OK, apologies first. I have very little experience with Cisco so please no flames.
I have a 1760 with a wic 4esw card. To 2 ports I have 2 vlan configured with helper addresses added. For the life of me I cant get DHCP forwarding to work on Vlan2, so I just have it running DHCP to that subnet. But thats another issue.
If I cold reboot the unit, the routing works for about 2 hours but then stops out of the blue and nothing fixes it except a cold reboot.
Ive attached the config to see if anyone can help.
! Last configuration change at 18:20:57 America Sun Jun 6 2004
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname
!
boot system flash flash.bin
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$5.4s$LHwtPaQsX7p6ltpTzpw4O0
enable password *************************
!
username administrator privilege 15 password 0 *********
username cisco privilege 15 password 0 *********
clock timezone America/Los_Angeles -8
clock summer-time America/Los_Angeles date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
ip domain name fvrd.bc.ca
ip name-server 192.168.90.4
ip dhcp excluded-address 192.168.80.1 192.168.80.99
ip dhcp excluded-address 192.168.80.200 192.168.80.254
ip dhcp excluded-address 192.168.80.1 192.168.80.100
ip dhcp smart-relay
!
ip dhcp pool sdm-pool1
network 192.168.80.0 255.255.255.0
default-router 192.168.80.254
domain-name ********
dns-server 192.168.90.4 192.168.90.48
lease 7
!
!
no ip bootp server
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.90.65 255.255.255.0
ip access-group 100 in
ip access-group 1 out
ip mask-reply
ip directed-broadcast
ip route-cache flow
speed auto
full-duplex
no cdp enable
!
interface FastEthernet0/1
no ip address
no cdp enable
!
interface FastEthernet0/2
no ip address
no cdp enable
!
interface FastEthernet0/3
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet0/4
switchport access vlan 2
no ip address
no cdp enable
!
interface Vlan1
description $FW_OUTSIDE$
ip address 192.168.200.254 255.255.255.0
ip access-group 102 in
ip access-group sdm_vlan1_in out
ip verify unicast reverse-path
ip helper-address 192.168.90.4
ip mask-reply
ip directed-broadcast
ip route-cache flow
!
interface Vlan2
description $FW_OUTSIDE$
ip address 192.168.80.254 255.255.255.0
ip access-group 102 in
ip access-group 102 out
ip verify unicast reverse-path
ip helper-address 192.168.90.4
ip mask-reply
ip directed-broadcast
ip dhcp relay information trusted
ip route-cache flow
!
router eigrp 1
network 192.168.90.0
network 192.168.200.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.90.1 permanent
ip route 10.0.0.0 255.0.0.0 192.168.90.49
ip route 192.168.70.0 255.255.255.0 192.168.90.1
ip route 192.168.80.0 255.255.255.0 Vlan2
ip route 192.168.200.0 255.255.255.0 Vlan1
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list standard sdm_vlan1_in
remark SDM_ACL Category=1
permit any
logging trap debugging
logging 192.168.90.226
access-list 1 remark SDM_ACL Category=1
access-list 1 permit any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.80.0 0.0.0.255 any
access-list 100 permit ip 192.168.200.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 192.168.90.0 0.0.0.255 any
access-list 101 permit icmp any host 192.168.200.254 echo-reply
access-list 101 permit icmp any host 192.168.200.254 time-exceeded
access-list 101 permit icmp any host 192.168.200.254 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 permit ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.168.90.0 0.0.0.255 any
access-list 102 permit icmp any host 192.168.200.254 echo-reply
access-list 102 permit icmp any host 192.168.200.254 time-exceeded
access-list 102 permit icmp any host 192.168.200.254 unreachable
access-list 102 permit eigrp any any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 102 permit ip 172.16.0.0 0.15.255.255 any
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 102 permit ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 255.255.255.255 any
access-list 102 permit ip host 0.0.0.0 any
access-list 102 permit ip any any log
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.90.0 0.0.0.255 any
access-list 103 permit icmp any host 192.168.80.254 echo-reply
access-list 103 permit icmp any host 192.168.80.254 time-exceeded
access-list 103 permit icmp any host 192.168.80.254 unreachable
access-list 103 permit ip 10.0.0.0 0.255.255.255 any
access-list 103 permit ip 172.16.0.0 0.15.255.255 any
access-list 103 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 permit ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 permit ip host 0.0.0.0 any
access-list 103 permit ip any any log
snmp-server community public RO
snmp-server location Router
snmp-server enable traps tty
no cdp run
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password ****************
login local
transport input telnet ssh
line vty 5 15
privilege level 15
password *******************
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
Thanks for ANY and all help!
Shaun
I have a 1760 with a wic 4esw card. To 2 ports I have 2 vlan configured with helper addresses added. For the life of me I cant get DHCP forwarding to work on Vlan2, so I just have it running DHCP to that subnet. But thats another issue.
If I cold reboot the unit, the routing works for about 2 hours but then stops out of the blue and nothing fixes it except a cold reboot.
Ive attached the config to see if anyone can help.
! Last configuration change at 18:20:57 America Sun Jun 6 2004
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname
!
boot system flash flash.bin
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$5.4s$LHwtPaQsX7p6ltpTzpw4O0
enable password *************************
!
username administrator privilege 15 password 0 *********
username cisco privilege 15 password 0 *********
clock timezone America/Los_Angeles -8
clock summer-time America/Los_Angeles date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
ip domain name fvrd.bc.ca
ip name-server 192.168.90.4
ip dhcp excluded-address 192.168.80.1 192.168.80.99
ip dhcp excluded-address 192.168.80.200 192.168.80.254
ip dhcp excluded-address 192.168.80.1 192.168.80.100
ip dhcp smart-relay
!
ip dhcp pool sdm-pool1
network 192.168.80.0 255.255.255.0
default-router 192.168.80.254
domain-name ********
dns-server 192.168.90.4 192.168.90.48
lease 7
!
!
no ip bootp server
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.90.65 255.255.255.0
ip access-group 100 in
ip access-group 1 out
ip mask-reply
ip directed-broadcast
ip route-cache flow
speed auto
full-duplex
no cdp enable
!
interface FastEthernet0/1
no ip address
no cdp enable
!
interface FastEthernet0/2
no ip address
no cdp enable
!
interface FastEthernet0/3
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet0/4
switchport access vlan 2
no ip address
no cdp enable
!
interface Vlan1
description $FW_OUTSIDE$
ip address 192.168.200.254 255.255.255.0
ip access-group 102 in
ip access-group sdm_vlan1_in out
ip verify unicast reverse-path
ip helper-address 192.168.90.4
ip mask-reply
ip directed-broadcast
ip route-cache flow
!
interface Vlan2
description $FW_OUTSIDE$
ip address 192.168.80.254 255.255.255.0
ip access-group 102 in
ip access-group 102 out
ip verify unicast reverse-path
ip helper-address 192.168.90.4
ip mask-reply
ip directed-broadcast
ip dhcp relay information trusted
ip route-cache flow
!
router eigrp 1
network 192.168.90.0
network 192.168.200.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.90.1 permanent
ip route 10.0.0.0 255.0.0.0 192.168.90.49
ip route 192.168.70.0 255.255.255.0 192.168.90.1
ip route 192.168.80.0 255.255.255.0 Vlan2
ip route 192.168.200.0 255.255.255.0 Vlan1
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list standard sdm_vlan1_in
remark SDM_ACL Category=1
permit any
logging trap debugging
logging 192.168.90.226
access-list 1 remark SDM_ACL Category=1
access-list 1 permit any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.80.0 0.0.0.255 any
access-list 100 permit ip 192.168.200.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 192.168.90.0 0.0.0.255 any
access-list 101 permit icmp any host 192.168.200.254 echo-reply
access-list 101 permit icmp any host 192.168.200.254 time-exceeded
access-list 101 permit icmp any host 192.168.200.254 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 permit ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.168.90.0 0.0.0.255 any
access-list 102 permit icmp any host 192.168.200.254 echo-reply
access-list 102 permit icmp any host 192.168.200.254 time-exceeded
access-list 102 permit icmp any host 192.168.200.254 unreachable
access-list 102 permit eigrp any any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 102 permit ip 172.16.0.0 0.15.255.255 any
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 102 permit ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 255.255.255.255 any
access-list 102 permit ip host 0.0.0.0 any
access-list 102 permit ip any any log
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.90.0 0.0.0.255 any
access-list 103 permit icmp any host 192.168.80.254 echo-reply
access-list 103 permit icmp any host 192.168.80.254 time-exceeded
access-list 103 permit icmp any host 192.168.80.254 unreachable
access-list 103 permit ip 10.0.0.0 0.255.255.255 any
access-list 103 permit ip 172.16.0.0 0.15.255.255 any
access-list 103 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 permit ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 permit ip host 0.0.0.0 any
access-list 103 permit ip any any log
snmp-server community public RO
snmp-server location Router
snmp-server enable traps tty
no cdp run
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password ****************
login local
transport input telnet ssh
line vty 5 15
privilege level 15
password *******************
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
Thanks for ANY and all help!
Shaun
