Skip to main content

Cisco 871 DHCP Configuration with - Cable modem

More
16 years 1 month ago #27895 by mapena
I just try to setup this router to works as DHCP with one vlan and one of the interfaces connected to the vlan, I am able to get IP on the laptop and can ping the gateway however I am unable to browse or ping outside the router.
From the router I can ping any ip address.

Here is my config
Cisco 870 - DSL connection
Master#sh run
Building configuration...
Current configuration : 1440 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Master
boot-start-marker
boot-end-marker
enable secret 5 $1$abIG$nQObBt8phHvc/GE4tzTBD/
no aaa new-model
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp pool vlan10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name cisco
dns-server XX.31.64.39 XX.31.112.39
lease 4
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
username xxxxxxx privilege 15 secret 5 xxxxxxxxxx
archive
log config
hidekeys
interface FastEthernet0
switchport access vlan 10
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description External_Connection
mac-address 000f.cba7.952b
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan10
description Internal
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX (ISP gateway)
ip domain name cisco
ip name-server XX.31.64.39
no ip http server
no ip http secure-server
control-plane
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxxxx
login
scheduler max-task-time 5000
end

Thanks

Regards,

Miguel
More
16 years 1 month ago #27898 by Chris
mapena,

You have correctly identified the nat inside and outside interfaces, but you are missing the ip nat command that controls which internal IP address is nat'ed:

Enter the following commands in your configuration and give it another try:

- ip nat inside source list 100 interface fastethernet4 overload
- access-list 100 permit ip 192.168.1.0 0.0.0.255 any

The above assumes that your Fastethernet 4 interface receives a valid public ip address.

Assuming your default route is valid, you should be able to get your internal clients out.

In case your gateway also perfoms the nat service for you, then simply remove all nat statements from your configuration and you'll get the same result.

Let us know of your results.

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
16 years 1 month ago #27907 by mapena
Replied by mapena on topic It's working
Hi Chris,

I've just added the missing lines and it seems working fine.
Thanks a lot, I spent one week with a headache.

Regards,

Miguel
Time to create page: 0.118 seconds