/
Sign up to Ping Labz!
Already have an account? Sign in
Labs

Lab ts-ips-01 - Troubleshooting DHCP and NAT Tickets

J
5 min read

DHCP and NAT are the two services a help desk hears about most, because when either breaks, users notice immediately: no address, or no internet. Both fail in quiet, specific ways that the configuration looks fine until you read the one counter or one interface flag that gives it away. This lab gives you three IP Services tickets on the five-node base topology. It is part of the PingLabz CCNA Troubleshooting Labs, fits Cisco Modeling Labs Free, and every output was captured on Cisco IOS XE.

The topology and healthy state

R2 is the border router. Its LAN side (Ethernet0/0, 10.20.0.0/24) is the inside; its link to R3 (Ethernet0/1, 10.30.30.0/30) is the outside. R3's loopback 10.255.0.3 stands in for an internet host. R2 also runs a DHCP server for the LAN and PAT overload toward the outside. Healthy, an inside host reaches the internet and gets translated:

R1# ping 10.255.0.3 source 10.20.0.1
!!!!!  (100%)

R2# show ip nat translations
Pro  Inside global    Inside local   Outside local   Outside global
icmp 10.30.30.1:1024  10.20.0.1:8    10.255.0.3:8    10.255.0.3:1024

Lab setup: this topology boots with all three faults already in place, one per ticket. Faults can mask each other, so work bottom-up and re-test after each fix. The downloadable topology and the full ticket walkthroughs are part of PingLabz Pro.

What you will learn

  • How to read show ip dhcp pool to see why a server is handing out nothing.
  • The two NAT failures that look identical from the client but are one line apart in the config.
  • Why show ip nat statistics is the first command for any "no internet" NAT ticket.
  • How to separate a NAT interface problem from a NAT ACL problem in one look.

Note on the captures: to show real DHCP client behavior on Cisco IOS XE, R1's LAN interface is set to ip address dhcp, standing in for an end host that pulls its address. HOST1 pulls its own lease in parallel.

Ticket 1: "Nobody on the LAN can get an IP"

Reported symptom: "New machines on the LAN aren't getting addresses. The DHCP server is up."
Success criterion: a client on the LAN gets an address from the pool.

Healthy, the server hands out leases and you can see them:

R2# show ip dhcp binding
IP address    Client-ID/Hardware address    Lease expiration       Type
10.20.0.11    0152.5400.b572.60             Jun 09 2026 05:32 AM   Automatic   (HOST1)
10.20.0.12    cisco-aabb.cc00.1300-Et0/0    Jun 09 2026 05:32 AM   Automatic   (R1)

Broken, the client interface stays unassigned even though it is up and set for DHCP:

R1# show ip interface brief | include Ethernet0/0
Ethernet0/0   unassigned   YES DHCP   up   up
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Ping Labz.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.