01-05-2006 10:45 AM - edited 03-03-2019 01:20 AM
I'm trying to setup a 2514 to connect to an ISP through a cable modem. I'm running c2500-io-l.122-32 IOS, here are my configs:
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp pool Internal-DHCP
import all
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
ip inspect name cbac tcp
ip inspect name cbac udp
interface e1
ip address 192.168.100.1 255.255.255.0
ip nat inside
interface e0
ip address dhcp
ip access-group CBAC in
ip inspect cbac out
ip nat outside
ip nat inside source list NATACL interface e0 overload
ip access-list extended CBAC
permit udp any eq bootps any eq bootpc
permit gre any any
permit icmp any any echo
permit icmp any any echo reply
permit icmp any any traceroute
deny ip any any log
ip access-list extended NATACL
permit ip 192.168.100.0 0.0.0.255 any
The e0 is connected to the cable modem, and the e1 to an access port on a 3500 switch. I have 2 PCs connected to the access ports on the switch, all ports being on the same vlan. The PCs have the 192.168.100.11 and 192.168.100.12 addresses and they're able to ping the e1 (192.168.100.1), but they're unable to get onto the web.
I did a show int brief on the e0 and saw the 2514 acquire a DHCP address on its e0 int. Doing a sho ip route has all data going through the default gateway. When I run debug ip dhcp server cmds, I don't see the 2514 trying to assign IPs to the PCs. I can post the results from the show cmds if it would help.
What are some possible issues, and how should I troubleshoot this?
01-05-2006 11:56 AM
I have a couple of thoughts.
If you do not have DNS configured on the PC you need to configure it in the DHCP.
I noticed you have the access list CBAC configured on the E0 interface. Why are you denying all IP from the Internet? I know IP inspect does some screwy work with creating openings for established sessions what does your log show.
Have you tried pinging devices from the router out to the internet then done extended pings from the router using the E1 interface as your source?
One last thing have you attempted to remove the firewall and access list, then reboot to see if it works then?
Let us know.
If this helps please rate.
Mike
01-05-2006 01:02 PM
I removed the CBAC access list, rebooted and still no change. If don't have a DNS server, so how would I configure it in the router?
From the router, I've successfully pinged my ISP's server on the web but I haven't tried an extended ping from my E1 yet.
My PCs don't seem to be acquiring IPs from the 2514. I gave them static IPs to make sure connectivity was fine, and it was. When I forced them back to obtaining an IP automatically & ran an ipconfig /renew, I saw in the debug log that the 2514 was rejecting requests because the clients were not on the 192.168.100.0 network.
01-05-2006 12:09 PM
Take a look at the configuration guide at this site. Just glancing you might need to run the following command: no ip dhcp conflict logging
Otherwise go through the the configuration tasks and see the show and debug commands for more assistance.
Hope this helps.
Steve
01-05-2006 02:52 PM
Hi,
a working example for a DHCP pool would be
ip dhcp pool mypool
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns 4.2.2.2 141.1.1.1
Please replace the DNS ip addresses with the ones of your ISP. You can check the settings in your PCs in a dos command shell by issuing ipconfig /all - the default gateway and the DNS servers should show up.
Hope this helps
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide