Re: ISR Vlan Interface IP Address assigned by DHCP (Client) - Page 2

judu · ‎09-08-2023

I am using a Cisco C1111 ISR w/ 2 L3 interfaces, 8 L2 interfaces.

Interface Vlan601 currently has an IP address assigned to it. I would like to use DHCP to assign the IP address to this interface. However, when I change it to DHCP, the MAC address in the DHCP request is 0000.0000.0000 which is causing the DHCP request to fail.

Starting Point:

Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/1/0   unassigned      YES unset  up                    up      
Vlan601                192.168.1.50    YES NVRAM  up                    up

interface GigabitEthernet0/1/0
 switchport access vlan 601
 switchport mode access

interface Vlan601
 description PartnerNet1
 ip vrf forwarding PARTNER-NET-1
 ip address 192.168.1.50 255.255.255.0
 ip nat outside

router#ping vrf PARTNER-NET-1 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms

router#show int Gi0/1/0
GigabitEthernet0/1/0 is up, line protocol is up (connected) 
  Hardware is C1111-ES-8, address is 5c64.f184.b088 (bia 5c64.f184.b088)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported 
  Full-duplex, 100Mb/s, link type is auto, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported 
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:36, output 00:00:13, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1000 bits/sec, 2 packets/sec
  5 minute output rate 1000 bits/sec, 2 packets/sec
     950 packets input, 76619 bytes, 0 no buffer
     Received 24 broadcasts (11 multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 11 multicast, 0 pause input
     0 input packets with dribble condition detected
     933 packets output, 79668 bytes, 0 underruns
     Output 2 broadcasts (18 multicasts)
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

router#show ip int Vlan601
Vlan601 is up, line protocol is up
  Internet address is 192.168.1.50/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing Common access list is not set 
  Outgoing access list is not set
  Inbound Common access list is not set 
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  VPN Routing/Forwarding "PARTNER-NET-1"
  Associated unicast routing topologies:
        Topology "base", operation state is UP
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled
  Input features: Virtual Fragment Reassembly, NAT Outside, MCI Check
  Output features: Post-routing NAT Outside
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
  IP Clear Dont Fragment is disabled

I remove the IP address from the Vlan601 interface.

router(config)#int Vlan601
router(config-if)#no ip address

router#show ip int br
Interface              IP-Address      OK? Method Status                Protocol  
GigabitEthernet0/1/0   unassigned      YES unset  up                    up      
Vlan601                unassigned      YES manual up                    up

I then set the IP address to DHCP. I have tried this as just "ip address dhcp" and with the client-id set to the physical interface, and with a hostname set. Showing the last iteration. There are not many options available here.

interface Vlan601
 description PartnerNet1
 ip vrf forwarding PARTNER-NET-1
 ip address dhcp client-id GigabitEthernet0/1/0 hostname Cisco
 ip nat outside
end

router#show ip int br
Interface              IP-Address      OK? Method Status                Protocol 
GigabitEthernet0/1/0   unassigned      YES unset  up                    up      
Vlan601                unassigned      YES DHCP   up                    up

router(config-if)#ip address dhcp ?
  client-id  Specify client-id to use
  hostname   Specify value for hostname option
  <cr>       <cr>

router(config-if)#ip address dhcp client-id ?
  BD-VIF           Bridge-Domain Virtual IP interface
  BDI              Bridge-Domain interface
  GigabitEthernet  GigabitEthernet IEEE 802.3z
  Port-channel     Ethernet Channel of interfaces
  Vlan             Catalyst Vlans

router(config-if)#ip address dhcp client-id GigabitEthernet 0/1/0 ?
  hostname  Specify value for hostname option
  <cr>      <cr>

But the ip dhcp debug shows the MAC address being set as all zeros.

Sep  8 17:15:15.174: DHCP: Try 3 to acquire address for Vlan601
Sep  8 17:15:15.177: DHCP: allocate request
Sep  8 17:15:15.177: DHCP: zapping entry in DHC_PURGING state for Vl601
Sep  8 17:15:15.177: DHCP: deleting entry FFFF56A0D0F8 0.0.0.0 from list
Sep  8 17:15:15.177: DHCP: new entry. add to queue, interface Vlan601
Sep  8 17:15:15.177: DHCP: MAC address specified as  0000.0000.0000 (0 0). Xid is 10A945FE
Sep  8 17:15:15.177: DHCP: SDiscover attempt # 1 for entry:
Sep  8 17:15:15.178: DHCP: Scan: Option vendor class Identifier 124
Sep  8 17:15:15.178: Enterprise ID 9
Sep  8 17:15:15.178: vendor-class-data-len 13
Sep  8 17:15:15.178: data: C1111-8PLTEEA
Sep  8 17:15:15.178: DHCP: SDiscover: sending 305 byte length DHCP packet
Sep  8 17:15:15.178: DHCP: SDiscover 305 bytes 
Sep  8 17:15:15.178:             B'cast on Vlan601 interface from 0.0.0.0
Sep  8 17:15:18.200: DHCP: SDiscover attempt # 2 for entry:
Sep  8 17:15:18.200: DHCP: Scan: Option vendor class Identifier 124
Sep  8 17:15:18.200: Enterprise ID 9
Sep  8 17:15:18.200: vendor-class-data-len 13
Sep  8 17:15:18.201: data: C1111-8PLTEEA
Sep  8 17:15:18.201: DHCP: SDiscover: sending 305 byte length DHCP packet
Sep  8 17:15:18.201: DHCP: SDiscover 305 bytes 
Sep  8 17:15:18.201:             B'cast on Vlan601 interface from 0.0.0.0
Sep  8 17:15:22.202: DHCP: SDiscover attempt # 3 for entry:
Sep  8 17:15:22.202: DHCP: Scan: Option vendor class Identifier 124
Sep  8 17:15:22.202: Enterprise ID 9
Sep  8 17:15:22.202: vendor-class-data-len 13
Sep  8 17:15:22.202: data: C1111-8PLTEEA
Sep  8 17:15:22.202: DHCP: SDiscover: sending 305 byte length DHCP packet
Sep  8 17:15:22.202: DHCP: SDiscover 305 bytes 
Sep  8 17:15:22.202:             B'cast on Vlan601 interface from 0.0.0.0
%Unknown DHCP problem.. No allocation possible
Sep  8 17:15:35.657: DHCP: Waiting for 15 seconds on interface Vlan601

How can I set the MAC address to use the MAC address of the Gi0/1/0 or some other viable solution?

Richard Burts · ‎10-02-2024

You ask an interesting question "Do VLANs sit at layer 3 or layer 2?". Part of the answer depends on semantics and how we understand terms. A vlan has many aspects that are layer 2 (and many people would probably say that vlans are layer 2 entities), but a vlan also has some layer 3 aspects. So I say that the answer to your question is that vlans sit at both. The layer 3 aspects of a vlan are configured using the interface vlan 1. The layer 2 aspects of the vlan are configured on the physical interfaces that belong to the vlan.

In a previous post you said " g0/0/1 is assigned the ip address 192.168.1.1 and is where I plug in a computer to access the GUI". It is helpful to know this, especially in the short term. In looking longer term, do you intend to keep that access? If so you will need to select a different IP subnet to use for the devices in vlan 1 (and for interface vlan 1). Would I be correct in assuming that the devices in your current network are using 192.168.1.0? If so then you need to move that address/subnet to interface vlan 1 and assign some other IP network to access the GUI.

HTH

Rick

90-Lowrider · ‎10-02-2024

I used the configuration guide that contains

Cisco 1100 Series Software Configuration Guide, Cisco IOS XE Fuji 16.8.x - Setting Up Factory Default Device Using Web UI [Cisco IOS XE 16] - Cisco

From the configuration mode, enter the following configuration parameters.

!

ip dhcp pool WEBUIPool

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

username admin privilege 15 password 0 default

!

interface gig 0/0/1

ip address 192.168.1.1 255.255.255.0

!

Hence the gig0/0/1 interface having 192.168.1.1 assigned to it

Richard Burts · ‎10-02-2024

Thanks for the information. So 192.168.1.1 for G0/0/1 is based on the configuration guide. Now that you have the basic config done it is time to decide how you want your particular network to work. What network/subnet do your current devices use (SG350, APs, etc)? That is the network that you need to configure for vlan 1. And if those devices are using 192.168.1.0 then you need to move that from G0/0/1 to vlan 1. If they are using some other network/subnet then that is what needs to be on vlan 1 and you can keep 192.168.1.1 where it is.

HTH

Rick

90-Lowrider · ‎10-02-2024

If I understand correctly, VLAN1 and gig0/0/1 are both interfaces and cannot share the same pool. In my current configuration gig0/0/1 is associated with the pool I set up to access the GUI, WEBUIPool. When I associated VLAN1 with WEBUIPool I caused a conflict.

Would this solve my problem:
Main_Pool
network 192.168.10.0 (which sets up 192.168.10.1 to 192.168.10.254)
router address 192.168.1.1 (not sure on this on, please opine)

VLAN1 then gets associated with Main_Pool

gig0/0/1 keeps the ip address 192.168.1.1 so I can continue to access the GUI

Devices and the switch get attached to the 4 ports on the router and the 28 ports on the switch

Is that what you are suggesting?

Richard Burts · ‎10-03-2024

You have a fairly good start on the configuration of your new router. Before we get into detail of how to go further with this config you need to tell us some things about your existing environment. In particular what IP network/subnet do your current devices (SG350, APs, etc) use, what is their default gateway, does your existing router perform Network Address Translation for your inside network? In fact I probably should just ask you to describe how your ASUS router is configured and what functions it serves, and that would prepare us to advise you on how to configure the new Cisco router.

HTH

Rick

90-Lowrider · ‎10-03-2024

Existing network consists of an ASUS RT-AX88U as the base router. It has 8 ports into which the SG350 is plugged in as well as 2 RP-AC1900's (access points) and a RT-AC3100 (this is the router I used before purchasing the RT-AX88U and is set up as an access point). I have a QNAP NAS, several smart televisions, Apple TV and a few other devices plugged into the network (my house is wired for ethernet). The base router assigns the ip Addresses (uses 192.168.1.0 .....) and I believe handles NAT. I didn't have to do much to configure it so not sure about the configuration. There is a very good GUI that probably has all of those details and I can check when I get to the location on Friday. The reason I am moving to the Cisco is that the Asus loses its binding with the modem randomly and I have to re-boot the router in order to get it back on line.

I think this is a basic setup (correct me if I am wrong) and should be fairly easy to configure.

Hope that helps. LMK if you need any more info

Thanks

Richard Burts · ‎10-03-2024

This update is quite helpful. The first thing is absolutely clear that you need to move network/subnet 192.168.1.0 from G0/0/1 to Vlan 1.

Moving the address may be a bit tricky. So I suggest these steps:

- first make sure that you have saved the current running config to startup config. For routers with a CLI interface it is simply copy run start. If you are using the GUI there is probably a way to save running to start (but I am not sure what that is). The way to verify this is to reboot the Cisco and make sure that it comes back with the config that you created.

The next step is to log in to the Cisco router and to assign a different IP to G0/0/1. I suggest assigning 192.168.2.1 to the interface. When you do that your computer should lose its connection to the router. Manually change the computer to use 192.168.2.2 as its IP. That should restore connectivity between your computer and the Cisco router.

Then access the Cisco router and assign 192.168.1.1 to vlan 1.

Check to be sure that the Cisco router has a default route which points to G0/0/0. At this point you may need to check into Network Address Translation so that the Cisco router will translate 192.168.1.0 as it forwards out using the outside interface.

Once you have done this you should be able to begin to move some devices to the Cisco router.

HTH

Rick

90-Lowrider · ‎10-03-2024

I've done many copy run starts so familiar with that. The GUI has a function to reboot the router and you can choose to copy the running config to the start config or not before it reboots.

My guess (and this is only a guess as I have not seen it in writing anywhere) is that if a pool is associated with both a level 2 and level 3 interface it won't know how to act (out or in) and won't be able to function properly. If I simply mover g0/0/1 to 192.168.1.2 I will face the same issue I currently face. My thought is to create a new pool, say 192.168.10.0 and associate VLAN1 with the new pool. WEBUIPool stays as it is and is used only for a computer to access the GUI. I tried something similar to this once but did not completely understand what I was doing so I am guessing I did not do it correctly. Once the router is assigning ip addresses I expect the migration will be easy.

If I think of it logically and draw out a diagram I would think that a pool that is associated with an input port of the router (g0/0/1) would function in a different way than a pool associated with the output side of the router (g0/1/0, g/2/0,.....) and that might be the issue. I am going to test and see if I can prove for sure.....

Richard Burts · ‎10-03-2024

There are multiple things to respond to in this recent post. Let me start with this " if a pool is associated with both a level 2 and level 3 interface it won't know how to act (out or in) and won't be able to function properly" What kind of pool are you describing? If you are thinking of a layer 2 pool, I would believe that we are talking about vlans and ports in the vlans. Layer 2 ports in vlans communicate (in and out) with other ports in the same vlan. I do not understand any issue with this. Or perhaps it is pool in an IP subnet? Ports in an IP subnet communicate (in and out) with other devices in the same subnet without problems. So can you clarify this concern?

You say "If I simply mover g0/0/1 to 192.168.1.2" and I do not understand where this comes from. I suggested moving G0/0/1 to 192.168.2.1. Can you clarify your concern here?

You suggest "My thought is to create a new pool, say 192.168.10.0 and associate VLAN1 with the new pool.". I do not understand where this comes from. But let me try to be more clear: vlan 1 NEEDS to be associated with 192.168.1.0.

HTH

Rick

90-Lowrider · ‎10-03-2024

Yes, a layer 2 pool. My question derived from having that pool associated with a level 3 port as I believe it was as set up with the original configuration instructions?

interface GigabitEthernet0/0/1
description gig 0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
ip virtual-reassembly

On the second paragraph I misread your suggestion. I thought you wrote 192.168.1.2 which is part of the 192.168.1.0 pool (WEBUIPool). Moving it to 192.168.2.1 will take it out of the WEBUIPool which should accomplish the objective. My hesitancy to do that was concern I would not be able to access the GUI after the move but it sounds like you feel confident I will still be able to. I was not aware that VLAN1 HAS to be associated with 192.168.1.0 . If that is the case then your suggestion to move the level 3 interface out of the WEBUIPool is the way to go.

Thanks for putting up with my lack of experience here

Richard Burts · ‎10-04-2024

You say "I was not aware that VLAN1 HAS to be associated with 192.168.1.0". Let us think about a couple of fundamental aspects of what you want to do:

- your existing network (SG350 switch, APs, etc) use network 192.168.1.0.

- Those devices will be connecting to ports in vlan 1 on your new router.

- Therefore vlan 1 on the new router needs to be in 192.168.1.0.

- Therefore G0/0/1 needs to be in some network other than 192.168.1.0. Pretty much any other network should work. I was suggesting 192.168.2.0 because it is easy but almost anything would work.

As you move devices over to the new router you should be able to access the router and manage it from those connected devices. You can also continue to use a computer connected to G0/0/1 (configured with a different address) to manage the new router. To do that I suggest these steps:

- make sure you have done copy run start to be sure that startup config reflects the current environment and that you could revert to this environment if something goes wrong.

- change the IP address of G0/0/1 to the new subnet.

- when you change the address of the router interface your computer should lose connectivity. Simple configure a new address in the new subnet on the computer.

- your computer should have access again.

- if at some point you get stuck, you can simply reboot and you will return to the original environment.

HTH

Rick

90-Lowrider · ‎10-04-2024

I found the correct document to use for IOS 17
https://www.cisco.com/c/en/us/td/docs/routers/access/isr1100/software/configuration/xe-17/isr1100-sw-config-xe-17.html

the instructions here differ from the instructions in the document I used in that they do not mention gig0/0/1 but, instead, instruct you to configure VLAN1 and use that to access the GUI (through any of the 8 switch ports). Those instructions say to assign 192.168.1.1 to VLAN1. Not gig0/0/1. I believe you are spot on in your assessment. My expectation is that 192.168.1.1 was assigned to gig0/0/1 and that prevented that ip address from being assigned to VLAN1. Without VLAN1 being assigned to 192.168.1.1 it could not function.

I will try this fix when I get to the machine.

Once again....THANK YOU!

Richard Burts · ‎10-04-2024

You are welcome.

I am glad that you have found a better document. Yes indeed using 192.168.1.x for G0/0/1 prevents using that subnet for vlan 1. I intend no disrespect to the author of the original document, but it seems to me that suggesting use of 192.168.1.x for the interface used for beginning setup is a poor choice. It would have been much better to suggest something like 192.168.100.x for the interface used for initial configuration.

HTH

Rick

90-Lowrider · ‎10-04-2024

I think it may have been for a prior version of IOS.

I made the changes but the unit still did not assign ip addresses. I decided to start from scratch and follow the document. Unfortunately i used the factory-reset all command and am now stuck in rommon mode.

1 step forward, 10 steps back. I should have used the pin on the buttton on the back of the machine....

balaji.bandi · ‎10-05-2024

that is dangerous command wipe IOS also : now you need to do emergency recovery from USB or TFTP :

factory-reset {all | config |boot-vars}
Example:

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help