Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2309
Views
0
Helpful
10
Replies

firewall blocking DHCP on cisco 1921 k9

Go to solution
SMRHosting
Level 1
Level 1

‎04-20-2012 08:25 AM - edited ‎03-11-2019 03:56 PM

I have a 1921 k9 router that has several DHCP pools configured. Before implementing the firewall they were all working. After implementing it they stopped working. I messed around and got the routed port GE0/1 handing out IP addresses and left it alone. Somehow it quit handing out IP addresses yesterday. I am not experienced with routers I sort had this dumped on me. I dont know if its a quick fix or not (getting DHCP working on the interfaces) but if not someone could just link me to an article that will walk me through getting DHCP working on all of the interfaces it would be awsome.

Building configuration...

Current configuration : 18882 bytes

!

! Last configuration change at 10:05:36 NewYork Fri Apr 20 2012 by dave

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Bulldog

!

boot-start-marker

boot system usbflash0:c1900-universalk9-mz.SPA.151-3.T.bin

boot-end-marker

!

!

no logging buffered

!

no aaa new-model

!

clock timezone NewYork -5 0

clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.5.1 192.168.5.24

ip dhcp excluded-address 192.168.101.1 192.168.101.10

ip dhcp excluded-address 192.168.100.1 192.168.100.2

ip dhcp excluded-address 192.168.25.1 192.168.25.10

ip dhcp excluded-address 192.168.10.1 192.168.10.10

ip dhcp excluded-address 192.168.5.1 192.168.5.10

ip dhcp excluded-address 192.168.1.1 192.168.1.10

ip dhcp excluded-address 192.168.1.10 192.168.1.254

!

ip dhcp pool Noc

   network 192.168.1.0 255.255.255.0

   dns-server 192.168.1.6 192.168.1.3

   default-router 192.168.1.1

!

ip dhcp pool MGMT

   network 192.168.101.0 255.255.255.240

   dns-server 192.168.1.6 192.168.1.3

   default-router 192.168.101.1

!

ip dhcp pool VDI

   network 192.168.100.0 255.255.255.0

   dns-server 192.168.1.6 192.168.1.3

   default-router 192.168.100.1

!

ip dhcp pool App-Servers

   network 192.168.25.0 255.255.255.240

   dns-server 192.168.1.6 192.168.1.3

   default-router 192.168.25.1

!

ip dhcp pool Ext-Servers

   network 192.168.10.0 255.255.255.240

   dns-server 192.168.1.6 192.168.1.3

   default-router 192.168.10.1

!

ip dhcp pool Int-Server

   network 192.168.5.0 255.255.255.240

   dns-server 192.168.1.6 192.168.1.3

   default-router 192.168.5.1

!

!

ip name-server 192.168.1.6

ip name-server 192.168.1.3

ip port-map kerberos port udp 88

ip port-map user-ldap port udp 389

ip port-map user-SOAP port tcp 9389

ip port-map user-DFSR port tcp 5722

ip port-map user-WINS port tcp 42

ip port-map user-GlobalCatalog port tcp from 3268 to 3269

ip port-map user-NetBiosNR port tcp 137 description NetBios Name Resolution

ip port-map user-RemoteDesktop port tcp 3389 description MS RDP

ip port-map user-SMB port tcp 445

ip port-map user-RPC port tcp from 49152 to 65535

!

multilink bundle-name authenticated

!

parameter-map type protocol-info msn-servers

server name messenger.hotmail.com

server name gateway.messenger.hotmail.com

server name webmessenger.msn.com

parameter-map type protocol-info aol-servers

server name login.oscar.aol.com

server name toc.oscar.aol.com

server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers

server name scs.msg.yahoo.com

server name scsa.msg.yahoo.com

server name scsb.msg.yahoo.com

server name scsc.msg.yahoo.com

server name scsd.msg.yahoo.com

server name cs16.msg.dcn.yahoo.com

server name cs19.msg.dcn.yahoo.com

server name cs42.msg.dcn.yahoo.com

server name cs53.msg.dcn.yahoo.com

server name cs54.msg.dcn.yahoo.com

server name ads1.vip.scd.yahoo.com

server name radio1.launch.vip.dal.yahoo.com

server name in1.msg.vip.re2.yahoo.com

server name data1.my.vip.sc5.yahoo.com

server name address1.pim.vip.mud.yahoo.com

server name edit.messenger.yahoo.com

server name messenger.yahoo.com

server name http.pager.yahoo.com

server name privacy.yahoo.com

server name csa.yahoo.com

server name csb.yahoo.com

server name csc.yahoo.com

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-4227729276

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4227729276

revocation-check none

!

!

crypto pki certificate chain TP-self-signed-4227729276

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 34323237 37323932 3736301E 170D3132 30343139 32313430

  32315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32323737

  32393237 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BD97 9407A326 2B2C5E3E 1BEE848C 9DBA6E5E 359E481A 125294BA 19CCF853

  7CEE2B90 58275061 CAD3EEB6 F89CB220 15343AE9 B1BAF818 C94D3036 568EF9F8

  4280497F D1C3579F B8D2AB67 F523FE6A E651DC48 C60E85FC 5361997C 77ACF34A

  F344A000 5E8CDBC9 AB557E60 FC456A08 35B252AC C4CAD14C 181EB7AC AE75CA50

  7A9D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 1483B6F0 CE5D321D CBA30EF9 A22617C3 04676E73 4C301D06

  03551D0E 04160414 83B6F0CE 5D321DCB A30EF9A2 2617C304 676E734C 300D0609

  2A864886 F70D0101 04050003 8181004C AC280AE7 1FE34052 37E59476 48DB23CD

  F1DF2A58 7531AFCC D561BA75 AA144DB0 6A506241 71CCE4A0 AD8156B8 CDDE9105

  1C0C01DD 1F01B34C E77A7F61 EFC498BA DDF36F0B 578317F4 812D03C9 68462859

  9BDE3860 DC977751 643741A8 AB8D176A D0ED61B0 32E4215A 8B292386 293B9336

  77629DBF 8D970388 A0FD0F77 32E6FF

            quit

license udi pid CISCO1921/K9 sn FTX1448Y05L

!

!

!

redundancy

!

!

!

!

no ip ftp passive

!

class-map type inspect match-any SDM_BOOTPC

match access-group name SDM_BOOTPC

class-map type inspect match-any LANMan

description LAN Management

match protocol https

match protocol icmp

match protocol ssh

match protocol bootps

match protocol bootpc

class-map type inspect imap match-any ccp-app-imap

match  invalid-command

class-map type inspect match-any ccp-cls-protocol-p2p

match protocol edonkey signature

match protocol gnutella signature

match protocol kazaa2 signature

match protocol fasttrack signature

match protocol bittorrent signature

class-map type inspect match-any SDM_DHCP_CLIENT_PT

match class-map SDM_BOOTPC

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

class-map type inspect match-any sdm-cls-bootps

match protocol bootps

class-map type inspect match-any ccp-cls-insp-traffic

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect gnutella match-any ccp-app-gnutella

match  file-transfer

class-map type inspect match-any DesktopAdmin

description Desktop Administrator Services

match protocol http

match protocol https

match protocol icmp

match protocol snmp

match protocol ssh

match protocol user-RemoteDesktop

class-map type inspect match-any user-ldap

match protocol user-ldap

class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices

match  service any

class-map type inspect msnmsgr match-any ccp-app-msn-otherservices

match  service any

class-map type inspect match-any DomainTrafficUDP

description UDP Traffic

match protocol user-ldap

match protocol netbios-ns

match protocol kerberos

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-cls-protocol-im

match protocol ymsgr yahoo-servers

match protocol msnmsgr msn-servers

match protocol aol aol-servers

class-map type inspect aol match-any ccp-app-aol-otherservices

match  service any

class-map type inspect match-all ccp-protocol-pop3

match protocol pop3

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

class-map type inspect match-any DomainServerTraffic

description Server Ports

match protocol dns

match protocol ntp

match protocol msrpc

match protocol netbios-dgm

match protocol user-RPC

match protocol user-GlobalCatalog

match protocol user-SMB

match protocol user-DFSR

match protocol ldap

match protocol ldaps

match protocol smtp

match protocol user-WINS

match protocol user-NetBiosNR

match protocol user-SOAP

match protocol netbios-ssn

match protocol microsoft-ds

class-map type inspect pop3 match-any ccp-app-pop3

match  invalid-command

class-map type inspect kazaa2 match-any ccp-app-kazaa2

match  file-transfer

class-map type inspect match-all ccp-protocol-p2p

match class-map ccp-cls-protocol-p2p

class-map type inspect match-any ccp-h323-inspect

match protocol h323

class-map type inspect msnmsgr match-any ccp-app-msn

match  service text-chat

class-map type inspect ymsgr match-any ccp-app-yahoo

match  service text-chat

class-map type inspect match-all ccp-protocol-im

match class-map ccp-cls-protocol-im

class-map type inspect match-all ccp-invalid-src

match access-group 103

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect edonkey match-any ccp-app-edonkey

match  file-transfer

match  text-chat

match  search-file-name

class-map type inspect match-any ccp-dmz-protocols

match protocol dns

class-map type inspect match-any ccp-sip-inspect

match protocol sip

class-map type inspect match-all ccp-dmz-traffic

match access-group name dmz-traffic

match class-map ccp-dmz-protocols

class-map type inspect edonkey match-any ccp-app-edonkeydownload

match  file-transfer

class-map type inspect aol match-any ccp-app-aol

match  service text-chat

class-map type inspect match-all ccp-protocol-imap

match protocol imap

class-map type inspect edonkey match-any ccp-app-edonkeychat

match  search-file-name

match  text-chat

class-map type inspect fasttrack match-any ccp-app-fasttrack

match  file-transfer

class-map type inspect match-all ccp-protocol-http

match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect sdm-cls-bootps

  pass

class type inspect ccp-icmp-access

  inspect

class class-default

  pass

policy-map type inspect p2p ccp-action-app-p2p

class type inspect edonkey ccp-app-edonkeychat

  log

  allow

class type inspect edonkey ccp-app-edonkeydownload

  log

  allow

class type inspect fasttrack ccp-app-fasttrack

  log

  allow

class type inspect gnutella ccp-app-gnutella

  log

  allow

class type inspect kazaa2 ccp-app-kazaa2

  log

  allow

policy-map type inspect im ccp-action-app-im

class type inspect aol ccp-app-aol

  log

  allow

class type inspect msnmsgr ccp-app-msn

  log

  allow

class type inspect ymsgr ccp-app-yahoo

  log

  allow

class type inspect aol ccp-app-aol-otherservices

  log

  reset

class type inspect msnmsgr ccp-app-msn-otherservices

  log

  reset

class type inspect ymsgr ccp-app-yahoo-otherservices

  log

  reset

policy-map type inspect imap ccp-action-imap

class type inspect imap ccp-app-imap

  log

policy-map type inspect pop3 ccp-action-pop3

class type inspect pop3 ccp-app-pop3

  log

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

class type inspect ccp-protocol-http

  inspect

class type inspect ccp-protocol-imap

  inspect

  service-policy imap ccp-action-imap

class type inspect ccp-protocol-pop3

  inspect

  service-policy pop3 ccp-action-pop3

class type inspect ccp-protocol-p2p

  inspect

  service-policy p2p ccp-action-app-p2p

class type inspect ccp-protocol-im

  inspect

  service-policy im ccp-action-app-im

class type inspect ccp-insp-traffic

  inspect

class type inspect ccp-sip-inspect

  inspect

class type inspect ccp-h323-inspect

  inspect

class type inspect ccp-h323annexe-inspect

  inspect

class type inspect ccp-h225ras-inspect

  inspect

class type inspect ccp-h323nxg-inspect

  inspect

class type inspect ccp-skinny-inspect

  inspect

class class-default

  drop

policy-map type inspect ccp-permit

class type inspect SDM_DHCP_CLIENT_PT

  pass

class class-default

  drop

policy-map type inspect ccp-permit-dmzservice

class type inspect ccp-dmz-traffic

  inspect

class class-default

  drop log

policy-map type inspect LANMgmt

class type inspect LANMan

  inspect

class class-default

  drop log

policy-map type inspect DomainServices-Inspect

class type inspect DomainTrafficUDP

  inspect

class type inspect DomainServerTraffic

  inspect

class class-default

  drop log

policy-map type inspect DesktopServices

description Remote Access and Desktop diag

class type inspect DesktopAdmin

  inspect

class class-default

  drop log

!

zone security dmz-zone

zone security in-zone

zone security out-zone

zone security LAN

zone security INT-Servers

zone security App-Servers

zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone

service-policy type inspect ccp-permit-dmzservice

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-in-dmz source in-zone destination dmz-zone

service-policy type inspect ccp-permit-dmzservice

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

zone-pair security In-LAN source in-zone destination LAN

service-policy type inspect LANMgmt

zone-pair security INTServers-Out source INT-Servers destination out-zone

service-policy type inspect ccp-inspect

zone-pair security INZone-zp-INT-Servers source in-zone destination INT-Servers

service-policy type inspect DesktopServices

zone-pair security INTServers-zp-InZone source INT-Servers destination in-zone

service-policy type inspect DomainServices-Inspect

!

!

!

!

!

!

!

interface Loopback0

ip address 192.168.2.1 255.255.255.255

!

interface GigabitEthernet0/0

description $ETH-WAN$$FW_OUTSIDE$

ip address dhcp client-id GigabitEthernet0/0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

zone-member security out-zone

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

description NOC Link$ETH-LAN$$FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly in

zone-member security in-zone

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/0/0

switchport mode trunk

!

interface GigabitEthernet0/0/1

switchport mode trunk

!

interface GigabitEthernet0/0/2

switchport mode trunk

!

interface GigabitEthernet0/0/3

switchport mode trunk

!

interface Vlan1

description $MGMT$

ip address 192.168.101.1 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

zone-member security LAN

!

interface Vlan5

description $Int-Servers$

ip address 192.168.5.1 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

zone-member security INT-Servers

!

interface Vlan10

description $Ext-Servers$$FW_DMZ$

ip address 192.168.10.1 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

zone-member security dmz-zone

!

interface Vlan25

description $App-Servers$

ip address 192.168.25.1 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

zone-member security App-Servers

!

interface Vlan100

description $Usr-Desktops$

ip address 192.168.100.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

!

no ip http server

ip http access-class 4

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip nat inside source list 3 interface GigabitEthernet0/0 overload

!

ip access-list extended SDM_BOOTPC

remark CCP_ACL Category=0

permit udp any any eq bootpc

ip access-list extended SwitchToDNS

remark CCP_ACL Category=128

permit ip host 192.168.101.2 host 192.168.1.3

permit ip host 192.168.101.2 host 192.168.1.6

ip access-list extended dmz-traffic

remark CCP_ACL Category=1

permit ip any host 192.168.10.2

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 remark HTTP Access-class list

access-list 2 remark CCP_ACL Category=1

access-list 2 permit 192.168.1.0 0.0.0.255

access-list 2 deny   any

access-list 3 remark CCP_ACL Category=2

access-list 3 permit 192.168.100.0 0.0.0.255

access-list 3 permit 192.168.101.0 0.0.0.15

access-list 3 permit 192.168.5.0 0.0.0.15

access-list 3 permit 192.168.10.0 0.0.0.15

access-list 3 permit 192.168.25.0 0.0.0.15

access-list 4 remark Auto generated by SDM Management Access feature

access-list 4 remark CCP_ACL Category=1

access-list 4 permit 192.168.1.0 0.0.0.255

access-list 100 remark Auto generated by SDM Management Access feature

access-list 100 remark CCP_ACL Category=1

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq 22

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq 443

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq cmd

access-list 100 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 100 deny   tcp any host 192.168.1.1 eq telnet

access-list 100 deny   tcp any host 192.168.1.1 eq 22

access-list 100 deny   tcp any host 192.168.1.1 eq www

access-list 100 deny   tcp any host 192.168.1.1 eq 443

access-list 100 deny   tcp any host 192.168.1.1 eq cmd

access-list 100 deny   udp any host 192.168.1.1 eq snmp

access-list 100 permit ip any any

access-list 101 remark Auto generated by SDM Management Access feature

access-list 101 remark CCP_ACL Category=1

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 remark Auto generated by SDM Management Access feature

access-list 102 remark CCP_ACL Category=1

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

access-list 103 remark CCP_ACL Category=128

access-list 103 permit ip host 255.255.255.255 any

access-list 103 permit ip 127.0.0.0 0.255.255.255 any

access-list 103 permit ip 192.168.10.0 0.0.0.15 any

!

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

access-class 102 in

login local

transport input ssh

transport output ssh

line vty 5 15

access-class 101 in

privilege level 15

login local

transport input ssh

transport output ssh

!

scheduler allocate 20000 1000

ntp update-calendar

ntp server 208.66.175.36 prefer source GigabitEthernet0/0

ntp server 64.90.182.55 prefer source GigabitEthernet0/0

ntp server 96.47.67.105 prefer source GigabitEthernet0/0

end

Labels:
126712-config.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to Henrik Grankvist

‎04-22-2012 08:13 AM

I think i may have missunderstood your problem...

Is it just the clients connected to th G0/1 interface that doesn't receive an IP address through DHCP but the clients connected to G0/0/0 - 3 gets IP addresses?

In that case, do this:

no ip dhcp excluded-address 192.168.1.10 192.168.1.254

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Henrik Grankvist
Level 4
Level 4

‎04-21-2012 10:57 AM

I can help you but I'm gonna make som big changes to the config because this config i fu**ed up

First question: Is there a specific reason why you use vlan-interfaces or is it OK if I tell you to use sub-interfaces?

0 Helpful

Go to solution
SMRHosting
Level 1
Level 1
In response to Henrik Grankvist

‎04-21-2012 12:52 PM

I dont mind changing the config. This is my 1st time setting up a cisco router. The reason I used the vlan-interfaces is because that was the first way I figured out how to get VLANs running on the router.

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to SMRHosting

‎04-21-2012 03:34 PM

Ok, good.

I guess the G0/1 interface is connected to a switch?

For a configuration with subinterfaces the interface of the switch connected to the router have to be in trunk mode, if it not already is.

But its really late here so I will go to bed and help you out tomorrow.

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to Henrik Grankvist

‎04-22-2012 03:56 AM

Ok I attached a simple config that will work (hopefully ).

I've made it pretty simple and just used three zones: inside, outside and dmz. Before you had one zone for every interface. I don't know if it has to be that way in your case, but I can help you to configure that if you want it.

The old config had alot of windows server protocols in its inspection-rules that is now removed, but it would be more secure to have it, but then you would need more zones, you can probably play around in SDM/CCP to get it back.

I removed the IP address on the physical interface (G0/1) and put it on the G0/1.2 subinterface, it does not belong to a VLAN, because the servers that was on that subnet before didn't belong to one (I think), so I didn't want to make too big of a hazzle for you.

It uses sub-interfaces so the link between the switch and this router has to be trunked.

Any questions, just ask. I probably missed something

126761-new-config.txt.zip
0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to Henrik Grankvist

‎04-22-2012 08:13 AM

I think i may have missunderstood your problem...

Is it just the clients connected to th G0/1 interface that doesn't receive an IP address through DHCP but the clients connected to G0/0/0 - 3 gets IP addresses?

In that case, do this:

no ip dhcp excluded-address 192.168.1.10 192.168.1.254

0 Helpful

Go to solution
SMRHosting
Level 1
Level 1
In response to Henrik Grankvist

‎04-23-2012 01:03 PM

I sent you a PM. I loaded the config but it has made the router unuseable. None of the interfaces work either via DHCP or static IP address and I am unable to connect to the router via SSH from 192.168.1.0 (GE0/1) I am in the process of reloading the old config I have never had to restore via a config via the CLI before. Hopefully finding the process will be easier than getting a usb console connection working (device manager keep installing the virtual console interface wrong) I eventually had to go buy a serial cable and connect via that. I would still like to use the sub interfaces if possible.

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to SMRHosting

‎04-23-2012 02:20 PM

Shit, I knew I should have deleted by earlier post, because in my second post I posted what I think was the solution to your problem

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to Henrik Grankvist

‎04-23-2012 02:23 PM

If you connect directly to the router with an cross-over cable with an IP address on your computer of 192.168.1.2/24 it should work for you to connect to it via the GUI.

0 Helpful

Go to solution
SMRHosting
Level 1
Level 1
In response to Henrik Grankvist

‎04-24-2012 09:41 AM

Alright I have a cross over cable I will use it next time. What exactly do you mean your second post? Are you talking about this line

no ip dhcp excluded-address 192.168.1.10 192.168.1.254

I went ahead and restored to an earlier version of the config. I am going to try and take some of your advice by shutting down vlan1 and implementing sub interfaces.

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to SMRHosting

‎04-24-2012 10:41 AM

Look at the PM I sent you before you do something.

"no ip dhcp excluded-address 192.168.1.10 192.168.1.254" Should have fixed your problems without changing the whole config. Sorry for that.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card