cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
651
Views
4
Helpful
8
Replies

EASY QUESTION: Configuring 1710 as DHCP client

drumrb0y
Beginner
Beginner

I'm frustrated at the convoluted Cisco documentation; all I need is the syntax for configuring a 1710 WAN interface as a DHCP client on the backside of a DSL modem running DHCP server.

Can anyone provide me with a link to a COMPREHENSIVE Cisco IOS 12.3 Command Reference?

I'm not in the mood to hack around the 1710 using '?' a hundred times to trial-and-error it out...

Thanks,

Marc

1 Accepted Solution

Accepted Solutions

thisisshanky
Advisor
Advisor

All you need is to go to ethernet interface...and specify the following command..

int e0 or int fa0/0

ip address dhcp.

I dont know if your DSL modem is doing PPPOE for you. If not you will have to setup PPPOE on your router. If thats the case, use the following link

http://www.cisco.com/en/US/products/hw/modules/ps2641/prod_module_installation_guide09186a008007cf93.html#1044512

http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_guide_chapter09186a008007e593.html

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

View solution in original post

8 Replies 8

thisisshanky
Advisor
Advisor

All you need is to go to ethernet interface...and specify the following command..

int e0 or int fa0/0

ip address dhcp.

I dont know if your DSL modem is doing PPPOE for you. If not you will have to setup PPPOE on your router. If thats the case, use the following link

http://www.cisco.com/en/US/products/hw/modules/ps2641/prod_module_installation_guide09186a008007cf93.html#1044512

http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_guide_chapter09186a008007e593.html

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Good to hear from you again, Shanky;

It worked - the 1711 outside interface Fa0 pulls a DHCP address from the DSL modem; but now I'm stuck on the inside interfaces (Fa1-4), now. I have an IP pool configured:

ip dhcp excluded-address 10.xx.xxx.xxx 10.xx.xxx.xxx

!

ip dhcp pool API_Network

network 10.xx.xxx.xxx 255.255.255.0

But now, do I need a command on the Fa1-4 interfaces that explicitly defines these IP as being assigned by the router's IP pool? I've tried to assign IP addresses on these interfaces, but I get this error:

% IP addresses may not be configured on L2 links.

What is the command that designates this interface with a DHCP server assigned IP?

Thanks already,

Marc

I have not worked much with the 1711s or 12s. But I think you have a 4 port wic in a wic slot on the router ? If thats the case I am pretty sure you can configure vlans on that switch. Basically the 4 ethernet ports are layer 2 ports. You willneed to configure a vlan interface (layer 3), assign the switch ports to that vlan and apply the IP address of the inside subnet (10.xx.xx.xxx) to this vlan interface. Once this is done, your DHCP pool will bind to this layer 3 vlan interface and start assigning addresses to the inside DHCP clients.

Hope that helps!

Check this link

http://www.cisco.com/en/US/products/hw/routers/ps221/prod_configuration_basics09186a00801a055a.html

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Thanks for the link;

In order to bypass troubleshooting DHCP server issues on the 1711, I configured a static IP on the test host and ran from there; I was soon able to ping the 1711 on both interfaces, but the test host cannot ping the DSL router (although the 1711 can!)...

I have a default route set up:

(ip route 0.0.0.0 0.0.0.0 FastEthernet 0)

...but should

I have other route statements in there to get connectivity past the DSL router, or should I be NAT'ing at the 1711?

I'm getting close on this, but so is my deadline!

Thanks so far, Shanky.

Marc

Your DSL router needs to know the internal network behind the 1711. Otherwise it does not know how to reply back to your pings from the host PC. What you need to do here is either configure routes on the DSL router to reach the internal network and configure NAT on this router (dont know if your router does support NAT). Or else you can configure NAT on the 1711 and forget about adding routes on the DSL router. NAT is a must for you to provide outbound connectivity to your PCs.

Hope that helps!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

OK, I had the concept right; I tried to configure NAT on the 1711 but missed something in the syntax (because it didn't work), so I pulled those lines out.

If you know the commands, that would be great!

Here's a copy of the config for reference:

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname #####

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret #####

!

username ##### password #####

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

aaa new-model

!

aaa authentication login default group tacacs+ local

aaa authentication login console local

aaa authorization exec default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa session-id common

ip subnet-zero

!

ip dhcp excluded-address 10.xx.xx.xx 10.xx.xx.xx

!

ip dhcp pool #####

network 10.xx.xx.xx 255.xxx.xxx.xxx

!

no ip domain lookup

ip domain name ####.#####

ip name-server ##.##.##.##

ip cef

ip ids po max-events 100

no ftp-server write-enable

crypto isakmp policy 20

hash md5

authentication pre-share

lifetime 36000

crypto isakmp key ##### address xx.xx.xx.xx

!

!

crypto map hostsitemap 20 ipsec-isakmp

set peer ##.##.##.##

set security-association lifetime seconds 36000

set pfs group2

match address 100

!

interface FastEthernet0 [outside]

ip address dhcp

duplex auto

speed auto

no cdp enable

!

interface FastEthernet1 [inside #1]

no ip address

duplex full

no cdp enable

!

interface FastEthernet2 [inside #2]

no ip address

no cdp enable

!

interface FastEthernet3 [inside #3]

no ip address

no cdp enable

!

interface FastEthernet4 [inside #4]

no ip address

no cdp enable

!

interface Vlan1

ip address 10.xx.xx.xx 255.xxx.xxx.xxx

ip tcp adjust-mss 1452

!

interface Async1

no ip address

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0

ip http server

ip http authentication local

ip http secure-server

!

access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx 10.xx.xx.0 0.0.xx.xx

access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx host xxx.xxx.xxx.xxx

access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx host xxx.xxx.xxx.xxx

access-list 100 permit ip 10.xx.xx.0 0.0.xx.xx host xxx.xxx.xxx.xxx

access-list 120 permit tcp any any eq 22

access-list 120 permit tcp 10.xx.xx.0 0.0.xxx.xxx any eq telnet

access-list 120 permit tcp 150.xxx.xxx.0 0.0.xxx.xxx any eq telnet

access-list 120 permit tcp host xxx.xxx.xxx.xxx any eq telnet

no cdp run

!

control-plane

!

line con 0

session-timeout 7

line 1

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

exec-timeout 1 0

login authentication local

no exec

line vty 0 4

session-timeout 21

privilege level 15

transport preferred telnet

transport input telnet ssh

line vty 5 15

privilege level 15

transport input telnet ssh

Marc

Marc,

Not sure if you solved your problem or not....

Here's an example of a VPN that I did using the same equipment:

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

ip dhcp excluded-address 192.168.9.1 192.168.9.49

ip dhcp excluded-address 192.168.9.101 192.168.9.254

!

ip dhcp pool XXXXXXXXX

network 192.168.9.0 255.255.255.0

default-router 192.168.9.1

dns-server 192.168.1.11 192.168.1.2

netbios-name-server 192.168.1.11

!

!

ip cef

ip ids po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key XXX address x.x.x.x

!

!

crypto ipsec transform-set tunnelset esp-3des esp-md5-hmac

!

crypto map XXX local-address FastEthernet0

crypto map XXX 10 ipsec-isakmp

set peer x.x.x.x

set transform-set tunnelset

match address 101

!

!

!

interface FastEthernet0

description Ethernet to cable modem

ip address x.x.x.x

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map XXX

!

interface FastEthernet1

description Customer LAN

no ip address

!

interface FastEthernet2

description Customer LAN

no ip address

!

interface FastEthernet3

description Customer LAN

no ip address

!

interface FastEthernet4

description Customer LAN

no ip address

!

interface Vlan1

description Customer LAN

ip address 192.168.9.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Async1

no ip address

!

ip classless

ip route 0.0.0.0 0.0.0.0 X.X.X.X

no ip http server

no ip http secure-server

ip nat inside source route-map nonat interface FastEthernet0 overload

!

!

!

snmp-server enable traps tty

!

route-map nonat permit 10

match ip address 102

!

!

control-plane

!

!

!

end

Did you give your Ethernet ports access to the VLAN ?

Router(config)#interface range fastEthernet 1 - 4

Router(config-if-range)#switch port access vlan 1

Drumb0y,

I didnt realize that you were doing crypto maps until you posted the configs. The link below might help on specifying the NAT statements.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

Like in the other post, your switch ports (interfaces 1 - 4) should be part of vlan 1 so that your clients can get a dhcp address.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers