Re: Cisco DHCP: what is wrong in my conf?

Discussion in 'Cisco' started by ccie reports, Oct 30, 2010.

  1. ccie reports

    ccie reports Guest

    On Oct 30, 4:16 am, "Elia S." <> wrote:
    > Hello
    > I have always used cisco's DHCP inside the routers without trouble.
    >
    > Now I am in this particular situation:
    >
    > Cisco 837
    > IOS 12.4(25c)
    >
    > Eth0: Office LAN 192.168.0.0/24
    > eth2: WISP Lan 172.16.0.1/23 (255.255.254.0)
    >
    > These are the relevant lines of the config:
    >
    > no ip dhcp use vrf connected
    > ip dhcp excluded-address 192.168.1.0 192.168.1.10
    > ip dhcp excluded-address 192.168.1.20 192.168.1.254
    > ip dhcp excluded-address 172.16.0.0 172.16.0.254
    > ip dhcp excluded-address 172.16.1.1 172.16.1.99
    > !
    > ip dhcp pool Mezzogori
    >    network 192.168.1.0 255.255.255.0
    >    default-router 192.168.1.1
    >    netbios-node-type h-node
    >    domain-name mezzogorimario.local
    >    dns-server 192.168.1.1
    > !
    > ip dhcp pool WISP-TEST
    >    network 172.16.0.0 255.255.254.0
    >    default-router 172.16.0.1
    >    netbios-node-type h-node
    >    domain-name wisp-test.local
    >    dns-server 172.16.0.1
    > !
    > !
    > ip cef
    >
    > interface Ethernet0
    > description Rete 192.168.1.0/24 Office
    > ip address 192.168.1.1 255.255.255.0
    > no ip redirects
    > no ip proxy-arp
    > ip nat inside
    > ip virtual-reassembly
    > hold-queue 100 out
    > !
    > interface Ethernet2
    > description Rete 172.16.0.0/23 WISP TEST
    > ip address 172.16.0.1 255.255.254.0
    > ip access-group 110 in
    > no ip redirects
    > no ip proxy-arp
    > ip nat inside
    > ip virtual-reassembly
    > hold-queue 100 out
    >
    > The access list 110 is the following:
    >
    > access-list 110 deny   ip 172.16.0.0 0.0.1.255 192.168.1.0 0.0.0.255
    > access-list 110 deny   udp 172.16.0.0 0.0.1.255 any eq tftp
    > access-list 110 deny   tcp 172.16.0.0 0.0.1.255 any eq 135
    > access-list 110 deny   udp 172.16.0.0 0.0.1.255 any eq 135
    > access-list 110 deny   tcp 172.16.0.0 0.0.1.255 any range 137 139
    > access-list 110 deny   udp 172.16.0.0 0.0.1.255 any range netbios-ns
    > netbios-ss
    > access-list 110 deny   tcp 172.16.0.0 0.0.1.255 any eq 445
    > access-list 110 deny   udp 172.16.0.0 0.0.1.255 any eq 445
    > access-list 110 deny   tcp 172.16.0.0 0.0.1.255 any eq 593
    > access-list 110 deny   udp 172.16.0.0 0.0.1.255 any eq 593
    > access-list 110 deny   tcp 172.16.0.0 0.0.1.255 any eq 4444
    > access-list 110 deny   udp 172.16.0.0 0.0.1.255 any eq 4444
    > access-list 110 permit ip 172.16.0.0 0.0.1.255 any
    >
    > To avoid that the wisp network enters the eth0 network.
    > to avoid some outgoing worms
    >
    > I think that I am blocking DHCP requests...
    >
    > Can someone help me?


    You need to allow bootpc and bootps in your access list.


    Thanks,
    Joe
    http://certificationchat.com
    ccie reports, Oct 30, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. grzybek

    DNS problem, suspect PIX conf

    grzybek, Jan 29, 2004, in forum: Cisco
    Replies:
    5
    Views:
    2,163
    grzybek
    Feb 2, 2004
  2. Gustav
    Replies:
    1
    Views:
    435
    News Account
    Feb 21, 2004
  3. Replies:
    1
    Views:
    5,207
    www.BradReese.Com
    Jan 25, 2006
  4. OmOd_Rye

    Help with Cisco 827 conf.

    OmOd_Rye, Aug 22, 2007, in forum: Cisco
    Replies:
    0
    Views:
    2,284
    OmOd_Rye
    Aug 22, 2007
  5. Rob
    Replies:
    0
    Views:
    488
Loading...

Share This Page