cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

SG300 Windows DHCP Server and VLANS

90Ninety
Beginner
Beginner

 

I have the following 

Asus RTN16 Router ( WIth Tomato Shibby Firmware) 

  TWO VLANS  (Plus Default )deployed on router  , #3. #4 

  TWO  Gateway Interfaces for each VLAN  ( 10.10.3.1 & 10.10.4.1) 

 

SG300 Smart Switch ( In Layer 3 Mode ) 

VLAN Trunk tagged  Default , VLAN #3, VLAN #4 

Access Ports  for VLAN #3 and VLAN #4 , some default 

VLAN config is shown : 

 

vlan members.PNG

 

 

Diagram is below 

network 1.6i.PNG

 

I can get full network access from the server logged in locally ( internet access and can ping the different VLAN gateways ) 

 

However  the Client PCS on the access ports VID3 and VID4 are not getting any IP address from the server .  

 

 

I have enabled DHCP relay , and added the DHCP server address to the switch , as shown below 

dhcp relay config1.PNGdhcp relay 2.PNG

 

IS there something I am missing here? 

15 REPLIES 15

90Ninety
Beginner
Beginner

 

 I have had more challenges since doing this : 


The DHCP servers both stopped working on the server and from the router 

 

I tried plugging the server and a client  into a dumb ethernet switch and it does not give any IP address 

 

The router stopped giving IP addresses for the workgroup ( 10.10.0.X/25)  on VLAN 1 

 

I have since deleted all additional VLANS and gone back to a workgroup . I really cant understand what I am doing wrong here . Any help appreciated 

 

Post config from CLI. Hard to understand you configuration

Hi 

 

Thanks for replying ,there is more than likely something wrong 

Config is below : 

v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 3-4
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.10.3.10
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname switch70b783
no passwords complexity enable
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15
!
interface vlan 3
 name 3
 ip dhcp relay enable
 no snmp trap link-status
!
interface vlan 4
 name 4
 ip dhcp relay enable
 no snmp trap link-status
!
interface gigabitethernet1
 switchport trunk allowed vlan add 3-4
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 3
!
interface gigabitethernet4
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport mode access
 switchport access vlan 4
!
interface gigabitethernet23
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport mode general
 switchport general allowed vlan add 3 untagged
 switchport general pvid 3
 switchport forbidden default-vlan
!
interface gigabitethernet24
 switchport forbidden default-vlan
!
exit
ip dhcp snooping
ip dhcp snooping information option allowed-untrusted
ip dhcp snooping vlan 3
ip dhcp snooping vlan 4

 

also result from commannds:

sh ip route

and 

sh vlan

Hi , 

 

Thanks for looking into this 

 

sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


D   0.0.0.0/0 [1/2] via 10.10.0.1, 01:52:12, vlan 1
C   10.10.0.0/24 is directly connected, vlan 1


switch70b783#sh vlan
Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN, V-Voice VLAN

Vlan       Name           Tagged Ports      UnTagged Ports      Created by
---- ----------------- ------------------ ------------------ ----------------
 1           1                            gi1-2,gi5-22,             V
                                          gi25-28,Po1-8
 3           3                gi1              gi3,gi23             S
 4           4                gi1                gi4                S

switch70b783#

I think GE23 in wrong mode:

interface gigabitethernet23
ip dhcp snooping trust
ip dhcp relay enable
switchport trunk native vlan 3
switchport forbidden default-vlan

need change to:

 

interface gigabitethernet23
switchport trunk native vlan 3
switchport trunk allowed vlan add 4
description "To_Win2016_Srv"

Ports Ge3 and Ge4 change to:

 

interface gigabitethernet3
 switchport mode access
 switchport access vlan 3 

 

 and

 

interface gigabitethernet4
 switchport mode access
 switchport access vlan 4

 

And see no routes:

D   0.0.0.0/0 [1/2] via 10.10.0.1, 01:52:12, vlan 1
C   10.10.0.0/24 is directly connected, vlan 1

first is send all internet traffic via 10.10.0.1

second is vlan1 subnet

How to switch will transfer packets?

 

P.S.

Why you think switch in L3 mode? I see its L2 router

 

 

Please see my responses in blue

 


@AlKor wrote:

I think GE23 in wrong mode:

interface gigabitethernet23
ip dhcp snooping trust
ip dhcp relay enable
switchport trunk native vlan 3
switchport forbidden default-vlan

need change to:

 

interface gigabitethernet23
switchport trunk native vlan 3
switchport trunk allowed vlan add 4
description "To_Win2016_Srv"

 

 


 So I changed the interface#23  from general to 'Trunk' and added VLAN 4 tagged , I will repost the config . Note I was told this was not needed in other forums  (only one VLAN needed) .

 


@AlKor wrote:

Ports Ge3 and Ge4 change to:

 

interface gigabitethernet3
 switchport mode access
 switchport access vlan 3 

 

 and

 

interface gigabitethernet4
 switchport mode access
 switchport access vlan 4

 

 


I had already done this and have edited the running configuration in the earlier post

 


@AlKor wrote:

 

And see no routes:

D   0.0.0.0/0 [1/2] via 10.10.0.1, 01:52:12, vlan 1
C   10.10.0.0/24 is directly connected, vlan 1

first is send all internet traffic via 10.10.0.1

second is vlan1 subnet

How to switch will transfer packets?

 


Sorry I do not understand the above statements . Could you elaborate further ?  Note: I am not familiar with CLI , if you can , please explain settings in the GUI first .

 


@AlKor wrote:

P.S.

Why you think switch in L3 mode? I see its L2 router


Because the interface says so ( as below) , I was told a L3 switch was needed to route between subnets/VLANS

 

l3l2.PNG

For the record , latest config below :

config-file-header
switch70b783
v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 3-4
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.10.3.10
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname switch70b783
no passwords complexity enable
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15
!
interface vlan 3
 name "Win2016 Srv"
 ip dhcp relay enable
 no snmp trap link-status
!
interface vlan 4
 name 4
 ip dhcp relay enable
 no snmp trap link-status
!
interface gigabitethernet1
 switchport trunk allowed vlan add 3-4
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 3
!
interface gigabitethernet4
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport mode access
 switchport access vlan 4
!
interface gigabitethernet23
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport trunk allowed vlan add 4
 switchport trunk native vlan 3
 switchport default-vlan tagged
 switchport forbidden default-vlan
!
interface gigabitethernet24
 switchport forbidden default-vlan
!
exit
ip dhcp snooping
ip dhcp snooping information option allowed-untrusted
ip dhcp snooping vlan 3
ip dhcp snooping vlan 4

 

I might add that since yesterday , I have been able to get IP from the server when connecting to access port 3 ( VLAN 3 ) Though connecting to access port 4  VLAN (VLAN 4) Does not get me an IP from the server  . However if I manually specify an IP on Access Port 4/ VLAN 4 , I am able to contact the server and have internet .    I also want to add , I am able to contact the upstream router and have internet on both VLAN 3  and VLAN 4 ( VLAN 4 only works with  static IP  )

 

 

Its becouse GE23 was not a member of VLAN4
Now work ?


@AlKor wrote:
Its becouse GE23 was not a member of VLAN4
Now work ?

Hi 


Making G23 a trunk made no difference , I was able get network flow on on either access ports before  , when statically assigning IP's for their relevant subnets . 

 

However it seems  the problem is getting the DHCP relay working . Attached are Wireshark traces for each access ports 

To me it really does not make sense to use a L3 switch and an all in one router.  The L3 switch cannot route the wireless since it is built-in to the router.  A wired router like the Cisco RV340 router and use the ASUS as a wireless AP makes more sense.  Then the L3 switch can route the VLANs.  Hopefully the ASUS router running as a wireless AP can support multiple VLANs for all this to work.


@leecoxhouse1 wrote:

To me it really does not make sense to use a L3 switch and an all in one router. 

The L3 switch cannot route the wireless since it is built-in to the router.  


Your post is not making sense, no wireless was mentioned in post 

 

I was told the L3 router switch was needed for VLAN relay but , I understand that the router can do this also 

 

 

 

90Ninety
Beginner
Beginner

Update ; I have now got the inter VLAN and relay working ( with one caveat *) . The main issue was that I was mixing and matching the VLAN interfaces on the routing hardware . The VLANS are now exist on just the switch - This is important because , the VLAN Relay will only work when on the device where the VLANS are created .

The SG300 switch does not care about additional IP addresses of the Router, so having one IP for the tomato is sufficient . It just needs to know its upstream gateway route . I removed the additional IP interfaces from the tomato , added interfaces to the switch , and removed the Trunk between the router and the Cisco SG300 switch.

So now the Router has one IP address ( 10.10.0.1) and routes packets to the sg300 switch IP ( 10.10.0.5)

Add route 10.10.4.0 (VLAN 4) next hop 10.10.0.5 ( switch )
Add route 10.10.3.0 (VLAN 3) next hop 10.10.0.5 (switch )

tomato routes.png



I understand now , I should let the Switch do the InterVlan routing , which does work automatically . I am now able to IP addresses from the Win2016 server on both VLAN Scopes ( VLAN 3 and VLAN 4 )

 

I also added the Changed the Gateway address of each DHCP pool , to each interface of the SG300 

 

- Just one issue now :

* I am now unable to get internet on the VLANS

OK 

 

So I have the DHCP relay working on one switch but , now not sure where to connect a second switch on this topology . Should I connect the second switch to the router , or should I connect it to the first switch 

 

Please see updated diagram

 

network 2.2.PNG 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: