«

Hi, I'm having problem adding DHCP service to my existing network. My
laptop is getting priviate IP assigned when plugged into FastEthernet4/0/0,
and I can ping them within network from my public subnet aa.bb.cc.0/20, but
I
can't seem to get out to the Internet from private subnet. Possibly a
routing issue? Please
help. Note: aa.bb.cc.0/20 is my public subnet, xx.yy.zz.48/30 is upstream
provider, 10.1.1.0/24 is unable to brows.

!
10.1.1.0 255.255.255.0
dns-server aa.bb.cc.3 aa.bb.cc.4
default-router 10.1.1.1
domain-name abc.com
lease infinite
!
interface FastEthernet4/0/0
ip address 10.1.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
load-interval 30
full-duplex
no cdp enable
!
interface FastEthernet5/0/0
description --- Internet Gateway
ip address xx.yy.zz.50 255.255.255.248
ip access-group 111 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
load-interval 30
full-duplex
no cdp enable
!
interface FastEthernet5/0/1
description --- LAN for Switch
ip address aa.bb.cc.1 255.255.240.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
no ip mroute-cache
load-interval 30
full-duplex
no cdp enable
!
ip route 0.0.0.0 0.0.0.0 xx.yy.zz.49

On Sep 26, 6:48 pm, "Song" <s...@isot.com> wrote:
> Hi, I'm having problem adding DHCP service to my existing network. My
> laptop is getting priviate IP assigned when plugged into FastEthernet4/0/0,
> and I can ping them within network from my public subnet aa.bb.cc.0/20, but
> I
> can't seem to get out to the Internet from private subnet. Possibly a
> routing issue? Please
> help. Note: aa.bb.cc.0/20 is my public subnet, xx.yy.zz.48/30 is upstream
> provider, 10.1.1.0/24 is unable to brows.
>
> !
> 10.1.1.0 255.255.255.0
> dns-server aa.bb.cc.3 aa.bb.cc.4
> default-router 10.1.1.1
> domain-name abc.com
> lease infinite
> !
> interface FastEthernet4/0/0
> ip address 10.1.1.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> no ip mroute-cache
> load-interval 30
> full-duplex
> no cdp enable
> !
> interface FastEthernet5/0/0
> description --- Internet Gateway
> ip address xx.yy.zz.50 255.255.255.248
> ip access-group 111 in
> ip verify unicast reverse-path
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> no ip mroute-cache
> load-interval 30
> full-duplex
> no cdp enable
> !
> interface FastEthernet5/0/1
> description --- LAN for Switch
> ip address aa.bb.cc.1 255.255.240.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache policy
> ip route-cache flow
> no ip mroute-cache
> load-interval 30
> full-duplex
> no cdp enable
> !
> ip route 0.0.0.0 0.0.0.0 xx.yy.zz.49

Without NATing, how is this supposed to work? You may route out to
the internet, but the internet does not know how to get back to a
private IP address range that is not NATed to a public IP. Am I
missing something?

[thort]

Exactly, first and foremost, is NAT happening somewhere (by you or your ISP?).

You say it is a DHCP problem, but you get a 10.x address? If so then it is not a DHCP problem as you are getting a correct IP address assigned.

If you do NAT you most likely have a NAT configuration issue. If your ISP does NAT for you, then it is possible that they doesn't have a route back to you in their routing table. ... What does a traceroute to the internet say from a host on your private 10.x network?

Basic IOS DHCP Config example:
service dhcp
ip dhcp pool 192.168.1.0/24
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.5 192.168.1.6

"Trendkill" <> wrote in message
news: ups.com...
> On Sep 26, 6:48 pm, "Song" <s...@isot.com> wrote:
>> Hi, I'm having problem adding DHCP service to my existing network. My
>> laptop is getting priviate IP assigned when plugged into
>> FastEthernet4/0/0,
>> and I can ping them within network from my public subnet aa.bb.cc.0/20,
>> but
>> I
>> can't seem to get out to the Internet from private subnet. Possibly a
>> routing issue? Please
>> help. Note: aa.bb.cc.0/20 is my public subnet, xx.yy.zz.48/30 is
>> upstream
>> provider, 10.1.1.0/24 is unable to brows.
>>
>> !
>> 10.1.1.0 255.255.255.0
>> dns-server aa.bb.cc.3 aa.bb.cc.4
>> default-router 10.1.1.1
>> domain-name abc.com
>> lease infinite
>> !
>> interface FastEthernet4/0/0
>> ip address 10.1.1.1 255.255.255.0
>> no ip redirects
>> no ip unreachables
>> no ip proxy-arp
>> ip route-cache flow
>> no ip mroute-cache
>> load-interval 30
>> full-duplex
>> no cdp enable
>> !
>> interface FastEthernet5/0/0
>> description --- Internet Gateway
>> ip address xx.yy.zz.50 255.255.255.248
>> ip access-group 111 in
>> ip verify unicast reverse-path
>> no ip redirects
>> no ip unreachables
>> no ip proxy-arp
>> ip route-cache flow
>> no ip mroute-cache
>> load-interval 30
>> full-duplex
>> no cdp enable
>> !
>> interface FastEthernet5/0/1
>> description --- LAN for Switch
>> ip address aa.bb.cc.1 255.255.240.0
>> no ip redirects
>> no ip unreachables
>> no ip proxy-arp
>> ip route-cache policy
>> ip route-cache flow
>> no ip mroute-cache
>> load-interval 30
>> full-duplex
>> no cdp enable
>> !
>> ip route 0.0.0.0 0.0.0.0 xx.yy.zz.49
>
> Without NATing, how is this supposed to work? You may route out to
> the internet, but the internet does not know how to get back to a
> private IP address range that is not NATed to a public IP. Am I
> missing something?
>

Sorry, I forgot about NAT. Below didn't work:
!
interface FastEthernet5/0/0
...
ip nat outside
!
ip nat inside source list 1 interface FastEthernet5/0/0 overload
!
access-list 1 permit 10.1.1.0 0.0.0.255
!

"itchibahn" <> wrote in message
news:46fc5a0f$0$18962$...
> "Trendkill" <> wrote in message
> news: ups.com...
>> On Sep 26, 6:48 pm, "Song" <s...@isot.com> wrote:
>>> Hi, I'm having problem adding DHCP service to my existing network. My
>>> laptop is getting priviate IP assigned when plugged into
>>> FastEthernet4/0/0,
>>> and I can ping them within network from my public subnet aa.bb.cc.0/20,
>>> but
>>> I
>>> can't seem to get out to the Internet from private subnet. Possibly a
>>> routing issue? Please
>>> help. Note: aa.bb.cc.0/20 is my public subnet, xx.yy.zz.48/30 is
>>> upstream
>>> provider, 10.1.1.0/24 is unable to brows.
>>>
>>> !
>>> 10.1.1.0 255.255.255.0
>>> dns-server aa.bb.cc.3 aa.bb.cc.4
>>> default-router 10.1.1.1
>>> domain-name abc.com
>>> lease infinite
>>> !
>>> interface FastEthernet4/0/0
>>> ip address 10.1.1.1 255.255.255.0
>>> no ip redirects
>>> no ip unreachables
>>> no ip proxy-arp
>>> ip route-cache flow
>>> no ip mroute-cache
>>> load-interval 30
>>> full-duplex
>>> no cdp enable
>>> !
>>> interface FastEthernet5/0/0
>>> description --- Internet Gateway
>>> ip address xx.yy.zz.50 255.255.255.248
>>> ip access-group 111 in
>>> ip verify unicast reverse-path
>>> no ip redirects
>>> no ip unreachables
>>> no ip proxy-arp
>>> ip route-cache flow
>>> no ip mroute-cache
>>> load-interval 30
>>> full-duplex
>>> no cdp enable
>>> !
>>> interface FastEthernet5/0/1
>>> description --- LAN for Switch
>>> ip address aa.bb.cc.1 255.255.240.0
>>> no ip redirects
>>> no ip unreachables
>>> no ip proxy-arp
>>> ip route-cache policy
>>> ip route-cache flow
>>> no ip mroute-cache
>>> load-interval 30
>>> full-duplex
>>> no cdp enable
>>> !
>>> ip route 0.0.0.0 0.0.0.0 xx.yy.zz.49
>>
>> Without NATing, how is this supposed to work? You may route out to
>> the internet, but the internet does not know how to get back to a
>> private IP address range that is not NATed to a public IP. Am I
>> missing something?
>>
>
> Sorry, I forgot about NAT. Below didn't work:
> !
> interface FastEthernet5/0/0
> ...
> ip nat outside
> !
> ip nat inside source list 1 interface FastEthernet5/0/0 overload
> !
> access-list 1 permit 10.1.1.0 0.0.0.255
> !
>

Was missing "ip nat inside". It's working now. Thank you.