cisco router can't get address through DHCP

xyyz · Mar 22, 2004

this is all screwed up. i'm pretty sure the ACL's have something to do with this.

anyways, i'm trying to get my router to get an address from my cable provider via DHCP, unfortunately it's not picking.

Ethernet0/0 unassigned YES DHCP up up

here's my config... it's a bit long...

----------------
version 12.3
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname pluto
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxx
enable password 7 xxxxx
!
username austin password 7 xxxxx
clock timezone PST -8
clock summer-time PDT recurring
aaa new-model
aaa session-id common
!
!
! ------ IP and network services section
ip subnet-zero
ip classless
ip audit notify log
ip audit po max-events 100
ip audit smtp spam 50
ip ssh time-out 30
ip ssh authentication-retries 2
ip domain name sol.home
ip name-server 24.52.223.218
ip name-server 24.52.223.219
ip cef
logging trap debugging
no service tcp-small-servers
no service udp-small-servers
no snmp-server
no service config
no service finger
no cdp run
no voice hpi capture buffer
no voice hpi capture destination
no ip source-route
no ip http server
no ip http secure-server
no ip bootp server
no ip finger
no ip domain-lookup
no ip name-server
!
!
! ----- Boot control section
no boot network
no service config
!
!
! ----- SNMP Section (for totally disabling SNMP)
! disable SNMP trap and system-shutdown features
no snmp-server enable traps
no snmp-server system-shutdown
no snmp-server trap-auth
! turn off SNMP altogether
no snmp-server
!
!
!
!
interface Ethernet0/0
description *** ethernet 0 - WAN Interface ***
ip address dhcp
ip inspect FIREWALL out
ip access-group INBOUND in
ip accounting access-violations
ip nat outside
ip verify unicast reverse-path
no cdp enable
no ip redirect
no ip proxy-arp
no ip directed-broadcast
no ip mask-reply
no ip unreachable
no ip redirect
full-duplex
hold-queue 100 out
no shutdown
!
interface Serial0/0
no ip address
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
no fair-queue
no cdp enable
shutdown
!
interface BRI0/0
no ip address
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
no cdp enable
shutdown
!
interface Ethernet0/1
description *** ethernet 0/1 - LAN Interface ***
ip address 10.10.100.1 255.255.255.248
ip access-group OUTBOUND out
ip accounting access-violations
ip nat inside
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
no ip mask-reply
no cdp enable
full-duplex
hold-queue 100 out
no shutdown
!
ip nat pool homenatpool 10.10.100.1 10.10.100.1 netmask 255.255.255.248
ip nat inside source list 25 pool homenatpool overload
!
!
!
!---- CBAC's
ip inspect tcp synwait-time 15
ip inspect tcp finwait-time 1
ip inspect tcp idle-time 1800
ip inspect udp idle-time 15
ip inspect name FIREWALL http audit-trail on
ip inspect name FIREWALL smtp audit-trail on
ip inspect name FIREWALL ftp audit-trail on
ip inspect name FIREWALL tcp audit-trail on
ip inspect name FIREWALL udp audit-trail on
!
!---- OUTBOUND LAN port access-list
ip access-list extended OUTBOUND
deny tcp any any eq 27665 log
deny udp any any eq 31335 log
deny udp any any eq 27444 log
deny tcp any any eq 16660 log
deny tcp any any eq 65000 log
deny tcp any any eq 33270 log
deny tcp any any eq 39168 log
deny tcp any any range 6711 6712 log
deny tcp any any eq 6776 log
deny tcp any any eq 6669 log
deny tcp any any eq 2222 log
deny tcp any any eq 7000 log
!--- ICMP_blocking
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any packet-too-big
permit icmp any any traceroute
permit icmp any any unreachable
permit icmp any any parameter-problem
!
!
!---- INBOUND WAN port access-list
ip access-list extended INBOUND
deny ip 10.10.100.0 0.0.0.3 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 0.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 224.0.0.0 15.255.255.255 any log
deny ip host 255.255.255.255 any log
!--- ICMP_blocking
deny icmp any any echo log
deny icmp any any redirect log
deny icmp any any mask-request log
deny ip any any log
!
!---- SSH Connectivity
ip access-list extenxted SSH_ACCESS
permit tcp host xxx host 10.10.100.xxx eq 22 log
permit tcp host xxx host 10.10.100.xxx eq 22 log
!
!
!
!
banner exec ^C
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* This system is private property, and is intended for the specific *
* use of authorized users only. All activities of individuals using this *
* computing system without authority, or in excess of their authority, are *
* monitored and recorded by system personnel. If any such monitoring *
* reveals possible evidence of criminal activity, system personnel may *
* provide such evidence to law enforcement officials. *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *^C

!
line con 0
password 7 xxxxx
stopbits 1
speed 115200
line aux 0
line vty 0
access-class SSH_ACCESS in
transport input ssh
line vty 1 4
transport input none
!
scheduler max-task-time 5000
ntp clock-period 17168756
ntp server 192.4.41.41
ntp server 192.5.41.40
!
!
end
------------------------

spidey07 · Mar 22, 2004

I don't see anywhere on the outbound list where you allow DHCP.

xyyz · Mar 22, 2004

ummm how would i do that? the WAN interface makes a request right, and the DHCP server responds... right?

so wouldn't the CBAC take care of this since the request is being made from the router?

spidey07 · Mar 22, 2004

traffic sourced from the router still goes through the access-list. The DHCP request would be classified as an outbound packet and the DHCP offer from the server would be inbound.

xyyz · Mar 22, 2004

so how do i fix this... command-wise?

here's the debug output... warning it's long:

----------------
*Feb 28 16:06:33.776 PST: Local MobileIP: Ethernet0/0 add 68.233.234.1 rejected
*Feb 28 16:06:33.776 PST: IP ARP req filtered src 68.233.234.1 0050.5700.6943, d
st 68.233.234.53 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:33.960 PST: CEF: background resolution thread state:
*Feb 28 16:06:33.960 PST: Thread fast_thread: Empty
*Feb 28 16:06:33.964 PST: Thread todothread: Empty
*Feb 28 16:06:33.964 PST: Thread slow_thread: Empty
*Feb 28 16:06:34.204 PST: Local MobileIP: Ethernet0/0 add 68.234.186.1 rejected
*Feb 28 16:06:34.204 PST: IP ARP req filtered src 68.234.186.1 0050.5700.6943, d
st 68.234.186.71 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:34.656 PST: DHCP: Try 2 to acquire address for Ethernet0/0
*Feb 28 16:06:34.656 PST: Ethernet0/0: Setting Duplex to FULL
*Feb 28 16:06:34.660 PST: Ethernet0/0: Interface is alive
*Feb 28 16:06:34.660 PST: IP-EIGRP: Callback: address_command Ethernet0/0 0.0.0.
0/0 sense 0
*Feb 28 16:06:34.660 PST: PIM(0): Flush DF for Ethernet0/0, RP 0.0.0.0
*Feb 28 16:06:34.664 PST: Ethernet0/0: Setting Duplex to FULL
*Feb 28 16:06:34.668 PST: Ethernet0/0: Interface is alive
*Feb 28 16:06:34.668 PST: CEF: Configure default table on Ethernet0/0 interface
*Feb 28 16:06:34.668 PST: CEF-IDB: update access-group INBOUND 'in' for Ethernet0/0 as INBOUND
*Feb 28 16:06:34.668 PST: CEF-IDB: update access-group FIREWALL 'out' for Ethern
et0/0 as FIREWALL
*Feb 28 16:06:34.672 PST: IP-EIGRP: Callback: address_command Ethernet0/0 0.0.0.0/32 sense 1
*Feb 28 16:06:34.672 PST: CEF-HWIDB: Ethernet0/0 LES switching vector set to CEF
Feature Fast switching
*Feb 28 16:06:34.672 PST: IP: pruning prefix cache entries for Ethernet0/0
*Feb 28 16:06:34.672 PST: IP: Invalidating prefix cache entries for 1 interfaces
*Feb 28 16:06:34.676 PST: DHCP: allocate request
*Feb 28 16:06:34.676 PST: DHCP: zapping entry in DHC_PURGING state for Et0/0
*Feb 28 16:06:34.676 PST: DHCP: new entry. add to queue
*Feb 28 16:06:34.676 PST: DHCP: SDiscover attempt # 1 for entry:
*Feb 28 16:06:34.676 PST: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0/0
*Feb 28 16:06:34.676 PST: Temp sub net mask: 0.0.0.0
*Feb 28 16:06:34.680 PST: DHCP Lease server
pluto#: 0.0.0.0, state: 1 Selecting
*Feb 28 16:06:34.680 PST: DHCP transaction id: 5C40C
*Feb 28 16:06:34.680 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Feb 28 16:06:34.680 PST: Next timer fires after: 00:00:02
*Feb 28 16:06:34.680 PST: Retry count: 1 Client-ID: cisco-0010.7b1d.4c60-Et0/0
*Feb 28 16:06:34.684 PST: Hostname: pluto
*Feb 28 16:06:34.684 PST: DHCP: SDiscover: sending 297 byte length DHCP packet
*Feb 28 16:06:34.684 PST: DHCP: SDiscover 297 bytes
*Feb 28 16:06:34.684 PST: IP: s=0.0.0.0 (local), d=255.255.255.255 (Ethernet0/0)
, len 604, sending broad/multicast
*Feb 28 16:06:34.688 PST: B'cast on Ethernet0/0 interface from 0.0.0.0
*Feb 28 16:06:34.692 PST: %IPFAST-6-INVALREQ: Cache invalidation request for Ethernet0/0
-Process= "ARP Input", ipl= 0, pid= 13
-Traceback= 806449C8 80644A8C 805074A0 8050610C 80459EEC 8045D488
*Feb 28 16:06:34.700 PST: Local MobileIP: Ethernet0/0 add 68.70.32.1 rejected
*Feb 28 16:06:34.700 PST: IP ARP req filtereundd src 68.70.32.1 0050.5700.6943,
dst 68.70.32.19 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:34.951 PST: Local MobileIP: Ethernet0/0 add 24.50.74.1 rejected
*Feb 28 16:06:34.955 PST: IP ARP req filtered src 24.50.74.1 0050.5700.6943, dst
24.50.74.62 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:34.971 PST: CEF: background resolution thread state:
*Feb 28 16:06:34.971 PST: Thread fast_thread: Empty
*Feb 28 16:06:34.971 PST: Thread todothread: Empty
*Feb 28 16:06:34.975 PST: Thread slow_thread: Empty
*Feb 28 16:06:34.983 PST: Local MobileIP: Ethernet0/0 add 68.171.128.1 rejected
*Feb 28 16:06:34.983 PST: IP ARP req filtered src 68.171.128.1 0050.5700.6943, d
st 68.171.128.190 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:35.035 PST: Local MobileIP: Ethernet0/0 add 68.66.129.1 rejected
*Feb 28 16:06:35.035 PST: IP ARP req filtered src 68.66.129.1 0050.5700.6943, ds
t 68.66.129.223 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:35.851 PST: IP ARP req filtered src 24.50.74.1 0050.5700.6943, dst
24.50.74.146 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:35.899 PST: Local MobileIP: Ethernet0/0 add 68.234.186.1 rejected
*Feb 28 16:06:35.899 PST: IP ARP req filtered src 68.234.186.1 0050.5700.6943, d
st 68.234.186.158 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:35.915 PST: Local MobileIP: Ethernet0/0 add 68.66.233.1 rejected
*Feb 28 16:06:35.919 PST: IP ARP req filtered src 68.66.233.1 0050.5700.6943, ds
t 68.66.233.182 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:35.983 PST:
*Feb 28 16:06:35.983 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 16:06:35.983 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 16:06:35.987 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 16:06:35.987 PST:
*Feb 28 16:06:35.987 PST: CEF: background resolution thread statel
*Feb 28 16:06:35.987 PST: Thread fast_thread: Empty
*Feb 28 16:06:35.991 PST: Thread todothread: Empty
*Feb 28 16:06:35.991 PST: Thread slow_thread: Empty
*Feb 28 16:06:36.019 PST: Local MobileIP: Ethernet0/0 add 68.66.245.1 rejected
*Feb 28 16:06:36.019 PST: IP ARP req filtered src 68.66.245.1 0050.5700.6943, ds
t 68.66.245.112 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:36.239 PST: Local MobileIP: Ethernet0/0 add 68.170.47.1 rejected
*Feb 28 16:06:36.239 PST: IP ARP req filtered src 68.170.47.1 0050.5700.6943, ds
t 68.170.47.78 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:36.994 PST: CEF: background resolution thread state:
*Feb 28 16:06:36.994 PST: Thread fast_thread: Empty
*Feb 28 16:06:36.998 PST: Thread todothread: Empty
*Feb 28 16:06:36.998 PST: Thread slow_thread: Empty
*Feb 28 16:06:37.670 PST: DHCP: SDiscover attempt # 2 for entry:
*Feb 28 16:06:37.670 PST: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0/0
*Feb 28 16:06:37.670 PST: Temp sub net mask: 0.0.0.0
*Feb 28 16:06:37.670 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 16:06:37.670 PST: DHCP transaction id: 5C40C
*Feb 28 16:06:37.670 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Feb 28 16:06:37.674 PST: Next timer fires after: 00:00:02
*Feb 28 16:06:37.674 PST: Retry count: 2 Client-ID: cisco-0010.7b1d.4c60-Et0/0
*Feb 28 16:06:37.674 PST: Hostname: pluto
*Feb 28 16:06:37.674 PST: DHCP: SDiscover: sending 297 byte length DHCP packet
*Feb 28 16:06:37.674 PST: DHCP: SDiscover 297 bytes
*Feb 28 16:06:37.678 PST: IP: s=0.0.0.0 (local), d=255.255.255.255 (Ethernet0/0),
len 604, sending broad/multicast
*Feb 28 16:06:37.678 PST: B'cast on Ethernet0/0 interface from 0.0.0.0
*Feb 28 16:06:37.754 PST: Local MobileIP: Ethernet0/0 add 68.169.229.1 rejected
*Feb 28 16:06:37.754 PST: IP ARP req filtered src 68.169.229.1 0050.5700.6943, d
st 68.169.229.14 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:37.774 PST: Local MobileIP: Ethernet0/0 add 68.233.233.1 rejected
*Feb 28 16:06:37.774 PST: IP ARP req filtered src 68.233.233.1 0050.5700.6943, d
st 68.233.233.199 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:37.945 PST: Local MobileIP: Ethernet0/0 add 68.169.229.1 rejected
*Feb 28 16:06:37.945 PST: IP ARP req filtered src 68.169.229.1 0050.5700.6943, d
st 68.169.229.132 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:38.005 PST: CEF: background resolution thread state:
*Feb 28 16:06:38.005 PST: Thread fast_thread: Empty
*Feb 28 16:06:38.005 PST: Thread todothread: Empty
*Feb 28 16:06:38.009 PST: Thread slow_thread: Empty
*Feb 28 16:06:38.033 PST: Local MobileIP: Ethernet0/0 add 24.50.74.1 rejected
*Feb 28 16:06:38.701 PST: Local MobileIP: Ethernet0/0 add 68.66.129.1 rejected
*Feb 28 16:06:38.701 PST: IP ARP req filtered src 68.66.129.1 0050.5700.6943, ds
t 68.66.129.248 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:38.781 PST: Local MobileIP: Ethernet0/0 add 68.234.186.1 rejected
*Feb 28 16:06:38.785 PST: IP ARP req filtered src 68.234.186.1 0050.5700.6943, d
st 68.234.186.95 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:38.857 PST: Local MobileIP: Ethernet0/0 add 68.233.234.1 rejected
*Feb 28 16:06:38.857 PST: IP ARP req filtered src 68.233.234.1 0050.5700.6943, d
st 68.233.235.47 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:38.861 PST: Local MobileIP: Ethernet0/0 add 24.49.4.1 rejected
*Feb 28 16:06:38.865 PST: IP ARP req filtered src 24.49.4.1 0050.5700.6943, dst
24.49.4.62 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:40.028 PST: CEF: background resolution thread state:
*Feb 28 16:06:40.028 PST: Thread fast_thread: Empty
*Feb 28 16:06:40.032 PST: Thread todothread: Empty
*Feb 28 16:06:40.032 PST: Thread slow_thread: Empty
*Feb 28 16:06:40.092 PST: Local MobileIP: Ethernet0/0 add 68.234.186.1 rejected
*Feb 28 16:06:40.092 PST: IP ARP req filtered src 68.234.186.1 0050.5700.6943, d
st 68.234.186.71 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:40.312 PST: Local MobileIP: Ethernet0/0 add 68.234.186.1 rejected
*Feb 28 16:06:40.312 PST: IP ARP req filtered src 68.234.186.1 0050.5700.6943, d
st 68.234.186.214 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:40.540 PST: Local MobileIP: Ethernet0/0 add 68.169.156.1 rejected
*Feb 28 16:06:40.540 PST: IP ARP req filtered src 68.169.156.1 0050.5700.6943, d
st 68.169.156.31 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:40.560 PST: Local MobileIP: Ethernet0/0 add 68.66.233.1 rejected
*Feb 28 16:06:40.560 PST: IP ARP req filtered src 68.66.233.1 0050.5700.6943, ds
t 68.66.233.139 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:40.664 PST: DHCP: SDiscover attempt # 3 for entry:
*Feb 28 16:06:40.664 PST: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0/0
*Feb 28 16:06:40.664 PST: Temp sub net mask: 0.0.0.0
*Feb 28 16:06:40.664 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 16:06:40.664 PST: DHCP transaction id: 5C40C
*Feb 28 16:06:40.668 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Feb 28 16:06:40.668 PST: Next timer fires after: 00:00:02
*Feb 28 16:06:40.668 PST: Retry count: 3 Client-ID: cisco-0010.7b1d.4c60-Et0/0
*Feb 28 16:06:40.668 PST: Hostname: pluto
*Feb 28 16:06:40.672 PST: DHCP: SDiscover: sending 297 byte length DHCP packet
*Feb 28 16:06:40.672 PST: DHCP: SDiscover 297 bytes
*Feb 28 16:06:40.672 PST: IP: s=0.0.0.0 (local), d=255.255.255.255 (Ethernet0/0),
len 604, sending broad/multicast
*Feb 28 16:06:40.672 PST: B'cast on Ethernet0/0 interface from 0.0.0.0
*Feb 28 16:06:40.700 PST: Local MobileIP: Ethernet0/0 add 68.65.81.1 rejected
*Feb 28 16:06:40.700 PST: IP ARP req filtered src 68.65.81.1 0050.5700.6943, dst
68.65.81.166 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:40.976 PST: Local MobileIP: Ethernet0/0 add 68.169.156.1 rejected
*Feb 28 16:06:40.976 PST: IP ARP req filtered src 68.169.156.1 0050.5700.6943, d
st 68.169.156.21 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:06:41.039 PST: CEF: background resolution thread state:
*Feb 28 16:06:41.039 PST: Thread fast_thread: Empty
*Feb 28 16:06:41.043 PST: Thread todothread: Empty
*Feb 28 16:06:41.043 PST: Thread slow_thread: Empty
*Feb 28 16:06:41.063 PST: Local MobileIP: Ethernet0/0 add 68.233.233.1 rejected
*Feb 28 16:06:41.063 PST: IP ARP req filtered src 68.233.233.1 0050.5700.6943, d
st 68.233.233.204 0000.0000.0000 wrong cable, interface Ethernet0/0
--------------------

xyyz · Mar 22, 2004

okay, the first mistake was in syntax. i highlited it in the original post. but i'm still having the same issue. DHCP no worky.

spidey07 · Mar 22, 2004

any matches on your ACLs?

You could try debug ip packet detail as the only debugging.

carefull though...it could bring down a router that has any decent traffic load on it.

Looks like a home application though.

narzy · Mar 22, 2004

did you ever make an error when you were creating the ACLs and remove it with no access-whatever... if so, that might do it. ACL's can be a big bitch when it comes to residual commands generally because of the way the execute.

the other thing I would do is try simplifying int e0/0 remove the firewall ref is where I might start.

back up the config and go to town

(preferably late at night.)

<--- not on the great with the routers yet.

xyyz · Mar 22, 2004

i turned off all the ACL's to see what's going on.

here's the latest:

---------------
This may severely impact network performance. Continue? (yes/[no]): yes
All possible debugging has been turned on
pluto#
*Feb 28 18:15:32.239 PST: DHCP: Try 11 to acquire address for Ethernet0/0
*Feb 28 18:15:32.239 PST: Ethernet0/0: Setting Duplex to HALF
*Feb 28 18:15:32.243 PST: Ethernet0/0: Interface is alive
*Feb 28 18:15:32.243 PST: IP-EIGRP: Callback: address_command Ethernet0/0 0.0.0.0/0 sense 0
*Feb 28 18:15:32.243 PST: PIM(0): Flush DF for Ethernet0/0, RP 0.0.0.0
*Feb 28 18:15:32.247 PST: Ethernet0/0: Setting Duplex to HALF
*Feb 28 18:15:32.251 PST: Ethernet0/0: Interface is alive
*Feb 28 18:15:32.251 PST: IP-EIGRP: Callback: address_command Ethernet0/0 0.0.0.0/32 sense 1
*Feb 28 18:15:32.251 PST: IP: pruning prefix cache entries for Ethernet0/0
*Feb 28 18:15:32.251 PST: IP: Invalidating prefix cache entries for 1 interfaces

*Feb 28 18:15:32.255 PST: DHCP: allocate request
*Feb 28 18:15:32.255 PST: DHCP: new entry. add to queue
*Feb 28 18:15:32.255 PST: DHCP: SDiscover attempt # 1 for entry:
*Feb 28 18:15:32.255 PST: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0/0
*Feb 28 18:15:32.255 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:15:32.259 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 18:15:32.259 PST: DHCP transaction id: 7515FE
*Feb 28 18:15:32.259 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Feb 28 18:15:32.259 PST: Next timer fires after: 00:00:02
*Feb 28 18:15:32.259 PST: Retry count: 1 Client-ID: cisco-0010.7b1d.4c60-Et0/0
*Feb 28 18:15:32.263 PST: Hostname: pluto
*Feb 28 18:15:32.263 PST: DHCP: SDiscover: sending 297 byte length DHCP packet
*Feb 28 18:15:32.263 PST: DHCP: SDiscover 297 bytes
*Feb 28 18:15:32.263 PST: IP: s=0.0.0.0 (local), d=255.255.255.255 (Ethernet0/0), len 604, sending broad/multicast
*Feb 28 18:15:32.267 PST: B'cast on Ethernet0/0 interface from 0.0.0.0
*Feb 28 18:15:34.550 PST:
*Feb 28 18:15:34.550 PST: Rudpv1 Sent: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:34.550 PST: Rudpv1 Rcvd: Pkts 0, Data Bytes 0, Data Pkts 0
*Feb 28 18:15:34.550 PST: Rudpv1 Discarded: 0, Retransmitted 0
*Feb 28 18:15:34.550 PST:
*Feb 28 18:15:35.249 PST: DHCP: SDiscover attempt # 2 for entry:
*Feb 28 18:15:35.249 PST: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0/0
*Feb 28 18:15:35.249 PST: Temp sub net mask: 0.0.0.0
*Feb 28 18:15:35.249 PST: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Feb 28 18:15:35.249 PST: DHCP transaction id: 7515FE
*Feb 28 18:15:35.253 PST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Feb 28 18:15:35.253 PST: Next timer fires after: 00:00:02
*Feb 28 18:15:35.253 PST: Retry count: 2 Client-ID: cisco-0010.7b1d.4c60-Et0/0
-----------------

Southerner · Mar 22, 2004

Hmmm.

I ran into a similar problem with a Cisco switch once, where DHCP requests weren't making it through to the DHCP server. Turned out I needed to issue the somethingorother no portfast command to turn off the feature that was trying to find another switch on the network...

<sigh> Time to review my protocols, as my vocabulary is failing me.

xyyz · Mar 22, 2004

hmmm... i know if a device is an intermediary, you need to have the ip helper-address command to get things to work.

in this case, my device isn't an intermediary, it needs the address itself.

however, i'm willing to try anything... so if you can remember that command i'd really appreciate it.

spidey07 · Mar 22, 2004

well if its attached to a switch that switch needs to have spanning-tree portfast enabled (dhcp will timeout before the switch puts the port into a forwarding state)

xyyz · Mar 22, 2004

Originally posted by: spidey07
well if its attached to a switch that switch needs to have spanning-tree portfast enabled (dhcp will timeout before the switch puts the port into a forwarding state)

hmmm... i don't know what's on the ISP end but my local layout is like this:

(isp)----------(hub)----------(cablemodem)----------(2611)

CTR · Mar 22, 2004

Are you positive that the cablemodem's ethernet interface supports and is configured for 10-meg full duplex? You might consider setting your eth0/0 to half duplex, or checking the cablemodem's config if possible. This is probably not going to help, since you would have seen obvious ethernet errors if there were a duplex mismatch.

xyyz · Mar 22, 2004

guess what the problem was? a friend helped me trouble shoot it.

the cablemodem... it remembers the MAC address of the device that's connected to it. so the cisco router had a different mac than the linksys router.

i connected the cisco, reset the modem and *poof* it worked.

however... now I have an ever MORE perplexing problem :/

now, the router doesn't work well. i can't get to the outside world from anything behind the router. the router's performace is seriously pathetic. if i ping something, i get 40-60% success.

the router, it will take info from the DHCP server, but then it'll drop half the stuff on the renewal, like the default gateway and what not.

oh yeah and i get this garbage in the debug output... i have NO idea what it is:

------------

*Feb 28 16:10:24.775 PST: IP ARP req filtered src 10.61.204.1 0050.5700.6943, ds
t 10.61.204.7 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:10:24.775 PST: Local MobileIP: Ethernet0/0 add 68.233.230.1 rejected
*Feb 28 16:10:24.779 PST: IP ARP req filtered src 68.233.230.1 0050.5700.6943, d
st 68.233.230.31 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:10:24.847 PST: IPpacketQ deq: s=10.10.100.2 (Ethernet0/1), d=24.52.22
3.218, flags=0x280, tos=0x0, frag_offset=0
*Feb 28 16:10:24.847 PST: ICMP type=8, code=0
*Feb 28 16:10:24.851 PST: IP: s=10.10.100.2 (Ethernet0/1), d=24.52.223.218, len
92, unroutable
*Feb 28 16:10:24.851 PST: IP: s=10.10.100.2 (Ethernet0/1), d=24.52.223.218, len
92, dispose ip.noroute
*Feb 28 16:10:25.027 PST: Local MobileIP: Ethernet0/0 add 68.170.47.1 rejected
*Feb 28 16:10:25.027 PST: IP ARP req filtered src 68.170.47.1 0050.5700.6943, ds
t 68.170.47.99 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:10:25.260 PST: Local MobileIP: Ethernet0/0 add 68.169.164.1 rejected
*Feb 28 16:10:25.264 PST: IP ARP req filtered src 68.169.164.1 0050.5700.6943, d
st 68.169.164.72 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:10:25.608 PST: Local MobileIP: Ethernet0/0 add 68.169.156.1 rejected
*Feb 28 16:10:25.608 PST: IP ARP req filtered src 68.169.156.1 0050.5700.6943, d
st 68.169.156.192 0000.0000.0000 wrong cable, interface Ethernet0/0
*Feb 28 16:10:25.612 PST: Local MobileIP: Ethernet0/0 add 68.169.156.1 rejected
*Feb 28 16:10:25.616 PST: IP ARP req filtered src 68.169.156.1 0050.5700.6943, d
st 68.169.156.230 0000.0000.0000 wrong cable, interface Ethernet0/0
--------------

spidey07 · Mar 22, 2004

there's gotta be a doc out there on cisco's site about a router being a DHCP client?

the unroutable stuff is telling me there isn't a default route on the router.

lots of drops could be the router running out of cpu - "show proc cpu" "show int"

xyyz · Mar 23, 2004

alright... it took a while, but thanks to the help of a friend who really knows his stuff... things are working... more or less.

now i have an odd issue. i am able to ping hosts on the internet sometimes, and other times i can't. this is the same issue with the router, sometimes i can ping, othertimes i can't.

--------
C:\WINDOWS>ping -t www.google.com

Pinging www.google.akadns.net [216.239.53.99] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 216.239.53.99:
Packets: Sent = 7, Received = 0, Lost = 7 (100% loss),
Control-C
^C
C:\WINDOWS>tracert www.yahoo.com

Tracing route to www.yahoo.akadns.net [66.94.230.34]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.100.253
2 1 ms 1 ms 3 ms 10.10.100.1
3 40 ms * 32 ms 68-234-186-1.anhmca.adelphia.net [68.234.186.1]

4 29 ms * 32 ms 24.52.223.213
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * ^C
C:\WINDOWS>ping -t www.google.com

Pinging www.google.akadns.net [216.239.53.99] with 32 bytes of data:

Reply from 216.239.53.99: bytes=32 time=45ms TTL=237
Reply from 216.239.53.99: bytes=32 time=37ms TTL=237
Reply from 216.239.53.99: bytes=32 time=59ms TTL=237
Reply from 216.239.53.99: bytes=32 time=43ms TTL=237
Reply from 216.239.53.99: bytes=32 time=44ms TTL=237

Ping statistics for 216.239.53.99:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 59ms, Average = 45ms
Control-C
^C
C:\WINDOWS>
-------------------------

i do have an ACL in place... anyways, here's the new config... if someone can see what's up please let me know:

------
Current configuration : 3957 bytes
!
! Last configuration change at 20:29:00 PST Mon Mar 22 2004
!
version 12.3
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname pluto
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxx
enable password 7 xxx
!
username austin password 7 xxx
clock timezone PST -8
clock summer-time PDT recurring
aaa new-model
!
!
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip domain name sol.home
ip name-server 24.52.223.218
ip name-server 24.52.223.219
!
no ip bootp server
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name FIREWALL http java-list 24 audit-trail on
ip inspect name FIREWALL smtp audit-trail on
ip inspect name FIREWALL ftp audit-trail on
ip inspect name FIREWALL tcp audit-trail on
ip inspect name FIREWALL udp audit-trail on
ip inspect name FIREWALL fragment maximum 256 timeout 1
ip audit notify log
ip audit po max-events 100
ip audit smtp spam 50
ip ssh time-out 30
ip ssh authentication-retries 2
ip ssh rsa keypair-name general-keypairs
ip ssh break-string
!
!
!
crypto isakmp policy 3
encr 3des
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
!
!
!
!
interface Ethernet0/0
description *** ethernet 0 - WAN Interface ***
ip address dhcp
ip access-group ICMP in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
ip inspect FIREWALL out
half-duplex
no cdp enable
hold-queue 100 out
!
interface Serial0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no fair-queue
no cdp enable
!
interface BRI0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no cdp enable
!
interface Ethernet0/1
description *** ethernet 0/1 - LAN Interface ***
ip address 10.10.100.1 255.255.255.248
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat inside
half-duplex
no cdp enable
hold-queue 100 out
!
ip nat pool homenatpool 10.10.100.1 10.10.100.1 netmask 255.255.255.248
ip nat inside source list 25 interface Ethernet0/0 overload
no ip http server
no ip http secure-server
ip classless
!
!
!
ip access-list extended ICMP
deny icmp any any echo log
deny icmp any any redirect log
deny icmp any any mask-request log
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any packet-too-big
permit icmp any any traceroute
permit icmp any any unreachable
permit icmp any any parameter-problem
ip access-list extended SSH_ACCESS
permit tcp host 10.10.100.xxx host 10.10.100.1 eq 22 log
permit tcp host 10.10.100.xxx host 10.10.100.1 eq 22 log
deny tcp any any eq 22 log
logging trap debugging
access-list 24 permit any
access-list 25 permit 10.10.100.0 0.0.0.7
no cdp run
!
!
!
!
!
banner exec ^CC
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* This system is private property, and is intended for the specific *
* use of authorized users only. All activities of individuals using this *
* computing system without authority, or in excess of their authority, are *
* monitored and recorded by system personnel. If any such monitoring *
* reveals possible evidence of criminal activity, system personnel may *
* provide such evidence to law enforcement officials. *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *^C

!
line con 0
password 7 xxx
stopbits 1
speed 115200
line aux 0
line vty 0
access-class SSH_ACCESS in
transport input ssh
line vty 1 4
transport input none
!
scheduler max-task-time 5000
ntp clock-period 17168756
ntp server 192.4.41.41
ntp server 192.5.41.40
!
!
end
---------------

Search

cisco router can't get address through DHCP

xyyz

Diamond Member

spidey07

No Lifer

xyyz

Diamond Member

spidey07

No Lifer

xyyz

Diamond Member

xyyz

Diamond Member

spidey07

No Lifer

narzy

Elite Member

xyyz

Diamond Member

Southerner

Member

xyyz

Diamond Member

spidey07

No Lifer

xyyz

Diamond Member

CTR

Senior member

xyyz

Diamond Member

spidey07

No Lifer

xyyz

Diamond Member

TRENDING THREADS