cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
438
Views
0
Helpful
4
Replies

DHCP no disponible a través de VLAN

Aplique ACL por IP al mi switch Cisco 3750 (ws-c3750x-24) y todas la ACL funcionaron sin problema, estan trabajando bien, sin embargo me tope con el Problema que muy pocos dispositivos de la red local pudieron obtener su direccionamiento IP del DHCP que esta en el firewall, pero una gran mayoria de ello no pudieron obtenerla.

En cuanto quito las ACL el DHCP responde muy rapido.

Interface vlan 5
Descripcion: Vlan internet
IP Address 10.110.0.1 255.255.255.192

Interface vlan 10
Descripcion: Vlan-Visitas (Solo internet)
IP Address 192.168.10.1 255.255.255.0

ip access-list extended VISITAS-INET
permit ip 192.168.10.0 0.0.0.255 10.110.0.0 0.0.0.63
permit ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.10.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.10.0 0.0.0.255 any

Interface vlan 11
Descripcion: Vlan Datos
IP Address 192.168.11.254 255.255.255.0

ip access-list extended DATOS-INET
permit ip host 192.168.11.26 host 192.168.13.253
permit ip host 192.168.11.152 host 192.168.5.10
permit ip host 192.168.11.153 host 192.168.5.10
permit ip host 192.168.11.150 host 192.168.5.10
permit ip host 192.168.11.230 host 192.168.5.10
permit ip host 192.168.11.152 host 192.168.40.1
permit ip host 192.168.11.153 host 192.168.40.1
permit ip host 192.168.11.230 host 192.168.40.1
permit ip host 192.168.11.152 host 192.168.40.1
permit ip host 192.168.11.153 host 192.168.40.1
permit ip host 192.168.11.150 host 192.168.40.1
permit ip host 192.168.11.152 host 192.168.40.1
permit ip host 192.168.11.153 host 192.168.40.1
permit ip host 192.168.11.230 host 192.168.40.1
permit ip host 192.168.11.150 host 192.168.40.2
permit ip host 192.168.11.152 host 192.168.40.2
permit ip host 192.168.11.153 host 192.168.40.2
permit ip host 192.168.11.230 host 192.168.40.2
permit ip host 192.168.11.18 192.168.0.0 0.0.0.255
permit ip host 192.168.11.18 172.16.60.0 0.0.0.255
permit ip host 192.168.11.18 10.10.10.0 0.0.0.255
permit ip host 192.168.11.18 10.10.11.0 0.0.0.255
permit ip host 192.168.11.18 10.10.13.0 0.0.0.255
permit ip host 192.168.11.18 10.110.1.0 0.0.0.255
permit ip host 192.168.11.18 10.110.0.0 0.0.0.63
permit ip host 192.168.11.24 192.168.0.0 0.0.0.255
permit ip host 192.168.11.24 172.16.60.0 0.0.0.255
permit ip host 192.168.11.24 10.10.10.0 0.0.0.255
permit ip host 192.168.11.24 10.10.11.0 0.0.0.255
permit ip host 192.168.11.24 10.10.13.0 0.0.0.255
permit ip host 192.168.11.24 10.110.1.0 0.0.0.255
permit ip host 192.168.11.24 10.110.0.0 0.0.0.63
permit ip host 192.168.11.30 192.168.0.0 0.0.0.255
permit ip host 192.168.11.30 172.16.60.0 0.0.0.255
permit ip host 192.168.11.30 10.10.10.0 0.0.0.255
permit ip host 192.168.11.30 10.10.11.0 0.0.0.255
permit ip host 192.168.11.30 10.10.13.0 0.0.0.255
permit ip host 192.168.11.30 10.110.1.0 0.0.0.255
permit ip host 192.168.11.30 10.110.0.0 0.0.0.63
permit ip host 192.168.11.43 192.168.0.0 0.0.0.255
permit ip host 192.168.11.150 192.168.2.0 0.0.0.255
permit ip host 192.168.11.152 192.168.2.0 0.0.0.255
permit ip host 192.168.11.153 192.168.2.0 0.0.0.255
permit ip host 192.168.11.230 192.168.2.0 0.0.0.255
permit ip host 192.168.11.150 192.168.3.0 0.0.0.255
permit ip host 192.168.11.152 192.168.3.0 0.0.0.255
permit ip host 192.168.11.153 192.168.3.0 0.0.0.255
permit ip host 192.168.11.230 192.168.3.0 0.0.0.255
permit ip host 192.168.11.150 192.168.6.0 0.0.0.255
permit ip host 192.168.11.152 192.168.6.0 0.0.0.255
permit ip host 192.168.11.153 192.168.6.0 0.0.0.255
permit ip host 192.168.11.230 192.168.6.0 0.0.0.255
permit ip host 192.168.11.150 192.168.15.0 0.0.0.255
permit ip host 192.168.11.152 192.168.15.0 0.0.0.255
permit ip host 192.168.11.153 192.168.15.0 0.0.0.255
permit ip host 192.168.11.230 192.168.15.0 0.0.0.255
permit ip host 192.168.11.150 192.168.16.0 0.0.0.255
permit ip host 192.168.11.152 192.168.16.0 0.0.0.255
permit ip host 192.168.11.153 192.168.16.0 0.0.0.255
permit ip host 192.168.11.230 192.168.16.0 0.0.0.255
permit ip host 192.168.11.150 192.168.40.0 0.0.0.255
permit ip host 192.168.11.152 192.168.40.0 0.0.0.255
permit ip host 192.168.11.153 192.168.40.0 0.0.0.255
permit ip host 192.168.11.230 192.168.40.0 0.0.0.255
permit ip 192.168.11.0 0.0.0.255 10.110.0.0 0.0.0.63
permit ip 192.168.11.0 0.0.0.255 192.168.11.0 0.0.0.255
deny ip 192.168.11.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.11.0 0.0.0.255 172.16.0.0 0.0.255.255
deny ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.11.0 0.0.0.255 any

Interface vlan 12
Descripcion: Vlan VoIP
IP Address 192.168.12.254 255.255.255.0

ip access-list extended VOZ-INET
permit ip 192.168.12.0 0.0.0.255 host 192.168.11.18
permit ip 192.168.12.0 0.0.0.255 host 192.168.11.24
permit ip 192.168.12.0 0.0.0.255 host 192.168.11.30
permit ip 192.168.12.0 0.0.0.255 host 192.168.3.248
permit ip 192.168.12.0 0.0.0.255 host 192.168.5.61
permit ip 192.168.12.0 0.0.0.255 host 192.168.5.66
permit ip host 192.168.12.1 host 172.16.60.73
permit ip host 192.168.12.1 host 192.168.20.113
permit ip 192.168.12.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 10.10.13.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 10.110.0.0 0.0.0.63
permit ip 192.168.12.0 0.0.0.255 192.168.12.0 0.0.0.255
deny ip 192.168.12.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.12.0 0.0.0.255 172.16.0.0 0.0.255.255
deny ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.12.0 0.0.0.255 any

Asi estan las ACL hay redes señaladas que llegan al switch por medio de coneciones VPN

El firewall y DHCP estan el la 10.110.0.1 255.255.255.192

tienes todas las interfaces de las VLan  tiene: ip helper-address 10.110.0.1

ip routing

ip forward-protocol nd
ip forward-protocol udp bootpc
ip forward-protocol udp bootps

Alguien que tenga una idea de que esta pasando, incluso si a un cliente le pongo su direccionamiento IP manual navega sin problema, ya probe tambien habilitando el DHCP Spoonfig y nada.

 

 

4 Replies 4

Hola,

¿ en que Vlan se encuentran los dispositivos que no obtienen un direccamiento IP ? ¿Qué servidor DHCP estás usando?

Buen dia, el firewall es un SonicWall y esta conectado al puerto 24 del 3750

interface GigabitEthernet1/0/24
description Firewall
switchport access vlan 5
switchport mode access
speed 1000
duplex full

Y todas las demas Vlan declaradas en el switch, ninguna puede tener respuesta del DHCP, Pero si quito las ACL todos dispositivos obtienen respuesta rapida del DHCP

Estoy por agregar esta linea: ip dhcp snooping vlan 5,10,11,12,13,20,30,50,60 

ya de manera global tiene:

ip dhcp snooping

 

esta es la configuracion actual del puerto 24:

interface GigabitEthernet1/0/24
description Firewall
switchport access vlan 5
switchport mode access
speed 1000
duplex full
ip dhcp snooping trust

Ya pude solucionarlo. Gracias

Review Cisco Networking for a $25 gift card