I'm trying to setup a 2514 to connect to an ISP through a cable modem. I'm running c2500-io-l.122-32 IOS, here are my configs:
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp pool Internal-DHCP
network 192.168.100.0 255.255.255.0
ip inspect name cbac tcp
ip inspect name cbac udp
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip address dhcp
ip access-group CBAC in
ip inspect cbac out
ip nat outside
ip nat inside source list NATACL interface e0 overload
ip access-list extended CBAC
permit udp any eq bootps any eq bootpc
permit gre any any
permit icmp any any echo
permit icmp any any echo reply
permit icmp any any traceroute
deny ip any any log
ip access-list extended NATACL
permit ip 192.168.100.0 0.0.0.255 any
The e0 is connected to the cable modem, and the e1 to an access port on a 3500 switch. I have 2 PCs connected to the access ports on the switch, all ports being on the same vlan. The PCs have the 192.168.100.11 and 192.168.100.12 addresses and they're able to ping the e1 (192.168.100.1), but they're unable to get onto the web.
I did a show int brief on the e0 and saw the 2514 acquire a DHCP address on its e0 int. Doing a sho ip route has all data going through the default gateway. When I run debug ip dhcp server cmds, I don't see the 2514 trying to assign IPs to the PCs. I can post the results from the show cmds if it would help.
What are some possible issues, and how should I troubleshoot this?
If you do not have DNS configured on the PC you need to configure it in the DHCP.
I noticed you have the access list CBAC configured on the E0 interface. Why are you denying all IP from the Internet? I know IP inspect does some screwy work with creating openings for established sessions what does your log show.
Have you tried pinging devices from the router out to the internet then done extended pings from the router using the E1 interface as your source?
One last thing have you attempted to remove the firewall and access list, then reboot to see if it works then?
I removed the CBAC access list, rebooted and still no change. If don't have a DNS server, so how would I configure it in the router?
From the router, I've successfully pinged my ISP's server on the web but I haven't tried an extended ping from my E1 yet.
My PCs don't seem to be acquiring IPs from the 2514. I gave them static IPs to make sure connectivity was fine, and it was. When I forced them back to obtaining an IP automatically & ran an ipconfig /renew, I saw in the debug log that the 2514 was rejecting requests because the clients were not on the 192.168.100.0 network.
Please replace the DNS ip addresses with the ones of your ISP. You can check the settings in your PCs in a dos command shell by issuing ipconfig /all - the default gateway and the DNS servers should show up.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...