on my PC i only get

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::35d9:d8db:a3d3:8b9e%11
   Autoconfiguration IPv4 Address. . : 169.254.139.158
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

also when I enable debug

debug ip dhcp server packet

nothing is shown... as if there is no activity

The subinterface on your router has no IP address assigned to it.

Can you give it the IP 10.10.7.1 and retest.

If you want to ping from the switch then you need to setup an IP on the switch for management.

You can do this later if you want but it shouldn't affect the DHCP for the client.

Jon

I added the IP to the sub-interface like you said

interface GigabitEthernet0/0.7
 encapsulation dot1Q 7
 ip address 10.10.7.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!

and now I have IP assigned on my PC

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::35d9:d8db:a3d3:8b9e%11
   IPv4 Address. . . . . . . . . . . : 10.10.7.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.7.1

I tried to ping the WAN IP from the PC and it works

C:\Users\Martin>ping xxx.xxx.xxx.166

Pinging 10.10.7.1 with 32 bytes of data:
Reply from 10.10.7.1: bytes=32 time<1ms TTL=255

but i cannot ping the ISP default GW

C:\Users\Martin>ping 190.104.170.165

Pinging 190.104.170.165 with 32 bytes of data:
Request timed out.

Also I cannot access the internet.

Your latest router configuration you posted is missing the NAT acl.

So you need to add that back in and retest.

See your earlier configuration in this thread for the acl details.

Jon

do you mean this one ?

access-list 1 permit 10.10.10.0 0.0.0.255

do i have to enter this rule one for each vlan ?

Yes I mean that one.

You would need to add an entry to that acl for every new subnet you create ie. you only need that acl but it may end up having multiple entries.

Jon

ok, i just added this line

access-list 1 permit 10.10.7.0 0.0.0.255

and now i can ping the ISP default GW from my PC

the problem now is that i can reach the DNS servers

not from my PC nor the router

does it have to do with

ip dhcp pool VLAN7
 network 10.10.7.0 255.255.255.0
 default-router 10.10.7.1
 dns-server 10.10.7.1

dns-server is set to 10.10.7.1

I want PCs to have this IP address as DNS server

and the router internally would have to use the Public IP DNS

You are not handing out any DNS information to the client as far as I can see.

Under your DHCP pool configuration on the router you need to add a line for DNS servers so that the clients get that information.

So under your DHCP pool configuration you need to add this line -

"dns-server <ip address>"

note that you can specify multiple IP addresses, all on the same line, just separate them with a space.

When you have modified your configuration do an "ipconfig /release" on the PC and then an "ipconfig /renew" in a command window.

If you then do an "ipconfig /all" you should see the client has received the DNS information.

I'm assuming you have valid DNS server IPs.

Jon

I have DNS servers 

ip name-server 190.104.163.57
ip name-server 200.3.250.1

but I want the PCs to use 10.10.7.1 as their DNS servers

Ok... my bad... I deleted a route to the ISP Default GW

here is my updated config

now i can ping everywhere from the router

from the PC i can ping public IPs but not names

Building configuration...

Current configuration : 1985 bytes
!
! Last configuration change at 15:33:30 UTC Fri Dec 12 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hrc_r01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.7.1 10.10.7.10
!
ip dhcp pool VLAN7
 network 10.10.7.0 255.255.255.0
 default-router 10.10.7.1
 dns-server 10.10.7.1
!
!
!
ip domain name hrc.com.py
ip name-server 190.104.163.57
ip name-server 200.3.250.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL1834240J
!
!
username hardrock privilege 15 password 0 h4rdr0ck
!
redundancy
!
!
!
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN
 no ip address
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.7
 encapsulation dot1Q 7
 ip address 10.10.7.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1
 description WAN
 ip address 190.104.170.166 255.255.255.252
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
!
interface GigabitEthernet0/0/1
 no ip address
!
interface GigabitEthernet0/0/2
 no ip address
!
interface GigabitEthernet0/0/3
 no ip address
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 190.104.170.165
!
access-list 1 permit 10.10.7.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login local
 transport input all
line vty 5 15
 login local
 transport input all
!
scheduler allocate 20000 1000
!
end

No problem.

See may last post regarding DNS for the clients.

Jon

yes, i saw that... i was sure i configured it.... but... i didnt....

thanks a million!!!