Solved: Hi,

gmolinero · ‎11-23-2015

Hello all,

Since this morning, I am having problems accessing internet and I dont know why..

I have a cisco 2900 router as dhcp server to give access to a LAN pool 192.168.10.0 /24, moreover we need to do PAT translation to a coorporate LAN 172.17.103.59 255.255.255.192.

router is directly connected with a aironet Access point with static mac-address access list.

DHCP bindings in the 2900 are registered for some users (some celulars and some laptops); In my case, my iphone can access internet and is registered in the dhcp bindings table, however my laptop is registered in the dhcp binding table but I am unable to access internet.

I have made dhcp and nat debugs but I can not find interesing info to solve this issue.

I am attaching the 2900 configuration:

!
ip dhcp excluded-address 192.168.10.12
!
ip dhcp pool GregoPOOL
network 192.168.10.0 255.255.255.0
domain-name Grego
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.10.1
lease 0 2
update arp
!

!
interface GigabitEthernet0/0
ip address 172.17.103.60 255.255.255.192
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!

!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool FUERA 172.17.103.59 172.17.103.59 netmask 255.255.255.192
ip nat inside source list 7 pool FUERA overload
ip route 0.0.0.0 0.0.0.0 172.17.103.61
!
access-list 7 permit 192.168.10.0 0.0.0.63
!

Could someone give me a light about this issue?

Thanks!!!

acampbell · ‎11-23-2015

Hi,

Your DHCP pool is allowing addresses 192.168.10.1 - 254 (except 12)

Your NAT access list is only allowing addresses

192.168.10.1 - 62 to be NATTED (access-list 7 permit 192.168.10.0 0.0.0.63)

Are your failed DHCP clients above Ip address 62

May be you need to allow more addresses through the acess list

Changing to "access-list 7 permit 192.168.10.0 0.0.0.255" will allow the full subnet.

You should also exclude your router interface from the DHCP
ip dhcp excluded-address 192.168.10.1

Regards
Alex

Regards, Alex. Please rate useful posts.

View solution in original post

acampbell · ‎11-23-2015

Hi,

Your DHCP pool is allowing addresses 192.168.10.1 - 254 (except 12)

Your NAT access list is only allowing addresses

192.168.10.1 - 62 to be NATTED (access-list 7 permit 192.168.10.0 0.0.0.63)

Are your failed DHCP clients above Ip address 62

May be you need to allow more addresses through the acess list

Changing to "access-list 7 permit 192.168.10.0 0.0.0.255" will allow the full subnet.

You should also exclude your router interface from the DHCP
ip dhcp excluded-address 192.168.10.1

Regards
Alex

Regards, Alex. Please rate useful posts.

gmolinero · ‎11-23-2015

I changed the subnet and I got access. Thanks

However dhcp bindings are still not working fine. Some PCs are registered and some of them not. Maybe is a Windows 7 issue with the dhcp client.

By other hand, I think that the cisco router 2900 is to slow making these bindings to the dhcp table.

Do you know something about this?

Thanks!

acampbell · ‎11-23-2015

Hi,

You have opted to use "Secure DHCP" by the update arp command under your
DHCP pool.

You have also put your devices on a short lease 2 hours.

This MAY be causing a rise in CPU utilisation.

You could try setting your lease back to the ONE day default

!
ip dhcp pool GregoPOOL
no lease 0 2
!

See if that speeds thing up a bit.

Regards
Alex

Regards, Alex. Please rate useful posts.

swasthik_ms87 · ‎11-23-2015

Hi,

Are you getting DHCP requests to this Router from the clients ? Also double check service dhcp is enabled on the box(it would be a hidden command depends on IOS version). It would be safer to check for any dhcp conflicts occured.

Also, is this issue started after enabling NAT on GigabitEthernet0/0/0 ?

Thanks

DHCP binding not working