dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1258
share rss forum feed


needassistan

@cogentco.com

[Config] DHCP 1921 not handing out addresses, help!!

show run
Building configuration...
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 1921Rectory
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no logging console
no aaa new-model
no ipv6 cef
no ip source-route
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.149
ip dhcp excluded-address 192.168.1.200 192.168.1.254
ip dhcp pool xxxxxx-pool
network 192.168.1.0 255.255.255.0
dns-server x.x.x.x 4.2.2.2
default-router 192.168.1.1
domain-name xxxxxxxx
ip name-server x.x.x.x
ip name-server x.x.x.x
multilink bundle-name authenticated
redundancy
no ip ftp passive
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxx address x.x.x.x
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel tox.x.x.x
set peer x.x.x.x
set transform-set ESP-3DES-SHA
match address 102
interface Embedded-Service-Engine0/0
no ip address
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$ETH-LAN$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
description $ETH-WAN$
ip address x.x.x.x x.x.x.x
ip access-group 101 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
no ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.x
access-list 10 remark CCP_ACL Category=16
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 deny any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark CCP_ACL Category=17
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit udp host x.x.x.x host x.x.x.x eq non500-isakmp
access-list 101 permit udp host x.x.x.x host x.x.x.x eq isakmp
access-list 101 permit esp host x.x.x.x host x.x.x.x
access-list 101 permit ahp host x.x.x.x host x.x.x.x
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit tcp any any
access-list 101 permit udp any any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip any any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark CCP_ACL Category=2
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
route-map SDM_RMAP_1 permit 1
match ip address 103
control-plane
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
end



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

Umm right. Dump a config on us and expect us to sort you out?

How about some troubleshooting information and background on the situation?

Has it ever worked?

Are there unexpired leases that need clearing out (since your have limited your pool to about 50 addresses)?

Done any debugging of your ACLs to work out if they are perhaps blocking requests or replies? (hint hint)


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to needassistan

Hint: ip access-group 100 in



needassistan

@charter.com

Yes, the acl on the lan interface was my problem... Thank you very much for the assistance!!!