Solved: DHCP on 2801

lawsonktm · ‎04-19-2017

So im new to using cisco routers and i have a basic config for nat but i only can use static ip's at the moment but I enable the dhcp server and set it all up so am i missing something? FYI:

Fa 0/1 = Lan

Fa 0/0 = Wan

Router#show running-config
Building configuration...

Current configuration : 2032 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
ip inspect name InspectRule icmp
ip inspect name InspectRule tcp
ip inspect name InspectRule udp
ip dhcp relay information option
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.0 192.168.2.100
!
ip dhcp pool mypool
import all
network 192.168.2.0 255.255.255.0
dns-server 192.168.2.1 8.8.8.8 8.8.4.4
default-router 192.168.2.1
domain-name boucher.local
lease 3
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip access-group 101 in
ip inspect InspectRule in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
ip inspect InspectRule in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface FastEthernet0/3/4
!
interface FastEthernet0/3/5
!
interface FastEthernet0/3/6
!
interface FastEthernet0/3/7
!
interface FastEthernet0/3/8
!
interface Vlan1
ip address dhcp
!
!
no ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
!
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 10 deny any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit tcp any any
access-list 101 permit udp any any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip any any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

Philip D'Ath · ‎04-19-2017

You have not got the router configured to be a DNS server, so change:

dns-server 192.168.2.1 8.8.8.8 8.8.4.4

to

dns-server 8.8.8.8 8.8.4.4

View solution in original post

Philip D'Ath · ‎04-19-2017

You have not got the router configured to be a DNS server, so change:

dns-server 192.168.2.1 8.8.8.8 8.8.4.4

to

dns-server 8.8.8.8 8.8.4.4

andrewswanson · ‎04-19-2017

Hi

Change ACL 100 from:

access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 deny ip any any

to:

access-list 100 permit udp any any eq 67
access-list 100 permit udp any any eq 68
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 deny ip any any

This will permit dhcp traffic ingress on F0/1

hth
Andy

lawsonktm · ‎04-20-2017

when i do these 2 commands it doesn't change the ACL or running config is there something else i need to add to it?

access-list 100 permit udp any any eq 67
access-list 100 permit udp any any eq 68

lawsonktm · ‎04-20-2017

wait no its working now thanks! I dont know which was the correct answer tho because i tried yours and phillip's answer.