Prev: Multicast is flooding our switches despite IGMP snooping being enabled
Next: Classroom LAB PIX configuration problem
From: Jan on 23 Mar 2010 03:49 Hi, I know this is probably something trivial but I can't figure it out for nothing. I've got a 831 running on a cable connection (DHCP from ISP's end). couple days ago router lost connectivity (ISP does change IP address sometimes) and just won't obtain a new dhcp address. Here the config if it helps, any ideas would be appreciated! ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname leeroyjenkins ! enable secret 5 xxxx ! username biatch privilege 15 secret 5 xxxx no aaa new-model ip subnet-zero ip dhcp excluded-address 10.10.0.1 10.10.0.40 ! ip dhcp pool MyLAN network 10.10.0.0 255.255.255.0 default-router 10.10.0.1 dns-server 8.8.8.8 8.8.4.4 ! ip dhcp pool johnspc host 10.10.0.64 255.255.255.0 client-identifier 0100.2185.5d6a.56 default-router 10.10.0.1 dns-server 8.8.8.8 8.8.4.4 ! ip cef ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! ! ! ! interface Ethernet0 description ****** INSIDE LAN ******$FW_INSIDE$ ip address 10.10.0.1 255.255.255.0 ip access-group 104 in ip nat inside hold-queue 100 out ! interface Ethernet1 description ***** OUTSIDE INTERFACE *******$FW_OUTSIDE$ ip address dhcp ip access-group 105 in ip nat outside traffic-shape rate 8192000 204800 204800 1000 ! ip nat inside source list 100 interface Ethernet1 overload ip classless no ip http server no ip http secure-server ! access-list 100 permit ip 10.10.0.0 0.0.0.255 any access-list 104 remark auto generated by SDM firewall configuration access-list 104 remark SDM_ACL Category=1 access-list 104 deny ip host 255.255.255.255 any access-list 104 deny ip 127.0.0.0 0.255.255.255 any access-list 104 remark allow VPN traffic access-list 104 permit gre 0.0.0.0 255.255.255.0 any access-list 104 permit ip any any access-list 105 remark auto generated by SDM firewall configuration access-list 105 remark SDM_ACL Category=1 access-list 105 remark Auto generated by SDM for NTP (123) 208.75.88.4 access-list 105 permit udp host 208.75.88.4 eq ntp any eq ntp access-list 105 remark Auto generated by SDM for NTP (123) 212.13.195.4 access-list 105 permit udp host 212.13.195.4 eq ntp any eq ntp access-list 105 permit gre any any access-list 105 deny ip 10.10.0.0 0.0.0.255 any access-list 105 permit icmp any any echo-reply access-list 105 permit icmp any any time-exceeded access-list 105 permit icmp any any unreachable access-list 105 deny ip 10.0.0.0 0.255.255.255 any access-list 105 deny ip 172.16.0.0 0.15.255.255 any access-list 105 deny ip 127.0.0.0 0.255.255.255 any access-list 105 deny ip any any log banner motd ^C ******************************************************************* ^C ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 exec-timeout 120 0 login local length 0 transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 ntp clock-period 17179938 ntp server 212.13.195.4 ntp server 208.75.88.4 ! end -- * has started to scramble (Stargate)
From: Rob on 23 Mar 2010 05:00 Jan <cvega66666(a)gmail.com> wrote: > Hi, > > I know this is probably something trivial but I can't figure it out for > nothing. > > I've got a 831 running on a cable connection (DHCP from ISP's end). > > couple days ago router lost connectivity (ISP does change IP address > sometimes) and just won't obtain a new dhcp address. > > Here the config if it helps, any ideas would be appreciated! You probably played with the access list config? It blocks almost everything, including dhcp. Look in the log to see what the finaly deny line is blocking.
From: Thrill5 on 24 Mar 2010 19:32
"Rob" <nomail(a)example.com> wrote in message news:slrnhqh0ok.rgu.nomail(a)xs8.xs4all.nl... > Jan <cvega66666(a)gmail.com> wrote: >> Hi, >> >> I know this is probably something trivial but I can't figure it out for >> nothing. >> >> I've got a 831 running on a cable connection (DHCP from ISP's end). >> >> couple days ago router lost connectivity (ISP does change IP address >> sometimes) and just won't obtain a new dhcp address. >> >> Here the config if it helps, any ideas would be appreciated! > > You probably played with the access list config? > It blocks almost everything, including dhcp. > Look in the log to see what the finaly deny line is blocking. Also get rid of the traffic-shaper on the external interface. Your shaping a 10MB interface (which is actually 10,000,000 bits/sec, not 10MB/s) to 8MB with a 2MB burst, which is 10,240,00 bits/s)! This is not doing what you think it is and you should remove it. TCP does a much better job of flow-control than just a crude traffic-shaper. If you were using a shaper with a QoS policy that would be one thing, but a stand-alone shaper is not something that is done in this situation. |