12-02-2004 06:19 AM - edited 03-02-2019 08:21 PM
I'm frustrated at the convoluted Cisco documentation; all I need is the syntax for configuring a 1710 WAN interface as a DHCP client on the backside of a DSL modem running DHCP server.
Can anyone provide me with a link to a COMPREHENSIVE Cisco IOS 12.3 Command Reference?
I'm not in the mood to hack around the 1710 using '?' a hundred times to trial-and-error it out...
Thanks,
Marc
Solved! Go to Solution.
12-02-2004 09:21 AM
All you need is to go to ethernet interface...and specify the following command..
int e0 or int fa0/0
ip address dhcp.
I dont know if your DSL modem is doing PPPOE for you. If not you will have to setup PPPOE on your router. If thats the case, use the following link
12-02-2004 09:21 AM
All you need is to go to ethernet interface...and specify the following command..
int e0 or int fa0/0
ip address dhcp.
I dont know if your DSL modem is doing PPPOE for you. If not you will have to setup PPPOE on your router. If thats the case, use the following link
12-02-2004 12:11 PM
Good to hear from you again, Shanky;
It worked - the 1711 outside interface Fa0 pulls a DHCP address from the DSL modem; but now I'm stuck on the inside interfaces (Fa1-4), now. I have an IP pool configured:
ip dhcp excluded-address 10.xx.xxx.xxx 10.xx.xxx.xxx
!
ip dhcp pool API_Network
network 10.xx.xxx.xxx 255.255.255.0
But now, do I need a command on the Fa1-4 interfaces that explicitly defines these IP as being assigned by the router's IP pool? I've tried to assign IP addresses on these interfaces, but I get this error:
% IP addresses may not be configured on L2 links.
What is the command that designates this interface with a DHCP server assigned IP?
Thanks already,
Marc
12-02-2004 01:36 PM
I have not worked much with the 1711s or 12s. But I think you have a 4 port wic in a wic slot on the router ? If thats the case I am pretty sure you can configure vlans on that switch. Basically the 4 ethernet ports are layer 2 ports. You willneed to configure a vlan interface (layer 3), assign the switch ports to that vlan and apply the IP address of the inside subnet (10.xx.xx.xxx) to this vlan interface. Once this is done, your DHCP pool will bind to this layer 3 vlan interface and start assigning addresses to the inside DHCP clients.
Hope that helps!
Check this link
http://www.cisco.com/en/US/products/hw/routers/ps221/prod_configuration_basics09186a00801a055a.html
12-08-2004 02:17 PM
Thanks for the link;
In order to bypass troubleshooting DHCP server issues on the 1711, I configured a static IP on the test host and ran from there; I was soon able to ping the 1711 on both interfaces, but the test host cannot ping the DSL router (although the 1711 can!)...
I have a default route set up:
(ip route 0.0.0.0 0.0.0.0 FastEthernet 0)
...but should
I have other route statements in there to get connectivity past the DSL router, or should I be NAT'ing at the 1711?
I'm getting close on this, but so is my deadline!
Thanks so far, Shanky.
Marc
12-08-2004 02:59 PM
Your DSL router needs to know the internal network behind the 1711. Otherwise it does not know how to reply back to your pings from the host PC. What you need to do here is either configure routes on the DSL router to reach the internal network and configure NAT on this router (dont know if your router does support NAT). Or else you can configure NAT on the 1711 and forget about adding routes on the DSL router. NAT is a must for you to provide outbound connectivity to your PCs.
Hope that helps!
12-09-2004 05:51 AM
OK, I had the concept right; I tried to configure NAT on the 1711 but missed something in the syntax (because it didn't work), so I pulled those lines out.
If you know the commands, that would be great!
Here's a copy of the config for reference:
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname #####
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret #####
!
username ##### password #####
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
aaa authentication login default group tacacs+ local
aaa authentication login console local
aaa authorization exec default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa session-id common
ip subnet-zero
!
ip dhcp excluded-address 10.xx.xx.xx 10.xx.xx.xx
!
ip dhcp pool #####
network 10.xx.xx.xx 255.xxx.xxx.xxx
!
no ip domain lookup
ip domain name ####.#####
ip name-server ##.##.##.##
ip cef
ip ids po max-events 100
no ftp-server write-enable
crypto isakmp policy 20
hash md5
authentication pre-share
lifetime 36000
crypto isakmp key ##### address xx.xx.xx.xx
!
!
crypto map hostsitemap 20 ipsec-isakmp
set peer ##.##.##.##
set security-association lifetime seconds 36000
set pfs group2
match address 100
!
interface FastEthernet0 [outside]
ip address dhcp
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1 [inside #1]
no ip address
duplex full
no cdp enable
!
interface FastEthernet2 [inside #2]
no ip address
no cdp enable
!
interface FastEthernet3 [inside #3]
no ip address
no cdp enable
!
interface FastEthernet4 [inside #4]
no ip address
no cdp enable
!
interface Vlan1
ip address 10.xx.xx.xx 255.xxx.xxx.xxx
ip tcp adjust-mss 1452
!
interface Async1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip http server
ip http authentication local
ip http secure-server
!
access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx 10.xx.xx.0 0.0.xx.xx
access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx host xxx.xxx.xxx.xxx
access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx host xxx.xxx.xxx.xxx
access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx host xxx.xxx.xxx.xxx
access-list 120 permit tcp any any eq 22
access-list 120 permit tcp 10.xx.xx.0 0.0.xxx.xxx any eq telnet
access-list 120 permit tcp 150.xxx.xxx.0 0.0.xxx.xxx any eq telnet
access-list 120 permit tcp host xxx.xxx.xxx.xxx any eq telnet
no cdp run
!
control-plane
!
line con 0
session-timeout 7
line 1
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
exec-timeout 1 0
login authentication local
no exec
line vty 0 4
session-timeout 21
privilege level 15
transport preferred telnet
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
Marc
12-09-2004 08:00 AM
Marc,
Not sure if you solved your problem or not....
Here's an example of a VPN that I did using the same equipment:
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.9.1 192.168.9.49
ip dhcp excluded-address 192.168.9.101 192.168.9.254
!
ip dhcp pool XXXXXXXXX
network 192.168.9.0 255.255.255.0
default-router 192.168.9.1
dns-server 192.168.1.11 192.168.1.2
netbios-name-server 192.168.1.11
!
!
ip cef
ip ids po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXX address x.x.x.x
!
!
crypto ipsec transform-set tunnelset esp-3des esp-md5-hmac
!
crypto map XXX local-address FastEthernet0
crypto map XXX 10 ipsec-isakmp
set peer x.x.x.x
set transform-set tunnelset
match address 101
!
!
!
interface FastEthernet0
description Ethernet to cable modem
ip address x.x.x.x
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map XXX
!
interface FastEthernet1
description Customer LAN
no ip address
!
interface FastEthernet2
description Customer LAN
no ip address
!
interface FastEthernet3
description Customer LAN
no ip address
!
interface FastEthernet4
description Customer LAN
no ip address
!
interface Vlan1
description Customer LAN
ip address 192.168.9.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0 overload
!
!
!
snmp-server enable traps tty
!
route-map nonat permit 10
match ip address 102
!
!
control-plane
!
!
!
end
Did you give your Ethernet ports access to the VLAN ?
Router(config)#interface range fastEthernet 1 - 4
Router(config-if-range)#switch port access vlan 1
12-09-2004 08:11 AM
Drumb0y,
I didnt realize that you were doing crypto maps until you posted the configs. The link below might help on specifying the NAT statements.
Like in the other post, your switch ports (interfaces 1 - 4) should be part of vlan 1 so that your clients can get a dhcp address.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: