Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
6
Replies

871 only receives dhcp from cable ISP when interface is shut/no shut

swharvey
Level 3
Level 3

‎02-06-2007 01:55 PM - edited ‎03-03-2019 03:38 PM

We have a Cisco 871 router running ip advanceservices 124-11.T that is connected on int F4 to a cable modem. The ISP allocates public ip addresses via dhcp. The problem we are having is that when the router boots up, it does not get an ip address assigned by the ISP. Attempts to unplug and reconnect the cat5 cable has no affect. Oddly though, if you console/vty onto the router and preform a shut and then no shut on F4, the router gets an ip address from the ISP. I thought possibly the problem may have been an acl issue or that a client-id and/or hostname needed to be defined on the F4 interface for the ISP's DHCP server, but adding both entries (client-id fasteternet 4 and sohort1 hostname) didn't help, and pulling the access-group off int F4 had no affect either.

Anyone ever encounter this type of problem before?

Thanks,

-Scott

Labels:
0 Helpful
6 Replies 6

richard.ma
Level 1
Level 1

‎02-06-2007 06:34 PM

if you know acl is not blocking dhcp packets, you can try a cli command to release and renew dhcp on f4 interface.

release dhcp f4 & renew dhcp f4.

hope it helps..

0 Helpful

swharvey
Level 3
Level 3
In response to richard.ma

‎02-07-2007 10:44 AM

Thanks for response. Yes I'm certain it is not the acl's because the permit for bootpc and bootps are on the acl (see below) and because the same problem occurs when the the access-group is not applied to interface F4

sohort1#sh access-lists Internet-in

Extended IP access list Internet-in

10 permit udp any any range bootps bootpc (9228 matches)

20 deny ip 10.0.0.0 0.255.255.255 any log

30 deny ip 172.16.0.0 0.15.255.255 any (1 match)

40 deny ip 192.168.0.0 0.0.255.255 any

50 deny ip 127.0.0.0 0.255.255.255 any

60 deny ip host 255.255.255.255 any

70 permit icmp any any echo-reply

80 permit icmp any any time-exceeded

90 permit icmp any any unreachable

Additional lines truncated

Sadly I've found via acl captures that my isp is use a private 10.30.48.1 addy for it's dhcp server to hand out public 71.x.x.x addresses. Even though this is cheesey, I can ping their dhcp server from my 871 router. It is very odd that disconnecting and reconnecting the cable has no affect on getting an address, but shutting and no shutting interface F4 does the trick everytime.

Any other thoughts on this?

0 Helpful

Christopher Dozier
Level 1
Level 1
In response to swharvey

‎02-07-2007 10:58 AM

Do you have any debugs when it is unable to to get an ip address. Perhaps doing a "debug dhcp detail" to make sure it is sending a DHCP DISCOVER message and seeing a response?

0 Helpful

swharvey
Level 3
Level 3
In response to Christopher Dozier

‎02-08-2007 09:00 PM

So the best I could do was have a colleague at the remote site console onto the router, reload it, and then login as soon as available and run the debug dhcp detail command.

It appears from the debugs that the ISP has a private DHCP server at 172.24.120.60, and that the ISP routes through a private gateway at 10.30.48.1 somewhere in the path, and that this DHCP server provides a "Temp" Public DHCP ip address (see attachment) to the 871.

That's Cheesey

Prior to the shut/no shut command on int F4 to get an address, we did a show ip int bri and int F4 shows as Initializing.

Unfortuately when we did the shut/no shut to make interface Fa4 successfully get an address, the down/up event never showed in the logs, so I don't have a good demarcation point on when the DHCP didn't work and when it started working.

Please review the debug dhcp detail logs in the attachment and let me know if you have any ideas.

Thanks!

Preview file
4 KB
0 Helpful

swharvey
Level 3
Level 3
In response to swharvey

‎02-09-2007 03:04 PM

Anyone have any thoughts on this?

0 Helpful

lmackie98
Level 1
Level 1
In response to swharvey

‎03-06-2007 01:31 PM

Scott,

I have experienced the same problem when building 871 routers for our remote users. However, the problem goes away when we add the commands shown below to the routers. Unfortunately, I have not looked at the problem more than this, since these commands are part of our default build.

ip inspect name PPO-FW tcp

ip inspect name PPO-FW udp

ip inspect name PPO-FW icmp

ip inspect name PPO-FW ftp

ip access-list extended outside_incoming

permit esp host ********** any

permit udp host ********** any eq isakmp

permit udp host ********** any eq non500-isakmp

permit tcp host ********** any eq 22

permit udp any any eq bootpc

permit udp any any eq bootps

permit icmp any any echo

permit icmp any any echo-reply

permit icmp any any packet-too-big

permit icmp any any time-exceeded

permit icmp any any unreachable

deny ip any any log-input

int F4

ip access-group outside_incoming in

ip inspect PPO-FW out

exit

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card