cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1118
Views
0
Helpful
6
Replies

Cisco 887 & 2960-S DHCP snooping problem

DOUGLAS DRURY
Level 1
Level 1

Hi,

I've configured a Cisco 887va router with a set of Cisco 2960-S switches.  The problem is anyone on VLAN 30 is not getting an IP address.  VLANs 10 & 25 are getting IP addresses fine from my laptop acting as a DHCP server.  But VLAN 30 are not getting IP addresses from the 887 nor my laptop?

Any suggestions?

Cisco 887

MH-RT-HT-02#sh run br
Building configuration...

Current configuration : 4207 bytes
!
! Last configuration change at 06:28:32 UTC Fri Apr 8 2016
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MH-RT-HT-02
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret <Removed>
!
aaa new-model
!
!
aaa authentication login VPNUSERSAUTH local
aaa authorization network VPNUSERS local
!
!
!
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2009019470
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2009019470
revocation-check none
rsakeypair TP-self-signed-2009019470
!
!
crypto pki certificate chain TP-self-signed-2009019470
certificate self-signed 01
!
!
!
!


!
ip dhcp excluded-address 192.168.30.1 192.168.30.10
ip dhcp excluded-address 192.168.30.200 192.168.30.254
!
ip dhcp pool MH-POOL
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 192.168.30.1 8.8.8.8
domain-name <Removed>
lease 0 3
!
!
!
ip dhcp snooping vlan 10,25,30
ip dhcp snooping information option allow-untrusted
ip dhcp snooping
ip domain name <Removed>
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VA-K9 sn FCZ195370MJ
!
!
<Removed>
!
!
!
!
!
controller VDSL 0
!
!
!
crypto isakmp policy 7
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group VPNUSERS
key <Removed>
dns 192.168.30.21
domain meldrum-ext.local
pool VPN-POOL
acl VPNSPLIT
!
!
crypto ipsec transform-set <Removed> esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto dynamic-map VPNDYNMAP 1
set transform-set <Removed>
reverse-route
!
!
crypto map MAP-OUTSIDE client authentication list VPNUSERSAUTH
crypto map MAP-OUTSIDE isakmp authorization list VPNUSERS
crypto map MAP-OUTSIDE client configuration address respond
crypto map MAP-OUTSIDE 1 ipsec-isakmp dynamic VPNDYNMAP
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
switchport access vlan 30
no ip address
ip dhcp snooping trust
!
interface FastEthernet1
switchport access vlan 30
no ip address
!
interface FastEthernet2
switchport access vlan 30
no ip address
!
interface FastEthernet3
switchport access vlan 30
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan30
description Guest_Extension
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname <Removed>
ppp chap password 0 <Removed>
crypto map MAP-OUTSIDE
!
ip local pool VPN-POOL 10.1.74.5 10.1.74.250
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list NAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended NAT
deny ip 192.168.30.0 0.0.0.255 10.1.74.0 0.0.0.255
permit ip 192.168.30.0 0.0.0.255 any
ip access-list extended VPNSPLIT
permit ip 192.168.30.0 0.0.0.255 10.1.74.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
banner login ^C
***************************************************************************

<Removed>

***************************************************************************
^C
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
!
end

MH-RT-HT-02#

Cisco 2960-S

I've set int gig 0/11 in vlan 30 as a test


MH-SW-HT-01#sh run br
Building configuration...

Current configuration : 4526 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MH-SW-HT-01
!
boot-start-marker
boot-end-marker
!
enable secret <Removed>
!
<Removed>
!
!
no aaa new-model
!
!
ip dhcp snooping vlan 10,25,30
ip dhcp snooping information option allow-untrusted
ip dhcp snooping
ip domain-name <Removed>
!
!
crypto pki trustpoint TP-self-signed-1326804608
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1326804608
revocation-check none
rsakeypair TP-self-signed-1326804608
!
!
crypto pki certificate chain TP-self-signed-1326804608
certificate self-signed 01
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
interface Port-channel1
switchport trunk native vlan 10
switchport mode trunk
ip dhcp snooping trust
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet0/1
switchport trunk native vlan 10
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet0/2
switchport access vlan 30
switchport mode access
spanning-tree portfast
ip dhcp snooping trust
!
interface GigabitEthernet0/3
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 30
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport mode access
shutdown
spanning-tree portfast
ip dhcp snooping trust
!
interface GigabitEthernet0/15
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/22
description Trunk to MH-SW-SB-01
switchport trunk native vlan 10
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet0/23
description EtherChannel GP1 to MH-SW-EX-01
switchport trunk native vlan 10
switchport mode trunk
channel-group 1 mode desirable
ip dhcp snooping trust
!
interface GigabitEthernet0/24
description EtherChannel GP1 to MH-SW-EX-01
switchport trunk native vlan 10
switchport mode trunk
channel-group 1 mode desirable
ip dhcp snooping trust
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 192.168.10.203 255.255.255.0
no ip route-cache
!
ip http server
ip http authentication local
ip http secure-server
banner login ^C
***************************************************************************
<Removed>
***************************************************************************
^C
!
line con 0
logging synchronous
line vty 0 4
exec-timeout 0 0
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
line vty 5 15
login
!
end

MH-SW-HT-01#