New Cisco 887 routing question

gateway03 · ‎11-15-2013

I'm new to cisco 887 routers, I seem to have successfully setup dhcp and can connect to it with a workstation.

The 887 can ping internet hosts and telnet to internet hosts but the dhcp workstations cannot.

Can some please help me see my mistake.

Thank you

Robert

Layout

10.10.10.0 Vlan1 FE1,2,3 to Vlan10 208.23.6.130 to FE0 Routes to 208.23.6.1 Internet router( internet )

My config follows:

!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-330327606
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-330327606
revocation-check none
rsakeypair TP-self-signed-330327606
!
!
crypto pki certificate chain TP-self-signed-330327606
certificate self-signed 01 nvram:IOS-Self-Sig#4.cer
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
license udi pid CISCO887-K9 sn FTX151601PN
!
!
vtp mode transparent

username name privilege 15 secret 5 $1$o49Z$KzpiJQjgR5VYyTP2ADUKY.
!
!
vlan 10
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface FastEthernet0
switchport access vlan 10
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan10
description Public Internet
ip address 208.23.6.130 255.255.0.0
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT interface Vlan10 overload
ip route 0.0.0.0 0.0.0.0 208.23.6.1
ip route 10.10.10.0 255.255.255.248 208.23.6.1
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run

!
!
!
!
!
control-plane
!

!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

Collin Clark · ‎11-15-2013

I see a couple of things. The first is that your NAT statement calls the access list named NAT, but the ACL does not exist.

ip access-list standard NAT

permit 10.10.10.0 0.0.0.7

Second, you should remove this statement

ip route 10.10.10.0 255.255.255.248 208.23.6.1

Third, you'll want to add some DNS servers in your DHCP pool. A couple of public ones are 4.2.2.1, 4.2.2.2, 8.8.8.8

Hope it helps.

Maher Abdelshkour · ‎11-15-2013

Rob,

Please do the following:

1- ip dhcp pool ccp-pool

import all

network 10.10.10.0 255.255.255.248

default-router 10.10.10.1

dns-server 8.8.8.8 8.8.4.4

lease 0 2

2- Romove ip route 10.10.10.0 255.255.255.248 208.23.6.1

3- ip route 0.0.0.0 0.0.0.0 vlan10

4- change 'ip nat inside source list NAT interface Vlan10 overload' to 'ip nat inside source list 23interface Vlan10 overload'