Re: VLAN and DHCP problem on SG350XG 24F

tonysky22 · ‎11-24-2023

Hi everyone,

I've got a Catalyst 3650 as master switch, with vtp managed vlans (3/10/11, etc...), but no ip routing between them, so no svi IP except the management VLAN (50). Let's say 192.168.50.100/24. Each VLAN has a linux server, permitting DHCP (example vlan 3 : IP DHCP server is 10.10.3.1/24)

I put a SG350XG 24F (24 Optical ports) to distribute those VLANS on several locations. Put the svi IP on vlan 50 at 192.168.50.101/24, the trunk is on port TE1/0/23.

Very simple, it works like a charm. Every optical port configured for a particular vlan does the job (TE1/0/1 for vlan 3, TE1/0/2 for vlan 10, etc...). Only acces ports of course.

But, I have to add a new connection on TE1/0/24, trunked one, because I have a new location where to distribute some of the vlans.

Because I added this new trunk, all my ports from TE1/0/1 to 22, which are acces ports, aren't working anymore. No more IP acquired from DHCP servers.

I don't understand why the behavior changed only by the fact the SG350SG is not an "ending" switch anymore. I have no DHCP spoofing, no option 82. I also tried to put some ip helper-adresses but no luck (and I think not appropriate, refering to the switch model)

Please, if someone has an idea ?

MHM Cisco World · ‎11-24-2023

Check stp in 3560

It can that port go to errdisable

tonysky22 · ‎11-24-2023

Nothing on the 3650. And the new "ending" switch (which is a Catalyst 2960) works like a charm. It GigabitEthernet Ports work on every vlan so the trunk between th SG and th 2960 works (it also has the VTP informations from the 3650).

By the way every switch is configured rapid-pvst. 3650 has the lowest priority (4096)

Thank you for your post.

MHM Cisco World · ‎11-24-2023

Sorry can you draw topolgy

Thanks

MHM

tonysky22 · ‎11-24-2023

Fist case :

C3650 (VTP Server)	---Trunk (vlan 1 to 50 ) -----	TE/23 - SG350XG 24F
Each VLAN has own DHCP server (provided by VMWare VMs)		Every TE1/0/X access ports on vlans OK

After adding new C2960

C3650	-- Trunk (vlan 1 to 50)--	TE/23-SG350XG-TE/24	--Trunk (vlan1,3,10,50)-	C2960
		No more access ports working on vlans		Access ports on vlans working

Sorry for basic topology !

Richard Burts · ‎11-25-2023

It would appear that in setting up the trunk to 2960 that you enabled something/changed something that impacted access ports on 350. As a starting point in investigating this would you share the configuration changes that you made (if you remember)? And would you share the configuration of TE/23 and TE/24?

HTH

Rick

tonysky22 · ‎11-26-2023

Hi Richard.

Well that's what I did to set up the trunk (for TE1/24) :

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 1,3,10,11,50

speed 1000

Nothing more, nothing less !

The configuration of TE1/23 is nearly the same (just more vlans allowed)

MHM Cisco World · ‎11-26-2023

Do you config any broadcast storm limit??

tonysky22 · ‎11-27-2023

Hi MHM, As far as I know, no.

tonysky22 · ‎11-27-2023

The full config :

sh run
config-file-header
SG350XG
v2.5.9.16 / RCBS3.1_930_871_108
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network te uplink none
unit-type unit 2 network te uplink none
unit-type unit 3 network te uplink none
unit-type unit 4 network te uplink none
unit-type-control-end
!
spanning-tree mode rapid-pvst
vlan database
vlan 3,10-16,39-41,50
exit
voice vlan state auto-triggered
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no boot host auto-config
no boot host auto-update
bonjour interface range oob
hostname SG350XG
passwords aging 0
clock timezone J 0 minutes 0
!
interface vlan 3
name Oxxxx
!
interface vlan 10
name Pxxx
!
interface vlan 11
name Wxxx
!
interface vlan 12
name Mxxx
!
interface vlan 13
name Rxxx
!
interface vlan 14
name STxxxx
!
interface vlan 15
name SExxxxx
!
interface vlan 16
name SERxxx
!
interface vlan 39
name Axxxx
!
interface vlan 40
name WIxxxxx
!
interface vlan 41
name ADxxxxx
!
interface vlan 50
name MGMT
ip address 192.168.50.101 255.255.255.0
!
interface TenGigabitEthernet1/0/1
speed 1000
switchport access vlan 3
!
interface TenGigabitEthernet1/0/2
speed 1000
switchport access vlan 10
!
interface TenGigabitEthernet1/0/3
speed 1000
switchport access vlan 11
!
interface TenGigabitEthernet1/0/4
speed 1000
switchport access vlan 12
!
interface TenGigabitEthernet1/0/5
speed 1000
switchport access vlan 13
!
interface TenGigabitEthernet1/0/6
speed 1000
switchport access vlan 14
!
interface TenGigabitEthernet1/0/7
speed 1000
switchport access vlan 15
!
interface TenGigabitEthernet1/0/8
speed 1000
switchport access vlan 16
!
interface TenGigabitEthernet1/0/9
speed 1000
switchport access vlan 39
!
interface TenGigabitEthernet1/0/10
speed 1000
switchport access vlan 40
!
interface TenGigabitEthernet1/0/11
speed 1000
switchport access vlan 50
!
interface TenGigabitEthernet1/0/12
speed 1000
!
interface TenGigabitEthernet1/0/13
speed 1000
!
interface TenGigabitEthernet1/0/14
speed 1000
!
interface TenGigabitEthernet1/0/15
speed 1000
!
interface TenGigabitEthernet1/0/16
speed 1000
!
interface TenGigabitEthernet1/0/17
speed 1000
!
interface TenGigabitEthernet1/0/18
speed 1000
!
interface TenGigabitEthernet1/0/19
speed 1000
!
interface TenGigabitEthernet1/0/20
speed 1000
!
interface TenGigabitEthernet1/0/21
speed 1000
!
interface TenGigabitEthernet1/0/22
speed 1000
!
interface TenGigabitEthernet1/0/23
speed 1000
switchport mode trunk
switchport trunk allowed vlan 1,3,10-16,39-41,50
!
interface TenGigabitEthernet1/0/24
speed 1000
switchport mode trunk
switchport trunk allowed vlan 1,3,10-11,50
!
interface oob
no ip address dhcp
!
exit

MHM Cisco World · ‎11-27-2023

Your config is correct and topolgy is simple but

These sw SG350XG full of bug' I dont known why.

But last check

Do show switchport trunk

Check if the vlan is allowed in trunk or not.

Vtp can make trunk not allowed some vlan.

Sorry if I can not help you in your case.

Have a nice day

MHM

tonysky22 · ‎11-27-2023

sh interfaces switchport te1/0/23
S-VLAN Ethernet Type: 0x8100 (802.1q)
VLAN Mapping Tunnel L2 protocols Global CoS: 5
Name: te1/0/23
Switchport: enable
Administrative Mode: trunk
Operational Mode: up
Access Mode VLAN: 1
Access Multicast TV VLAN: none
Trunking Native Mode VLAN: 1
Trunking VLANs: 1,3,10-16,39-41,50
General PVID: 1
General VLANs: none
General Egress Tagged VLANs: none
General Forbidden VLANs: none
General Ingress Filtering: enabled
General Acceptable Frame Type: all
General GVRP status: disabled
Customer Mode VLAN: none
Customer Multicast TV VLANs: none
Private-vlan promiscuous-association primary VLAN: none
Private-vlan promiscuous-association Secondary VLANs: none
Private-vlan host-association primary VLAN: none
Private-vlan host-association Secondary VLAN: none

VLAN Mapping Tunnel:
S-VLAN Ethernet Type: 0x0x8100 (802.1q)
C-VLANs Outer S-VLANs
------------ ---------------
VLAN Mapping Tunnel L2 protocols S-VLAN:
VLAN Mapping Tunnel L2 protocols Interface CoS: 5 (global)
VLAN Mapping Tunnel L2 protocols forward enabled:
Drop Threshold: 32 kbps (default)

VLAN Mapping One-to-one:
C-VLANs Translated S-VLANs
------------ --------------------

Classification rules:

sh interfaces switchport te1/0/24
S-VLAN Ethernet Type: 0x8100 (802.1q)
VLAN Mapping Tunnel L2 protocols Global CoS: 5
Name: te1/0/24
Switchport: enable
Administrative Mode: trunk
Operational Mode: up
Access Mode VLAN: 1
Access Multicast TV VLAN: none
Trunking Native Mode VLAN: 1
Trunking VLANs: 1,3,10-11,50
General PVID: 1
General VLANs: none
General Egress Tagged VLANs: none
General Forbidden VLANs: none
General Ingress Filtering: enabled
General Acceptable Frame Type: all
General GVRP status: disabled
Customer Mode VLAN: none
Customer Multicast TV VLANs: none
Private-vlan promiscuous-association primary VLAN: none
Private-vlan promiscuous-association Secondary VLANs: none
Private-vlan host-association primary VLAN: none
Private-vlan host-association Secondary VLAN: none

VLAN Mapping Tunnel:
S-VLAN Ethernet Type: 0x0x8100 (802.1q)
C-VLANs Outer S-VLANs
------------ ---------------
VLAN Mapping Tunnel L2 protocols S-VLAN:
VLAN Mapping Tunnel L2 protocols Interface CoS: 5 (global)
VLAN Mapping Tunnel L2 protocols forward enabled:
Drop Threshold: 32 kbps (default)

VLAN Mapping One-to-one:
C-VLANs Translated S-VLANs
------------ --------------------

Classification rules:

How weird that it works with only one trunked port, and not with 2

Thank for your help MHM