Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Re: Cisco DHCP: what is wrong in my conf?

Reply
Thread Tools

Re: Cisco DHCP: what is wrong in my conf?

 
 
ccie reports
Guest
Posts: n/a
 
      10-30-2010
On Oct 30, 4:16*am, "Elia S." <(E-Mail Removed)> wrote:
> Hello
> I have always used cisco's DHCP inside the routers without trouble.
>
> Now I am in this particular situation:
>
> Cisco 837
> IOS 12.4(25c)
>
> Eth0: Office LAN 192.168.0.0/24
> eth2: WISP Lan 172.16.0.1/23 (255.255.254.0)
>
> These are the relevant lines of the config:
>
> no ip dhcp use vrf connected
> ip dhcp excluded-address 192.168.1.0 192.168.1.10
> ip dhcp excluded-address 192.168.1.20 192.168.1.254
> ip dhcp excluded-address 172.16.0.0 172.16.0.254
> ip dhcp excluded-address 172.16.1.1 172.16.1.99
> !
> ip dhcp pool Mezzogori
> * *network 192.168.1.0 255.255.255.0
> * *default-router 192.168.1.1
> * *netbios-node-type h-node
> * *domain-name mezzogorimario.local
> * *dns-server 192.168.1.1
> !
> ip dhcp pool WISP-TEST
> * *network 172.16.0.0 255.255.254.0
> * *default-router 172.16.0.1
> * *netbios-node-type h-node
> * *domain-name wisp-test.local
> * *dns-server 172.16.0.1
> !
> !
> ip cef
>
> interface Ethernet0
> description Rete 192.168.1.0/24 Office
> ip address 192.168.1.1 255.255.255.0
> no ip redirects
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> hold-queue 100 out
> !
> interface Ethernet2
> description Rete 172.16.0.0/23 WISP TEST
> ip address 172.16.0.1 255.255.254.0
> ip access-group 110 in
> no ip redirects
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> hold-queue 100 out
>
> The access list 110 is the following:
>
> access-list 110 deny * ip 172.16.0.0 0.0.1.255 192.168.1.0 0.0.0.255
> access-list 110 deny * udp 172.16.0.0 0.0.1.255 any eq tftp
> access-list 110 deny * tcp 172.16.0.0 0.0.1.255 any eq 135
> access-list 110 deny * udp 172.16.0.0 0.0.1.255 any eq 135
> access-list 110 deny * tcp 172.16.0.0 0.0.1.255 any range 137 139
> access-list 110 deny * udp 172.16.0.0 0.0.1.255 any range netbios-ns
> netbios-ss
> access-list 110 deny * tcp 172.16.0.0 0.0.1.255 any eq 445
> access-list 110 deny * udp 172.16.0.0 0.0.1.255 any eq 445
> access-list 110 deny * tcp 172.16.0.0 0.0.1.255 any eq 593
> access-list 110 deny * udp 172.16.0.0 0.0.1.255 any eq 593
> access-list 110 deny * tcp 172.16.0.0 0.0.1.255 any eq 4444
> access-list 110 deny * udp 172.16.0.0 0.0.1.255 any eq 4444
> access-list 110 permit ip 172.16.0.0 0.0.1.255 any
>
> To avoid that the wisp network enters the eth0 network.
> to avoid some outgoing worms
>
> I think that I am blocking DHCP requests...
>
> Can someone help me?


You need to allow bootpc and bootps in your access list.


Thanks,
Joe
http://certificationchat.com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Discussion about segregating bandwidth with Cisco 7513, Cisco 3750 and Cisco 3640 iskandar@measat.com Cisco 1 06-18-2006 06:30 PM
Cisco 1750 Router Cisco QoS Device Manager Cisco VPN Device Manager Rene Kuhn Cisco 0 12-28-2005 08:45 PM
Cisco SIP T.38 fax failing (Cisco sends to wrong port) Greg Cisco 1 10-20-2005 12:50 AM
Is XML Doc wrong or is Schema wrong? (or both) Matthew XML 7 01-07-2005 10:05 PM



Advertisments