[c-nsp] Cisco ASR 901 as a DHCP server

Karsten Thomann karsten_thomann at linfre.de
Sat May 22 15:30:36 EDT 2021


Hi,

it would be good to share some more details.
What do you mean exactly with can reach the core?
Your whole core network? With or without other customers on other routers?
How does a traceroute look from the customer or sourced from the private customer IPs to 
unreachable destinations?
Are there any NAT translations if there is traffic from the customer or while using ping/traceroute 
sourced from the customer vlan?

If it is MTU you should still get an open connection with telnet.
Is the ip mtu at default 1500 or do you have for some reason a higher ip mtu?

Kind regards
Karsten

Am Samstag, 22. Mai 2021, 12:12:29 schrieb Scott Miller:
> What do you mean by NAT might be the problem?  I also have that
> other subnet configured properly, just not included in the config I
> provided.  If I can't get 1 working, no sense in troubleshooting both.  If
> you might be able to elaborate a bit on your NAT suggestion, it would be
> appreciated.
> 
> On Fri, May 21, 2021 at 3:15 PM Jerry Bacon <jerryb at startouch.com> wrote:
> > I think the NAT might be the problem. Also you need to add the 192.168.4.1
> > gateway.
> > 
> > --
> > Jerry Bacon
> > StarTouch - Senior Network Engineer
> > Sent from my iPhone
> > 
> > > On May 21, 2021, at 11:30 AM, Scott Miller <fordlove at gmail.com> wrote:
> > > 
> > > Wondering if anyone has configured a 901 as a DHCP server.  It's being
> > 
> > used
> > 
> > > in a multi-tenant location, other customers are static public /30 and
> > 
> > work
> > 
> > > fine, but we have a customer who wants us to do DHCP for them. So
> > > instead
> > > of adding another box, I was trying to get the 901 to be the DHCP
> > > server.
> > > For some reason, it's not working.  I have configured other routers no
> > > problem as a DHCP server, this one the client gets an IP, can ping the
> > > gateway, can ping the uplink IP, can ping the core, but can't leave our
> > > network.  Kinda feels like a MTU issue, but all set to 9000.  Here's my
> > > config:
> > > Anyone ever try it, and have any suggestions?
> > > 
> > > ASR901 - A901-12C-F-D
> > > AdvancedMetroIPAccess
> > > Version 15.6(2)SP3
> > > 
> > > !
> > > ip dhcp excluded-address 192.168.3.1 192.168.3.50
> > > ip dhcp excluded-address 192.168.4.0 192.168.4.50
> > > !
> > > ip dhcp pool DATA
> > > network 192.168.3.0 255.255.255.0
> > > default-router 192.168.3.1
> > > dns-server xx.xx.xx.xx
> > > !
> > > ip dhcp pool VOICE
> > > network 192.168.4.0 255.255.255.0
> > > dns-server xx.xx.xx.xx
> > > default-router 192.168.4.1
> > > !
> > > interface GigabitEthernet0/0
> > > description UPLINK TO CORE
> > > mtu 9000
> > > no ip address
> > > ip nat outside
> > > load-interval 30
> > > negotiation auto
> > > service instance 50 ethernet
> > > 
> > >  description PTP to CORE OSPF Area 0
> > >  encapsulation untagged
> > >  bridge-domain 50
> > > 
> > > !
> > > interface Vlan50
> > > description OSPF TO CORE
> > > mtu 9000
> > > ip address xx.xx.206.30 255.255.255.252
> > > no ip redirects
> > > no ip proxy-arp
> > > ip nat outside
> > > ip pim sparse-mode
> > > ip ospf network point-to-point
> > > ip ospf mtu-ignore
> > > load-interval 30
> > > carrier-delay msec 0
> > > mpls ip
> > > mpls traffic-eng tunnels
> > > !
> > > interface GigabitEthernet0/1
> > > description Uplink to Customer XXXXXX - DHCP Inside
> > > mtu 9000
> > > no ip address
> > > ip nat inside
> > > load-interval 30
> > > negotiation auto
> > > service instance 100 ethernet
> > > 
> > >  description XXXXXXX Data Network
> > >  encapsulation untagged
> > >  bridge-domain 100
> > > 
> > > !
> > > !
> > > interface Vlan100
> > > description XXXXXX Data Network
> > > mtu 9000
> > > ip address 192.168.3.1 255.255.255.0
> > > no ip redirects
> > > no ip proxy-arp
> > > ip nat inside
> > > !
> > > ip nat inside source list 150 interface Vlan50 overload
> > > !
> > > access-list 150 remark Network Address Translation
> > > access-list 150 permit ip 192.168.3.0 0.0.0.255 any
> > > access-list 150 permit ip 192.168.4.0 0.0.0.255 any
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list