1720 Not responding to DHCP 3

[bezking]

I have a Cisco 1720 configured to DHCP an address from a cable modem. In the config I have "ip address dhcp" for the WIC 1 ENET. The router, however, will not respond to DHCPOFFERs. A show interface e0 shows that there were over 1,000 broadcasts, but it didn't respond to anything! What do I do?

Thanks!!!!!

 

[plshlpme]

debug

 

[burtsbees]

sh int e0
also...I had always had problems with a similar set up. Perhaps just enter a static IP in the router and be done with it...

Burt

 

[bezking]

sh int e0:

rtr-01>sh int e0
Ethernet0 is up, line protocol is up
Hardware is PQUICC Ethernet, address is 0004.dd0c.244b (bia 0004.dd0c.244b)
Internet address will be negotiated using DHCP
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10BaseT
ARP type: ARPA, ARP Timeout 04:00:00
Last input 05:41:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2660 packets input, 162318 bytes, 0 no buffer
Received 2660 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
2083 packets output, 130002 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

 

[garnetbobcat]

Do you have an inbound access list on eth0? If so, you need to permit the DHCP packets back in from the cable modem. For example:

access-list 101 permit udp any eq bootps any eq bootpc

interface eth0
ip access-group 101 in

That will allow DHCP from the server (port 67) to the client (port 68).

Matt
CCSP

http://www.wr-mem.com

 

[burtsbees]

Yeah...p[ost a sh run...

Burt

 

[bezking]

sh run:
r-01#sh run
Building configuration...

Current configuration : 1398 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rtr-01
!
enable secret 5 $1$rkpA$N0bxUvpxvbyM.gSMdUAba1
enable password ben1994
!
memory-size iomem 20
ip subnet-zero
!
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 167.206.3.212
ip name-server 167.206.3.146
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
!
interface Ethernet0
ip address dhcp
ip access-group 112 in
ip access-group 111 out
ip nat outside
full-duplex
no cdp enable
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
speed auto
half-duplex
!
router igrp 1
redistribute connected
network 192.168.1.0
network 192.168.100.0
!
ip classless
ip http server
ip pim bidir-enable
!
access-list 15 permit 0.0.0.0 255.255.255.0
access-list 110 permit tcp host 192.168.1.0 host 192.168.1.0 neq 0
access-list 111 permit tcp 192.168.1.0 0.0.0.255 any neq 0
access-list 112 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 112 permit tcp any 192.168.1.0 0.0.0.255 eq 67 established
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password ben1994
login
!
end

 

[bezking]

THANKS SOOOOO MUCH!!!
It works now. But there is another problem. No comm is being made with the outside. Pings are all timing out. Here is the new config file: (Passwords all changed after I posted them above)

rtr-01#sh run
Building configuration...

Current configuration : 1524 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rtr-01
!
enable secret
enable password
!
memory-size iomem 20
ip subnet-zero
!
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 167.206.3.212
ip name-server 167.206.3.146
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
!
interface Ethernet0
ip address dhcp
ip access-group 112 in
ip access-group 111 out
ip nat outside
full-duplex
no cdp enable
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
speed auto
half-duplex
!
router igrp 1
redistribute connected
network 192.168.1.0
network 192.168.100.0
!
ip classless
ip http server
ip pim bidir-enable
!
access-list 15 permit 0.0.0.0 255.255.255.0
access-list 110 permit tcp host 192.168.1.0 host 192.168.1.0 neq 0
access-list 111 permit tcp 192.168.1.0 0.0.0.255 any neq 0
access-list 111 permit udp 192.168.1.0 0.0.0.255 any
access-list 112 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 112 permit udp any eq bootps any eq bootpc
access-list 112 permit tcp host 192.168.1.0 host 192.168.1.0 neq 0
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password
login
!
no scheduler allocate
end

 

[plshlpme]

try this


conf t
interface FastEthernet0
ip nat inside
exit
access-list 10 permit 192.168.1.0 0.0.0.255
ip nat inside source list 10 interface Ethernet0 overload

 

[burtsbees]

router>en
router#conf t
router(config)#access-list 10 permit 192.168.1.0 0.0.0.255
router(config)#ip nat inside source list 10 int e0 overload
router(config)#int fa0
router(config-if)#ip nat inside
router(config-if)#end
What is the purpose of those acl's? There is an implicit deny at the end of those lists, so it only allows what the statements say, and deny everything else. If this is what you want, great. I see no point in acl 111, so if you still cannot communicate like you want to the outside, try
router#conf t
router(config)#int e0
router(config-if)#no ip access-group 111 out
This access list, if you still need it, should actually be applied inbound to interface fastethernet 0...

Burt

 

[burtsbees]

plshlpme, you must
A.Be an hour behind me, and
B.Must have posted that as I was typing mine...lol

Burt

 

[bezking]

Thanks guys, but nothin' doing.
rtr-01#sh run
Building configuration...

Current configuration : 1527 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rtr-01
!
enable secret
enable password
!
memory-size iomem 20
ip subnet-zero
!
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 167.206.3.212
ip name-server 167.206.3.146
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
!
interface Ethernet0
ip address dhcp
ip access-group 112 in
ip nat outside
full-duplex
no cdp enable
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
speed auto
half-duplex
!
router igrp 1
redistribute connected
network 192.168.1.0
network 192.168.100.0
!
ip nat inside source list 10 interface Ethernet0 overload
ip classless
ip http server
ip pim bidir-enable
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 15 permit 0.0.0.0 255.255.255.0
access-list 110 permit tcp host 192.168.1.0 host 192.168.1.0 neq 0
access-list 111 permit tcp 192.168.1.0 0.0.0.255 any neq 0
access-list 111 permit udp 192.168.1.0 0.0.0.255 any
access-list 112 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 112 permit udp any eq bootps any eq bootpc
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password
login
!
end

rtr-01#ping google.com
Translating "google.com"...domain server (208.67.222.222) (208.67.220.220) (167.
206.3.212) (167.206.3.146)
% Unrecognized host or address, or protocol not running.

 

[burtsbees]

int e0
no ip access-group 112 in

That's what I said originally, to try it without that acl...

Burt

 

[plshlpme]

i guess a
ip route 0.0.0.0 0.0.0.0 eth0
wouldnt hurt either

 

[burtsbees]

Oh yeah...duh
Good catch!

Burt

 

[bezking]

s

http://wwweeeeeeeeeeat!

Thanks SOOO MUCH!