DHCP on Cisco 2514

tsemorgan · ‎01-05-2006

I'm trying to setup a 2514 to connect to an ISP through a cable modem. I'm running c2500-io-l.122-32 IOS, here are my configs:

ip dhcp excluded-address 192.168.100.1 192.168.100.10

ip dhcp pool Internal-DHCP

import all

network 192.168.100.0 255.255.255.0

default-router 192.168.100.1

ip inspect name cbac tcp

ip inspect name cbac udp

interface e1

ip address 192.168.100.1 255.255.255.0

ip nat inside

interface e0

ip address dhcp

ip access-group CBAC in

ip inspect cbac out

ip nat outside

ip nat inside source list NATACL interface e0 overload

ip access-list extended CBAC

permit udp any eq bootps any eq bootpc

permit gre any any

permit icmp any any echo

permit icmp any any echo reply

permit icmp any any traceroute

deny ip any any log

ip access-list extended NATACL

permit ip 192.168.100.0 0.0.0.255 any

The e0 is connected to the cable modem, and the e1 to an access port on a 3500 switch. I have 2 PCs connected to the access ports on the switch, all ports being on the same vlan. The PCs have the 192.168.100.11 and 192.168.100.12 addresses and they're able to ping the e1 (192.168.100.1), but they're unable to get onto the web.

I did a show int brief on the e0 and saw the 2514 acquire a DHCP address on its e0 int. Doing a sho ip route has all data going through the default gateway. When I run debug ip dhcp server cmds, I don't see the 2514 trying to assign IPs to the PCs. I can post the results from the show cmds if it would help.

What are some possible issues, and how should I troubleshoot this?

Michael Stuckey · ‎01-05-2006

I have a couple of thoughts.

If you do not have DNS configured on the PC you need to configure it in the DHCP.

I noticed you have the access list CBAC configured on the E0 interface. Why are you denying all IP from the Internet? I know IP inspect does some screwy work with creating openings for established sessions what does your log show.

Have you tried pinging devices from the router out to the internet then done extended pings from the router using the E1 interface as your source?

One last thing have you attempted to remove the firewall and access list, then reboot to see if it works then?

Let us know.

If this helps please rate.

Mike

tsemorgan · ‎01-05-2006

I removed the CBAC access list, rebooted and still no change. If don't have a DNS server, so how would I configure it in the router?

From the router, I've successfully pinged my ISP's server on the web but I haven't tried an extended ping from my E1 yet.

My PCs don't seem to be acquiring IPs from the 2514. I gave them static IPs to make sure connectivity was fine, and it was. When I forced them back to obtaining an IP automatically & ran an ipconfig /renew, I saw in the debug log that the 2514 was rejecting requests because the clients were not on the 192.168.100.0 network.

stomasko · ‎01-05-2006

Take a look at the configuration guide at this site. Just glancing you might need to run the following command: no ip dhcp conflict logging

Otherwise go through the the configuration tasks and see the show and debug commands for more assistance.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75c.html#wp1010670

Hope this helps.

Steve

mheusinger · ‎01-05-2006

Hi,

a working example for a DHCP pool would be

ip dhcp pool mypool

network 192.168.100.0 255.255.255.0

default-router 192.168.100.1

dns 4.2.2.2 141.1.1.1

Please replace the DNS ip addresses with the ones of your ISP. You can check the settings in your PCs in a dos command shell by issuing ipconfig /all - the default gateway and the DNS servers should show up.

Hope this helps

Martin