Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 3800 and DHCP

Status
Not open for further replies.
bezking

bezking

IS-IT--Management
Jun 14, 2007
38
US
Hi all-

I am trying to have a cisco 3825 get an address via DHCP, but it doesn't seem to take one. Here's the current config:

I'm guessing it has something to do with the firewall setup, but I can't tell...

TIA

Code: 
Building configuration...

Current configuration : 6180 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname orca
!
boot-start-marker
boot-end-marker
!
!card type command needed for slot 1
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 
enable password 7 
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
no ip source-route
no ip routing
no ip gratuitous-arps
no ip cef
!
!
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
no ip bootp server
ip domain name beztech1.local
ip name-server 167.206.254.1
ip name-server 167.204.254.2
ip ssh time-out 60
ip ssh authentication-retries 2
login block-for 10 attempts 10 within 10
!
!
!
crypto pki trustpoint TP-self-signed-1307652724
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1307652724
 revocation-check none
 rsakeypair TP-self-signed-1307652724
!
!
crypto pki certificate chain TP-self-signed-1307652724
 certificate self-signed 01

  quit
username x password 7 x
!
! 
!
!
!
interface GigabitEthernet0/0
 description $FW_INSIDE$
 ip address 10.0.0.1 255.0.0.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
 media-type rj45
 no keepalive
 no mop enabled
!
interface GigabitEthernet0/1
 description $FW_OUTSIDE$$ETH-WAN$
 ip address dhcp client-id GigabitEthernet0/1
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
 media-type rj45
 no keepalive
 no mop enabled
!
!
ip http server
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
!
ip access-list extended autosec_firewall_acl
 remark SDM_ACL Category=16
 permit udp any any eq bootpc
 deny   ip any any
!
logging trap debugging
logging facility local2
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 remark d
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
!
banner motd ^C
*------------------------------------------------*
|THIS IS orca 10.0.0.1. THIS IS A PRIVATE SYSTEM |
|FOR AUTHORIZED USERS ONLY! ALL ACTIVITES ON THIS|
|SYSTEM ARE LOGGED FOR SECURITY. ANY ILLEGAL OR  |
|UNAUTHORIZED ACTIVITY WILL RESULT IN LEGAL ACTI-|
|ON. IF YOU ARE NOT AUTHORIZED TO USE THIS SYSTEM|
|TERMINATE YOUR ACCESS NOW!                      |
*------------------------------------------------*
PLEASE LOG IN:^C
!
line con 0
 exec-timeout 5 0
 login authentication local_auth
 transport output telnet
 stopbits 1
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
 stopbits 1
line vty 0 4
 password 7 
 login authentication local_auth
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
 
Sort by date Sort by votes
BTW, If I plug the outside-facing interface (gi0/1) into a switch it grabs an IP instantly.
 
Upvote 0 Downvote
So what's the problem? What does it connect to when it does not get an IP address, and when it does? We need a lot more info...

Burt
 
Upvote 0 Downvote
OK.

gi0/0 is connected to a Catalyst 3560. When I plug gi0/1 into this switch also, my internal DHCP server hands out an IP. When I plug gi0/1 back into the cable modem, and reboot both the modem and router, I get no IP.

hope this clears it up.
 
Upvote 0 Downvote
Yes, I am clear...try manipulating these
duplex auto
speed auto
and hardcode them, to whatever the speed is (perhaps 10MBps?) and duplex-half...many modems are duplex half. To verify this, look at sh int g0/1

Also, if anything, put the modem and router connected to a hub and run Wireshark, if you can.
Does the cable modem hand out an IP to a pc? Also, have you tried a crossover cable, if you are connecting the modem directly to the router? Just a shot in the dark...we really need to look at sh int...post this now, then clear the counters, and hook the router to the modem and wait, and post the new sh interfaces g0/1...if you see several interface resets, or better yet, late-collisions, the late collisions are an almost definite duplex mismatch problem.

Burt
 
Upvote 0 Downvote
I have the same setup like you, but with a 2621XM. My provider was Cox Cable, and they remember my mac address from my old linksys router. I simply turned off my modem for 10 minutes. After 10 minutes, I turned the modem on and plugged in the 2621XM, and I was given an address. This could be something you are running into. I have also cloned the linksys mac address to the 2621Xm and it worked fine also that way.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
221
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
201
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
202
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
206
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
263
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top