10-25-2023 03:05 PM - editado 10-25-2023 04:41 PM
Buenas, explico el caso. No he podido darle direccionamiento a los PC mediante DHCP, adjunto la topología, configuración y otros detalles. Notas: Ya he probado configurando ip helper-address dentro de las subinterfaces utilizando la ip del servidor DHCP que es router CENTRAL, router NORTE y SUR tienen configurado VRRP y las interfaces de los PC ya estan en IP ADDRESS DHCP. Agradeceria su ayuda.
Router CORE==============================================================
Current configuration : 1990 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 210.0.0.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
ip address 192.168.43.4 255.255.255.0
!
!
router eigrp TSHOOT
!
address-family ipv4 unicast autonomous-system 10
!
topology base
redistribute static
redistribute bgp 200 metric 10000 1000 255 1 1500 route-map BGP
exit-af-topology
network 192.168.43.0
network 192.168.43.4 0.0.0.0
exit-address-family
!
router bgp 200
bgp log-neighbor-changes
network 192.168.43.0
redistribute eigrp 10 metric 255 route-map EIGRP
neighbor 210.0.0.2 remote-as 100
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 210.0.0.2
ip route 0.0.0.0 0.0.0.0 192.168.43.3
!
ip access-list standard RUTA-EIGRP
permit any
!
!
ip prefix-list RUTAS-BGP seq 5 permit 210.0.0.0/30
ip prefix-list RUTAS-BGP seq 10 permit 220.0.0.0/30
ip prefix-list RUTAS-BGP seq 15 permit 8.8.8.8/32
ip prefix-list RUTAS-BGP seq 20 permit 4.4.4.4/32
!
ip prefix-list RUTAS-IGP seq 5 deny 0.0.0.0/0 le 32
!
route-map EIGRP deny 10
match ip address RUTA-EIGRP
!
route-map EIGRP permit 20
!
route-map BGP permit 10
match ip address prefix-list RUTAS-BGP
set metric 50
!
route-map IGP permit 10
match ip address prefix-list RUTAS-BGP
set metric 1544 2000 255 1 1500
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
Router ISP=============================================================================================
hostname ISP
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/0
ip address 210.0.0.2 255.255.255.252
!
interface Ethernet0/1
ip address 220.0.0.1 255.255.255.252
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 100
bgp log-neighbor-changes
network 8.8.8.8
network 8.8.8.8 mask 255.255.255.255
neighbor 210.0.0.1 remote-as 200
neighbor 220.0.0.2 remote-as 300
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 210.0.0.1
ip route 0.0.0.0 0.0.0.0 220.0.0.2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
Router CENTRAL=================================================================================
hostname CENTRAL
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
ip dhcp pool VLAN10
network 172.16.10.0 255.255.255.0
default-router 172.16.10.254
dns-server 8.8.8.8
!
ip dhcp pool VLAN20
network 172.16.20.0 255.255.255.0
default-router 172.16.20.254
dns-server 8.8.8.8
!
ip dhcp pool VLAN30
network 172.16.30.0 255.255.255.0
default-router 172.16.30.254
dns-server 8.8.8.8
!
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
!
interface Ethernet0/1
ip address 192.168.31.3 255.255.255.0
ip ospf dead-interval 80
ip ospf hello-interval 20
ip ospf 1 area 0
!
interface Ethernet0/2
ip address 192.168.23.3 255.255.255.0
ip ospf dead-interval 80
ip ospf hello-interval 20
ip ospf 1 area 0
!
interface Ethernet0/3
ip address 192.168.43.3 255.255.255.0
!
!
router eigrp TSHOOT
!
address-family ipv4 unicast autonomous-system 10
!
topology base
redistribute ospf 1 metric 10000 1000 255 1 1500 route-map OSPF
exit-af-topology
network 192.168.43.0
exit-address-family
!
router ospf 1
router-id 3.3.3.3
redistribute eigrp 10 subnets route-map EIGRP
network 3.3.3.3 0.0.0.0 area 0
network 23.23.23.3 0.0.0.0 area 0
network 31.31.31.3 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.43.4
!
!
route-map OSPF permit 10
match ip address OSPF
set metric 20
set metric-type type-1
!
route-map EIGRP permit 10
set metric 1544 2000 255 1 1500
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
Router SUR=============================================================================
hostname SUR
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
fhrp version vrrp v3
!
!
!
!
!
!
!
!
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
ipv6 address 2021:ACAD:ACAD:2::2/128
!
interface Tunnel0
no ip address
no ip redirects
ipv6 address 2021:ACAD:ACAD:100::2/64
tunnel source Ethernet0/2
tunnel mode ipv6ip 6to4
!
interface Ethernet0/0
no ip address
ip helper-address 192.168.23.3
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 172.16.10.2 255.255.255.0
ip helper-address 192.168.23.3
vrrp 10 address-family ipv4
priority 110
track 1 decrement 20
address 172.16.10.254 primary
exit-vrrp
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip address 172.16.20.2 255.255.255.0
ip helper-address 192.168.23.3
vrrp 20 address-family ipv4
priority 150
track 1 decrement 20
address 172.16.20.254 primary
exit-vrrp
!
interface Ethernet0/0.30
encapsulation dot1Q 30
ip address 172.16.30.2 255.255.255.0
ip helper-address 192.168.23.3
vrrp 30 address-family ipv4
priority 150
track 1 decrement 20
address 172.16.30.254 primary
exit-vrrp
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
ip address 192.168.23.2 255.255.255.0
ip helper-address 192.168.23.3
ip ospf dead-interval 80
ip ospf hello-interval 20
!
interface Ethernet0/3
no ip address
shutdown
!
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 172.16.10.2 0.0.0.0 area 0
network 172.16.20.2 0.0.0.0 area 0
network 172.16.30.2 0.0.0.0 area 0
network 192.168.23.2 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
Router NORTE ==============================================================================
hostname NORTE
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
fhrp version vrrp v3
!
!
!
!
!
!
!
!
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
ipv6 address 2021:ACAD:ACAD:1::1/128
!
interface Tunnel0
no ip address
no ip redirects
ipv6 address 2021:ACAD:ACAD:100::1/64
tunnel source Ethernet0/1
tunnel mode ipv6ip 6to4
!
interface Ethernet0/0
no ip address
ip helper-address 192.168.31.3
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 172.16.10.1 255.255.255.0
ip helper-address 192.168.31.3
vrrp 10 address-family ipv4
priority 150
track 1 decrement 20
address 172.16.10.254 primary
exit-vrrp
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip address 172.16.20.1 255.255.255.0
ip helper-address 192.168.31.3
vrrp 20 address-family ipv4
priority 110
track 1 decrement 20
address 172.16.20.254 primary
exit-vrrp
!
interface Ethernet0/0.30
encapsulation dot1Q 30
ip address 172.16.30.1 255.255.255.0
ip helper-address 192.168.31.3
vrrp 30 address-family ipv4
priority 110
track 1 decrement 20
address 172.16.30.254 primary
exit-vrrp
!
interface Ethernet0/1
ip address 192.168.31.1 255.255.255.0
ip helper-address 192.168.31.3
ip ospf dead-interval 80
ip ospf hello-interval 20
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 172.16.10.1 0.0.0.0 area 0
network 172.16.20.1 0.0.0.0 area 0
network 172.16.30.1 0.0.0.0 area 0
network 192.168.31.1 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.31.3
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
EDGE PC =============================================================================================
hostname PC
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
ip host www.caso1.cl 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
mac-address 00fa.1234.5678
ip address dhcp client-id Ethernet0/0 hostname PC
!
interface Ethernet0/1
ip address 220.0.0.2 255.255.255.252
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 300
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
neighbor 220.0.0.1 remote-as 100
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 220.0.0.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
SW2 =======================================================================================
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
!
!
!
!
!
vtp mode transparent
!
!
!
ip dhcp snooping vlan 10,20,30
no ip dhcp snooping information option
ip dhcp snooping
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name CASO3
revision 1
instance 1 vlan 10
instance 2 vlan 20, 30
!
!
!
vlan 10
name ROUTE
!
vlan 20
name SWITCH
!
vlan 30
name TSHOOT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel3
no switchport
ip address 172.16.100.1 255.255.255.0
!
interface Port-channel5
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/0
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/1
no switchport
no ip address
channel-group 3 mode auto
!
interface Ethernet0/2
no switchport
no ip address
channel-group 3 mode auto
!
interface Ethernet0/3
switchport access vlan 10
switchport mode access
switchport port-security mac-address sticky
switchport port-security mac-address sticky aabb.cc00.0930
switchport port-security
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping trust
!
interface Ethernet1/0
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode active
!
interface Ethernet1/1
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode active
!
interface Ethernet1/2
!
interface Ethernet1/3
!
ip forward-protocol nd
!
no ip http server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
!
end
SW1 ============================================================================================
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
!
!
!
!
!
vtp mode transparent
!
!
!
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
spanning-tree mst configuration
name CASO3
revision 1
instance 1 vlan 10
instance 2 vlan 20, 30
!
!
!
vlan 10
name ROUTE
!
vlan 20
name SWITCH
!
vlan 30
name TSHOOT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel5
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/0
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
switchport access vlan 20
switchport mode access
switchport port-security mac-address sticky
switchport port-security mac-address 0000.aaaa.bbbb
switchport port-security
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface Ethernet1/0
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode passive
!
interface Ethernet1/1
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode passive
!
interface Ethernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface Ethernet1/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
ip forward-protocol nd
!
no ip http server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
!
end
SW3 ===============================================================================================
hostname SW3
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
clock timezone CET 1 0
!
!
!
!
!
vtp mode transparent
!
!
!
ip dhcp snooping vlan 10,20,30
no ip dhcp snooping information option
ip dhcp snooping
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
spanning-tree mst configuration
name CASO3
revision 1
instance 1 vlan 10
instance 2 vlan 20, 30
!
!
!
vlan 10
name ROUTE
!
vlan 20
name SWITCH
!
vlan 30
name TSHOOT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
ip dhcp snooping trust
!
interface Port-channel3
no switchport
ip address 172.16.100.2 255.255.255.0
!
interface Ethernet0/0
switchport trunk allowed vlan 10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust
!
interface Ethernet0/1
no switchport
no ip address
channel-group 3 mode desirable
!
interface Ethernet0/2
no switchport
no ip address
channel-group 3 mode desirable
!
interface Ethernet0/3
switchport access vlan 30
switchport mode access
switchport port-security maximum 3
switchport port-security mac-address sticky
switchport port-security mac-address sticky aabb.cc00.0a30
switchport port-security
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
channel-group 1 mode on
ip dhcp snooping trust
!
interface Ethernet1/3
channel-group 1 mode on
ip dhcp snooping trust
!
ip forward-protocol nd
!
no ip http server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
!
end
¡Resuelto! Ir a solución.
el 10-25-2023 07:25 PM
Hola
A simple vista, veo algunos temas relacionados con IP DHCP Snooping.
El comando trust debe estar presente en las interfaces del switch que reciben la respuesta del servidor DHCP (paquete Offer) y también probaría colocando el comando en las interfaces que van hacia los PC.
En tu caso, por lo que llego a entender en tu topología sería en estas interfaces:
SW1
Po1, Po5 y E0/3
SW2
Po3, Po5, E0/0 y E0/3
SW3
Po1, Po3, E0/0 y E0/3
Prueba con eso para descartar.
Saludos
el 10-25-2023 03:42 PM
Hola,
Hay algún firewall que te hayas olvidado...
Gracias.
Saludos.
Ciro Gustavo Mele
10-25-2023 04:39 PM - editado 10-25-2023 04:39 PM
Hola, estoy configurando en simulación IOU Web, al menos durante los 2 años configurando ahí nunca he tenido que tocar las reglas de firewall, en otras topologías no he tenido problemas.
el 10-25-2023 07:25 PM
Hola
A simple vista, veo algunos temas relacionados con IP DHCP Snooping.
El comando trust debe estar presente en las interfaces del switch que reciben la respuesta del servidor DHCP (paquete Offer) y también probaría colocando el comando en las interfaces que van hacia los PC.
En tu caso, por lo que llego a entender en tu topología sería en estas interfaces:
SW1
Po1, Po5 y E0/3
SW2
Po3, Po5, E0/0 y E0/3
SW3
Po1, Po3, E0/0 y E0/3
Prueba con eso para descartar.
Saludos
el 10-25-2023 07:54 PM
Hola, efectivamente era la configuracion de DHCP Snooping, faltaba el trust en los Port-Channel y basto con apagar y prender las interfaces de los PCs a los Switches. Muchas Gracias!
el 10-27-2023 04:41 PM
Muchas gracias @luis_cordova por tu ayuda!
Todas las soluciones nos ayudan a mejorar la comunidad... Saludos a todos
Descubra y salve sus notas favoritas. Vuelva a encontrar las respuestas de los expertos, guías paso a paso, temas recientes y mucho más.
¿Es nuevo por aquí? Empiece con estos tips. Cómo usar la comunidad Guía para nuevos miembros
Navegue y encuentre contenido personalizado de la comunidad