Solved: Need help with DHCP and intervlan on cisco switch 3550

jdave2780 · ‎12-27-2012

I am trying to setup my 3550 layer 3 switch to do hand out dhcp addresses for different vlans. It is connected to my router address 192.168.1.1. I setup a new vlan 3 and the dhcp pool.. The client gets a 192.168.3.2 address but am not able to ping the router and other clients and get out to the internet. What am I doing wrong? I will appreciate any help or advice. Here is the config that I have. I deleted the other ports because I am not using them. The vlan 3 client is on port fast Ethernet 0/17 and the router is connected to the fastethernet 0/1. Thanks in advance.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname SW3

!

no aaa new-model

ip subnet-zero

ip routing

no ip domain-lookup

!

ip dhcp pool VOICE_VLAN

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

dns-server 192.168.1.1

option 150 ip 192.168.3.1

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/17

switchport access vlan 3

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan1

ip address 192.168.1.223 255.255.255.0

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

!

ip default-gateway 192.168.1.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip http server

ip http secure-server

!

control-plane

!

line con 0

exec-timeout 0 0

line vty 0 4

no login

line vty 5 15

no login

!

end

Rahul Kukreja · ‎12-28-2012

Jay -

To me it looks like -

For VLAN 1 - default gateway is 192.168.1.1 (Router)
For VLAN 3 - default gateway is 192.168.3.1 (SW)

so when VLAN 3 users try to talk to Router IP 192.168.1.1, then the traffic goes to the Router (via the SW which is the default gateway for users in VLAN 3)

But as you specified that there is no back route for 192.168.3.0/24 on router - the traffic destined to this subnet on Router will go the default route and the pings are never going to work between these 2 VLAN's.

So to avoid this, you will need to have the default gateway for both the VLAN's on the SW (as the router is not managed)

HTH

Rahul

View solution in original post

dkraut · ‎12-28-2012

Jay Dave, couple items... you said that nothing from vlan 1 can reach vlan 3 and vice versa? I don't think that's accurate. I would bet if you connected a computer to fa0/2 and assigned it an IP adress of 192.168.1.200/24 and a default gateway of 192.168.1.223, you will be able to ping 192.168.1.1, 192.168.3.1 and 192.168.3.2. The problem as noted by others is that there is no route or proper gateway address on your verizon modem so the packets are getting to the modem, but he has no idea how to get back to 192.168.3.x. Can you see if you can access or have verizon put in a route or Default Gateway entry on the verizon modems inside interface that points to 192.168.1.223 ? or a route like this on the modem.

ip route 192.168.3.0 255.255.255.0 192.168.1.223

View solution in original post

cadet alain · ‎12-27-2012

Hi,

Does the router have a route back to the 192.168.3.0/24 subnet ?

Regards.

Alain

Don't forget to rate helpful posts.

jdave2780 · ‎12-27-2012

No, it is a basic Verizon modem. The verizon box only handles the 182.168.1.0 network. Can I configure it to do that on the switch? Or should I setup router on a stick and add that in between the switch and verizon modem? I was trying to see if I can do it all from the switch.

Sent from Cisco Technical Support iPhone App

jdave2780 · ‎12-27-2012

Sorry a typo on the network it should be 192.168.1.0.

Sent from Cisco Technical Support iPhone App

cadet alain · ‎12-27-2012

Hi,

ok so finally which subnet are the clients in and which subnet is the router in ?

Regards.

Alain

Don't forget to rate helpful posts.

jdave2780 · ‎12-27-2012

Some clients and router is on the 192.168.1.0 network and the client I am testing is on the 192.168.3.0. Hope that helps.

Sent from Cisco Technical Support iPhone App

dkraut · ‎12-27-2012

Can the clients in the 192.168.1.x network ping both 192.168.1.1 and 192.168.1.223 ?

The results from the following commands would be helpful >

sh ip int br

sh int status

Also, why do you have Fa0/1 setup as a trunk? You said it's a basic verizon modem? is it a DSL/Cable modem?

If so, change fa0/1 it to an access port >

interface FastEthernet0/1

no switchport mode trunk

no switchport trunk encapsulation dot1q

!

switchport mode access

switchport access vlan 1

jdave2780 · ‎12-27-2012

Yes the clients on the 192.168.1.0 network reach 192.168.1.1 and 1.223. But nothing from the 3.0 can reach 1.0 network and vice versa. Also when I do a tracert from 3.2 to 192.168.1.1 it stops at 192.168.3.1. So there is something I am missing. But don't know what, I turned in the ip routing. And also I reconfigured the fa 0/1 to be access instead if a trunk.

Sent from Cisco Technical Support iPhone App

dkraut · ‎12-27-2012

Please show us the relevant results from the following >

sh ip int br

sh int fa0/1

sh int fa0/17

sh vlan br

jdave2780 · ‎12-28-2012

Here is everything you asked for.

Show ip int br

Interface IP-Address OK? Method Status Protocol

Vlan1 192.168.1.223 YES NVRAM up up

Vlan3 192.168.3.1 YES NVRAM up up

FastEthernet0/1 unassigned YES unset up up

FastEthernet0/2 unassigned YES unset down down

FastEthernet0/3 unassigned YES unset down down

FastEthernet0/4 unassigned YES unset down down

FastEthernet0/5 unassigned YES unset down down

FastEthernet0/6 unassigned YES unset down down

FastEthernet0/7 unassigned YES unset down down

FastEthernet0/8 unassigned YES unset down down

FastEthernet0/9 unassigned YES unset down down

FastEthernet0/10 unassigned YES unset down down

FastEthernet0/11 unassigned YES unset down down

FastEthernet0/12 unassigned YES unset down down

FastEthernet0/13 unassigned YES unset down down

FastEthernet0/14 unassigned YES unset down down

FastEthernet0/15 unassigned YES unset down down

FastEthernet0/16 unassigned YES unset down down

FastEthernet0/17 unassigned YES unset up up

FastEthernet0/18 unassigned YES unset down down

FastEthernet0/19 unassigned YES unset down down

FastEthernet0/20 unassigned YES unset down down

FastEthernet0/21 unassigned YES unset down down

FastEthernet0/22 unassigned YES unset down down

FastEthernet0/23 unassigned YES unset down down

FastEthernet0/24 unassigned YES unset down down

FastEthernet0/25 unassigned YES unset down down

FastEthernet0/26 unassigned YES unset down down

FastEthernet0/27 unassigned YES unset down down

FastEthernet0/28 unassigned YES unset down down

FastEthernet0/29 unassigned YES unset down down

FastEthernet0/30 unassigned YES unset down down

FastEthernet0/31 unassigned YES unset down down

FastEthernet0/32 unassigned YES unset down down

FastEthernet0/33 unassigned YES unset down down

FastEthernet0/34 unassigned YES unset down down

FastEthernet0/35 unassigned YES unset down down

FastEthernet0/36 unassigned YES unset down down

FastEthernet0/37 unassigned YES unset down down

FastEthernet0/38 unassigned YES unset down down

FastEthernet0/39 unassigned YES unset down down

FastEthernet0/40 unassigned YES unset down down

FastEthernet0/41 unassigned YES unset down down

FastEthernet0/42 unassigned YES unset down down

FastEthernet0/43 unassigned YES unset down down

FastEthernet0/44 unassigned YES unset down down

FastEthernet0/45 unassigned YES unset down down

FastEthernet0/46 unassigned YES unset down down

FastEthernet0/47 unassigned YES unset down down

FastEthernet0/48 unassigned YES unset down down

GigabitEthernet0/1 unassigned YES unset down down

GigabitEthernet0/2 unassigned YES unset down down

Show int fa 0/1

FastEthernet0/1 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0012.d9a1.e181 (bia 0012.d9a1.e181)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:07, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 2000 bits/sec, 1 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

809 packets input, 161343 bytes, 0 no buffer

Received 762 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 343 multicast, 0 pause input

0 input packets with dribble condition detected

74 packets output, 8797 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

Show int fa 0/17

FastEthernet0/17 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0012.d9a1.e191 (bia 0012.d9a1.e191)

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 10Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1 packets input, 64 bytes, 0 no buffer

Received 0 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

157 packets output, 12260 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

Show vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Fa0/25

Fa0/26, Fa0/27, Fa0/28, Fa0/29

Fa0/30, Fa0/31, Fa0/32, Fa0/33

Fa0/34, Fa0/35, Fa0/36, Fa0/37

Fa0/38, Fa0/39, Fa0/40, Fa0/41

Fa0/42, Fa0/43, Fa0/44, Fa0/45

Fa0/46, Fa0/47, Fa0/48, Gi0/1

Gi0/2

2 Server active

3 VOICE_VLAN active Fa0/17

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

dkraut · ‎12-28-2012

Jay Dave, couple items... you said that nothing from vlan 1 can reach vlan 3 and vice versa? I don't think that's accurate. I would bet if you connected a computer to fa0/2 and assigned it an IP adress of 192.168.1.200/24 and a default gateway of 192.168.1.223, you will be able to ping 192.168.1.1, 192.168.3.1 and 192.168.3.2. The problem as noted by others is that there is no route or proper gateway address on your verizon modem so the packets are getting to the modem, but he has no idea how to get back to 192.168.3.x. Can you see if you can access or have verizon put in a route or Default Gateway entry on the verizon modems inside interface that points to 192.168.1.223 ? or a route like this on the modem.

ip route 192.168.3.0 255.255.255.0 192.168.1.223

Rahul Kukreja · ‎12-28-2012

Jay -

To me it looks like -

For VLAN 1 - default gateway is 192.168.1.1 (Router)
For VLAN 3 - default gateway is 192.168.3.1 (SW)

so when VLAN 3 users try to talk to Router IP 192.168.1.1, then the traffic goes to the Router (via the SW which is the default gateway for users in VLAN 3)

But as you specified that there is no back route for 192.168.3.0/24 on router - the traffic destined to this subnet on Router will go the default route and the pings are never going to work between these 2 VLAN's.

So to avoid this, you will need to have the default gateway for both the VLAN's on the SW (as the router is not managed)

HTH

Rahul

jdave2780 · ‎12-28-2012

Got it. Makes perfect sense, to add the ip route and also setup the default gateway. Thanks for all your help and guidance. Really appreciate it. Have a Happy New Year.