|
Home > Archive > alt.certification.cisco > March 2004 > can't get an address on my WAN interface through DHCP
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
can't get an address on my WAN interface through DHCP
|
|
| Sameer 2004-03-22, 11:25 am |
| this is all screwed up. i'm pretty sure the ACL's have something to do with
this.
anyways, i'm trying to get my router to get an address from my cable
provider via DHCP, unfortunately it's not picking.
Ethernet0/0 unassigned YES DHCP up up
here's my config... it's a bit long...
----------------
version 12.3
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname pluto
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxx
enable password 7 xxxxx
!
username austin password 7 xxxxx
clock timezone PST -8
clock summer-time PDT recurring
aaa new-model
aaa session-id common
!
!
! ------ IP and network services section
ip subnet-zero
ip classless
ip audit notify log
ip audit po max-events 100
ip audit smtp spam 50
ip ssh time-out 30
ip ssh authentication-retries 2
ip domain name sol.home
ip name-server 24.52.223.218
ip name-server 24.52.223.219
ip cef
logging trap debugging
no service tcp-small-servers
no service udp-small-servers
no snmp-server
no service config
no service finger
no cdp run
no voice hpi capture buffer
no voice hpi capture destination
no ip source-route
no ip http server
no ip http secure-server
no ip bootp server
no ip finger
no ip domain-lookup
no ip name-server
!
!
! ----- Boot control section
no boot network
no service config
!
!
! ----- SNMP Section (for totally disabling SNMP)
! disable SNMP trap and system-shutdown features
no snmp-server enable traps
no snmp-server system-shutdown
no snmp-server trap-auth
! turn off SNMP altogether
no snmp-server
!
!
!
!
interface Ethernet0/0
description *** ethernet 0 - WAN Interface ***
ip address dhcp
ip access-group FIREWALL out
ip access-group INBOUND in
ip accounting access-violations
ip nat outside
ip verify unicast reverse-path
no cdp enable
no ip redirect
no ip proxy-arp
no ip directed-broadcast
no ip mask-reply
no ip unreachable
no ip redirect
full-duplex
hold-queue 100 out
no shutdown
!
interface Serial0/0
no ip address
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
no fair-queue
no cdp enable
shutdown
!
interface BRI0/0
no ip address
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
no cdp enable
shutdown
!
interface Ethernet0/1
description *** ethernet 0/1 - LAN Interface ***
ip address 10.10.100.1 255.255.255.248
ip access-group OUTBOUND out
ip accounting access-violations
ip nat inside
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
no ip mask-reply
no cdp enable
full-duplex
hold-queue 100 out
no shutdown
!
ip nat pool homenatpool 10.10.100.1 10.10.100.1 netmask 255.255.255.248
ip nat inside source list 25 pool homenatpool overload
!
!
!
!---- CBAC's
ip inspect tcp synwait-time 15
ip inspect tcp finwait-time 1
ip inspect tcp idle-time 1800
ip inspect udp idle-time 15
ip inspect name FIREWALL http audit-trail on
ip inspect name FIREWALL smtp audit-trail on
ip inspect name FIREWALL ftp audit-trail on
ip inspect name FIREWALL tcp audit-trail on
ip inspect name FIREWALL udp audit-trail on
!
!---- OUTBOUND LAN port access-list
ip access-list extended OUTBOUND
deny tcp any any eq 27665 log
deny udp any any eq 31335 log
deny udp any any eq 27444 log
deny tcp any any eq 16660 log
deny tcp any any eq 65000 log
deny tcp any any eq 33270 log
deny tcp any any eq 39168 log
deny tcp any any range 6711 6712 log
deny tcp any any eq 6776 log
deny tcp any any eq 6669 log
deny tcp any any eq 2222 log
deny tcp any any eq 7000 log
!--- ICMP_blocking
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any packet-too-big
permit icmp any any traceroute
permit icmp any any unreachable
permit icmp any any parameter-problem
!
!
!---- INBOUND WAN port access-list
ip access-list extended INBOUND
deny ip 10.10.100.0 0.0.0.3 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 0.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 224.0.0.0 15.255.255.255 any log
deny ip host 255.255.255.255 any log
!--- ICMP_blocking
deny icmp any any echo log
deny icmp any any redirect log
deny icmp any any mask-request log
deny ip any any log
!
!---- SSH Connectivity
ip access-list extenxted SSH_ACCESS
permit tcp host xxx host 10.10.100.1 eq 22 log
permit tcp host xxx host 10.10.100.1 eq 22 log
!
!
!
!
banner exec ^C
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
* This system is private property, and is intended for the specific *
* use of authorized users only. All activities of individuals using this *
* computing system without authority, or in excess of their authority, are *
* monitored and recorded by system personnel. If any such monitoring *
* reveals possible evidence of criminal activity, system personnel may *
* provide such evidence to law enforcement officials. *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*^C
!
line con 0
password 7 xxxxx
stopbits 1
speed 115200
line aux 0
line vty 0
access-class SSH_ACCESS in
transport input ssh
line vty 1 4
transport input none
!
scheduler max-task-time 5000
ntp clock-period 17168756
ntp server 192.4.41.41
ntp server 192.5.41.40
!
!
end
------------------------
| |
| Sameer 2004-03-22, 2:25 pm |
| okay, worthy of noting. i had a syntax error, it should be "ip inspect
FIREWALL out"
i made the correction, but still things didn't work.
i then removed the ACL's but still nothing works.
this is the latest debug output:
*Feb 28 18:14:07.022 PST: Hostname: pluto
*Feb 28 18:14:08.269 PST: crm_send_periodic_update
*Feb 28 18:14:14.513 PST:
*Feb 28 18:14:14.513 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:14.513 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:14.513 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:14:14.513 PST:
*Feb 28 18:14:21.985 PST: DHCP: Try 10 to acquire address for Ethernet0/0
*Feb 28 18:14:21.989 PST: Ethernet0/0: Setting Duplex to HALF
*Feb 28 18:14:21.989 PST: Ethernet0/0: Interface is alive
*Feb 28 18:14:21.989 PST: IP-EIGRP: Callback: address_command Ethernet0/0
0.0.0.
0/0 sense 0
*Feb 28 18:14:21.989 PST: PIM(0): Flush DF for Ethernet0/0, RP 0.0.0.0
*Feb 28 18:14:21.993 PST: Ethernet0/0: Setting Duplex to HALF
*Feb 28 18:14:21.997 PST: Ethernet0/0: Interface is alive
*Feb 28 18:14:21.997 PST: IP-EIGRP: Callback: address_command Ethernet0/0
0.0.0.
0/32 sense 1
*Feb 28 18:14:21.997 PST: IP: pruning prefix cache entries for Ethernet0/0
*Feb 28 18:14:21.997 PST: IP: Invalidating prefix cache entries for 1
interfaces
*Feb 28 18:14:22.001 PST: DHCP: allocate request
*Feb 28 18:14:22.001 PST: DHCP: new entry. add to queue
*Feb 28 18:14:22.001 PST: DHCP: SDiscover attempt # 1 for entry:
*Feb 28 18:14:22.001 PST: Temp IP addr: 0.0.0.0 for peer on Interface:
Ethernet
0/0
*Feb 28 18:14:22.005 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:14:22.005 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 18:14:22.005 PST: DHCP transaction id: 7515FD
*Feb 28 18:14:22.005 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0
secs
*Feb 28 18:14:22.005 PST: Next timer fires after: 00:00:02
*Feb 28 18:14:22.005 PST: Retry count: 1 Client-ID:
cisco-0010.7b1d.4c60-Et
0/0
*Feb 28 18:14:22.009 PST: Hostname: pluto
*Feb 28 18:14:22.009 PST: DHCP: SDiscover: sending 297 byte length DHCP
packet
*Feb 28 18:14:22.009 PST: DHCP: SDiscover 297 bytes
*Feb 28 18:14:22.009 PST: IP: s=0.0.0.0 (local), d=255.255.255.255
(Ethernet0/0)
, len 604, sending broad/multicast
*Feb 28 18:14:22.013 PST: B'cast on Ethernet0/0 interface from
0.0.0
..0
*Feb 28 18:14:24.527 PST:
*Feb 28 18:14:24.527 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:24.527 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:24.527 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:14:24.527 PST:
*Feb 28 18:14:24.995 PST: DHCP: SDiscover attempt # 2 for entry:
*Feb 28 18:14:24.995 PST: Temp IP addr: 0.0.0.0 for peer on Interface:
Ethernet
0/0
*Feb 28 18:14:24.995 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:14:24.995 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 18:14:24.995 PST: DHCP transaction id: 7515FD
*Feb 28 18:14:24.999 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0
secs
*Feb 28 18:14:24.999 PST: Next timer fires after: 00:00:02
*Feb 28 18:14:24.999 PST: Retry count: 2 Client-ID:
cisco-0010.7b1d.4c60-Et
0/0
*Feb 28 18:14:24.999 PST: Hostname: pluto
*Feb 28 18:14:24.999 PST: DHCP: SDiscover: sending 297 byte length DHCP
packet
*Feb 28 18:14:24.999 PST: DHCP: SDiscover 297 bytes
*Feb 28 18:14:25.003 PST: IP: s=0.0.0.0 (local), d=255.255.255.255
(Ethernet0/0)
, len 604, sending broad/multicast
*Feb 28 18:14:25.003 PST: B'cast on Ethernet0/0 interface from
0.0.0
..0
*Feb 28 18:14:27.989 PST: DHCP: SDiscover attempt # 3 for entry:
*Feb 28 18:14:27.989 PST: Temp IP addr: 0.0.0.0 for peer on Interface:
Ethernet
0/0
*Feb 28 18:14:27.989 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:14:27.989 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 18:14:27.989 PST: DHCP transaction id: 7515FD
*Feb 28 18:14:27.993 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0
secs
*Feb 28 18:14:27.993 PST: Next timer fires after: 00:00:02
*Feb 28 18:14:27.993 PST: Retry count: 3 Client-ID:
cisco-0010.7b1d.4c60-Et
0/0
*Feb 28 18:14:27.993 PST: Hostname: pluto
*Feb 28 18:14:27.993 PST: DHCP: SDiscover: sending 297 byte length DHCP
packet
*Feb 28 18:14:27.993 PST: DHCP: SDiscover 297 bytes
*Feb 28 18:14:27.997 PST: IP: s=0.0.0.0 (local), d=255.255.255.255
(Ethernet0/0)
, len 604, sending broad/multicast
*Feb 28 18:14:27.997 PST: B'cast on Ethernet0/0 interface from
0.0.0
..0
*Feb 28 18:14:30.983 PST: DHCP: QScan: Timed out Selecting state
*Feb 28 18:14:33.213 PST: crm_send_periodic_update
*Feb 28 18:14:34.544 PST:
*Feb 28 18:14:34.544 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:34.544 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:34.548 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:14:34.548 PST:
*Feb 28 18:14:37.087 PST: DHCPD: checking for expired leases.%Unknown DHCP
probl
em.. No allocation possible
*Feb 28 18:14:42.351 PST: DHCP: Waiting for 50 seconds on interface
Ethernet0/0
*Feb 28 18:14:44.542 PST:
*Feb 28 18:14:44.542 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:44.542 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:44.542 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:14:44.542 PST:
*Feb 28 18:14:52.217 PST: Local MobileIP: aging arp mobility cache entries
*Feb 28 18:14:52.837 PST: AUTH-PROXY FUNC: auth_proxy_timers
*Feb 28 18:14:52.837 PST: AUTH-PROXY FUNC: auth_proxy_watchlist_timeout
*Feb 28 18:14:52.837 PST: AUTH-PROXY: watch-list polling timer restarted
*Feb 28 18:14:54.544 PST:
*Feb 28 18:14:54.544 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:54.544 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:14:54.544 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:14:54.544 PST:
*Feb 28 18:14:58.157 PST: crm_send_periodic_update
*Feb 28 18:15:03.414 PST: Cache ager called
*Feb 28 18:15:04.541 PST:
*Feb 28 18:15:04.541 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:04.541 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:04.545 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:15:04.545 PST:
pluto#
pluto#
*Feb 28 18:15:12.284 PST: DHCP: QScan: Purging entry
*Feb 28 18:15:12.284 PST: DHCP: deleting entry 829EE898 0.0.0.0 from list
*Feb 28 18:15:12.284 PST: Temp IP addr: 0.0.0.0 for peer on Interface:
Ethernet
0/0
*Feb 28 18:15:12.284 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:15:12.284 PST: DHCP Lease server: 0.0.0.0, state: 8 Purging
*Feb 28 18:15:12.288 PST: DHCP transaction id: 7515FD
*Feb 28 18:15:12.288 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0
secs
*Feb 28 18:15:12.288 PST: No timer running
*Feb 28 18:15:12.288 PST: Retry count: 0 Client-ID:
cisco-0010.7b1d.4c60-Et
0/0
*Feb 28 18:15:12.288 PST: Hostname: plutoundebug all
All possible debugging has been turned off
pluto#
*Feb 28 18:15:14.543 PST:
*Feb 28 18:15:14.543 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:14.543 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:14.543 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:15:14.543 PST: config t
Enter configuration commands, one per line. End with CNTL/Z.
pluto(config)#int e0/0
pluto(config-if)#no ip verify unicast reverse-path
pluto(config-if)#^Z
pluto#
*Feb 28 18:15:26.283 PST: %SYS-5-CONFIG_I: Configured from console by
consoledeb
ug all
This may severely impact network performance. Continue? (yes/[no]): yes
All possible debugging has been turned on
pluto#
*Feb 28 18:15:32.239 PST: DHCP: Try 11 to acquire address for Ethernet0/0
*Feb 28 18:15:32.239 PST: Ethernet0/0: Setting Duplex to HALF
*Feb 28 18:15:32.243 PST: Ethernet0/0: Interface is alive
*Feb 28 18:15:32.243 PST: IP-EIGRP: Callback: address_command Ethernet0/0
0.0.0.
0/0 sense 0
*Feb 28 18:15:32.243 PST: PIM(0): Flush DF for Ethernet0/0, RP 0.0.0.0
*Feb 28 18:15:32.247 PST: Ethernet0/0: Setting Duplex to HALF
*Feb 28 18:15:32.251 PST: Ethernet0/0: Interface is alive
*Feb 28 18:15:32.251 PST: IP-EIGRP: Callback: address_command Ethernet0/0
0.0.0.
0/32 sense 1
*Feb 28 18:15:32.251 PST: IP: pruning prefix cache entries for Ethernet0/0
*Feb 28 18:15:32.251 PST: IP: Invalidating prefix cache entries for 1
interfaces
*Feb 28 18:15:32.255 PST: DHCP: allocate request
*Feb 28 18:15:32.255 PST: DHCP: new entry. add to queue
*Feb 28 18:15:32.255 PST: DHCP: SDiscover attempt # 1 for entry:
*Feb 28 18:15:32.255 PST: Temp IP addr: 0.0.0.0 for peer on Interface:
Ethernet
0/0
*Feb 28 18:15:32.255 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:15:32.259 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 18:15:32.259 PST: DHCP transaction id: 7515FE
*Feb 28 18:15:32.259 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0
secs
*Feb 28 18:15:32.259 PST: Next timer fires after: 00:00:02
*Feb 28 18:15:32.259 PST: Retry count: 1 Client-ID:
cisco-0010.7b1d.4c60-Et
0/0
*Feb 28 18:15:32.263 PST: Hostname: pluto
*Feb 28 18:15:32.263 PST: DHCP: SDiscover: sending 297 byte length DHCP
packet
*Feb 28 18:15:32.263 PST: DHCP: SDiscover 297 bytes
*Feb 28 18:15:32.263 PST: IP: s=0.0.0.0 (local), d=255.255.255.255
(Ethernet0/0)
, len 604, sending broad/multicast
*Feb 28 18:15:32.267 PST: B'cast on Ethernet0/0 interface from
0.0.0
..0
*Feb 28 18:15:34.550 PST:
*Feb 28 18:15:34.550 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:34.550 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:34.550 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:15:34.550 PST:
*Feb 28 18:15:35.249 PST: DHCP: SDiscover attempt # 2 for entry:
*Feb 28 18:15:35.249 PST: Temp IP addr: 0.0.0.0 for peer on Interface:
Ethernet
0/0
*Feb 28 18:15:35.249 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:15:35.249 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 18:15:35.249 PST: DHCP transaction id: 7515FE
*Feb 28 18:15:35.253 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0
secs
*Feb 28 18:15:35.253 PST: Next timer fires after: 00:00:02
*Feb 28 18:15:35.253 PST: Retry count: 2 Client-ID:
cisco-0010.7b1d.4c60-Et
0/0
| |
|
| If you DHCP server has a private address its traffic is gonna be
blocked. You will need to find out what the IP of the DHCP server is
(DHCP server back to client is a directed unicast) and allow its IP to
talk through. Or just
'permit udp any any eq bootps' at the top of your acl.
HTH
Tim
> !---- INBOUND WAN port access-list
> ip access-list extended INBOUND
> deny ip 10.10.100.0 0.0.0.3 any log
> deny ip 127.0.0.0 0.255.255.255 any log
> deny ip 10.0.0.0 0.255.255.255 any log
> deny ip 0.0.0.0 0.255.255.255 any log
> deny ip 172.16.0.0 0.15.255.255 any log
> deny ip 192.168.0.0 0.0.255.255 any log
> deny ip 192.0.2.0 0.0.0.255 any log
> deny ip 224.0.0.0 15.255.255.255 any log
> deny ip host 255.255.255.255 any log
> !--- ICMP_blocking
> deny icmp any any echo log
> deny icmp any any redirect log
> deny icmp any any mask-request log
> deny ip any any log
"Sameer" <ssnewsfiles@hotmail.com> wrote in message news:<2KmdnRUhs9BhmcLdRVn-hg@adelphia.com>...
> this is all screwed up. i'm pretty sure the ACL's have something to do with
> this.
>
> anyways, i'm trying to get my router to get an address from my cable
> provider via DHCP, unfortunately it's not picking.
>
> Ethernet0/0 unassigned YES DHCP up up
>
> here's my config... it's a bit long...
>
> ----------------
> version 12.3
> no service pad
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> !
> hostname pluto
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 xxxxx
> enable password 7 xxxxx
> !
> username austin password 7 xxxxx
> clock timezone PST -8
> clock summer-time PDT recurring
> aaa new-model
> aaa session-id common
> !
> !
> ! ------ IP and network services section
> ip subnet-zero
> ip classless
> ip audit notify log
> ip audit po max-events 100
> ip audit smtp spam 50
> ip ssh time-out 30
> ip ssh authentication-retries 2
> ip domain name sol.home
> ip name-server 24.52.223.218
> ip name-server 24.52.223.219
> ip cef
> logging trap debugging
> no service tcp-small-servers
> no service udp-small-servers
> no snmp-server
> no service config
> no service finger
> no cdp run
> no voice hpi capture buffer
> no voice hpi capture destination
> no ip source-route
> no ip http server
> no ip http secure-server
> no ip bootp server
> no ip finger
> no ip domain-lookup
> no ip name-server
> !
> !
> ! ----- Boot control section
> no boot network
> no service config
> !
> !
> ! ----- SNMP Section (for totally disabling SNMP)
> ! disable SNMP trap and system-shutdown features
> no snmp-server enable traps
> no snmp-server system-shutdown
> no snmp-server trap-auth
> ! turn off SNMP altogether
> no snmp-server
> !
> !
> !
> !
> interface Ethernet0/0
> description *** ethernet 0 - WAN Interface ***
> ip address dhcp
> ip access-group FIREWALL out
> ip access-group INBOUND in
> ip accounting access-violations
> ip nat outside
> ip verify unicast reverse-path
> no cdp enable
> no ip redirect
> no ip proxy-arp
> no ip directed-broadcast
> no ip mask-reply
> no ip unreachable
> no ip redirect
> full-duplex
> hold-queue 100 out
> no shutdown
> !
> interface Serial0/0
> no ip address
> no ip proxy-arp
> no ip directed-broadcast
> no ip unreachable
> no ip redirect
> no fair-queue
> no cdp enable
> shutdown
> !
> interface BRI0/0
> no ip address
> no ip proxy-arp
> no ip directed-broadcast
> no ip unreachable
> no ip redirect
> no cdp enable
> shutdown
> !
> interface Ethernet0/1
> description *** ethernet 0/1 - LAN Interface ***
> ip address 10.10.100.1 255.255.255.248
> ip access-group OUTBOUND out
> ip accounting access-violations
> ip nat inside
> no ip unreachables
> no ip proxy-arp
> no ip directed-broadcast
> no ip mask-reply
> no cdp enable
> full-duplex
> hold-queue 100 out
> no shutdown
> !
> ip nat pool homenatpool 10.10.100.1 10.10.100.1 netmask 255.255.255.248
> ip nat inside source list 25 pool homenatpool overload
> !
> !
> !
> !---- CBAC's
> ip inspect tcp synwait-time 15
> ip inspect tcp finwait-time 1
> ip inspect tcp idle-time 1800
> ip inspect udp idle-time 15
> ip inspect name FIREWALL http audit-trail on
> ip inspect name FIREWALL smtp audit-trail on
> ip inspect name FIREWALL ftp audit-trail on
> ip inspect name FIREWALL tcp audit-trail on
> ip inspect name FIREWALL udp audit-trail on
> !
> !---- OUTBOUND LAN port access-list
> ip access-list extended OUTBOUND
> deny tcp any any eq 27665 log
> deny udp any any eq 31335 log
> deny udp any any eq 27444 log
> deny tcp any any eq 16660 log
> deny tcp any any eq 65000 log
> deny tcp any any eq 33270 log
> deny tcp any any eq 39168 log
> deny tcp any any range 6711 6712 log
> deny tcp any any eq 6776 log
> deny tcp any any eq 6669 log
> deny tcp any any eq 2222 log
> deny tcp any any eq 7000 log
> !--- ICMP_blocking
> permit icmp any any echo-reply
> permit icmp any any time-exceeded
> permit icmp any any packet-too-big
> permit icmp any any traceroute
> permit icmp any any unreachable
> permit icmp any any parameter-problem
> !
> !
> !---- INBOUND WAN port access-list
> ip access-list extended INBOUND
> deny ip 10.10.100.0 0.0.0.3 any log
> deny ip 127.0.0.0 0.255.255.255 any log
> deny ip 10.0.0.0 0.255.255.255 any log
> deny ip 0.0.0.0 0.255.255.255 any log
> deny ip 172.16.0.0 0.15.255.255 any log
> deny ip 192.168.0.0 0.0.255.255 any log
> deny ip 192.0.2.0 0.0.0.255 any log
> deny ip 224.0.0.0 15.255.255.255 any log
> deny ip host 255.255.255.255 any log
> !--- ICMP_blocking
> deny icmp any any echo log
> deny icmp any any redirect log
> deny icmp any any mask-request log
> deny ip any any log
> !
> !---- SSH Connectivity
> ip access-list extenxted SSH_ACCESS
> permit tcp host xxx host 10.10.100.1 eq 22 log
> permit tcp host xxx host 10.10.100.1 eq 22 log
> !
> !
> !
> !
> banner exec ^C
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *
> * This system is private property, and is intended for the specific *
> * use of authorized users only. All activities of individuals using this *
> * computing system without authority, or in excess of their authority, are *
> * monitored and recorded by system personnel. If any such monitoring *
> * reveals possible evidence of criminal activity, system personnel may *
> * provide such evidence to law enforcement officials. *
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *^C
>
> !
> line con 0
> password 7 xxxxx
> stopbits 1
> speed 115200
> line aux 0
> line vty 0
> access-class SSH_ACCESS in
> transport input ssh
> line vty 1 4
> transport input none
> !
> scheduler max-task-time 5000
> ntp clock-period 17168756
> ntp server 192.4.41.41
> ntp server 192.5.41.40
> !
> !
> end
> ------------------------
| |
| Sameer 2004-03-22, 4:25 pm |
| the thing is... that i removed the ACL's, so i don't think ACL's are an
issue now.
this one item from the debug output sorta troubles me:
*Feb 28 18:14:37.087 PST: DHCPD: checking for expired leases.%Unknown DHCP
problem.. No allocation possible
however, before this, i did see something that matched my ACL, and just as
you said, the DHCP server, did have a private-ish address, so i specifically
gave that address a permit entry.
any other suggestions?
| |
| Fausto 2004-03-23, 5:25 pm |
| Sorry everybody but does your wan ip address comes from a ISP ? Try using
the command ip address negotiated. By the way your are not bridging adsl
over ethernet are you ?
"Sameer" <ssnewsfiles@hotmail.com> wrote in message
news:2bGdnZbxQNsE0sLdRVn-jA@adelphia.com...
> the thing is... that i removed the ACL's, so i don't think ACL's are an
> issue now.
>
> this one item from the debug output sorta troubles me:
>
> *Feb 28 18:14:37.087 PST: DHCPD: checking for expired leases.%Unknown DHCP
> problem.. No allocation possible
>
> however, before this, i did see something that matched my ACL, and just as
> you said, the DHCP server, did have a private-ish address, so i
specifically
> gave that address a permit entry.
>
> any other suggestions?
>
>
|
|
|
|
|