Re: I have a difficult vlan/dhcp question.

marcshurtz · ‎04-02-2007

I am having a problem getting tagged dhcp traffic to my DHCP Server (windows)

I have three VLans:

Vlan 1 Default data bldg1

Vlan 2 data bldg2

Vlan 5 voice

All switches for both buildings (3560's) connect (trunk) to my core 3750.

The phones (Shoretel) tag the traffic dot1q.

If I set up a port like this:

interface FastEthernet0/25

switchport voice vlan 5

spanning-tree portfast

everything works great, phones get a VL1 IP and phones get VL5 IP.

But, for bldg2, where I want the data vlan to be 2, I can't get the ports to consistently give out both VL2 and VL5 IPs.

Shoretel uses the dot1q tagging so that both the phone and PC can live on one port. The recommend this setup:

interface FastEthernet0/4

description : Link to PC on HR VLAN + ShoreTel IP Phone

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 20 (20 being the DATA VLAN)

When I try this, and manually set the tagging/vlan ID 5 on the phone, the phone will not receive a VL 5 IP.

If I set the port like this:

interface FastEthernet0/45

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport trunk allowed vlan 5

switchport mode trunk

the phone will get a VL 5 ip, but obviously the PC can't get a VL 2 IP since it isn't allowed.

If I set it up like this:

interface FastEthernet0/45

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport trunk allowed vlan 2,5

switchport mode trunk

The phone will not get a VL 5 ip address and the PC gets a VL 2 IP.

Why can't I get both VLANs to work on the same port?

hagirebench · ‎04-03-2007

marc,

Vlan 1 Default data bldg1

Vlan 2 data bldg2

Vlan 5 voice

try this config.

interface FastEthernet0/1

switchport access vlan 2 -->(VLAN for bldg2)

switchport trunk encapsulation dot1q

switchport mode dynamic desirable

switchport voice vlan 5 -->(VLAN for Voice)

this config worked for me.

rgds,

ben

marcshurtz · ‎04-04-2007

That doesn't seem to work. Do you have Shoretel phones?

I have all trunk ports between switches set to encaps. dot1q and mode trunk.

When I manually set the IP, tagging, and VLAN on the phone, it works.

bargerjc8 · ‎04-04-2007

Have you tried including a statement that tells the switchport both the native vlan and the voice vlan?

!

interface FastEthernet0/45

description Voice + Data port

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport mode trunk

switchport voice vlan 5

spanning-tree portfast

!

I don't think you'll need the switchport trunk allowed command unless you're trying to keep other vlans out.

bargerjc8 · ‎04-04-2007

Have you tried including a statement that tells the switchport both the native vlan and the voice vlan?

!

interface FastEthernet0/45

description Voice + Data port

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport mode trunk

switchport voice vlan 5

spanning-tree portfast

!

I don't think you'll need the switchport trunk allowed command unless you're trying to keep other vlans out.

marcshurtz · ‎04-04-2007

I have tried that with no luck. I do have these statements on my core router. Do you think they are stopping my DHCP across Vlans?

no ip forward-protocol udp nameserver

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

bargerjc8 · ‎04-04-2007

You could always turn those back on to check it out.

Perhaps the trunk between the 3560 in bldg B and the 3750 in the main office also needs to be native vlan2. Otherwise the DHCP server sees traffic coming in on vlan1 and serves an ip address for that vlan.

I'm also thinking it might be something different because it's a Shoretel. Did you say it works fine with a Cisco phone but not with the Shoretel?

marcshurtz · ‎04-04-2007

It is a Shortel Phone system. They depend on the dot1q tagging to place them in the voice VLAN. Our current Cisco phones work fine, but I think they use CDP instead of tagging to get their IPs (they are using the same Vlan)

Once the phone is in VLAN 5 (set manually), the ports should know that the DHCP request should be forwarded to the VLAN 5 DHCP server (via ip-helper) I believe that somewhere the DHCP request for VLAN 5 is being dropped IF the port has anything to do with VLAN 2. The whole thing works great if the port is set to the default Vlan (1) for data.