04-11-2012 02:28 PM - edited 03-07-2019 06:04 AM
I'm trying to get a small branch office up and running. It has a newly installed T1 Line and a cisco 1841 router. The network is mixed topology with linux, mac and windows, no servers to speak of. We want to run dhcp and nat from the 1841 and seem to have hit a wall with this. The network connections are all good, the T1 is working and if I configure fastethernet 0/0 with an outside IP address and give clients static IP addresses things do work but we need to share an IP address. I've included the setup config from the router, any hints or help would be greatly appreciated since the clients can't connect to or ping the internet as soon as they try and use dhcp (though they do get valid dhcp ip addresses within the range specified). The DHCP pool address is the valid external IP address that we want to use for all traffic going out from all the PC's hooked up through the switch (there is a dlink switch hooked to fastethernet 0/0).
Config:
smallmouth#show config
Using 1446 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname smallmouth
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$4eEN$65vLCb8GnvRzQoOwZoT.K0
enable password XXXXXX
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool pool1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 4.2.2.2
lease infinite
!
!
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
interface Tunnel1
no ip address
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.176.30.6 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly
encapsulation ppp
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.176.30.5
!
!
no ip http server
no ip http secure-server
ip nat pool mypool 199.116.110.9 199.116.110.9 netmask 255.255.255.248
ip nat inside source list 7 pool mypool overload
!
access-list 7 permit 192.168.1.0 0.0.0.200
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password XXXXXX
login
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
04-11-2012 08:10 PM
I think this might be your typo,
access-list 7 permit 192.168.1.0 0.0.0.200
If you want all of the 192.168.1.0 to be NATd out the serial interface, then this hould be:
access-list 7 permit 192.168.1.0 0.0.0.255
Hope this helps.
Mike Burr
04-11-2012 08:10 PM
I think this might be your typo,
access-list 7 permit 192.168.1.0 0.0.0.200
If you want all of the 192.168.1.0 to be NATd out the serial interface, then this hould be:
access-list 7 permit 192.168.1.0 0.0.0.255
Hope this helps.
Mike Burr
04-12-2012 04:06 AM
That was it... just a typo...but after hours of starring at documentation, the eyes, they get blurry.
Thanks Again for your help!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide