Thanks for letting me know how to get all of the output. I can run "sh run" and get the configuration. Unfortunately because I am using a stand alone terminal I can't capture the output. The interfaces are there but each on has no ip address, shutdown, no cdp enable. I can probably use my laptop for the terminal if I get a male DB9 to male DB9 connector. I was mostly looking for is a high level list of tasks I need to do and a good guide on how to do them. I might be close, but I have no idea. Thanks.

OK, I've made some assumptions about interfaces names WAN (gi0) LAN (fa0/0-7). Also I don't like the idea of using VLAN1 for user traffic and I like VLAN0 even less, so I've created VLAN 10 for your LAN users.

Try the following:

!
int vlan 10
 name inside
 ip address 10.10.10.254 255.255.255.0
 ip nat inside
 ip nat enable
!
ip dhcp excluded-address 10.10.10.254
!
ip dhcp pool dhcp_inside
 network 10.10.10.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 10.10.10.254
!
int gi0
 desc WAN port
 ip address dhcp
 ip nat outside
 ip nat enable
!
int range fa0/0-7
 switchport access vlan 10
 no shut
!
ip nat inside source list 10 interface gi0 overload
ip route 0.0.0.0 0.0.0.0 gi0
!
access-list 10 permit 10.10.10.0 0.0.0.255
!

cheers,

Seb.

Hi Seb,

I followed your directions. However when I tried doing "name inside" I got an error that the name command was unknown and at the end the internal ports still don't have IP addresses, but I was able to connect my laptop to a port. I just can't do anything with the port since the port I am connecting to doesn't have an IP address.

What is the command that I am missing that assigns the DHCP pool to VLAN 10? Also why does it matter if I call it VLAN0, VLAN1 or VLAN10? Just curious.

Thanks.

Argh, that is ASA config and a typo to boot!, ignore that line!

The DHCP pool command listed above has a network statement which matches the VLAN10 subnet ID, thereby enabling DHCP on that VLAN.

What is the output on the commands:

sh ip int br
sh int status
sh ip dhcp pool

It is Cisco security best practice to not use VLAN1, it is used for control traffic which you do not want to expose to user devices.

cheers,

Seb.

Here are the screen shots. Thanks.

Hi,

The first screenshot shows that the Layer3 VLAN 10 interface has not been created. The second one shows us you have all the switchports on the correct Layer2 VLAN.

Oddly the third shows the DHCP pool we created 'dhcp_inside' but with a with a range we didn't specify.

Can you try punching in the following commands again and let me know if it complains:

!
int vlan 10
 ip address 10.10.10.254 255.255.255.0
 ip nat enable
 ip nat inside
!
ip dhcp excluded-address 10.10.10.254
!
ip dhcp pool dhcp_inside
 network 10.10.10.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 10.10.10.254
!

cheers,

Seb.

I was trying to use subnet 192.168.67.*. But I reset the router to the default and reentered the manual configuration that you have above. It looks like I am close, but I am still not getting an IP address when I connect an ethernet cable.

Looks promising. The last screenshot shows one lease, what is the output of:

sh ip dhcp binding

...do you recognise the MAC address?

Try:

sh mac-address-table

I have one of the WAN ports connected to another router. Here is the output from the above commands. Thanks.

Sorry I accidentally hit correct answer. I still can't assign an IP address to an internal port. While I am trying to configure the router I have my WIFI plugged into the Gigabit Wan port and my laptop plugged into FE7.

In some posts I see people leaving switch port on, in others people turn it off. There should be a straightforward document that describes building a basic configuration for one sub net with a firewall. If I could find the exact configuration commands, reset the router to default and just type in the commands that would be easier.