Циска 857-К9 подключена к провайдеру по ADSL.
PVC 1/50 - выход в инет с PPPoE авторизацией.
PVC 3/33 - доступ в городскую частную сеть
10.1.0.0/16
IP адрес (10.1.1.241) должен выделяться по DHCP, но в этом то и проблема, т.е. нифига не выделяется...
Конфиг приведен ниже.
Если явно присвоить IP на BVI1 - 10.1.1.241/16 -
все отлично работает.
Подскажите плыз, где чего не докрутил?!!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco857
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret ...
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 5
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.4
ip dhcp excluded-address 10.10.10.9 10.10.10.254
!
ip dhcp pool dhcp-pool1
import all
network 10.10.10.0 255.255.255.0
domain-name ...
default-router 10.10.10.1
lease 0 6 30
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name ...
ip host tftp 10.10.10.5
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 1/50
pppoe-client dial-pool-number 1
!
!
interface ATM0.2 point-to-point
pvc 3/33
encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ...
ppp chap password 7 ...
ppp pap sent-username ... password 7 ...
ppp ipcp dns request
!
interface BVI1
mac-address 0000.0c25.dd1c
ip address dhcp
ip nat outside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 113 interface BVI1 overload
ip nat inside source list 115 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 33 remark SDM_ACL Category=18
access-list 33 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 113 permit ip 10.10.10.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 115 permit ip 10.10.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
...
endкусок лога (debug dhcp detail):
000881: *Feb 24 18:13:07.003 PCTime: DHCP: SDiscover attempt # 3 for entry:
000882: *Feb 24 18:13:07.003 PCTime: Temp IP addr: 0.0.0.0 for peer on Interface: BVI1
000883: *Feb 24 18:13:07.003 PCTime: Temp sub net mask: 0.0.0.0
000884: *Feb 24 18:13:07.003 PCTime: DHCP Lease server: 0.0.0.0, state: 1 Selecting
000885: *Feb 24 18:13:07.003 PCTime: DHCP transaction id: 162F
000886: *Feb 24 18:13:07.003 PCTime: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
000887: *Feb 24 18:13:07.003 PCTime: Next timer fires after: 00:00:04
000888: *Feb 24 18:13:07.003 PCTime: Retry count: 3 Client-ID: cisco-0000.0c25.dd1c-BV1
000889: *Feb 24 18:13:07.003 PCTime: Client-ID hex dump: 636973636F2D303030302E306332352E
000890: *Feb 24 18:13:07.003 PCTime: 646431632D425631
000891: *Feb 24 18:13:07.003 PCTime: Hostname: cisco857
000892: *Feb 24 18:13:07.003 PCTime: DHCP: SDiscover: sending 295 byte length DHCP packet
000893: *Feb 24 18:13:07.003 PCTime: DHCP: SDiscover 295 bytes
000894: *Feb 24 18:13:07.003 PCTime: B'cast on BVI1 interface from 0.0.0.0
000895: *Feb 24 18:13:11.003 PCTime: DHCP: QScan: Timed out Selecting state%Unknown DHCP problem.. No allocation possible
000896: *Feb 24 18:13:19.743 PCTime: DHCP: Waiting for 30 seconds on interface BVI1Не проходят широковещательные запросы к dhcp серверу провайдера?
Посоветуйте, в каком направлении копать, плыыыз!