No that is not the problem,  problem is that I have some equiment that doesn't like to play nice with the Cisco 2900's DHCP server, however it does with the little RV320 router.  plan was to make a separate "segment" behind that RV320 for that stuff, and use the router to get it to the rest. (However I could also just have it act like a separate DHCP server, if that's "just" the problem.)

Ron

I think we need to be careful in answering this question. There are aspects of the environment that we do not know and they will be significant. On the surface it is an easy question with a simple answer. Yes it is possible to connect the WAN port of 320 to an Ethernet port of 2900 and to have some subnet on 320 and another subnet on 2900. What we also need to consider is that there is some subnet that they share and that connects them. For this to work the 320 needs routing logic to reach resources on (or through) the 2900 (perhaps a static default route or perhaps a dynamic routing protocol). And the 2900 needs routing logic for the subnet that is unique to 320 (perhaps a static route or perhaps a dynamic routing protocol). 

Hello Rick,

I figured it would not be that easy, straight forward, or maybe not even the easiest or most elegant solution. Another thing I tried, which seems to work is to disable the WAN ports on the RV320, and use it as a 'switch' that has it's own dhcp server. I am blocking  the port for DHCP packets on the 2960 where I hooked up the RV320 for now. The wireless controller get's it's IP address from the RV320 (through an AP), and it seems that I can get to it (so it seems happy). I would like to have hem all in one VLAN/subnet though. (If I can do that I might be able to use the dhcp server on teh RV320  using a helper-address that points to it?)

As I said..  wild idea.

Ron

Ron

There are aspects of your environment that I do not know and it makes it difficult for me to know how well my answer really fits what you are asking. It is clear that you have some device that does not do well when supplied DHCP by the 2900 but does well when supplied DHCP by your 320. In that case it does seem to me that there is a relatively straightforward solution using the 320 connected to the 2900.

I assume that the 2900 will have some connection to the outside but will not address that aspect in what I am suggesting. I suggest that you use these steps:

- for the 320 choose 2 subnets, one for connecting your device and one for connecting the 320 to the 2900.

- configure the 320 with the appropriate subnet for its LAN. (configure the LAN interface, an interface for your device, DHCP for that subnet, etc)

- configure the 320 WAN interface with an IP address in the other subnet that you chose.

- configure the 320 with a static default route with the 2900 as the next hop.

- configure an interface on the 2900 for connection to the 320. (configure its IP address as one of the addresses in the subnet that you configured on the 320 WAN)

- configure a static route on the 2900 for the subnet used for the device on the 320 with the 320 WAN interface IP address as the next hop.

Configuring the 320 to use its switch ports but not its WAN port is an interesting thought. My concern would be if you are using just the switch ports on the 320 (your device in one access port with the 2900 in an access port) with the 2900 doing the routing then would you be able to use DHCP on the 320?

Hello Rick,

right, I understand it not easy to see what someone else is doing.  What I am doing is  "kinda weird"  There are no people on these networks, they are mostly wireless "IoT style" devices. And those things are probably not even the best example of engineering on the network part.

So yes,  one of the devices is a controller (based on some belkin equipment) and it doesn't seem to play well with the dhcp server on the Cisco 2900, When I look at debug messages it follows the regular process,  discovery packet etc etc..  and at the end it receives a dhcpoffer .. seems to ignore or reject it,  and starts all over again with a discovery broadcast. Somehow that doesn't happen on the RV320 (which is a Cisco small business router, pretty small , web based, not many configuration options.)  But since it seems to work, for now, a a temporary solution.

Yes the 2900 connect to the outside, using a cisco cable modem, and that works well.  I have two Cisco switches (ws-c2960s-24ps-l) and some Aironet APs that connect to those wireless devices.

So hooking up the RV320 to the Cisco 2911 is a short term solution (and using it as a switch/dhcp-server seems to mostly work for now)

Thanks for the proposed solution, however some things don't work on the RV320.  for example you can't define routes (at least I have not seen a way to do it on that thing). Also, I am pretty sure that everything going out the WAN ports by default is natted, and I don't think that can change. Probably could make it work, but the only thing really needed is a dhcp offer those wireless devices want to play with.

I think that DHCP somehow is the problem. So I can either figure out a configuration on the 2911 that fixes that, or build a separate dhcp server (which I did do a test run with) or work with a device like that rv320 and use it as a DHCP server.

Also the issue with some devices seems to be that they can't be reached from outside of their subnet/vlan (but that could also be my lack of understanding routing and such). Some devices (of the same type)  work perfectly fine in their subnet, can be seen/pinged from the router but not outside of their vlan/subnet (their MACs don't show up in the arp tables on the router), even the switches they are connected to, don't "see" them when I try to ping them. Other types are fine and behave like expected.

On the use router as switch, this is what I did;  I have a router on a stick set up with the 2900.  The switches are connected  and  a switch port on the 320 is connected to a port on a 2960 switch.  I made that 296 port a trunk port and blocked dhcp on that port (just in case). The device/controller connects to a specific AP/SSID that is connected to the 320, and gets an address from the 320. That works (just in VLAN 1, subnet 192.168.1.0).  So the 320 is not really connected to the 2900.  I can see the 320 do it's dhcp thing,  I can see the AP association etc. and the controller seems happy like a lark in vlan1.

thanks,

Ron

Ron

Thanks for the explanation. I am surprised that your device doesn't work with 2900 DHCP but does work with 320 DHCP. I don't have much experience with 320 and so don't have insight on that side of the issue. 

It it is odd to have devices that are reachable from the local subnet but not reachable from remote subnets. I have seen this in situations where there was an issue with configuration of the gateway. And I have experience with some devices whose IP stack was limited this way intentionally. 

It is a bit weird setup,  I am actually trying to put it in the Cisco Packet Tracer, that way if someone wants to see it ...  well a picture shows more than a 1,000 words.

I am actually still a little surprised, it is only one controller, but I have 4, that do that.

The routing issues might very well because of me being a beginner with Cisco stuff, I might very well have make some crucial mistakes. As I said, I am trying to build a model in the tracer program (but I'll attach a screenshot). I am trying to figure a few things out. One being how to have wireless access points, in the packet tracer, with multiple SSIDs (every vlan has an SSID and vice versa on the AP) and also, if I can simulate if the trunks between router, switches and access points all need to be native vlans. (also, in the tracer program I couldn't find any 2960-s switches, so I used 2960 100/10 ones) (it's a good work from home exercise).

Here's a screen shot (the wireless connections seem random, but that actually happens in real life too).

Ron

Ron

thanks for the screen shot. I don't have experience with RV320 and I don't do packet tracer. So I am not much help on those. If you think there is a routing issue and post config of switch and router I would look at them. 

I did the packet tracer thing more for fun then anything else, plus that way I have a screen shot  of what it looks like, in an abstract way.

So I have things working.  If I use the RV320 as a switch+dhcp instead of the route, and connect an AP to it in the same subnet,  and hand out an IP to the controller in the same subnet (on the 320 using 192.168.1.0,  which technically overlaps with  what is  2900/2960 LAN,  but I excluded 192.168.1.1-10  there,  and only use  192,168.1.4 for the switch,  192.168.1.5 for the IP  and hand out 192.168.1.4 to the controller.

That way the controller (and AP and 'switch'/RV320 can be seen everywhere in the rest of the LAN it looks like.

Of course I am kinda **bleep** and want the controller to be in VLAN5,  with an ip like 192.168.5.7 and the RV320 will hand that out too.

So I switched the switch port from:

interface GigabitEthernet1/0/22
description Trunk to RV320 Router, that's where TM-W-F7C033 stuff lives
switchport mode trunk
ip access-group Deny_TM-W-F7C033_DHCP in

interface GigabitEthernet1/0/22
switchport trunk allowed vlan 1,2,5
switchport mode trunk
ip access-group Deny_TM-W-F7C033_DHCP in

but that doesn't seem to work and can't ping the controller (192.168.5.6) from the LAN side. However I can ping "everything" from the RV320 it seems.

Thanks for the additional information. I have a couple of comments. 

- applying an access list using access-group on a layer 2 interface like a trunk should not work. I am surprised the command was not rejected. access-group should be configured on a layer 3 interface where an IP address is configured. 

- I am interested in the possible overlap of addresses. Can you tell me how that subnet is configured on the router? Is it a physical interface, sub interface, some thing else? How is the router connected to the switch? On an access port, a trunk port, some thing else? What vlan on the switch corresponds to the subnet on the router? How does the switch connect to 320? Is it an access port, a trunk port, some thing else? What vlan(s) are configured on 320?

It occurs to me that one way to get the information I seek is to post the output to these commands:

on the router

show cdp neighbor 

show ip route

show ip interface brief

on the switch 

show cdp neighbor 

show interface status

show interface trunk

show ip route

Hello Rick,

I moved around and added some stuff to see what happens.  If I stick a cellphone or a laptop in the same  subnet as where these sensors/boards go, I can just see the phone and laptop fine (ping etc.) Howeve, as soon as I move that controller out of 192.168.1.1  or when I stick the path to it's dhcp server in a trunk,  it stops responding. So I think it might be a hardware characteristic thing or so. (I'll put wireshark on it when I have time and see what happens).

thanks for looking at this!!

Ron

on the 2911 router:

Charon#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
North.localdomain
Gig 0/1.1 145 S I WS-C2960S Gig 1/0/24

Total cdp entries displayed : 1

Charon#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is 69.254.150.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 69.254.150.1, GigabitEthernet0/0
69.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S 69.252.216.68/32 [254/0] via 69.254.150.1, GigabitEthernet0/0
C 69.254.150.0/23 is directly connected, GigabitEthernet0/0
L 69.254.151.52/32 is directly connected, GigabitEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1.1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1.1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet0/1.2
L 192.168.2.1/32 is directly connected, GigabitEthernet0/1.2
192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly connected, GigabitEthernet0/1.4
L 192.168.4.1/32 is directly connected, GigabitEthernet0/1.4
192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.5.0/24 is directly connected, GigabitEthernet0/1.5
L 192.168.5.1/32 is directly connected, GigabitEthernet0/1.5
192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly connected, GigabitEthernet0/1.6
L 192.168.6.1/32 is directly connected, GigabitEthernet0/1.6
192.168.7.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly connected, GigabitEthernet0/1.7
L 192.168.7.1/32 is directly connected, GigabitEthernet0/1.7
192.168.37.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.37.0/24 is directly connected, GigabitEthernet0/1.37
L 192.168.37.1/32 is directly connected, GigabitEthernet0/1.37

Charon#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 69.254.151.52 YES DHCP up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/1.1 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1.2 192.168.2.1 YES NVRAM up up
GigabitEthernet0/1.4 192.168.4.1 YES NVRAM up up
GigabitEthernet0/1.5 192.168.5.1 YES NVRAM up up
GigabitEthernet0/1.6 192.168.6.1 YES NVRAM up up
GigabitEthernet0/1.7 192.168.7.1 YES NVRAM up up
GigabitEthernet0/1.37 192.168.37.1 YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset down down
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset down down
NVI0 unassigned YES unset administratively down down
Vlan1 unassigned YES unset down down

On the 2960 switch:

North#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
South.localdomain
Gig 1/0/28 178 S I WS-C2960S Gig 1/0/28
ap2 Gig 1/0/12 147 T AIR-AP112 Fas 0
ap7 Gig 1/0/10 168 T AIR-AP123 Fas 0
ap8 Gig 1/0/11 170 T AIR-AP123 Fas 0
AP-TM-W-F7C033 Gig 1/0/22 178 T AIR-AP112 Fas 0
Charon.localdomain
Gig 1/0/24 141 R B S I CISCO2911 Gig 0/1.1

Total cdp entries displayed : 6

North#show interface status

Port Name Status Vlan Duplex Speed Type
Gi1/0/1 connected 2 a-full a-1000 10/100/1000BaseTX
Gi1/0/2 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/3 connected 1 a-full a-10 10/100/1000BaseTX
Gi1/0/4 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/5 connected 1 a-full a-100 10/100/1000BaseTX
Gi1/0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/8 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/9 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/10 connected trunk a-full a-100 10/100/1000BaseTX
Gi1/0/11 connected trunk a-full a-100 10/100/1000BaseTX
Gi1/0/12 connected trunk a-full a-100 10/100/1000BaseTX
Gi1/0/13 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/14 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/15 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/16 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/17 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/18 connected 1 a-full a-100 10/100/1000BaseTX
Gi1/0/19 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/20 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/21 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/22 Trunk to RV320 Rou connected trunk a-full a-1000 10/100/1000BaseTX
Gi1/0/23 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/24 Trunk-to-Router connected trunk a-full a-1000 10/100/1000BaseTX
Gi1/0/25 notconnect 1 auto auto Not Present
Gi1/0/26 notconnect 1 auto auto Not Present

Port Name Status Vlan Duplex Speed Type
Gi1/0/27 notconnect 1 auto auto Not Present
Gi1/0/28 Trunk-to-South-swi connected trunk a-full a-1000 10/100/1000BaseTX SFP
Fa0 notconnect routed auto auto 10/100BaseTX

North#show interface trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/10 on 802.1q trunking 37
Gi1/0/11 on 802.1q trunking 37
Gi1/0/12 on 802.1q trunking 37
Gi1/0/22 on 802.1q trunking 1
Gi1/0/24 on 802.1q trunking 1
Gi1/0/28 on 802.1q trunking 37

Port Vlans allowed on trunk
Gi1/0/10 4-7,37
Gi1/0/11 4-7,37
Gi1/0/12 4-7,37
Gi1/0/22 1-4094
Gi1/0/24 1-4094
Gi1/0/28 1-4094

Port Vlans allowed and active in management domain
Gi1/0/10 4-7,37
Gi1/0/11 4-7,37
Gi1/0/12 4-7,37
Gi1/0/22 1-2,4-7,37
Gi1/0/24 1-2,4-7,37
Gi1/0/28 1-2,4-7,37

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/10 4-7,37
Gi1/0/11 4-7,37

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/12 4-7,37
Gi1/0/22 1-2,4-7,37
Gi1/0/24 1-2,4-7,37
Gi1/0/28 1-2,4-7,37

North#show ip route
^
% Invalid input detected at '^' marker.

Hello Rick,

The access-list, that I applied  on that interface was because I saw that discovery packets from that wireless client would pass through the switch and reached the dhcp server on the 2900 router too, which I didn't want to happen.  I stole that idea from somewhere on this forum.  I applied it and it seemed to work?

That also would be part of the answer to your 2nd question.  So, because of the limitations that wireless hardware seems to have I would like to give it a static address in the subnet it apparently wants to be in (192.168.1.0). So I tried to recreate that, by picking an excluded address, and then  give that address to that thing (with dhcp on that rv320).  On the RV320 I just statically assigned an address to the RV320 (192.168.1.4), and also to the AP (192.168.1.5) and the DHCP on the RV320 only hands out one address, to that controller (192.168.1.6).  The dhcp on the rv320 ignored anything but that controller.

The router is connected to the 2960 via switch port on the RV320.  Effectively I am using the RV320 router as a layer 2 switch that has a dhcp server. That wireless controller doesn't like the dhcpoffers from the 2900 and ignores them, it accepts the dhcp offers from the rv320 so that is why I did that. I don't know if that's 320 vs 2900 thing or if that device/controller doesn't like dhcp traffic that was relayed.  (In the dhcp debug on the 2900 I can see dhcp traffic as it's supposed to, except at the very last, that controller ignores the dhcp offer it seems.)

The port on the 2960 is a trunk (it's that port with that access-list/group), there is no option to set the mode to access or trunk on the RV320. Also, when yo use/define a vlan on it, it's across all 4 ports of the switch part.

You can have 4 vlans on the 320.    I'll attach a screen shot of that.

This is a pretty simple router, but robust and I can see why it is called a "small business router".   if you had two offices and each had one of these, you only have to click the same things on both sides to make it work.  There are also some very simple 24 port unmanaged layer 2 switches (also Cisco) that work really well wit it.  It works really well in the sense of, "plug it in and there you go"  but if you need something a bit more demanding, like actual VLANs, routing etc..  that won't fly.

The 320 comes pre-configured with a vlan 1, 25 and 100 with 3 "subnets"  (I actually suspect they are not real subnets, but some 'flat' ip space like 192.168.1.0 / 255.255.255.252 or so.

Also, the 320 has no CLI really, just a GUI  (here's a screenshot. )  I moved to the 2900 and 2960's so I could configure things exactly how I want them instead of just turning things on or off.

Ron