This would make sense. Thanks

Ricky S · ‎05-26-2014

Hey all, my brain's pulled a blank on this one.

Say I have two layer-2 switches both connecting to each other directly via their port Fe0/1. This is NOT a trunk link and ports on both ends are configured as access ports.

SwitchA has all ports belonging to VLAN12.

SwitchB is brand new and all ports are on default vlan 1

SwitchA also contains in it's VLAN database Vlans' 1, 12, 13, 50, 60, 70 etc

SwitchB does not contain any other VLANs.

SwitchA has a trunk uplink to the core switch with native vlan set as 12. This is where the DHCP server is plugging into.

Now my question is, when I plug a device into SwitchB, it picks up an IP address corresponding to VLAN1 on the DHCP server. Shouldn't the IP it picks up belong to VLAN12 since that is what the uplink port is configured for on SwitchA??

I am trying to follow the DHCP process.

Host1 sends a DHCP request frame.. This broadcast is forwarded out all other ports including the uplink to SwitchA. SwitchA then adds a VLAN1 tag and forwards the frame out all it's ports and over the trunk link to the core switch. Core switch strips off the VLAN1 tag and responds with an IP address on VLAN1. IS this correct?? IF so, shouldn't the tag placed on the frame by SwitchA belong to VLAN12 since that's the port it came in on??

Please deliver me of this dilemma as it's eating my brains out.

Thank you!!

Reza Sharifi · ‎05-26-2014

Hi,

Now my question is, when I plug a device into SwitchB, it picks up an IP address corresponding to VLAN1 on the DHCP server. Shouldn't the IP it picks up belong to VLAN12 since that is what the uplink port is configured for on SwitchA??

No, vlan IDs are locally significant since in your case switch A and B are connected using an access port. If the ports between switch A and B was trunked, then the vlan tags must match, but in your case the link is an access link and so one switch has vlan 12 and the other one has vlan is 1 and as long as the hosts on each side is in the same subnet, the mismatch vlan id doesn't matter.

HTH

Joseph W. Doherty · ‎05-27-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Reza has already explained, access ports don't normally have VLAN tags, so you can "bridge" two different VLANs. However, if running CDP on the ports, I believe it will "complain" that the access port VLANs are different.

Ricky S · ‎05-27-2014

Guys, thanks for your replies. But I'm still feeling lost and this concept is still foggy. I must say I am VERY embarrassed considering I've been doing this a for a while now.

I already know the access ports don't tag frames. I'm just wondering why the DHCP server would assign an IP address on VLAN1 instead of VLAN12?

Martin Carr · ‎05-27-2014

The SVI IP from where the request originated is added to the DHCP frame, this is how the respective pool is determined.

So check your configuration as such.

Ricky S · ‎05-30-2014

This would make sense. Thanks!

jpl861 · ‎05-31-2014

What is the native VLAN of the 4500 switch trunk to switchA? In your case, just think of it that SwitchB is a desktop PC as your SwitchA port to SwitchB was configured to access mode in VLAN12. So if your uplink from SwitchA to 4500 is on Native VLAN12 then 802.1q frames won't be tagged. So 4500 must expect that traffic it receives from that trunk should be in VLAN12 as well if it is set to VLAN12 as native at the 4500 side. But if not and it is using default VLAN1 then it might think it is for VLAN1 and hands out a VLAN1 IP.

Jonathan Bekkers · ‎06-01-2014

Hrmm... if this was the issue then all devices on VLAN 12 on Switch A would be getting an incorrect IP addressing also though. No? It's worth checking though.

Ricky get a show int trunk and a show run int Gi 3/0/12 on the core switch

Ricky S · ‎06-01-2014

Posted above^^

Thanks

Ricky S · ‎06-01-2014

Hi John, it's VLAN12 native all the way through

Jonathan Bekkers · ‎05-27-2014

Hi Ricky,

You have two switches, the first all ports as access on VLAN 12 the second with all ports as access on VLAN 1. Both are connected to each other via FE0/1. You've indicated they aren't trunks.

Switches run DTP by default and unless you have "switchport mode access" and "switchport nonegotiate" configured a port will generate DTP frames and potentially build a trunk.

Can you provide a show int trunk from both switches for me?

If I were to guess at your topology you'd have something like this:

Router ---> SwitchA --> SwitchB

You mentioned that Switch A and B are Layer 2 only. I assume this means there isn't routing enabled on them and that there is some sort of upstream router. You've indicated that the DHCP server is on VLAN 12. The only way for the DHCP packet to respond and provide an IP for the VLAN 1 IP address range would be if a trunk has been built between the switches.

Really I am guessing though as we really need more information to assist here...

VLAN 1 - IP Range
VLAN 12 - IP Range
Router configuration for respective VLANs
show int trunk on SwitchA and SwitchB
show run int <interface> on the router for associated VLAN interfaces (i.e. VLAN 1 and VLAN 12)

Ricky S · ‎05-30-2014

Hello Jonathan, thanks for the reply.

This is how it's actually hooked up.

Catalyst 4500 (core) -----TRUNK---SwitchA---SwitchB

Core switch also has the domain controller (DHCP server) plugged in.

Switch A has switchport mode access command.

Switch B is fresh out of the box and I don't have remote connectivity to it currently since it's only used to hook some lab servers up. (Even though I should configure a management IP.)

VLAN1 - IP Range = 172.18.1.0/24

Vlan12 - IP Range = 172.18.12.0/24

interface Vlan1
description Server VLAN
ip address 172.18.1.192 255.255.255.0
ip helper-address 172.18.1.13
ip helper-address 172.18.1.12
no ip redirects
end
!
interface Vlan12
ip address 172.18.12.192 255.255.255.0
ip helper-address 172.18.1.13
ip helper-address 172.18.1.12

!

SWITCHA#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 12

Port Vlans allowed on trunk
Gi1/0/1 1,12-13,222,900

Port Vlans allowed and active in management domain
Gi1/0/1 1,12-13,222,900

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1,12-13,222,900
!
SWITCHA#sh cdp nei
Device ID Local Intrfce Holdtme Capability Platform Port ID
SwitchB FE0/1 126 T S WS-C3524- FE0/1
Core_Switch Gig 1/0/1 157 R S I WS-C3750G Gig 3/0/12

Jonathan Bekkers · ‎06-01-2014

You're right, Switch A isn't negotiating Fast 0/1 as a trunk. Since you can't check this from Switch B's perspective this makes figuring it out very hard.

Can you answer a few more questions:

I can see Switch B is a Catalyst 3524. What is Switch A?
Can you get a show dtp and a show dtp interface fast 0/1 on Switch A?
Can you get a show vtp status on Switch A?

I can see there are some DTP configuration differences between newer and older switches. This might cause some unexpected behaviour with DTP. To stop DTP from running you'd have to configure "switchport nonnegotiate" on the port (run at your own risk though... you might lose access to Switch B).

Ricky S · ‎06-01-2014

Hi Jonathan, Switch A is a cisco WS-C2960S-48FPS-L

In order to make my issue easy to understand, I had to simplify the topology. In actuality, this is how it's all hooked up. SWITCHB(3524) is plugged into Gi1/0/45 on SWITCHA (2960). SwitchA is then plugged into SWITCHC (3750) which then has a trunk uplink to the core switch (4500). I have all the requested configs shown below.

SWITCHA#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Gig 1/0/45 169 T S WS-C3524- Fas 0/24
SWITCHC Gig 1/0/1 159 R S I WS-C3750G Gig 3/0/12
!
!
SWITCHA# sh run int gi1/0/45
interface GigabitEthernet1/0/45
description Uplink to Infr.Lab Switch
switchport access vlan 12
switchport mode access
switchport nonegotiate
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
!
!
SWITCHA# sh run int gi1/0/1
interface GigabitEthernet1/0/1
switchport trunk native vlan 12
switchport trunk allowed vlan 1,12,13,222,900
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
mls qos trust dscp
!
!
SWITCHA#sh dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
15 interfaces using DTP
!
SWITCHA#sh dtp interface gigabitEthernet 1/0/45
DTP information for GigabitEthernet1/0/45:
TOS/TAS/TNS: ACCESS/OFF/ACCESS
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): never/STOPPED
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S1:OFF
# times multi & trunk 0
Enabled: no
In STP: no

Statistics
----------
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
0 packets output (0 good)
0 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
0 link ups
157 link downs, last link down on Sat May 28 1994, 19:17:37
!
!
SWITCHA#sh dtp interface gigabitEthernet 1/0/1
DTP information for GigabitEthernet1/0/1:
TOS/TAS/TNS: TRUNK/ON/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 00146A8FFF8C
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 11/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no

Statistics
----------
79479 packets received (79479 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
79329 packets output (79329 good)
79329 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
4 link ups, last link up on Sat May 07 1994, 12:56:23
3 link downs, last link down on Sat May 07 1994, 12:53:01
!
!
!
!
!
!
!
!
!
!
!
!!!!!!!!!!!!!!!!!!!!!!!!
!
SWITCHC#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
SWITCHA Gig 3/0/12 155 S I WS-C2960S Gig 1/0/1
CORE Gig 1/0/27 141 R S I WS-C4506- Gig 2/5
!
!
SWITCHC# sh run int gi3/0/12
interface GigabitEthernet3/0/12
description PcAndPhone
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust dscp
auto qos voip cisco-phone
spanning-tree portfast
end

SWITCHC# sh run int gig1/0/27
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport mode trunk
end
!
!
SWITCHC#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/10 on 802.1q trunking 1
Gi1/0/27 on 802.1q trunking 12
Gi3/0/12 on 802.1q trunking 12
Gi3/0/21 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/10 1-4094
Gi1/0/27 1-4094
Gi3/0/12 1-4094
Gi3/0/21 1-4094

Port Vlans allowed and active in management domain
Gi1/0/10 1,12-13,100,222-224,900
Gi1/0/27 1,12-13,100,222-224,900
Gi3/0/12 1,12-13,100,222-224,900
Gi3/0/21 1,12-13,100,222-224,900

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/10 1,12-13,100,222-224,900
Gi1/0/27 1,12-13,100,222-224,900
Gi3/0/12 1,12-13,100,222-224,900
Gi3/0/21 1,12-13,100,222-224,900
!
!
SWITCHC#sh dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
83 interfaces using DTP
!
SWITCHC#sh dtp interface gi1/0/27
DTP information for GigabitEthernet1/0/27:
TOS/TAS/TNS: TRUNK/ON/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 13/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no

Statistics
----------
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
79489 packets output (79489 good)
79489 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
1 link ups, last link up on Sun Feb 28 1993, 19:02:03
0 link downs

SWITCHC#sh dtp interface gi3/0/12
DTP information for GigabitEthernet3/0/12:
TOS/TAS/TNS: TRUNK/ON/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 2C36F882E581
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 28/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no

Statistics
----------
79338 packets received (79338 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
79489 packets output (79489 good)
79489 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
1 link ups, last link up on Sun Feb 28 1993, 19:02:05
0 link downs
!
!
!
!
!
!
!
!
!
!!
!!!!!!!!!!!!!!!!!!!
CORE#sh run int gigabitEthernet 2/5
Building configuration...

Current configuration : 239 bytes
!
interface GigabitEthernet2/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport trunk allowed vlan 1-998,1000-4094
switchport mode trunk
switchport nonegotiate
end
!
!
CORE#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi2/4 on 802.1q trunking 1
Gi2/5 on 802.1q trunking 12
Gi3/33 on 802.1q trunking 1
Gi3/34 on 802.1q trunking 1
Gi4/1 on 802.1q trunking 1
Gi4/2 on 802.1q trunking 1
Gi4/3 on 802.1q trunking 2
Gi4/4 on 802.1q trunking 2
Gi4/5 on 802.1q trunking 2
Gi4/6 on 802.1q trunking 2
Gi4/8 on 802.1q trunking 1
Gi4/11 on 802.1q trunking 1
Gi5/1 on 802.1q trunking 1
Gi5/2 on 802.1q trunking 1
Gi5/3 on 802.1q trunking 2
Gi5/4 on 802.1q trunking 2
Gi5/5 on 802.1q trunking 2
Gi5/6 on 802.1q trunking 2
Gi5/13 on 802.1q trunking 1
Po2 on 802.1q trunking 999
Po3 on 802.1q trunking 999

Port Vlans allowed on trunk
Gi2/4 1-998,1000-4094
Gi2/5 1-998,1000-4094
Gi3/33 1,12-13
Gi3/34 1,12-13
Gi4/1 80,83,86,89,812,816,819,822
Gi4/2 80,83,86,89,812,816,819,822
Gi4/3 80,83,86,89,812,816,819,822
Gi4/4 80,83,86,89,812,816,819,822
Gi4/5 80,83,86,89,812,816,819,822
Gi4/6 80,83,86,89,812,816,819,822
Gi4/8 1,12-13
Gi4/11 1,12-13
Gi5/1 80,83,86,89,812,816,819,822
Gi5/2 80,83,86,89,812,816,819,822
Gi5/3 80,83,86,89,812,816,819,822
Gi5/4 80,83,86,89,812,816,819,822
Gi5/5 80,83,86,89,812,816,819,822
Gi5/6 80,83,86,89,812,816,819,822
Gi5/13 12-13
Po2 1,12-13,23,100,222-223,900
Po3 1,8-9,12-13,23,100,222-223,900,999

Port Vlans allowed and active in management domain
Gi2/4 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi2/5 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi3/33 1,12-13
Gi3/34 1,12-13
Gi4/1 80,83,86,89,812,816,819,822
Gi4/2 80,83,86,89,812,816,819,822
Gi4/3 80,83,86,89,812,816,819,822
Gi4/4 80,83,86,89,812,816,819,822
Gi4/5 80,83,86,89,812,816,819,822
Gi4/6 80,83,86,89,812,816,819,822
Gi4/8 1,12-13
Gi4/11 1,12-13
Gi5/1 80,83,86,89,812,816,819,822
Gi5/2 80,83,86,89,812,816,819,822
Gi5/3 80,83,86,89,812,816,819,822
Gi5/4 80,83,86,89,812,816,819,822
Gi5/5 80,83,86,89,812,816,819,822
Gi5/6 80,83,86,89,812,816,819,822
Gi5/13 12-13
Po2 1,12-13,100,222-223,900
Po3 1,8-9,12-13,100,222-223,900,999

Port Vlans in spanning tree forwarding state and not pruned
Gi2/4 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi2/5 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi3/33 1,12-13
Gi3/34 1,12-13
Gi4/1 80,83,86,89,812,816,819,822
Gi4/2 80,83,86,89,812,816,819,822
Gi4/3 80,83,86,89,812,816,819,822
Gi4/4 80,83,86,89,812,816,819,822
Gi4/5 80,83,86,89,812,816,819,822
Gi4/6 80,83,86,89,812,816,819,822
Gi4/8 1,12-13
Gi4/11 1,12-13
Gi5/1 80,83,86,89,812,816,819,822
Gi5/2 80,83,86,89,812,816,819,822
Gi5/3 80,83,86,89,812,816,819,822
Gi5/4 80,83,86,89,812,816,819,822
Gi5/5 80,83,86,89,812,816,819,822
Gi5/6 80,83,86,89,812,816,819,822
Gi5/13 12-13
Po2 1,12-13,100,222-223,900
Po3 1,8-9,12-13,100,222-223,900,999

Jonathan Bekkers · ‎06-01-2014

Core --> Switch C --> Switch A --> Switch B

DHCP packets work at Layer 2. For a DHCP packet to be sent to another Layer 2 network (VLAN) it has to be relayed by a device that has an IP address on the same broadcast domain to the server/s in question.

We can see that the core switch has Vlan 1 and 12 configured to relay to your respective DHCP servers (i.e. via helper addresses) both of which are on VLAN 1. We know that since devices plugged into Switch B are provided VLAN 1 IP addresses through DHCP their broadcast domains are somehow lining up with the VLAN 1 on the core or that somehow Switch B is learning VLANs (VTP) and is trunking/tagging packets accordingly.

I can't see how this is possible given the information provided.

I think you're going to have to bite the bullet and get the Switch B configured correctly (i.e. create VLAN 12 and get all ports allocated to that VLAN).

Sorry Ricky... I just can't see the problem with the config of the Core/Switch C/Switch A.

(Alert) Very dumb question!