 TomS_Git-r-donePremium,MVM
join:2002-07-19
Ireland
kudos:1 | reply to Sailing_Nut
Re: [help] 851W and ISP DHCPI think you will find it is because access-list 102 doesnt permit the DHCP response back into your router.
Try adding the following line, but make sure it is added before the "deny ip any any" line:
access-list 102 permit udp any any eq bootps
Easiest way to do it is to take a copy of your existing access-list, add the new rule, "no" the existing access-list, then paste the new one back in. |
|
| I was just editing a file to include what you suggested and I noticed that I already have a line in the access list that reads:
access-list 102 permit udp any any eq bootps
and it is several lines before the line
access-list 102 deny ip any any log
Am I misunderstanding something here or should that be working? |
|
aryobaPremium,MVM
join:2002-08-22
kudos:1 | Sailing_Nut,
Replace ACL 102 under WAN interface with ACL 101 and see if it works. Here is the step
configure terminal
interface FastEthernet4
no ip access-group 102 in
ip access-group 101 in
end
copy running-config startup-config |
|
|
|
| Unfortunately no luck with switching the ACL.
If you think I would be best defaulting the router and starting again, I can do that. I've been thrashing about with SDM and the command line and it's possible that I've got some built up junk that's messing things up.
If I rebuild, I think it would be best to stay away from SDM because it seems to do lots of things that one might not intend. I'll just need some guidance in building the firewall rules.
Thanks! |
|
aryobaPremium,MVM
join:2002-08-22
kudos:1 | After applying the ACL 101, did you reset the WAN interface?
Something like shut/no shut or reload the router would do.
No need to wipe out the entire config ..... at least not yet .... 
By resetting the interface, the router will reinitialize DHCP session with your ISP. See if your router can have the IP address then. |
|
| I had previously used SDM to take the interface down and back up.
I just tried the shut / no shut and that did not seem to work either. But, just to be sure I'm doing it right. I enterd these commands:
configuration terminal
int fa4
shut
no shut
end
Did I get it right? |
|
aryobaPremium,MVM
join:2002-08-22
kudos:1 | Yup, it was the right command ...
Btw, do you have Static IP plan with your ISP?
You may want to confirm with the ISP if they use a system that lock down MAC address into their system. When they do, then you need to confirm that they have the correct WAN interface MAC address. Your correct WAN interface MAC address should be the one on the show interface FastEthernet4. |
|
