Re: SG300 Windows DHCP Server and VLANS

90Ninety · ‎11-08-2019

I have the following

Asus RTN16 Router ( WIth Tomato Shibby Firmware)

TWO VLANS (Plus Default )deployed on router , #3. #4

TWO Gateway Interfaces for each VLAN ( 10.10.3.1 & 10.10.4.1)

SG300 Smart Switch ( In Layer 3 Mode )

VLAN Trunk tagged Default , VLAN #3, VLAN #4

Access Ports for VLAN #3 and VLAN #4 , some default

VLAN config is shown :

Diagram is below

I can get full network access from the server logged in locally ( internet access and can ping the different VLAN gateways )

However the Client PCS on the access ports VID3 and VID4 are not getting any IP address from the server .

I have enabled DHCP relay , and added the DHCP server address to the switch , as shown below

IS there something I am missing here?

90Ninety · ‎11-11-2019

I have had more challenges since doing this :

The DHCP servers both stopped working on the server and from the router

I tried plugging the server and a client into a dumb ethernet switch and it does not give any IP address

The router stopped giving IP addresses for the workgroup ( 10.10.0.X/25) on VLAN 1

I have since deleted all additional VLANS and gone back to a workgroup . I really cant understand what I am doing wrong here . Any help appreciated

AlKor · ‎11-12-2019

Post config from CLI. Hard to understand you configuration

90Ninety · ‎11-13-2019

Hi

Thanks for replying ,there is more than likely something wrong

Config is below :

v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 3-4
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.10.3.10
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname switch70b783
no passwords complexity enable
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15
!
interface vlan 3
 name 3
 ip dhcp relay enable
 no snmp trap link-status
!
interface vlan 4
 name 4
 ip dhcp relay enable
 no snmp trap link-status
!
interface gigabitethernet1
 switchport trunk allowed vlan add 3-4
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 3
!
interface gigabitethernet4
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport mode access
 switchport access vlan 4
!
interface gigabitethernet23
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport mode general
 switchport general allowed vlan add 3 untagged
 switchport general pvid 3
 switchport forbidden default-vlan
!
interface gigabitethernet24
 switchport forbidden default-vlan
!
exit
ip dhcp snooping
ip dhcp snooping information option allowed-untrusted
ip dhcp snooping vlan 3
ip dhcp snooping vlan 4

AlKor · ‎11-13-2019

also result from commannds:

sh ip route

and

sh vlan

90Ninety · ‎11-13-2019

Hi ,

Thanks for looking into this

sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


D   0.0.0.0/0 [1/2] via 10.10.0.1, 01:52:12, vlan 1
C   10.10.0.0/24 is directly connected, vlan 1


switch70b783#sh vlan
Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN, V-Voice VLAN

Vlan       Name           Tagged Ports      UnTagged Ports      Created by
---- ----------------- ------------------ ------------------ ----------------
 1           1                            gi1-2,gi5-22,             V
                                          gi25-28,Po1-8
 3           3                gi1              gi3,gi23             S
 4           4                gi1                gi4                S

switch70b783#

AlKor · ‎11-13-2019

I think GE23 in wrong mode:

interface gigabitethernet23
ip dhcp snooping trust
ip dhcp relay enable
switchport trunk native vlan 3
switchport forbidden default-vlan

need change to:

interface gigabitethernet23
switchport trunk native vlan 3
switchport trunk allowed vlan add 4
description "To_Win2016_Srv"

Ports Ge3 and Ge4 change to:

interface gigabitethernet3
 switchport mode access
 switchport access vlan 3

and

interface gigabitethernet4
 switchport mode access
 switchport access vlan 4

And see no routes:

D   0.0.0.0/0 [1/2] via 10.10.0.1, 01:52:12, vlan 1
C   10.10.0.0/24 is directly connected, vlan 1

first is send all internet traffic via 10.10.0.1

second is vlan1 subnet

How to switch will transfer packets?

P.S.

Why you think switch in L3 mode? I see its L2 router

90Ninety · ‎11-13-2019

Please see my responses in blue

@AlKor wrote:

I think GE23 in wrong mode:

interface gigabitethernet23
ip dhcp snooping trust
ip dhcp relay enable
switchport trunk native vlan 3
switchport forbidden default-vlan

need change to:

interface gigabitethernet23
switchport trunk native vlan 3
switchport trunk allowed vlan add 4
description "To_Win2016_Srv"

So I changed the interface#23 from general to 'Trunk' and added VLAN 4 tagged , I will repost the config . Note I was told this was not needed in other forums (only one VLAN needed) .

@AlKor wrote:

Ports Ge3 and Ge4 change to:

interface gigabitethernet3
 switchport mode access
 switchport access vlan 3

and

interface gigabitethernet4
 switchport mode access
 switchport access vlan 4

I had already done this and have edited the running configuration in the earlier post

@AlKor wrote:

And see no routes:
D   0.0.0.0/0 [1/2] via 10.10.0.1, 01:52:12, vlan 1
C   10.10.0.0/24 is directly connected, vlan 1
first is send all internet traffic via 10.10.0.1
second is vlan1 subnet
How to switch will transfer packets?

Sorry I do not understand the above statements . Could you elaborate further ? Note: I am not familiar with CLI , if you can , please explain settings in the GUI first .

@AlKor wrote:
P.S.
Why you think switch in L3 mode? I see its L2 router

Because the interface says so ( as below) , I was told a L3 switch was needed to route between subnets/VLANS

For the record , latest config below :

config-file-header
switch70b783
v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 3-4
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.10.3.10
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname switch70b783
no passwords complexity enable
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15
!
interface vlan 3
 name "Win2016 Srv"
 ip dhcp relay enable
 no snmp trap link-status
!
interface vlan 4
 name 4
 ip dhcp relay enable
 no snmp trap link-status
!
interface gigabitethernet1
 switchport trunk allowed vlan add 3-4
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 3
!
interface gigabitethernet4
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport mode access
 switchport access vlan 4
!
interface gigabitethernet23
 ip dhcp snooping trust
 ip dhcp relay enable
 switchport trunk allowed vlan add 4
 switchport trunk native vlan 3
 switchport default-vlan tagged
 switchport forbidden default-vlan
!
interface gigabitethernet24
 switchport forbidden default-vlan
!
exit
ip dhcp snooping
ip dhcp snooping information option allowed-untrusted
ip dhcp snooping vlan 3
ip dhcp snooping vlan 4

90Ninety · ‎11-13-2019

I might add that since yesterday , I have been able to get IP from the server when connecting to access port 3 ( VLAN 3 ) Though connecting to access port 4 VLAN (VLAN 4) Does not get me an IP from the server . However if I manually specify an IP on Access Port 4/ VLAN 4 , I am able to contact the server and have internet . I also want to add , I am able to contact the upstream router and have internet on both VLAN 3 and VLAN 4 ( VLAN 4 only works with static IP )

AlKor · ‎11-13-2019

Its becouse GE23 was not a member of VLAN4
Now work ?

90Ninety · ‎11-14-2019

@AlKor wrote:
Its becouse GE23 was not a member of VLAN4
Now work ?

Hi

Making G23 a trunk made no difference , I was able get network flow on on either access ports before , when statically assigning IP's for their relevant subnets .

However it seems the problem is getting the DHCP relay working . Attached are Wireshark traces for each access ports

leecoxhouse1 · ‎11-17-2019

To me it really does not make sense to use a L3 switch and an all in one router. The L3 switch cannot route the wireless since it is built-in to the router. A wired router like the Cisco RV340 router and use the ASUS as a wireless AP makes more sense. Then the L3 switch can route the VLANs. Hopefully the ASUS router running as a wireless AP can support multiple VLANs for all this to work.

90Ninety · ‎11-19-2019

@leecoxhouse1 wrote:
To me it really does not make sense to use a L3 switch and an all in one router.
The L3 switch cannot route the wireless since it is built-in to the router.

Your post is not making sense, no wireless was mentioned in post

I was told the L3 router switch was needed for VLAN relay but , I understand that the router can do this also

90Ninety · ‎11-25-2019

Update ; I have now got the inter VLAN and relay working ( with one caveat *) . The main issue was that I was mixing and matching the VLAN interfaces on the routing hardware . The VLANS are now exist on just the switch - This is important because , the VLAN Relay will only work when on the device where the VLANS are created .

The SG300 switch does not care about additional IP addresses of the Router, so having one IP for the tomato is sufficient . It just needs to know its upstream gateway route . I removed the additional IP interfaces from the tomato , added interfaces to the switch , and removed the Trunk between the router and the Cisco SG300 switch.

So now the Router has one IP address ( 10.10.0.1) and routes packets to the sg300 switch IP ( 10.10.0.5)

Add route 10.10.4.0 (VLAN 4) next hop 10.10.0.5 ( switch )
Add route 10.10.3.0 (VLAN 3) next hop 10.10.0.5 (switch )

I understand now , I should let the Switch do the InterVlan routing , which does work automatically . I am now able to IP addresses from the Win2016 server on both VLAN Scopes ( VLAN 3 and VLAN 4 )

I also added the Changed the Gateway address of each DHCP pool , to each interface of the SG300

- Just one issue now :

* I am now unable to get internet on the VLANS

90Ninety · ‎11-29-2019

OK

So I have the DHCP relay working on one switch but , now not sure where to connect a second switch on this topology . Should I connect the second switch to the router , or should I connect it to the first switch

Please see updated diagram