05-26-2014 01:40 PM - edited 03-07-2019 07:32 PM
Hey all, my brain's pulled a blank on this one.
Say I have two layer-2 switches both connecting to each other directly via their port Fe0/1. This is NOT a trunk link and ports on both ends are configured as access ports.
SwitchA has all ports belonging to VLAN12.
SwitchB is brand new and all ports are on default vlan 1
SwitchA also contains in it's VLAN database Vlans' 1, 12, 13, 50, 60, 70 etc
SwitchB does not contain any other VLANs.
SwitchA has a trunk uplink to the core switch with native vlan set as 12. This is where the DHCP server is plugging into.
Now my question is, when I plug a device into SwitchB, it picks up an IP address corresponding to VLAN1 on the DHCP server. Shouldn't the IP it picks up belong to VLAN12 since that is what the uplink port is configured for on SwitchA??
I am trying to follow the DHCP process.
Host1 sends a DHCP request frame.. This broadcast is forwarded out all other ports including the uplink to SwitchA. SwitchA then adds a VLAN1 tag and forwards the frame out all it's ports and over the trunk link to the core switch. Core switch strips off the VLAN1 tag and responds with an IP address on VLAN1. IS this correct?? IF so, shouldn't the tag placed on the frame by SwitchA belong to VLAN12 since that's the port it came in on??
Please deliver me of this dilemma as it's eating my brains out.
Thank you!!
05-26-2014 06:30 PM
Hi,
Now my question is, when I plug a device into SwitchB, it picks up an IP address corresponding to VLAN1 on the DHCP server. Shouldn't the IP it picks up belong to VLAN12 since that is what the uplink port is configured for on SwitchA??
No, vlan IDs are locally significant since in your case switch A and B are connected using an access port. If the ports between switch A and B was trunked, then the vlan tags must match, but in your case the link is an access link and so one switch has vlan 12 and the other one has vlan is 1 and as long as the hosts on each side is in the same subnet, the mismatch vlan id doesn't matter.
HTH
05-27-2014 04:44 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
As Reza has already explained, access ports don't normally have VLAN tags, so you can "bridge" two different VLANs. However, if running CDP on the ports, I believe it will "complain" that the access port VLANs are different.
05-27-2014 11:47 AM
Guys, thanks for your replies. But I'm still feeling lost and this concept is still foggy. I must say I am VERY embarrassed considering I've been doing this a for a while now.
I already know the access ports don't tag frames. I'm just wondering why the DHCP server would assign an IP address on VLAN1 instead of VLAN12?
05-27-2014 02:47 PM
The SVI IP from where the request originated is added to the DHCP frame, this is how the respective pool is determined.
So check your configuration as such.
05-30-2014 01:00 PM
This would make sense. Thanks!
05-31-2014 05:36 AM
What is the native VLAN of the 4500 switch trunk to switchA? In your case, just think of it that SwitchB is a desktop PC as your SwitchA port to SwitchB was configured to access mode in VLAN12. So if your uplink from SwitchA to 4500 is on Native VLAN12 then 802.1q frames won't be tagged. So 4500 must expect that traffic it receives from that trunk should be in VLAN12 as well if it is set to VLAN12 as native at the 4500 side. But if not and it is using default VLAN1 then it might think it is for VLAN1 and hands out a VLAN1 IP.
06-01-2014 04:23 PM
Hrmm... if this was the issue then all devices on VLAN 12 on Switch A would be getting an incorrect IP addressing also though. No? It's worth checking though.
Ricky get a show int trunk and a show run int Gi 3/0/12 on the core switch
06-01-2014 07:37 PM
Posted above^^
Thanks
06-01-2014 07:36 PM
Hi John, it's VLAN12 native all the way through
05-27-2014 09:21 PM
Hi Ricky,
You have two switches, the first all ports as access on VLAN 12 the second with all ports as access on VLAN 1. Both are connected to each other via FE0/1. You've indicated they aren't trunks.
Switches run DTP by default and unless you have "switchport mode access" and "switchport nonegotiate" configured a port will generate DTP frames and potentially build a trunk.
Can you provide a show int trunk from both switches for me?
If I were to guess at your topology you'd have something like this:
Router ---> SwitchA --> SwitchB
You mentioned that Switch A and B are Layer 2 only. I assume this means there isn't routing enabled on them and that there is some sort of upstream router. You've indicated that the DHCP server is on VLAN 12. The only way for the DHCP packet to respond and provide an IP for the VLAN 1 IP address range would be if a trunk has been built between the switches.
Really I am guessing though as we really need more information to assist here...
05-30-2014 12:59 PM
Hello Jonathan, thanks for the reply.
This is how it's actually hooked up.
Catalyst 4500 (core) -----TRUNK---SwitchA---SwitchB
Core switch also has the domain controller (DHCP server) plugged in.
Switch A has switchport mode access command.
Switch B is fresh out of the box and I don't have remote connectivity to it currently since it's only used to hook some lab servers up. (Even though I should configure a management IP.)
VLAN1 - IP Range = 172.18.1.0/24
Vlan12 - IP Range = 172.18.12.0/24
interface Vlan1
description Server VLAN
ip address 172.18.1.192 255.255.255.0
ip helper-address 172.18.1.13
ip helper-address 172.18.1.12
no ip redirects
end
!
interface Vlan12
ip address 172.18.12.192 255.255.255.0
ip helper-address 172.18.1.13
ip helper-address 172.18.1.12
!
!
SWITCHA#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 12
Port Vlans allowed on trunk
Gi1/0/1 1,12-13,222,900
Port Vlans allowed and active in management domain
Gi1/0/1 1,12-13,222,900
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1,12-13,222,900
!
SWITCHA#sh cdp nei
Device ID Local Intrfce Holdtme Capability Platform Port ID
SwitchB FE0/1 126 T S WS-C3524- FE0/1
Core_Switch Gig 1/0/1 157 R S I WS-C3750G Gig 3/0/12
06-01-2014 04:31 PM
You're right, Switch A isn't negotiating Fast 0/1 as a trunk. Since you can't check this from Switch B's perspective this makes figuring it out very hard.
Can you answer a few more questions:
I can see there are some DTP configuration differences between newer and older switches. This might cause some unexpected behaviour with DTP. To stop DTP from running you'd have to configure "switchport nonnegotiate" on the port (run at your own risk though... you might lose access to Switch B).
06-01-2014 07:34 PM
Hi Jonathan, Switch A is a cisco WS-C2960S-48FPS-L
In order to make my issue easy to understand, I had to simplify the topology. In actuality, this is how it's all hooked up. SWITCHB(3524) is plugged into Gi1/0/45 on SWITCHA (2960). SwitchA is then plugged into SWITCHC (3750) which then has a trunk uplink to the core switch (4500). I have all the requested configs shown below.
SWITCHA#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Gig 1/0/45 169 T S WS-C3524- Fas 0/24
SWITCHC Gig 1/0/1 159 R S I WS-C3750G Gig 3/0/12
!
!
SWITCHA# sh run int gi1/0/45
interface GigabitEthernet1/0/45
description Uplink to Infr.Lab Switch
switchport access vlan 12
switchport mode access
switchport nonegotiate
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
!
!
SWITCHA# sh run int gi1/0/1
interface GigabitEthernet1/0/1
switchport trunk native vlan 12
switchport trunk allowed vlan 1,12,13,222,900
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
mls qos trust dscp
!
!
SWITCHA#sh dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
15 interfaces using DTP
!
SWITCHA#sh dtp interface gigabitEthernet 1/0/45
DTP information for GigabitEthernet1/0/45:
TOS/TAS/TNS: ACCESS/OFF/ACCESS
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): never/STOPPED
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S1:OFF
# times multi & trunk 0
Enabled: no
In STP: no
Statistics
----------
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
0 packets output (0 good)
0 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
0 link ups
157 link downs, last link down on Sat May 28 1994, 19:17:37
!
!
SWITCHA#sh dtp interface gigabitEthernet 1/0/1
DTP information for GigabitEthernet1/0/1:
TOS/TAS/TNS: TRUNK/ON/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 00146A8FFF8C
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 11/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
79479 packets received (79479 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
79329 packets output (79329 good)
79329 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
4 link ups, last link up on Sat May 07 1994, 12:56:23
3 link downs, last link down on Sat May 07 1994, 12:53:01
!
!
!
!
!
!
!
!
!
!
!
!!!!!!!!!!!!!!!!!!!!!!!!
!
SWITCHC#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SWITCHA Gig 3/0/12 155 S I WS-C2960S Gig 1/0/1
CORE Gig 1/0/27 141 R S I WS-C4506- Gig 2/5
!
!
SWITCHC# sh run int gi3/0/12
interface GigabitEthernet3/0/12
description PcAndPhone
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust dscp
auto qos voip cisco-phone
spanning-tree portfast
end
SWITCHC# sh run int gig1/0/27
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport mode trunk
end
!
!
SWITCHC#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/10 on 802.1q trunking 1
Gi1/0/27 on 802.1q trunking 12
Gi3/0/12 on 802.1q trunking 12
Gi3/0/21 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/10 1-4094
Gi1/0/27 1-4094
Gi3/0/12 1-4094
Gi3/0/21 1-4094
Port Vlans allowed and active in management domain
Gi1/0/10 1,12-13,100,222-224,900
Gi1/0/27 1,12-13,100,222-224,900
Gi3/0/12 1,12-13,100,222-224,900
Gi3/0/21 1,12-13,100,222-224,900
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/10 1,12-13,100,222-224,900
Gi1/0/27 1,12-13,100,222-224,900
Gi3/0/12 1,12-13,100,222-224,900
Gi3/0/21 1,12-13,100,222-224,900
!
!
SWITCHC#sh dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
83 interfaces using DTP
!
SWITCHC#sh dtp interface gi1/0/27
DTP information for GigabitEthernet1/0/27:
TOS/TAS/TNS: TRUNK/ON/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 13/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
79489 packets output (79489 good)
79489 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
1 link ups, last link up on Sun Feb 28 1993, 19:02:03
0 link downs
SWITCHC#sh dtp interface gi3/0/12
DTP information for GigabitEthernet3/0/12:
TOS/TAS/TNS: TRUNK/ON/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 2C36F882E581
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 28/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
79338 packets received (79338 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
79489 packets output (79489 good)
79489 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
1 link ups, last link up on Sun Feb 28 1993, 19:02:05
0 link downs
!
!
!
!
!
!
!
!
!
!!
!!!!!!!!!!!!!!!!!!!
CORE#sh run int gigabitEthernet 2/5
Building configuration...
Current configuration : 239 bytes
!
interface GigabitEthernet2/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport trunk allowed vlan 1-998,1000-4094
switchport mode trunk
switchport nonegotiate
end
!
!
CORE#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi2/4 on 802.1q trunking 1
Gi2/5 on 802.1q trunking 12
Gi3/33 on 802.1q trunking 1
Gi3/34 on 802.1q trunking 1
Gi4/1 on 802.1q trunking 1
Gi4/2 on 802.1q trunking 1
Gi4/3 on 802.1q trunking 2
Gi4/4 on 802.1q trunking 2
Gi4/5 on 802.1q trunking 2
Gi4/6 on 802.1q trunking 2
Gi4/8 on 802.1q trunking 1
Gi4/11 on 802.1q trunking 1
Gi5/1 on 802.1q trunking 1
Gi5/2 on 802.1q trunking 1
Gi5/3 on 802.1q trunking 2
Gi5/4 on 802.1q trunking 2
Gi5/5 on 802.1q trunking 2
Gi5/6 on 802.1q trunking 2
Gi5/13 on 802.1q trunking 1
Po2 on 802.1q trunking 999
Po3 on 802.1q trunking 999
Port Vlans allowed on trunk
Gi2/4 1-998,1000-4094
Gi2/5 1-998,1000-4094
Gi3/33 1,12-13
Gi3/34 1,12-13
Gi4/1 80,83,86,89,812,816,819,822
Gi4/2 80,83,86,89,812,816,819,822
Gi4/3 80,83,86,89,812,816,819,822
Gi4/4 80,83,86,89,812,816,819,822
Gi4/5 80,83,86,89,812,816,819,822
Gi4/6 80,83,86,89,812,816,819,822
Gi4/8 1,12-13
Gi4/11 1,12-13
Gi5/1 80,83,86,89,812,816,819,822
Gi5/2 80,83,86,89,812,816,819,822
Gi5/3 80,83,86,89,812,816,819,822
Gi5/4 80,83,86,89,812,816,819,822
Gi5/5 80,83,86,89,812,816,819,822
Gi5/6 80,83,86,89,812,816,819,822
Gi5/13 12-13
Po2 1,12-13,23,100,222-223,900
Po3 1,8-9,12-13,23,100,222-223,900,999
Port Vlans allowed and active in management domain
Gi2/4 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi2/5 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi3/33 1,12-13
Gi3/34 1,12-13
Gi4/1 80,83,86,89,812,816,819,822
Gi4/2 80,83,86,89,812,816,819,822
Gi4/3 80,83,86,89,812,816,819,822
Gi4/4 80,83,86,89,812,816,819,822
Gi4/5 80,83,86,89,812,816,819,822
Gi4/6 80,83,86,89,812,816,819,822
Gi4/8 1,12-13
Gi4/11 1,12-13
Gi5/1 80,83,86,89,812,816,819,822
Gi5/2 80,83,86,89,812,816,819,822
Gi5/3 80,83,86,89,812,816,819,822
Gi5/4 80,83,86,89,812,816,819,822
Gi5/5 80,83,86,89,812,816,819,822
Gi5/6 80,83,86,89,812,816,819,822
Gi5/13 12-13
Po2 1,12-13,100,222-223,900
Po3 1,8-9,12-13,100,222-223,900,999
Port Vlans in spanning tree forwarding state and not pruned
Gi2/4 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi2/5 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901
Gi3/33 1,12-13
Gi3/34 1,12-13
Gi4/1 80,83,86,89,812,816,819,822
Gi4/2 80,83,86,89,812,816,819,822
Gi4/3 80,83,86,89,812,816,819,822
Gi4/4 80,83,86,89,812,816,819,822
Gi4/5 80,83,86,89,812,816,819,822
Gi4/6 80,83,86,89,812,816,819,822
Gi4/8 1,12-13
Gi4/11 1,12-13
Gi5/1 80,83,86,89,812,816,819,822
Gi5/2 80,83,86,89,812,816,819,822
Gi5/3 80,83,86,89,812,816,819,822
Gi5/4 80,83,86,89,812,816,819,822
Gi5/5 80,83,86,89,812,816,819,822
Gi5/6 80,83,86,89,812,816,819,822
Gi5/13 12-13
Po2 1,12-13,100,222-223,900
Po3 1,8-9,12-13,100,222-223,900,999
06-01-2014 08:39 PM
Core --> Switch C --> Switch A --> Switch B
DHCP packets work at Layer 2. For a DHCP packet to be sent to another Layer 2 network (VLAN) it has to be relayed by a device that has an IP address on the same broadcast domain to the server/s in question.
We can see that the core switch has Vlan 1 and 12 configured to relay to your respective DHCP servers (i.e. via helper addresses) both of which are on VLAN 1. We know that since devices plugged into Switch B are provided VLAN 1 IP addresses through DHCP their broadcast domains are somehow lining up with the VLAN 1 on the core or that somehow Switch B is learning VLANs (VTP) and is trunking/tagging packets accordingly.
I can't see how this is possible given the information provided.
I think you're going to have to bite the bullet and get the Switch B configured correctly (i.e. create VLAN 12 and get all ports allocated to that VLAN).
Sorry Ricky... I just can't see the problem with the config of the Core/Switch C/Switch A.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: