Cisco 3550

scifan2k · ‎06-14-2023

Hello - I am somewhat new to cisco and networking. I purchased an old switch on ebay - catalyst 3550. I am using this as strictly layer 2, no routing. I have a few VLAN's and I set a degault-gateway. I added and IP helper address to one VLAN and it is working fine. The other VLAN is using a different ip helper address but for some reason it cannot communicate though both DHCP servers are on the same subnet. I also cannot ping the second DCHP server from the switch which is odd as the first server is pinging. I have it set so the default gateway goes to my firewall for routing. Any advice would be appreciated.

MHM Cisco World · ‎06-14-2023

Ip helper address command need ip routing enable' it not work for l2 SW

scifan2k · ‎06-14-2023

Understood, but I am not able to ping that DHCP server from the switch. What would be the reason for that?

MHM Cisco World · ‎06-14-2023

You need to check you network

Sw L2 need defualt gateway

Sw L3 need defualt route

Otherwise pi g form sw will use mgmt vlan ip and without anove the ping failed.

Reza Sharifi · ‎06-14-2023

From what you described in your first post, it appears that both DHCP servers are in the same vlan and subnet and you are able to ping one server but not the other. So, if this is the case, make sure the port the second server is connected to is in up-and-up mode using "show ip int bri intx/x. Also, make sure you can see the MAC address of the server in the Mac address table. Lastly, make sure the server does not have any firewall app blocking ICMP traffic.

HTH

scifan2k · ‎06-14-2023

Strangley, I plugged my laptop in that switch and I was able to obtain an IP as it grabbed it from the primary DHCP server, I am able ping the secondary server from the laptop. Though still I am unable to ping it from the switch.

Pinging 10.250.1.51 with 32 bytes of data:
Reply from 10.250.1.51: bytes=32 time<1ms TTL=128
Reply from 10.250.1.51: bytes=32 time=1ms TTL=128

Switch#ping 10.250.1.51

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.250.1.51, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Reza Sharifi · ‎06-14-2023

Look for firewall software on that server blocking ICMP traffic.

HTH

scifan2k · ‎06-14-2023

Interestingly I am able to ping this server from the Firewall. I'm somewhat confused as to what could be going on. I feel it must be some setting on the Ciso that is the problem. I can provide a copy of the config if that would help.

Reza Sharifi · ‎06-14-2023

Can you post the output of "sh run" from the switch?

scifan2k · ‎06-15-2023

Building configuration...

Current configuration : 2789 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
no logging console
!
ip subnet-zero
!
ip domain-name atec.local
ip name-server 10.250.1.20
ip name-server 10.250.1.22
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport access vlan 241
switchport mode access
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport access vlan 201
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport access vlan 251
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport access vlan 241
switchport trunk encapsulation dot1q
switchport trunk native vlan 241
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
no ip address
ip helper-address 10.250.1.51
!
interface Vlan201
ip address 10.250.0.10 255.255.252.0
!
interface Vlan241
ip address 10.250.4.1 255.255.252.0
ip helper-address 10.250.1.22
!
interface Vlan251
ip address 10.250.8.1 255.255.252.0
ip helper-address 10.250.1.51
!
interface Vlan916
ip address 10.250.12.1 255.255.252.0
ip helper-address 10.250.1.51
!
ip default-gateway 10.250.0.1
ip classless
ip http server
!
!
access-list 61 permit 0.0.1.0 255.255.252.0
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

MHM Cisco World · ‎06-15-2023

You config is auto delete' but I take look'

The host get correct ip from dhcp server with this config I do think so

You need

Ip routing

Ip route 0.0.0.0 0.0.0.0 <ip of fw>

but I need my SW to be L2 ? there are two traffic mgmt traffic (include IP helper traffic) and data traffic
when we enable routing in SW the mgmt traffic can use RIB and can connect any IP in network
and for data traffic, since we push the GW IP via DHCP which is not point to VLAN SVI of SW then the SW never inter-vlan and forward the data traffic.
we need ip routing only for the mgmt traffic.

hope this clear to you
Thanks
MHM