05-12-2013 11:27 PM - edited 03-07-2019 01:19 PM
Hello
I am a newbie to Cisco. I am trying to setup NAT with DHCP in our office on CISCO 819 router. I am having a problem with DHCP not assigning an IP on vlan1. I cannot figure out what i'm doing wrong. Below is my config and debug from DHCP. Any help is greatly appreciated.
router#sh config
Using 4328 out of 262136 bytes
!
! Last configuration change at 05:56:39 UTC Mon May 13 2013 by cisco
! NVRAM config last updated at 05:57:16 UTC Mon May 13 2013 by cisco
! NVRAM config last updated at 05:57:16 UTC Mon May 13 2013 by cisco
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-230656754
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-230656754
revocation-check none
rsakeypair TP-self-signed-230656754
!
!
crypto pki certificate chain TP-self-signed-230656754
certificate self-signed 01 nvram:IOS-Self-Sig#6.cer
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool ccp-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 75.75.75.75 75.75.76.76
lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
username tomek privilege 15 secret 4 R1ODRxztRdGPKo8bhaOx1rdYvIPTFzjT.JyC.9QqZZo
!
!
!
!
controller Cellular 0
!
!
!
!
!
!
!
!
interface Cellular0
no ip address
encapsulation ppp
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 101 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line 3
no exec
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
May 13 06:19:17.311: %LINK-3-UPDOWN: Interface FastEthernet2, changed state to up
May 13 06:19:18.311: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to up
May 13 06:19:46.347: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
May 13 06:19:46.851: DHCPD: client's VPN is .
May 13 06:19:46.851: DHCPD: No option 125
May 13 06:19:46.851: DHCPD: DHCPREQUEST received from client 0100.2511.d842.e2.
May 13 06:19:46.851: DHCPD: client has moved to a new subnet.
May 13 06:19:46.851: DHCPD: Sending DHCPNAK to client 0100.2511.d842.e2.
May 13 06:19:46.851: DHCPD: no option 125
May 13 06:19:46.851: DHCPD: broadcasting BOOTREPLY to client 0025.11d8.42e2.
May 13 06:19:46.955: DHCPD: client's VPN is .
May 13 06:19:46.955: DHCPD: No option 125
May 13 06:19:46.955: DHCPD: DHCPDISCOVER received from client 0100.2511.d842.e2 on interface Vlan1.
May 13 06:19:46.955: DHCPD: Sending DHCPOFFER to client 0100.2511.d842.e2 (192.168.1.13).
May 13 06:19:46.955: DHCPD: no option 125
May 13 06:19:46.955: DHCPD: creating ARP entry (192.168.1.13, 0025.11d8.42e2, vrf default).
May 13 06:19:46.955: DHCPD: unicasting BOOTREPLY to client 0025.11d8.42e2 (192.168.1.13).
May 13 06:19:46.959: DHCPD: client's VPN is .
May 13 06:19:46.959: DHCPD: No option 125
May 13 06:19:46.959: DHCPD: DHCPREQUEST received from client 0100.2511.d842.e2.
May 13 06:19:46.959: DHCPD: Appending system default domain
May 13 06:19:46.959: DHCPD: Using hostname 'NELSON-PC.yourdomain.com.' for dynamic update (from FQDN option)
May 13 06:19:46.959: DHCPD: Sending DHCPACK to client 0100.2511.d842.e2 (192.168.1.13).
May 13 06:19:46.959: DHCPD: no option 125
May 13 06:19:46.959: DHCPD: ARP entry exists (192.168.1.13, 0025.11d8.42e2).
May 13 06:19:46.959: DHCPD: unicasting BOOTREPLY to client 0025.11d8.42e2 (192.168.1.13).
May 13 06:19:50.147: DHCPD: client's VPN is .
May 13 06:19:50.147: DHCPD: No option 125
May 13 06:19:50.147: DHCPD: DHCPINFORM received from client 0100.2511.d842.e2 (192.168.1.13).
May 13 06:19:50.147: DHCPD: Sending DHCPACK to client 0100.2511.d842.e2 (192.168.1.13).
May 13 06:19:50.147: DHCPD: no option 125
May 13 06:19:50.147: DHCPD: broadcasting BOOTREPLY to client 0025.11d8.42e2.
05-12-2013 11:40 PM
Hi,
from the debug you posted, an IP address is allocated: 192.168.1.13.
You should change your static route though if you want NAT to work:
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 dhcp
Regards
Alain
Don't forget to rate helpful posts.
05-13-2013 05:08 PM
Alain
Thank you very much for the info. I made the change you suggested and it works great.
Now I am having another problem. I am running a web server and a few domains, so I created port forwarding in the cisco router. It works great except I cannot access any of the domains from within the local network. If I am outside of my LAN I can access all domains and all forwarded ports without any problem. Is there a fix for this?
Here is my current config:
OELSNET#sh config
Using 5055 out of 262136 bytes
!
! Last configuration change at 22:44:39 UTC Mon May 13 2013
! NVRAM config last updated at 22:45:02 UTC Mon May 13 2013
! NVRAM config last updated at 22:45:02 UTC Mon May 13 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OELSNET
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 tSbSU3Pb6mNOFHkcgKob.3Da88lZB6DHtrZGJTA1/zU
enable password 1234
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2215678432
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2215678432
revocation-check none
rsakeypair TP-self-signed-2215678432
!
!
crypto pki certificate chain TP-self-signed-2215678432
certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool ccp-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 75.75.75.75 75.75.76.76
lease 0 2
!
!
no ip domain lookup
ip domain name comcast.net
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
username tomek privilege 15 secret 4 R1ODRxztRdGPKo8bhaOx1rdYvIPTFzjT.JyC.9QqZZo
!
!
!
!
controller Cellular 0
!
!
!
!
!
!
!
!
interface Cellular0
no ip address
encapsulation ppp
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 101 interface GigabitEthernet0 overload
ip nat inside source static tcp 192.168.1.134 80 interface GigabitEthernet0 80
ip nat inside source static tcp 192.168.1.134 25 interface GigabitEthernet0 25
ip nat inside source static tcp 192.168.1.134 53 interface GigabitEthernet0 53
ip nat inside source static tcp 192.168.1.134 22 interface GigabitEthernet0 22
ip nat inside source static tcp 192.168.1.134 21 interface GigabitEthernet0 21
ip nat inside source static tcp 192.168.1.113 81 interface GigabitEthernet0 81
ip nat inside source static tcp 192.168.1.100 8081 interface GigabitEthernet0 8081
ip nat inside source static tcp 192.168.1.134 8080 interface GigabitEthernet0 8080
ip route 0.0.0.0 0.0.0.0 dhcp
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip any any
no cdp run
!
!
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 3
no exec
line vty 0 4
privilege level 15
password polska112qbs
transport input ssh
!
scheduler allocate 20000 1000
end
05-13-2013 11:01 PM
Hi,
This is a well known problem called NAT hairpinning.Normally it could be solved by configuring NAT NVI instead of "traditional" NAT but I've never tried it myself:
int vlan 1
no ip nat in
ip nat enable
no ip redirects
int g0
no ip nat out
ip nat enable
no ip redirects
no ip nat inside source list 101 interface GigabitEthernet0 overload
no ip nat inside source static tcp 192.168.1.134 80 interface GigabitEthernet0 80
no ip nat inside source static tcp 192.168.1.134 25 interface GigabitEthernet0 25
no ip nat inside source static tcp 192.168.1.134 53 interface GigabitEthernet0 53
no ip nat inside source static tcp 192.168.1.134 22 interface GigabitEthernet0 22
no ip nat inside source static tcp 192.168.1.134 21 interface GigabitEthernet0 21
no ip nat inside source static tcp 192.168.1.113 81 interface GigabitEthernet0 81
no ip nat inside source static tcp 192.168.1.100 8081 interface GigabitEthernet0 8081
no ip nat inside source static tcp 192.168.1.134 8080 interface GigabitEthernet0 8080
ip nat inside source list 101 interface GigabitEthernet0 overload
ip nat source static tcp 192.168.1.134 80 interface GigabitEthernet0 80
ip nat source static tcp 192.168.1.134 25 interface GigabitEthernet0 25
ip nat source static tcp 192.168.1.134 53 interface GigabitEthernet0 53
ip nat source static tcp 192.168.1.134 22 interface GigabitEthernet0 22
ip nat source static tcp 192.168.1.134 21 interface GigabitEthernet0 21
ip nat source static tcp 192.168.1.113 81 interface GigabitEthernet0 81
ip nat source static tcp 192.168.1.100 8081 interface GigabitEthernet0 8081
ip nat source static tcp 192.168.1.134 8080 interface GigabitEthernet0 8080
Another solution is to use split-DNS: http://en.wikipedia.org/wiki/Split-horizon_DNS
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide