cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18699
Views
70
Helpful
30
Replies

Cisco C2960 can't get ip through DHCP.

Frika
Level 1
Level 1

Hi, I have been trying to learn how to work with Cisco switches for little bit less than a week so far so keep that in mind. So my task for the day was to create a basic network with 2 siwtches c2960 c3560g and 2 pcs [1 for each switch] who are part of vlan 1 seeing each other and being able to be pinged?? Said network is taking ips from a dhcp router. The issue is that my second switch c2960 doesn't want to get an ip from the dhcp and i ended up spending the majority of my day trying to resolve that problem.

First I want to point out that I have 0 problems with setting up the C3560G switch. It got an ip adress it gave it to the connected pc and everything worked perfectly. The second switch however was a totally different story. It couldn't ping the first switch through the working trunk [but it did detect it mac/ip connection wise] and when my supervisor came around he suggested to move the cable going to the dhcp router from the other switch to the problematic c2960 so it can take an ip. The issue is that it didn't.

 

I put a static ip address and i could see that a connection is being made through port fe0/5 but again no pings are going through. I tried the ip helper command in order to add the router's ip but that didn't work as well. I reset the switch multiple times to factory settings in case there were some old settings that were in the way but that didn't help as well. All and all at this point I am out of ideas of what to do and since my knowledge on the subject is very limited... I am hoping that maybe someone can give me a hand...? Any help would be welcome and thank you in advance.

 

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dianel2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
crypto pki trustpoint TP-self-signed-2366857856
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2366857856
revocation-check none
rsakeypair TP-self-signed-2366857856
!
crypto pki certificate chain TP-self-signed-2366857856
certificate self-signed 01
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport trunk allowed vlan 1
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address dhcp
!
ip http server
ip http secure-server
!
control-plane
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

30 Replies 30

Hello @Georg Pauwen 
When you say headend switch I assume you mean in this scenario it would be the 3560 as we didn’t even see the configuration for the witek switch?

I have not labbed anything up, at this time i don't have the facility to do so, However there wouldn’t be much to show in configuration terms If you think about it, it doesn't matter if ip routing is enabled or not, its all one broadcast domain for 3650 and the 2960 regards vlan 1


Dhcp device = (l3 interface - physical port or subinterface for vlan 1) with dhcp pool 

Switch 1 = access-port or trunk depending on its connection to dhcp device
(ip routing enabled or not doesn't matter) SVI vlan 1 (dhcp or static address)

Switch 2 = access-port or trunk depending on its connection to switch 1
(ip routing enabled or not doesn't matter) SVI vlan 1 (dhcp address)


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

@paul driver My point was: as soon as 'ip routing' is enabled on the 3650, that switch (now a router) becomes the limit for the broadcast domain. The 2960 is effectively the DHCP client, and any DHCP broadcast will go to the 3650 but no further.

 

Either way, not sure why ip routing is enabled at all on the 3650. My suggestion was to turn it off, that would probably solve the issue right away anyway. I hope OP only gave up temporarily, and will come back and try some of the suggestions...

Hello


@Georg Pauwen wrote:

@paul driver My point was: as soon as 'ip routing' is enabled on the 3650, that switch (now a router) becomes the limit for the broadcast domain. The 2960 is effectively the DHCP client, and any DHCP broadcast will go to the 3650 but no further.


Granted, however thats only if the dhcp packets needs to route between vlans but in this this case it wont, As the 3650 and the 2960 reside same broadcast domain (vlan 1) so the 3650 switch wont negate the broadcast for vlan 1 and dhcp dora's will traverse both switches which should result in the 2960 obtaining dhcp allocation

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Actually, depending on what you want the 3560 switch to be (router or just a layer 2 switch), just turn 'ip routing' (no ip routing) altogether.

Cheers for the advice Georg... i added the ip-helper but it didn't fix the issue It is ok though as i said earlier i spend too much time on this issue and i am giving up so i can focus on pushing forward with my studies. Thank you for taking the time to help me out.

 

Kind Regards

Bob

Hello,

 

on the 3560, just disable 'ip routing':

 

3560#conf t

3560(config)#no ip routing

Hello


@Frika wrote:

How is that helping me identify the reason why my C2960 is not getting dhcp from another outside switch ?


Hope you don t mind me joining this Post!
So can you confirm -
You have two switches interconnected sharing just the one vlan ( vlan1) with a host physically attached on each switch, And the host on switch 1 can receive dhcp allocation but the host on switch 2 or switch itself cannot?

Can you confirm where the dhcp resides?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Yup I can confirm what you wrote above but to try and illustrate it more clearly

 

                           pc

                           |

DHCP sw ---> c3560g ---> c2960 ---> pc

 

 

When i try :

 

DHCP sw --->c2960 ---> pc   

 

the c2960 will not get an ip. When i use the command 'show cdp neighbors detail' - i can see the DHCP sw with its ip etc but I can't ping it [i have to give myself an ip and sub for that because without doing so i can't ping]. I have the same issue with the trunk... the only difference is that when i give both switches IPs i can actually ping them and their vlans [ i had 2 vlans set at that point] through the trunk.

 

I don't mind more people joining go ahead and give it your best

Hello
Thank you.
First all all do you have dhcp snooping enabled on any or all switches?, if so on the DHCP switch append the following command and test again

ip dhcp relay information trust-all

 

Also could you post the output of the following debug from the dhcp sw:
debug ip dhcp server packet


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Cheers for the fast reply Paul,

I am sorry but currently i can't access the DHCP switch ... >.< I didn't know i would need access to it and my supervisor is out for the day. Even if i could log in the dhcp server it is witek switch and i have exactly 0 idea how to operate on that one.

 

As for the debug command the result i get is blank aka nothing.

 

Regards,

Bob

Hello

Not a problem, Would you be able to confirm if snooping is enabled on the other switches then? 

 

sh ip dhcp snooping


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

This is the result on c3560 :

witch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
Smartlog is configured on following VLANs:
none
Smartlog is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
circuit-id default format: vlan-mod-port
remote-id: 001d.a1a4.ef80 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Allow option Rate limit (pps)
----------------------- ------- ------------ ----------------

 

 

This is the result on c2960:

Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
circuit-id format: vlan-mod-port
remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Rate limit (pps)
------------------------ ------- ----------------

 

Regards,

Bob

 

 

 

Hello
Thank you Bob,
So now we know it isn’t dhcp option 82 that is negating dhcp allocation to the 2960.

Regards the dhcp server, As the witek switch is actual running the dhcp service for what looks like multiple vlans I would expect two see at least two active trunks on the 3560G switch 

1-  towards witek switch
2 - towards cisco 2960 (optional)

However I only see one trunk and that one trunk has port-security applied with a mac address limit of 3, now if this one trunk is connecting to the witek switch then the port security needs to be removed, in fact i would suggest remove anyway.

The link connecting to 2960 can be either be an access-port or trunk, but a trunk if you are extending multiple vlans downstream to it.

Lastly on any access -port, suggest you apply spanning-tree portfast

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I did the changes you suggested however i kept only one trunk between c2960 and c3560g to be honest as of right now i wasted 2/3 of a day trying to resolve something that was suppose to be a simple exercise and that was suppose to take me only a couple of hours at best. To say the least the issue still remains and by the looks of it resolving it is WAY out of my league or knowledge since i literally just started diving in on the subject of switches.

 

With that being said I thank you very much for taking the time and energy to help me solve this problem Paul I really appreciate it ^_^ I hope you have a wonderful day and weekend and who knows... maybe i will see you around again;)

 

Best of wishes

Bob

Hello Bob
No need to apologize I am fully aware how exasperating troubleshooting can be, especially when your new to networking switches etc..
If you again obtain a need to come back to this problem please don’t hesitate, We would be happy to assist further.

.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul