Announcement

Collapse
No announcement yet.

Problems with dhcp on cisco router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems with dhcp on cisco router

    Hello i have setup a router with dhcp for the clients but the clients get no ip adress can someone help me here is the config

    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname ROU-00XX
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200
    logging console critical
    enable secret xxxxxxxx
    !
    no aaa new-model
    !
    ip subnet-zero
    no ip source-route
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.0.1 192.168.0.150
    !
    ip dhcp pool customer
    network 192.168.0.0 255.255.255.0
    default-router 192.168.0.1
    dns-server 192.168.0.100
    !
    dot11 syslog
    !
    !
    no ip bootp server
    no ip domain lookup
    !
    !
    !
    username xxxxx password xxxx
    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-1
    match class-map inboundsmtp
    match access-group 105
    class-map type inspect match-all sdm-nat-smtp-1
    match access-group 101
    match protocol smtp
    class-map type inspect match-any SDM_GRE
    match access-group name SDM_GRE
    class-map type inspect match-any sdm-cls-insp-traffic
    match protocol cuseeme
    match protocol dns
    match protocol ftp
    match protocol h323
    match protocol https
    match protocol icmp
    match protocol imap
    match protocol pop3
    match protocol netshow
    match protocol shell
    match protocol realmedia
    match protocol rtsp
    match protocol smtp extended
    match protocol sql-net
    match protocol streamworks
    match protocol tftp
    match protocol vdolive
    match protocol tcp
    match protocol udp
    match protocol pptp
    match class-map SDM_GRE
    class-map type inspect match-all sdm-insp-traffic
    match class-map sdm-cls-insp-traffic
    class-map type inspect match-any sdm-pptp-1
    match protocol pptp
    class-map type inspect match-all sdm-nat-pptp-1
    match access-group 104
    match class-map sdm-pptp-1
    class-map type inspect match-any SDM-Voice-permit
    match protocol h323
    match protocol skinny
    match protocol sip
    class-map type inspect match-any sdm-service-sdm-pol-NATOutsideToInside-1
    match protocol pptp
    match class-map SDM_GRE
    class-map type inspect match-any sdm-cls-icmp-access
    match protocol icmp
    class-map type inspect match-all sdm-icmp-access
    match class-map sdm-cls-icmp-access
    class-map type inspect match-all sdm-invalid-src
    match access-group 100
    class-map type inspect match-all sdm-protocol-http
    match protocol http
    class-map type inspect match-all sdm-nat-https-1
    match access-group 101
    match protocol https
    !
    !
    policy-map type inspect sdm-permit-icmpreply
    class type inspect sdm-icmp-access
    inspect
    class class-default
    pass
    policy-map type inspect sdm-pol-NATOutsideToInside-1
    class type inspect sdm-nat-smtp-1
    inspect
    class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
    inspect
    class type inspect sdm-nat-https-1
    inspect
    class type inspect sdm-nat-pptp-1
    inspect
    class type inspect SDM_GRE
    pass
    class class-default
    policy-map type inspect sdm-inspect
    class type inspect sdm-invalid-src
    drop log
    class type inspect sdm-insp-traffic
    inspect
    class type inspect sdm-protocol-http
    inspect
    class type inspect SDM-Voice-permit
    inspect
    class class-default
    pass
    policy-map type inspect sdm-permit
    class class-default
    !
    zone security out-zone
    zone security in-zone
    zone-pair security sdm-zp-self-out source self destination out-zone
    service-policy type inspect sdm-permit-icmpreply
    zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
    service-policy type inspect sdm-pol-NATOutsideToInside-1
    zone-pair security sdm-zp-out-self source out-zone destination self
    service-policy type inspect sdm-permit
    zone-pair security sdm-zp-in-out source in-zone destination out-zone
    service-policy type inspect sdm-inspect
    !
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 0/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    no cdp enable
    !
    interface FastEthernet1
    no cdp enable
    !
    interface FastEthernet2
    no cdp enable
    !
    interface FastEthernet3
    no cdp enable
    !
    interface Vlan1
    description $FW_INSIDE$
    ip address 192.168.0.1 255.255.255.0
    ip access-group 102 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    zone-member security in-zone
    ip route-cache flow
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address negotiated
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    zone-member security out-zone
    encapsulation ppp
    ip route-cache flow
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp pap sent-username xxxxx password 7 xxxxxxxxxxxxxxxx
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    no ip http server
    no ip http secure-server
    ip nat inside source list 102 interface Dialer0 overload
    !
    ip access-list extended SDM_GRE
    remark SDM_ACL Category=0
    permit gre any any
    !
    access-list 100 remark Self to Outbound
    access-list 100 permit ip host 255.255.255.255 any
    access-list 100 permit ip 127.0.0.0 0.255.255.255 any
    access-list 101 remark SDM_ACL Category=0
    access-list 101 permit ip any host 192.168.0.100
    access-list 102 permit ip 192.168.0.0 0.0.0.255 any
    access-list 102 permit gre any any
    access-list 103 permit ip 192.168.0.0 0.0.0.255 any
    access-list 104 remark SDM_ACL Category=0
    access-list 104 permit ip any host 192.168.0.100
    access-list 105 remark SDM_ACL Category=128
    access-list 105 permit ip any host 192.168.0.100
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    control-plane
    !
    !
    line con 0
    login local
    no modem enable
    transport output all
    line aux 0
    transport output all
    line vty 0 4
    access-class 103 in
    login local
    transport input telnet ssh
    transport output all
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end

  • #2
    Re: Problems with dhcp on cisco router

    DHCP uses UDP so you have a configuration error with access-list 102 applied to VLAN1. The current configuration is only allowing IP and GRE with the default implicit "deny all" if there is no match.

    Try adding one of the following lines to your 102 ACL:

    access-list 102 permit udp any host 192.168.0.1 eq bootps

    or

    access-list 102 permit udp any host 255.255.255.255
    Last edited by BigDeesDad; 25th August 2009, 22:21.
    Infrastructure Architect
    CCNA, CCNA Security, MCSE, JNCIS

    Comment


    • #3
      Re: Problems with dhcp on cisco router

      check if the service is enabled:

      conf t
      service dhcp

      also try adding a lease setup

      lease (number of days)

      to your dhcp pool

      make sure your firewall isn't blocking ports 67 & 68 used by dhcp

      Comment

      Working...
      X