Solved: dhcp doesn't work in vlan

judah8521 · ‎05-16-2018

Hello everyone,

I am a beginner on routing and switching

I am experiencing a problem with dhcp.

Before I raise this topic, I did the following check.

The scenario is that I try to build a DHCP server in switch 3560 and create vlan, and sync vlan through vtp and also assign IP address to different vlan.

//vtp password is wms

if the access port are belongs to the desired vlan on L2 Switch
if the desired VLANs are present on L2 Switch
if the VLANs are allowed on trunk interface
if the SVI's are up on Multilayer Switch
and then fainally the DHCP pools

The problem still exists.

The weird thing is if I assign a static IP address to one of the PC and it works. Once I switch back to DHCP, it shows me DHCP failed APIPA is being used.

Is there something wrong with my configuration??

Please help me!! I would be very appreciated. Thank you so much.

Here is the configuration :

-----------multilayer switch-----------------

ip dhcp excluded-address 10.0.0.161 10.0.0.191

!

ip dhcp pool reception

network 10.0.0.160 255.255.255.224

default-router 10.0.0.161

!

ip routing

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/2

!

interface FastEthernet0/3

interface Vlan1

no ip address

shutdown

!

interface Vlan300

mac-address 0060.70bd.0201

ip address 10.0.0.161 255.255.255.224

--------------------------- switch ---------------------------------------------

spanning-tree mode pvst

!

interface FastEthernet0/1

switchport access vlan 300

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 300

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 300

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 300

switchport mode access

!

interface FastEthernet0/5

interface GigabitEthernet0/1

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

--------------vtp status----------vtp status--------from switch ---

Switch(config)#do sh vtp status

VTP Version : 2

Configuration Revision : 2

Maximum VLANs supported locally : 255

Number of existing VLANs : 6

VTP Operating Mode : Client

--------------vlan-----------vlan---------------vlan----from switch-------

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Gig0/2

300 reception active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

VTP Domain Name : wms

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xCC 0xA5 0x10 0xE3 0x4F 0x33 0x68 0x0B

Configuration last modified by 0.0.0.0 at 3-1-93 00:04:30

amikat · ‎05-17-2018

Hi,

While your dhcp pool configuration specifies the network 10.0.0.160 255.255.255.224 you have excluded the whole subnet range, ie. your dhcp server has no free address to offer. Will you please adjust.

Best regards,

Antonin

View solution in original post

amikat · ‎05-17-2018

Hi,

While your dhcp pool configuration specifies the network 10.0.0.160 255.255.255.224 you have excluded the whole subnet range, ie. your dhcp server has no free address to offer. Will you please adjust.

Best regards,

Antonin

judah8521 · ‎05-17-2018

First of all, thank you Amikat and Georg Pauwen.
You guys did help me a lot.
I am very appreciated.
AND.....
Sorry, I have another issue.
I connect the server direct to the multilayer switch that mentioned previously.
I set up the vlan 200 for server purpose, and I also set the VSI for vlan 200.
The problems was that before I changed the ports (connect to servers) into to trunk, I managed to build the connectivity (ports assigned to vlan 200). Once I changed the ports into trunk, they lose the connection, and i could pint the vlan 200 interface...
here is the configuration of multilayer switch

the server are connected through port 14-21
The IP address of each one is from 10.0.1.18-10.0.1.25
Basically, I just entered static IP address to server, and nothing else
For example : IP address: 10.0.1.18 subnet mask: 255.255.255.240 Default gateway:10.0.1.17

---------------------multilayer switch---------------
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.0.161
ip dhcp excluded-address 10.0.0.129
ip dhcp excluded-address 10.0.0.241
ip dhcp excluded-address 10.0.1.49
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.1.57
ip dhcp excluded-address 10.0.0.193
ip dhcp excluded-address 10.0.1.32
ip dhcp excluded-address 10.0.0.225
ip dhcp excluded-address 10.0.0.65
ip dhcp excluded-address 10.0.1.65

ip dhcp pool training
network 10.0.0.0 255.255.255.192
default-router 10.0.0.1
ip dhcp pool reception
network 10.0.0.160 255.255.255.224
default-router 10.0.0.161
ip dhcp pool production
network 10.0.0.128 255.255.255.224
default-router 10.0.0.129
ip dhcp pool finance
network 10.0.0.240 255.255.255.240
default-router 10.0.0.241
ip dhcp pool management
network 10.0.1.48 255.255.255.248
default-router 10.0.1.49
ip dhcp pool design
network 10.0.1.0 255.255.255.240
default-router 10.0.1.1
ip dhcp pool order
network 10.0.1.56 255.255.255.248
default-router 10.0.1.57
ip dhcp pool research
network 10.0.0.192 255.255.255.224
default-router 10.0.0.193
ip dhcp pool testing
network 10.0.1.32 255.255.255.240
default-router 10.0.1.33
ip dhcp pool hr
network 10.0.0.224 255.255.255.240
default-router 10.0.0.225
ip dhcp pool wireless
network 10.0.0.64 255.255.255.192
default-router 10.0.0.65
ip dhcp pool conference
network 10.0.1.64 255.255.255.248
default-router 10.0.1.65

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/14
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/15
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/16
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/17
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/18
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/19
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/20
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/21
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan200
mac-address 0060.70bd.020e
ip address 10.0.1.17 255.255.255.240
!
interface Vlan300
mac-address 0060.70bd.0201
ip address 10.0.0.161 255.255.255.224
!
interface Vlan400
mac-address 0060.70bd.0202
ip address 10.0.1.57 255.255.255.248
!
interface Vlan450
mac-address 0060.70bd.0203
ip address 10.0.1.33 255.255.255.240
!
interface Vlan500
mac-address 0060.70bd.0204
ip address 10.0.0.129 255.255.255.224
!
interface Vlan550
mac-address 0060.70bd.0205
ip address 10.0.1.1 255.255.255.240
!
interface Vlan600
mac-address 0060.70bd.0206
ip address 10.0.0.241 255.255.255.240
!
interface Vlan700
mac-address 0060.70bd.0207
ip address 10.0.0.225 255.255.255.240
!
interface Vlan750
mac-address 0060.70bd.0209
ip address 10.0.0.1 255.255.255.192
!
interface Vlan800
mac-address 0060.70bd.020a
ip address 10.0.1.49 255.255.255.248
!
interface Vlan830
mac-address 0060.70bd.020b
ip address 10.0.1.65 255.255.255.248
!
interface Vlan850
mac-address 0060.70bd.020c
ip address 10.0.0.193 255.255.255.224
!
interface Vlan950
mac-address 0060.70bd.020d
ip address 10.0.0.65 255.255.255.192
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

amikat · ‎05-17-2018

Hi,

What was the reason for changing server ports from access to trunk? With trunk settings the Vlan 200 gets tagged which I doubt your servers would understand. What is wrong with the port settings as "switchport mode access" and "switchport access vlan 200"? What exactly are you trying to achieve?

Thanks & Regards,

Antonin

Georg Pauwen · ‎05-17-2018

Hello,

on a side note, for the port to work as trunk link to your server, you need to add 'switchport trunk native vlan 200' to the port configs:

interface FastEthernet0/14
switchport access vlan 200
switchport trunk encapsulation dot1q

switchport trunk native vlan 200
switchport mode trunk

I agree with the other posters...the question is why you would need a trunk link to start out with ?

judah8521 · ‎05-17-2018

To Amikat and Georg Pauwen

You guys are being very helpful. Thank you again.

The goal is to make other machines can communicate to those servers. For example one is file server.

I thought if i just assign ports to vlan 200, the other machine cannot communicated to the machine ??

I did try only assign vlan 200 to the port, and the result is the server can ping to default gateway, but cannot ping to any of other machine.

OR

Maybe there is something wrong with my thought (on security purposes or common practice)??

Not quite sure if i need to achieve this goal with router and switch or should I implement it through the function of the server ???

amikat · ‎05-18-2018

Hi,

In some cases (e.g. vmware servers) the trunk may be appropriate, but generally access ports are used for servers. For other boxes (stations) communication within different vlans your L3 switch can arrange via L3 switching (routing) using SVIs, ie. you can configure SVI for every vlan connected and assign its address for each vlan as DG. I hope this makes sense.

Best regards,

Antonin

judah8521 · ‎05-24-2018

To Amikat and Georg Pauwen,

I understood the concept now.
Finally, I did stick with access port and apply another ACL to block certain traffic in the experiment. I also know the concept of DMZ. The machines inside have to face public kind of directly. Another question just hit my brain. We know we need to use VALN to separate the traffic. However, do we assign the different range of IP address or VLAN to the servers in DMZ ??? such EMAIL, and WEB servers or just stick to the Server VLAN (if applicable )

amikat · ‎05-24-2018

Hi,

DMZ servers are usually handled by a router or FW (ASA in Cisco world) not L3 inside switch. While you could control the traffic to some extent with your L3 switch you cannot provide static NAT which is typically required. DMZ should be kept separate from the internal Vlans (including server Vlan).

Best regards,

Antonin

Georg Pauwen · ‎05-17-2018

Good spot, Amikat !

To be on the safe side, I would also put 'spanning-tree portfast, on the access ports:

interface FastEthernet0/1

switchport access vlan 300

switchport mode access

spanning-tree portfast