Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2599
Views
10
Helpful
15
Replies

routing - IP helper

Jerome C.
Level 1
Level 1

‎11-23-2020 11:10 AM

Hello

 

I have a 3750 swtich where I configured 2 vlans : 610 & 611. 

On the interface Gi1/0/23, I configured this interface in trunk mode for 610&611. This physical interface is connected to my firewall on interface eth5. On my firewall, I configured 2 sub-interface (one for each vlan) : 10.251.100.1/26 for vlan 610 and 10.251.100.65/27 for vlan 611.

 

On my C3750 switch, I have the following configuraiton :

 

interface GigabitEthernet1/0/23
description Firewall_eth5
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out

!

interface Vlan610
ip address 10.251.100.4  255.255.255.192
ip helper-address 10.251.50.12
no ip redirects
no ip proxy-arp
no ip route-cache
!
interface Vlan611
no ip address
ip helper-address 10.251.50.12
no ip route-cache
!
ip default-gateway 10.251.100.1

!

Remotly, I can connected on my swtich on ip 10.251.100.4.

 

On computer connected on vlan 610, no problem, they can boot and they find my DHCP server (10.251.50.12). But in vlan 611, the boot failed because the computer can't contact my DHCP server (10.251.50.12). But, if configured a laptop connected on vlan 611 with an static IP (10.251.100.70/255.255.255.224 and gateway 10.251.100.65), the computer is reachable. 

 

Why I can't contact my DHCP server ? I checked the firewall but there is no dhcp trafic from the vlan 611...

 

BR 

0 Helpful
15 Replies 15

Georg Pauwen
VIP
VIP

‎11-23-2020 11:33 AM

Hello,

 

do you have 'ip routing' enabled on your 3750 ? Your Vlan 611 interface needs an IP address. Post the full running config of the 3750 switch.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-23-2020 11:34 AM - edited ‎11-23-2020 12:32 PM

Because VALn 611 is not a Layer 3 interface. so that helper not work.

 

instead, you can make a Native VLAN as 610 so that Device connected to Access vlan 611 can find a DHCP Server

 

 

Simple Method :

 

interface Vlan611
ip address x.x.x.x x.x.x.x. (VLAN IP address)
ip helper-address 10.251.50.12
no ip route-cache
!
no ip default-gateway 10.251.100.1

ip route 0.0.0.0 0.0.0.0 10.251.100.1

 

Other Method :

 

interface GigabitEthernet1/0/23
description Firewall_eth5

switchport trunk native 610
switchport trunk allowed vlan 610,611

!

no interface Vlan611

!

 

example for VLAN 611 interface

 

interface GigabitEthernet1/0/XX

switch mode access

switchport access vlan 611

 

connect the device to the above port and check you get the DHCP IP address.

 

Make sure you have set up the DHCP scope correctly with the Options what DHCP Server are you using? - test and advise

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Jerome C.
Level 1
Level 1
In response to balaji.bandi

‎11-23-2020 12:36 PM

I'm not sure to understand. Where I connect my firewall who deliver on the same physical link (with 2 sub-interfaces) both networks (610 and 611)? 

 

BR

0 Helpful

MHM Cisco World
VIP
VIP

‎11-23-2020 02:41 PM

SW-FW

there is trunk in between?

please only make native VLAN in this trunk with any VLAN other than 611 or 610.

the FW only understand the tag frame if it config with sub interface or vlan.

change it and see result.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎11-23-2020 03:02 PM

There are several things about this situation that we do not know and that impacts our ability to give good advice. One thing is pretty obvious in the original post:

interface Vlan611
no ip address
ip helper-address 10.251.50.12

If there is no IP address on the interface then the configured helper address can not work. 

 

We do not know where the DHCP server is (and not know what kind of device it is - which might or might not be significant). We do not know how the firewall is configured and that might play a role in this. But one thing we do know is that one vlan works for DHCP while the other does not work. And the obvious difference between the vlans is that the one that does have an IP address is the one that works and the one without an IP address is the one that does not work.

HTH

Rick
0 Helpful

MHM Cisco World
VIP
VIP
In response to Richard Burts

‎11-23-2020 03:55 PM

SW(with SVI)-trunk-FW(as router with local DHCP)
the client send broadcast the broadcast go to SVI and FW.
Now broadcast is go to FW via trunk and as i mention before the FW not accept the non tag frame.
so dhcp in FW is failed to assign IP to client.

0 Helpful

Jerome C.
Level 1
Level 1

‎11-23-2020 10:59 PM - edited ‎11-23-2020 11:06 PM

hello

Find here the current configuration (it's not working). My firewall is connected on port 2/0/23. There is a trunk for vlan 610 & 611. On my firewall, 2 sub-interfaces has been created (on the physical port connected on the switch) : eth5_1 with IP 10.241.100.1/255.255.255.192 and eth5_2 with IP 10.241.100.65/255.255.255.224.

!
! Last configuration change at 12:39:08 GMT+1 Mon Jan 2 2006
!
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname switches.mydomain.corp
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$UNMG$18H9uaIJEW4L.AtFHUK/8/
!
username admin privilege 7 secret 5 $1$AUrg$LjSI9QuA2LoLHPjYri.53/
no aaa new-model
process cpu threshold type total rising 70 interval 5 falling 5 interval 5
clock summer-time west recurring last Sun Mar 2:00 last Sun Oct 2:00
switch 1 provision ws-c3750x-24
switch 2 provision ws-c3750x-24
stack-mac persistent timer 0
system mtu routing 1500
!
no ip source-route
ip routing
!
no ip domain-lookup
ip domain-name mydomain.corp
!
stack-power stack sw-dac01
mode redundant
!
stack-power switch 1
stack sw-tls-dac01-lan-d
stack-power switch 2
!
vtp domain MYDOMAIN
vtp mode transparent
!
udld enable
!
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 2 4
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 25 32 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24 26
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 2 70 80 100 100
mls qos queue-set output 1 threshold 4 40 100 100 100
mls qos
password encryption aes
!
spanning-tree mode rapid-pvst
spanning-tree portfast edge bpduguard default
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1-999 priority 0
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
port-channel load-balance src-ip
!
vlan internal allocation policy ascending
!
vlan 410
name ZZZZ
vlan 610
name XXX
!
vlan 611
name YYYY
!
ip telnet tos 40
!
class-map match-any CM_REALTIME_VOICE_TOIP
description Infra Voice Flows
match access-group name ACL_REALTIME_VOICE_TOIP
class-map match-any CM_PREMIUM_VIDEO_SKYPE
description Skype Video Flows
match access-group name ACL_PREMIUM_VIDEO_SKYPE
class-map match-any CM_PREMIUM_VIDEOCONFERENCE
description Infra Video Flows
match access-group name ACL_PREMIUM_VIDEOCONFERENCE
class-map match-any CM_REALTIME_VOICE_SKYPE
description Skype Voice Flows
match access-group name ACL_REALTIME_VOICE_SKYPE
class-map match-any CM_DSCP-IN-D2INP
description Standard Data Flows
match access-group name ACL_DSCP-IN-D2INP
class-map match-any CM_DSCP-IN-D3INP
description Miscellaneous Data Flows
match access-group name ACL_DSCP-IN-D3INP
class-map match-any CM_PREMIUM_D1INP
description Premium Data Flows
match access-group name ACL_PREMIUM_D1INP
!
policy-map PM_QOS_MARKING_ACCESS
class CM_REALTIME_VOICE_TOIP
set dscp af31
class CM_REALTIME_VOICE_SKYPE
set dscp af31
class CM_PREMIUM_VIDEO_SKYPE
set dscp af31
class CM_PREMIUM_VIDEOCONFERENCE
set dscp af31
class CM_PREMIUM_D1INP
set dscp af31
class CM_DSCP-IN-D2INP
set dscp af21
class CM_DSCP-IN-D3INP
set dscp af11
class class-default
set dscp default
!
interface Port-channel20
description VM-Traffic
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
!
interface Port-channel21
description VM-Traffic
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
!
interface Port-channel22
switchport access vlan 410
switchport mode access
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface Port-channel23
description tls-srvesx11_VM-Traffic
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
!
interface Port-channel24
description tls-srvxens01_VM_Traffic
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
!
interface Port-channel25
description tls-srvesx12_VM-Traffic
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
!
interface Port-channel26
description tls-srvxens02_VM_Traffic
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
!
interface Port-channel27
description tls-fas3210_filera
switchport trunk allowed vlan 611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
!
interface Port-channel28
description tls-fas3210_filerb
switchport trunk allowed vlan 611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no logging event link-status
no snmp trap link-status
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 20 mode on
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 21 mode on
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 23 mode on
!
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 25 mode on
!
interface GigabitEthernet1/0/5
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
!
interface GigabitEthernet1/0/6
switchport access vlan 410
switchport mode access
switchport nonegotiate
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
switchport access vlan 410
switchport mode access
switchport nonegotiate
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
channel-group 22 mode active
!
interface GigabitEthernet1/0/8
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/9
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/10
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/11
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/12
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/13
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/14
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable

interface GigabitEthernet1/0/15
switchport trunk allowed vlan 611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
channel-protocol lacp
channel-group 27 mode active
!
interface GigabitEthernet1/0/16
switchport trunk allowed vlan 611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
channel-protocol lacp
channel-group 28 mode active
!
interface GigabitEthernet1/0/17
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
channel-group 26 mode active
!
interface GigabitEthernet1/0/18
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/19
description SQL Server Private VLAN
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/20
description tls-srvinfra1
switchport trunk allowed vlan 610
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
channel-protocol lacp
channel-group 24 mode active
!
interface GigabitEthernet1/0/22
switchport access vlan 410
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/23
description Firewall_PaloAlto_zone_Customers
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
mls qos trust dscp
storm-control broadcast level bps 25m
storm-control multicast level bps 25m
ip dhcp snooping trust
!
interface GigabitEthernet1/0/24
description Firewall_PaloAlto_zone_CIMPLab
switchport trunk allowed vlan 410
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
mls qos trust dscp
storm-control broadcast level bps 25m
storm-control multicast level bps 25m
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 20 mode on
!
interface GigabitEthernet2/0/2
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 21 mode on
!
interface GigabitEthernet2/0/3
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 23 mode on
!
interface GigabitEthernet2/0/4
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-group 25 mode on
!
interface GigabitEthernet2/0/5
switchport trunk allowed vlan 410,610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
switchport access vlan 410
switchport mode access
switchport nonegotiate
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
channel-group 22 mode active
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
switchport trunk allowed vlan 611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
channel-protocol lacp
channel-group 27 mode active
!
interface GigabitEthernet2/0/16
switchport trunk allowed vlan 611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
channel-protocol lacp
channel-group 28 mode active
!
interface GigabitEthernet2/0/17
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
channel-group 26 mode active
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge trunk
spanning-tree bpduguard disable
channel-protocol lacp
channel-group 24 mode active
!
interface GigabitEthernet2/0/22
switchport access vlan 610
switchport mode access
priority-queue out
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast edge
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/23
switchport trunk allowed vlan 610,611
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
mls qos trust dscp
storm-control broadcast level bps 25m
storm-control multicast level bps 25m
!
interface GigabitEthernet2/0/24
switchport trunk allowed vlan 410
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
priority-queue out
mls qos trust dscp
storm-control broadcast level bps 25m
storm-control multicast level bps 25m
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan610
ip address 10.241.100.4 255.255.255.192
ip helper-address 10.251.50.12
no ip redirects
no ip proxy-arp
!
interface Vlan611
ip address 10.251.100.69 255.255.255.224
ip helper-address 10.251.50.12
no ip redirects
no ip proxy-arp
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip ftp source-interface Vlan610
ip tftp source-interface Vlan610
ip route 0.0.0.0 0.0.0.0 10.251.100.1
ip ssh authentication-retries 5
ip ssh source-interface Vlan610
ip ssh version 1
ip ssh dscp 16
!
!
!
snmp-server community abcdef RW
snmp-server community abcdefg RO
snmp-server trap-source Vlan610
snmp-server ip dscp 16
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps stackwise
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.xx.xx.xx abcdef
snmp-server host 10.xx.xx.xx abcdefg
snmp ifmib ifindex persist
!
line con 0
line vty 0 4
session-timeout 300
access-class SSH in
login local
transport input telnet ssh
transport output telnet ssh
line vty 5 15
session-timeout 300
access-class SSH in
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
!
ntp access-group peer NTP_server
ntp server 10.xx.xx.xx prefer
ntp server 10.xx.xx.xx
!
end

0 Helpful

MHM Cisco World
VIP
VIP
In response to Jerome C.

‎11-24-2020 04:36 AM

in SW
show interface trunk 
check the gi1/0/23 native VLAN is it 611?

MHM Cisco World
VIP
VIP
In response to Jerome C.

‎11-29-2020 02:47 PM

any update friend ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎11-29-2020 07:46 PM

I am a bit confused. In the original post we are told that "10.251.100.1/26 for vlan 610 and 10.251.100.65/27 for vlan 611." And in that original post the partial config for interface vlan 610 did have the appropriate address but vlan 611 had no IP address. I identified that as an issue. Recently we were given the complete config of the switch and here is what I find

interface Vlan610
ip address 10.241.100.4 255.255.255.192 

interface Vlan611
ip address 10.251.100.69 255.255.255.224

So now vlan 611 does have an appropriate address. But vlan 610 has an address in a different subnet (check the second octet). Can we get this mismatch straightened out?

 

I do agree that it would be helpful if we get the output of show interface trunk. We especially want to be sure that the trunk to the firewall is active for both vlans. There is some confusion about which interface it is that connects to the firewall. In the original post it was identified as 1/0/23 and in the recent post identified as 2/0/23. So which is it?

 

Are there any log messages on the firewall about vlan 611 when some device on that vlan attempts to obtain an IP address using DHCP? Are there any log messages on the DHCP server about attempts to obtain an address for vlan 611?

HTH

Rick

MHM Cisco World
VIP
VIP
In response to Richard Burts

‎11-30-2020 04:41 AM - edited ‎11-30-2020 04:41 AM

you are 100% right here.

0 Helpful

MHM Cisco World
VIP
VIP

‎11-24-2020 10:06 AM - edited ‎11-24-2020 10:11 AM


jsflkfsjdlfsjlk.png

check note.

0 Helpful

Jerome C.
Level 1
Level 1
In response to MHM Cisco World

‎12-09-2020 09:12 AM

Hi
My problem seems to be solved with the added following command :

ip route 0.0.0.0 0.0.0.0 Vlan610 10.241.100.1
ip route 0.0.0.0 0.0.0.0 Vlan611 10.241.100.65

Is-it a correct ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Jerome C.

‎12-09-2020 02:59 PM

The recent response supplies 2 default static routes and ask if this is correct. From a syntax view yes the statements of syntactically correct. From a logical or functional view we do not have enough information to evaluate whether default route using these vlans is correct or not.

 

I am surprised that adding static default routes using vlan 610 and 611 would solve the problem. I can not think of a reason why configuration of default routes would have any impact on traffic to DHCP server. But if the original poster is saying that now it works then it may not be worth much effort to investigate further.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card