05-16-2018 08:32 AM - edited 03-05-2019 10:27 AM
Hello everyone,
I am a beginner on routing and switching
I am experiencing a problem with dhcp.
Before I raise this topic, I did the following check.
The scenario is that I try to build a DHCP server in switch 3560 and create vlan, and sync vlan through vtp and also assign IP address to different vlan.
//vtp password is wms
The problem still exists.
The weird thing is if I assign a static IP address to one of the PC and it works. Once I switch back to DHCP, it shows me DHCP failed APIPA is being used.
Is there something wrong with my configuration??
Please help me!! I would be very appreciated. Thank you so much.
Here is the configuration :
-----------multilayer switch-----------------
ip dhcp excluded-address 10.0.0.161 10.0.0.191
!
ip dhcp pool reception
network 10.0.0.160 255.255.255.224
default-router 10.0.0.161
!
!
ip routing
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
interface Vlan1
no ip address
shutdown
!
interface Vlan300
mac-address 0060.70bd.0201
ip address 10.0.0.161 255.255.255.224
--------------------------- switch ---------------------------------------------
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/5
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
--------------vtp status----------vtp status--------from switch ---
Switch(config)#do sh vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 6
VTP Operating Mode : Client
--------------vlan-----------vlan---------------vlan----from switch-------
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/2
300 reception active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
VTP Domain Name : wms
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xCC 0xA5 0x10 0xE3 0x4F 0x33 0x68 0x0B
Configuration last modified by 0.0.0.0 at 3-1-93 00:04:30
Solved! Go to Solution.
05-17-2018 01:03 AM - edited 05-17-2018 02:00 AM
Hi,
While your dhcp pool configuration specifies the network 10.0.0.160 255.255.255.224 you have excluded the whole subnet range, ie. your dhcp server has no free address to offer. Will you please adjust.
Best regards,
Antonin
05-17-2018 01:03 AM - edited 05-17-2018 02:00 AM
Hi,
While your dhcp pool configuration specifies the network 10.0.0.160 255.255.255.224 you have excluded the whole subnet range, ie. your dhcp server has no free address to offer. Will you please adjust.
Best regards,
Antonin
05-17-2018 11:43 AM
05-17-2018 01:46 PM
Hi,
What was the reason for changing server ports from access to trunk? With trunk settings the Vlan 200 gets tagged which I doubt your servers would understand. What is wrong with the port settings as "switchport mode access" and "switchport access vlan 200"? What exactly are you trying to achieve?
Thanks & Regards,
Antonin
05-17-2018 02:39 PM
Hello,
on a side note, for the port to work as trunk link to your server, you need to add 'switchport trunk native vlan 200' to the port configs:
interface FastEthernet0/14
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport trunk native vlan 200
switchport mode trunk
I agree with the other posters...the question is why you would need a trunk link to start out with ?
05-17-2018 07:53 PM
To Amikat and Georg Pauwen
You guys are being very helpful. Thank you again.
The goal is to make other machines can communicate to those servers. For example one is file server.
I thought if i just assign ports to vlan 200, the other machine cannot communicated to the machine ??
I did try only assign vlan 200 to the port, and the result is the server can ping to default gateway, but cannot ping to any of other machine.
OR
Maybe there is something wrong with my thought (on security purposes or common practice)??
Not quite sure if i need to achieve this goal with router and switch or should I implement it through the function of the server ???
05-18-2018 12:35 AM - edited 05-18-2018 12:36 AM
Hi,
In some cases (e.g. vmware servers) the trunk may be appropriate, but generally access ports are used for servers. For other boxes (stations) communication within different vlans your L3 switch can arrange via L3 switching (routing) using SVIs, ie. you can configure SVI for every vlan connected and assign its address for each vlan as DG. I hope this makes sense.
Best regards,
Antonin
05-24-2018 06:56 AM
05-24-2018 01:55 PM
Hi,
DMZ servers are usually handled by a router or FW (ASA in Cisco world) not L3 inside switch. While you could control the traffic to some extent with your L3 switch you cannot provide static NAT which is typically required. DMZ should be kept separate from the internal Vlans (including server Vlan).
Best regards,
Antonin
05-17-2018 01:39 AM
Good spot, Amikat !
To be on the safe side, I would also put 'spanning-tree portfast, on the access ports:
interface FastEthernet0/1
switchport access vlan 300
switchport mode access
spanning-tree portfast
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide