Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
0
Helpful
8
Replies

3560G DHCP issue

Go to solution
jlmickens
Level 1
Level 1

‎12-14-2010 08:27 AM - edited ‎03-06-2019 02:31 PM

I have a 3560G set up to be the DHCP server for a remote office setup (currently being lab tested).  Last week, the setup worked fine, but when I set my laptop up in the lab today, the 3560 won't dish out addresses on that VLAN.  There are two VLANs that are set for DHCP.  The SIP VLAN is getting theirs just fine, and if I set the workstation on the SIP VLAN, it gets an address, but nothing on the Workstation VLAN is getting one.  I have rebooted the 3560 but it had no effect, and have tried two different workstations - an XP based desktop and a Windows 7 laptop.  Both will get addresses on the SIP VLAN and neither will get addresses on the Workstation VLAN.  Nothing in the config was changed from when it was working last week.  I've been google-ing for the last couple of hours looking for solutions, to no avail.  Any help would be appreciated.

Thanks,

Jim

Related config:

ip dhcp excluded-address 10.107.106.1 10.107.106.10
ip dhcp excluded-address 10.107.10.1 10.107.10.10
!
ip dhcp pool SIP
   network 10.107.106.0 255.255.255.0
   domain-name buckeyehq.com
   dns-server 172.16.173.75 172.16.173.15
   default-router 10.107.106.1
   lease 7
!
ip dhcp pool Workstations
   network 10.107.10.0 255.255.254.0
   domain-name buckeyehq.com
   dns-server 172.16.173.75 172.16.173.15
   default-router 10.107.10.1
   lease 7

!
interface Vlan100
description User Workstations
ip address 10.107.10.1 255.255.254.0
ip access-group 107 in
!
interface Vlan106
description SIP
ip address 10.107.106.1 255.255.255.0
!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
AJ Cruz
Level 3
Level 3
In response to jlmickens

‎12-14-2010 10:41 AM

I don't know how it was working with that ACL before. Your client wont have an IP address when it sends out a DHCP broadcast. The source IP will be all zeros. Remove the ACL completely 1st to make sure that's the problem. If that fixes it, add something like "permit udp any any eq bootp" at the end of your ACL.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
AJ Cruz
Level 3
Level 3

‎12-14-2010 08:48 AM

I'd start by determining if it is a DHCP issue or not. Hard code an IP address on your client and see if you can ping around. If you can, then you know it is related to the DHCP function and you can throw up some DHCP debugs etc...

0 Helpful

Go to solution
jlmickens
Level 1
Level 1
In response to AJ Cruz

‎12-14-2010 10:30 AM

It's definitely a DHCP issue.  Manually setting the ip address was one  of the first things I tried.  I installed Microsoft Network Monitor 3.4  to view the packets, and the DCHP requests are going out, but nothing is  coming back.  I hadn't had time to try a debug on the switch yet.  I will do that next.

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎12-14-2010 08:50 AM

  Start looking at the ACL you have on the user vlan , it's blocking something that's needed for dhcp to work .

0 Helpful

Go to solution
AJ Cruz
Level 3
Level 3
In response to glen.grant

‎12-14-2010 10:32 AM

oo ya I didn't catch that ACL. Might want to take that off 1st.

0 Helpful

Go to solution
jlmickens
Level 1
Level 1
In response to glen.grant

‎12-14-2010 10:33 AM

The only thing being blocked in the access list is www traffic for enforcement of the proxy server.

access-list 107 permit tcp 10.107.0.0 0.0.254.255 10.255.250.0 0.0.0.255 eq www
access-list 107 permit tcp 10.107.0.0 0.0.254.255 172.16.0.0 0.0.255.255 eq www
access-list 107 permit tcp 10.107.0.0 0.0.254.255 10.101.0.0 0.0.255.255 eq www
access-list 107 deny   tcp 10.107.0.0 0.0.254.255 any eq www
access-list 107 permit ip 10.107.0.0 0.0.254.255 any

SW1RR#sh access-lists
Extended IP access list 107
    10 permit tcp 10.107.0.0 0.0.254.255 10.255.250.0 0.0.0.255 eq www
    20 permit tcp 10.107.0.0 0.0.254.255 172.16.0.0 0.0.255.255 eq www
    30 permit tcp 10.107.0.0 0.0.254.255 10.101.0.0 0.0.255.255 eq www
    40 deny tcp 10.107.0.0 0.0.254.255 any eq www
    50 permit ip 10.107.0.0 0.0.254.255 any (111 matches)

This access list was also in place on Friday when it was working correctly.

0 Helpful

Go to solution
AJ Cruz
Level 3
Level 3
In response to jlmickens

‎12-14-2010 10:41 AM

I don't know how it was working with that ACL before. Your client wont have an IP address when it sends out a DHCP broadcast. The source IP will be all zeros. Remove the ACL completely 1st to make sure that's the problem. If that fixes it, add something like "permit udp any any eq bootp" at the end of your ACL.

0 Helpful

Go to solution
jlmickens
Level 1
Level 1
In response to AJ Cruz

‎12-14-2010 10:52 AM

You're right.  Removed the acl and it worked.  It was working last week, but now that I think about it, I didn't add the acl until later in the week so the machine lease probably hadn't expired.  I had to add "access-list 107 permit udp any any eq bootpc" and now it works.  Thanks for pointing that out!  I figured it was something simple, but it probably would have taken me the rest of the week to find it - lol.

Thanks again!

0 Helpful

Go to solution
AJ Cruz
Level 3
Level 3
In response to jlmickens

‎12-14-2010 11:07 AM

Cool ya no problem. Only reason I knew is because I ran into the same problem once before

0 Helpful
Customers Also Viewed These Support Documents