08-20-2012 12:44 AM
Hi,
I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
Router (RV016 10/100 16-Port VPN Router) as gateway mode:
IP : 172.16.0.1/24
DHCP Server :
IP : 172.16.0.2/24 GW: 172.16.0.1
2 subnets :
172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
IP 172.16.0.254 (vlan 8 default)
Vlan 1 : 172.16.1.1
Vlan 2 : 172.16.2.1
1 device connected on each vlan
a workstation on the vlan 1
a laptop on the vlan 2
In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
I hope the explanations are clear enough and my English too
Any help will be highly appreciated,
Zoubeir
08-20-2012 07:52 AM
Hello Zoubeir,
A couple observations. I do not see any mention of multiple subnet configuration on the RV016. I also do not see mention of the DHCP relay configured on the router.
Additionally, I am assuming VLAN 8 internet works fine but VLAN 1 and 2 internet does not work?
-Tom
08-20-2012 09:58 AM
Hello Tom, thank you for your reply.
Multiple subnet option is enabled and configured on the RV016:
172.16.1.1/24
172.16.2.1/24
It is also configured on the sg 300-10 MP globaly and on each vlan interface.
DHCP relay is also configured on the RV016.
Indeed, Vlan 8 internet works but only if I set a static IP manually on the workstation otherwise no ip is received from DHCP server.
Vlan 1 and 2 clients dont receive any IP and of course no Internet connectivity even If I configure the adresses manualy.
Zoubeir.
08-20-2012 10:45 AM
Zoubeir,
Try adding a couple static routes on the router.
Subnet 172.16.1.0
255.255.255.0
172.16.0.254
hop count 1
172.16.2.0
255.255.255.0
172.16.0.254
hop count 1
Also check to see if the port on the switch is configured with 8u,1t,2t.
-Tom
08-20-2012 01:15 PM
I did what you asked me but unfortunately with no result.
Is It really true that the RV016 does not support the 802.1q protocol ? That'is why maybe it does'nt work, isn'it ?
Zoubeir
08-20-2012 01:17 PM
This is correct, it does not support 802.1q.
However, since the SX300 is L3, static route on the router can address the problem.
The issue you're experiencing is the concept, the default vlan, 8 can go to and from the router. The additional vlans 1 and 2, they will leave the switch but once they go to the router, the router has no path back to assign the traffic correctly. Therefore it simply drops.
-Tom
08-20-2012 03:12 PM
Yesss, I got it ! You are right Tom. Static route on the router can address the problem and indeed it does it. Each host now receives its ip address that correspond to the vlan it belongs to.
This is the change I did :
That's all !
However there is a problem : hosts don't have internet connectivity although they receive the dns ip address (the same that DC, DHCP server). I have internet connection on the server.
Maybe, what you have to know is the next hop after the rv016 is not the ISP router but an intermediate router and I can't directly connect the rv016 to the isp router due to the fact that it is located in a datacenter on another floor of the building.
So what do you think prevents internet connection on the hosts ?
Thank you for you advices,
Zoubeir
08-20-2012 03:25 PM
Zoubeir, the internet connection applies the same concept. Devices connecting on the switch send traffic, but when the router receives, it does not know how to send it back to the different LAN subnets. The static routes should address both issues
-Tom
08-20-2012 06:53 PM
The router is 192.168.2.254. My computer connects to fa2. My router can connect to any other port. I also tested behind the double nat but it gave me a nasty ping time.
Here is the working config.
On the switch the following config
set system mode router
reload
y
y
config t
vlan database
vlan 4
int vlan 4
ip address 192.168.4.1 /24
int vlan 1
ip address 192.168.2.1 /24
int fa2
switchport mode trunk
switchport trunk native vlan 4
-Tom
08-21-2012 05:50 AM
I think I have a bit similar configuration but unfortunately I didn't figure out yet the appropriate static route I have to add. Please see the graph below where I included all relevant informations regarding the network configuration. Can you please find out the mistake ?
So the objectif is to get internet connection for all hosts beloging to the vlans. Now I have only internet on the server and device that belong to the range 172.16.0.0/24.
I think we are so close to the goal.
Thanks again,
Zoubeir
10-05-2012 08:45 AM
Hello Tom,
This seems to be similar to a problem I have. I have an ASA (192.168.1.1) and two SF300 switches - one switch
is 48 port (192.168.1.254) and the other 24P (192.168.1.253) we have a second vlan 20 set up on the 24P switch (192.168.2.253) we have ports 1-12 set for vlan20 (untagged and trunk), the remaining ports on on the default vlan 1.
We have the 24p and 48p switches connect using GE1 and GE1. We are unable to ping a device on vlan 20 ( on the
24p switch) from a computer on the 192.168.1.xx network. We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). We can ping from the ASA to either switch on any vlan. we can ping form 24p vlan20 to the 19..168.1.xx.
We cannot access the internet form the .2 addresses.
There is a server set for DHCP on the network (192.168.1.5). We have a route statement on the ASA, "route inside 192.168.1.0 255.255.255.0 192.168.1.253. We are missing something here. Any ideas?
Thanks,
ERic
10-05-2012 10:02 AM
Hi Eric, the small business group doesn't support the ASA config, but I can help with the switch.
A couple things I notice in your description-
48 port (192.168.1.254) and the other 24P (192.168.1.253) we have a second vlan 20 set up on the 24P switch (192.168.2.253) we have ports 1-12 set for vlan20 (untagged and trunk), the remaining ports on on the default vlan 1.
The connection between the switches, is it 1u, 2t?
The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
We have the 24p and 48p switches connect using GE1 and GE1. We are unable to ping a device on vlan 20 ( on the 24p switch
The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
We have a static route set on the 24p switch (0.0.0.0 192.168.1.0).
Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
-Tom
Please rate helpful posts
10-05-2012 02:35 PM
Hello Tom,
We are using GE3 for the port, it is set as 1U, 20T. I will assume 20 is the vlan tag (??). the vlan Id is 20.
Also the 24P switch is set as layer 3 mode. BUT the 48P switch is set for layer 2 mode. Do we need to
set the 48P switch to layer 3??
Thanks for good help,
Eric
10-05-2012 05:54 PM
Eric, whatever switch is connecting to the ASA directly should be the layer 3 switch, any other downstream can be layer 2 or layer 3. Layer 2 will be better as it would provide faster throughput.
All ports internet connecting to the ASA and between switches should be defined as 1u, 20t.
-Tom
Please rate helpful posts
10-06-2012 10:46 AM
Hello Tom,
that answers my question. I will set the switch, 48p is connected directly to the asa.
I will give it a shot. Thank you and thank Cisco for this support
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide