Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1457
Views
6
Helpful
6
Replies

dhcp pool of 512 addresses and access list

Go to solution
scsawyer
Level 1
Level 1

‎04-11-2023 08:43 AM

looking for 800 Series Router Config help.

(This gives me 512 host which is what i want0

ip dhcp pool inside
import all
network 192.168.34.0 255.255.254.0
dns-server 10.5.90.1 8.8.8.8
domain-name gleamns
default-router 192.168.35.1

The following access list work on my sample router to get access to the internet.

access-list 104 permit ip 192.168.35.0 0.0.0.255 any
access-list 104 permit ip any any

but when i apply it to a router same kind, it will not give users access to internet.

i am change it for a 

192.168.35.0 255.255.255.0 network

to a 

192.168.35.01 255.255.254.0 network

which it forces it to the 192.168.34.0 255.255.254.0

get a little confused.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎04-11-2023 08:50 AM - edited ‎04-11-2023 12:07 PM

network 192.168.34.0 255.255.254.0

!

access-list 104 permit ip 192.168.34.0 0.0.1.255 any
access-list 104 permit ip any any

 

only change this and try again 

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to scsawyer

‎04-11-2023 06:29 PM

You like to use 192.168.34.0/23 IP address space

for best practice use 192.168.34.1 or 192.168.35.254 as Gateway for each understand and easy to troubleshoot (rather i the middle of IP address space in your case 192.168.35.1)

below ACL and NAT should work as expected.

ip nat inside source list 10 interface GigabitEthernet4/0 overload

access-list 10 permit IP  192.168.34.0  0.0.1.255 any

Note: make sure you exclude DHCP gateway IP from the range with the below command:

ip dhcp excluded-address <start address> [<end address>]

ip dhcp excluded-address  192.168.34.1 or 192.168.35.254 (as per my suggestion)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎04-11-2023 08:50 AM - edited ‎04-11-2023 12:07 PM

network 192.168.34.0 255.255.254.0

!

access-list 104 permit ip 192.168.34.0 0.0.1.255 any
access-list 104 permit ip any any

 

only change this and try again 

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎04-11-2023 12:10 PM - edited ‎04-11-2023 12:15 PM

I check subnet vai online subnet calculator' The network-id is .34 not .35
Screenshot (586).png

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎04-11-2023 12:02 PM

I am not clear what you are confused about. But I have several comments that I hope will be helpful.

The original version of the acl "access-list 104 permit ip 192.168.35.0 0.0.0.255 any" will permit devices in the 192.168.35.0 part of your network and will not permit devices in the 192.168.34.0 part of your network.

Changing the acl to "access-list 104 permit ip 192.168.34.0 0.0.1.255 any" will allow it to work but is not a good idea. I have seen situations where routers were configured with extended acl using permit any and it causes issues (does not always cause issues but can sometimes cause issues so I suggest that you not use this). It is much better for NAT like this to configure a standard acl to permit your network. You get the same effect (source 192.168.34.0/23 to any destination) without the possible risk when using extended acl.

HTH

Rick

Go to solution
scsawyer
Level 1
Level 1
In response to Richard Burts

‎04-11-2023 12:12 PM

this is the way most of the routers were setup a long time ago, i have just followed along keeping them going, so i will look at doing the Ip nat, something like this.

 ip nat inside source list 10 interface GigabitEthernet4/0 overload , 

10 permit 192.168.34.0, wildcard bits 0.0.1.255

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to scsawyer

‎04-11-2023 06:29 PM

You like to use 192.168.34.0/23 IP address space

for best practice use 192.168.34.1 or 192.168.35.254 as Gateway for each understand and easy to troubleshoot (rather i the middle of IP address space in your case 192.168.35.1)

below ACL and NAT should work as expected.

ip nat inside source list 10 interface GigabitEthernet4/0 overload

access-list 10 permit IP  192.168.34.0  0.0.1.255 any

Note: make sure you exclude DHCP gateway IP from the range with the below command:

ip dhcp excluded-address <start address> [<end address>]

ip dhcp excluded-address  192.168.34.1 or 192.168.35.254 (as per my suggestion)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to scsawyer

‎04-11-2023 10:50 PM

Thanks for clarifying that this is the way that most of the routers have been set up. I am glad that in your environment it has not caused problems. But I do suggest that using a standard acl rather than an extended acl is good practice.

HTH

Rick
Customers Also Viewed These Support Documents