ntp.org

end

575
Views
0
Helpful
3
Replies
CreatePlease to create content