Announcement

Collapse
No announcement yet.

Cisco 2600 IOS 12.3 outside interface and DHCP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 2600 IOS 12.3 outside interface and DHCP

    I've got a 2621 router with Version 12.3(9e) of the IOS on there. I've been able to get the INSIDE interface to hand out DHCP addresses and even routed successfully inside with multiple subnets over multiple VLANS (I've got a 2924 switch, too, but that's not the topic of this post), but the sticking point I'm seeing is getting the OUTSIDE interface to get an IP address via DHCP. Right now its just getting the address from my linksys router, so it's all technically inside, but I'm acting like its inside/outside for lab and testing.

    So admittedly, I'm still learning access-list and access-group commands, but thats beyond my issue here. The router will get ONE DHCP address, keep it for the lease of 24 hours (via the linksys) and then DROP the address. I have to completely reboot the linksys and the router for it to renew the lease.

    WHY is this happening? Do I need to write an access list for DHCP requests ports 67 and 68 on the outside interface? (the full syntax of which escapes me at the moment)

    Also, here's my config copy/pasted. fa0/1 is up/down cuz the switch was off at the time of playing with this. fa0/0 is the problem child here.

    Thanks in advance for any insight you all may provide!



    Current configuration : 1232 bytes
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname RichRouter
    !
    boot-start-marker
    boot-end-marker
    !
    no logging on
    enable secret 5 $1$uHc.$rDMSUqN6vtWsjsV9Z7tm30
    enable password <hidden>
    !
    no aaa new-model
    ip subnet-zero
    ip cef
    !
    !
    !
    ip dhcp pool vlan1
    network 192.168.2.0 255.255.255.0
    default-router 192.168.2.1
    !
    ip audit po max-events 100
    ip dhcp-server 192.168.2.1
    no ftp-server write-enable
    !
    interface FastEthernet0/0
    ip address dhcp
    ip nat outside
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    shutdown
    !
    interface FastEthernet0/1
    ip address 192.168.2.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    !
    router rip
    network 192.168.2.0
    network 0.0.0.0
    !
    ip http server
    ip classless
    !
    !
    banner motd ^C
    WARNING!!

    This system is intended for private use. Your connection
    to this system implies no expectation of privacy.
    Unauthorized connections and/or usage of this system
    is illegal. Upon detection, information will be
    collected and sent to the appropriate authorities.

    ^C
    !
    line con 0
    password <hidden>
    login
    line aux 0
    line vty 0 4
    password <hidden>
    login
    line vty 5 15
    password <hidden>
    login
    !
    !
    end

    RichRouter#
    RichRouter#sh ip int brie
    Interface IP-Address OK? Method Status Prot
    ocol
    FastEthernet0/0 unassigned YES DHCP up up

    Serial0/0 unassigned YES NVRAM administratively down down

    FastEthernet0/1 192.168.2.1 YES NVRAM up down

    RichRouter#
    RichRouter#

  • #2
    Re: Cisco 2600 IOS 12.3 outside interface and DHCP

    Hi fractalsphere,

    Good question.

    No, you don't need an ACL in place to fix this. You already have unrestricted traffic flow. The NAT that is configured shouldn't affect the functionality of DHCP.

    I see a couple of options here-
    1. do the following command with logging on and wait for the release of the IP address, then go see what happened:
    debug dhcp detail
    or
    debug dhcp

    2. see if you can incrase the lease time to a year or something, like this:
    (in interface config for your dhcp interface)

    R1-871W(config-if)#ip dhcp client lease 365

    For info on the Cisco IOS DHCP client, see this link:
    http://www.cisco.com/univercd/cc/td/...8/gtdhcpcf.htm

    Let us know how it goes!

    Thanks,
    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training
    TrainSignalTraining.com - Free IT Training Products
    Personal Websites: HappyRouter.com & VMwareVideos.com

    Comment


    • #3
      Re: Cisco 2600 IOS 12.3 outside interface and DHCP

      Also,
      on the network between the outside of the router and the inside of the linksys, are there other devices that might have a dhcp conflict with the router?
      The IP address range on that network is not the same as the inside of the router, is it?
      David Davis - Petri Forums Moderator & Video Training Author
      Train Signal - The Global Leader in IT Video Training
      TrainSignalTraining.com - Free IT Training Products
      Personal Websites: HappyRouter.com & VMwareVideos.com

      Comment


      • #4
        Re: Cisco 2600 IOS 12.3 outside interface and DHCP

        Originally posted by daviddavis View Post
        I see a couple of options here-
        1. do the following command with logging on and wait for the release of the IP address, then go see what happened:
        debug dhcp detail
        or
        debug dhcp

        2. see if you can incrase the lease time to a year or something, like this:
        (in interface config for your dhcp interface)

        R1-871W(config-if)#ip dhcp client lease 365
        I've turned on the debugging and I'll wait on the results...

        As for that command, it errors out as being an invalid command (we have different IOSs). Anyway, the lease time is determined at the sending end, not the receiving end of the DHCP cycle. Ultimately, I'd like to see this 2621 get the outside interface facing public to the internet and get DHCP from my cable provider, and their leases are only a few days.

        As for your other question, no, there's nothing that has an IP conflict with the router. The inside subnet 192.168.2.x (which works, and can ping the outside interface of the router when it has an IP) is different from my 'outside' subnet of 192.168.1.x.

        Thanks for the quick reply!
        Rich

        Comment


        • #5
          Re: Cisco 2600 IOS 12.3 outside interface and DHCP

          Originally posted by fractalsphere View Post
          I've turned on the debugging and I'll wait on the results...
          These were the results of the debug... I'm posting, but I'm now going to end up looking this up. Will let you know if I hit a wall or not.

          Oh, and of course since I'm planning on putting the outside interface facing public internet, I'm not necessarily going to have a nice neat list of approved DHCP servers. Comcast could change them up on me. :-0


          THANKS!




          RichRouter(config-if)#no shut

          DHCP: DHCP client process started: 10
          RAC: Delaying starting DHCP because interface FastEthernet0/0 not upRichRouter(c
          onfig-if)#
          %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
          %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state t
          o up
          DHCP: DHCP client process started: 10
          RAC: Starting DHCP discover on FastEthernet0/0
          DHCP: Try 1 to acquire address for FastEthernet0/0
          DHCP: allocate request
          DHCP: new entry. add to queue
          DHCP: SDiscover attempt # 1 for entry:
          DHCP: SDiscover: sending 302 byte length DHCP packet
          DHCP: SDiscover 302 bytes
          B'cast on FastEthernet0/0 interface from 0.0.0.0
          DHCP: Received a BOOTREP pkt
          DHCP: offer received from 192.168.1.1
          DHCP: offer: server 192.168.1.1 not in approved list
          DHCP: SDiscover attempt # 2 for entry:
          DHCP: SDiscover: sending 302 byte length DHCP packet
          DHCP: SDiscover 302 bytes
          B'cast on FastEthernet0/0 interface from 0.0.0.0
          DHCP: Received a BOOTREP pkt
          DHCP: offer received from 192.168.1.1
          DHCP: offer: server 192.168.1.1 not in approved list
          DHCP: SDiscover attempt # 3 for entry:
          DHCP: SDiscover: sending 302 byte length DHCP packet
          DHCP: SDiscover 302 bytes
          B'cast on FastEthernet0/0 interface from 0.0.0.0
          DHCP: Received a BOOTREP pkt
          DHCP: offer received from 192.168.1.1
          DHCP: offer: server 192.168.1.1 not in approved list
          RichRouter(config-if)#%Unknown DHCP problem.. No allocation possible
          DHCP: Waiting for 5 seconds on interface FastEthernet0/0
          Last edited by fractalsphere; 26th May 2007, 00:50.

          Comment


          • #6
            Re: Cisco 2600 IOS 12.3 outside interface and DHCP

            Originally posted by fractalsphere View Post
            Will let you know if I hit a wall or not.
            I have hit a wall. For my platform (2621 router), the commands you referenced and that the article referenced, don't exist. Its still giving me the "DHCP: offer: server 192.168.1.1 not in approved list" despite trying another IOS version (12.3.22). I've not found any specific info on that error or how to clear it.

            So I'm stuck. The access lists I'm getting a better handle on, and if the outside interface was going to be a static IP I'd be all set, but since it must get its address via DHCP, I'm at a loss here.

            Comment


            • #7
              Re: Cisco 2600 IOS 12.3 outside interface and DHCP

              Does anyone have any answer for this? I've had no luck, and am really at a point of being able to go no further, and I can't just appropriate one of my companies ASA 5505s just to mess around with on my home cable connection.

              Comment


              • #8
                Re: Cisco 2600 IOS 12.3 outside interface and DHCP

                David is currenly on holiday but he's back soon.
                If you have a CCO account, you can try upgrading the IOS to the latest version: 12.3.22
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Cisco 2600 IOS 12.3 outside interface and DHCP

                  Hi fractalsphere,

                  I think I see a possibility here...

                  From the debug, I keep seeing this message:
                  server 192.168.1.1 not in approved list

                  I was able to recreate this message by configuring an IP for my DHCP server that was incorrect, then trying to get an IP via DHCP.

                  I see you already have this command:
                  ip dhcp-server 192.168.2.1

                  What if you do this?
                  ip dhcp-server 192.168.1.1

                  Then go to your interface and do a shut, then no shut

                  You can read more about this command at:
                  http://www.cisco.com/univercd/cc/td/....htm#wp1175809

                  I am not saying that this will resolve it, it just seems like a possible cause.

                  Let me know

                  Thanks,
                  David Davis - Petri Forums Moderator & Video Training Author
                  Train Signal - The Global Leader in IT Video Training
                  TrainSignalTraining.com - Free IT Training Products
                  Personal Websites: HappyRouter.com & VMwareVideos.com

                  Comment


                  • #10
                    Re: Cisco 2600 IOS 12.3 outside interface and DHCP

                    Adding the ip dhcp-server 192.168.1.1 (my known DHCP server in-house) did work, and it immediately gave me an address. So, a big THANKS for helping me fix that problem!! I had thought the dhcp-server command was used primarily to tell the router which DHCP server addresses to use internally to hand out addresses.

                    So now I'll have to go and find Comcasts DHCP servers and add them to my approved DHCP server list and hope they don't change IPs on me unannounced.

                    EDIT: I do have a CCO acct, and the IOS is at 12.3.22. Thanks!
                    Last edited by fractalsphere; 31st May 2007, 19:14.

                    Comment


                    • #11
                      Re: Cisco 2600 IOS 12.3 outside interface and DHCP

                      Originally posted by fractalsphere View Post

                      EDIT: I do have a CCO acct, and the IOS is at 12.3.22. Thanks!
                      Ok, I only had seen 12.3(9e) so that's why I mentioned it
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: Cisco 2600 IOS 12.3 outside interface and DHCP

                        Thanks Marcel, for your help on this one!

                        fractalsphere - I am glad that worked.

                        Something you might try is to just REMOVE the command all together, then maybe all DHCP servers are authorized and you don't have to worry about finding or keeping your ISP's DHCP server IP updated.

                        Thanks
                        David Davis - Petri Forums Moderator & Video Training Author
                        Train Signal - The Global Leader in IT Video Training
                        TrainSignalTraining.com - Free IT Training Products
                        Personal Websites: HappyRouter.com & VMwareVideos.com

                        Comment


                        • #13
                          Re: Cisco 2600 IOS 12.3 outside interface and DHCP

                          Originally posted by daviddavis View Post
                          Something you might try is to just REMOVE the command all together, then maybe all DHCP servers are authorized and you don't have to worry about finding or keeping your ISP's DHCP server IP updated.

                          Thanks
                          Removing all dhcp-server commands worked! It's weird how Cisco works in reverses like that. So my hurdle is overcome! Woohooo! Now I've gotta drill in and get access-lists/groups going and make it my router for real! So I'm excited now! Can't wait to get home from work and play!

                          No doubt I'll have some odd access-list question, too, at some point.

                          Thanks again! And I've gotta see how to give credit points here.

                          Rich

                          Comment

                          Working...
                          X