03-26-2014 06:58 AM - edited 03-04-2019 10:39 PM
Cannot get DHCP to work on ios 12.4 1841 router.
Clients send dhcp discover packets, not getting dhcp offer packets.
I've tried using dhcptest.exe utility (3rd party google it), that shows a dhcp offer packet for some reason.
Anyways, here's my config:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxxxxxx
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.103.1 192.168.103.249
!
ip dhcp pool DOT
import all
network 192.168.103.0 255.255.255.0
domain-name xxxxxxxxx.com
dns-server 192.168.100.2
default-router 192.168.103.1
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
login block-for 100 attempts 10 within 100
login delay 5
login on-failure log
login on-success log
multilink bundle-name authenticated
!
!
ip tcp synwait-time 10
!
!
!
interface FastEthernet0/0
description xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ip address 192.168.103.1 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.100.2
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
speed auto
half-duplex
no cdp enable
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address w.x.y.z 255.255.255.252
ip access-group 110 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
encapsulation ppp
no peer neighbor-route
no fair-queue
no cdp enable
!
router bgp 65011
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor w.x.y.z remote-as 65000
neighbor w.x.y.z remote-as 65000
no auto-summary
!
ip forward-protocol nd
!
!
ip http server
ip http access-class 90
ip http authentication local
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
access-list 90 remark HTTP Access-class list
access-list 90 permit 192.168.103.0 0.0.0.255 log
access-list 90 permit 192.168.100.0 0.0.0.255 log
access-list 90 deny any log
access-list 100 permit tcp 192.168.103.0 0.0.0.255 any
access-list 100 permit udp 192.168.103.0 0.0.0.255 any
access-list 100 permit icmp 192.168.103.0 0.0.0.255 any
access-list 100 deny ip any any log
access-list 101 remark VTY Access-class list
access-list 101 permit ip 192.168.100.0 0.0.0.255 any log
access-list 101 permit ip 192.168.103.0 0.0.0.255 any log
access-list 101 deny ip any any log
access-list 110 deny ip 10.0.0.0 0.255.255.255 any log
access-list 110 deny ip 172.16.0.0 0.15.255.255 any log
access-list 110 deny ip 127.0.0.0 0.255.255.255 any log
access-list 110 deny ip 255.0.0.0 0.255.255.255 any log
access-list 110 deny ip 224.0.0.0 31.255.255.255 any log
access-list 110 deny ip host 0.0.0.0 any log
access-list 110 deny ip 192.168.103.0 0.0.0.255 any log
access-list 110 deny ip host w.x.y.z any log
access-list 110 deny icmp any any redirect log
access-list 110 permit ip any any
snmp-server community blah RO
snmp-server community blah RO
!
!
control-plane
!
!
03-26-2014 07:56 AM
Hi,
ip dhcp excluded-address 192.168.103.1 192.168.103.249
What mean this command ? You want to exclude address from .1 to .249 :)
Change the exclude addresses range (e.g. 103.1 to 103.50 or somthing else), I hope it will work
Don't forget to rate helpfull posts
Sajid Ali Pathan
07-27-2015 11:55 AM
This discussion has been reposted from Cisco User Groups to the WAN, Routing and Switching community.
07-27-2015 04:47 PM
Hi ,
Under interface fast 0/0 you have an access list 100 that denies packets
from everything but the 192.168.103.0/24 subnet.
Your device that is looking for a dhcp address will not have a valid address until after the dhcp offer.
Try this
!
no access-list 100
!
access-list 100 permit udp any eq bootpc any
access-list 100 permit tcp 192.168.103.0 0.0.0.255 any
access-list 100 permit udp 192.168.103.0 0.0.0.255 any
access-list 100 permit icmp 192.168.103.0 0.0.0.255 any
access-list 100 deny ip any any log
!
I also agree with the other replier you are a bit short on dhcp pool addresses
You have exclused .1. to .249 that only leave you .250 to .254 but may be that is what you wanted
Regards
Alex
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: