Re: Cisco switch and DHCP

DGSAT · ‎02-18-2025

Good morning, I have a cisco switch mod. C9200L-48P-4G with 17.12.4 and a separate DHCP server connected with port GigabitEthernet1/1/1 FO. The DHCP server work fine.

When I connect a laptop client to port from 1 to 10, the client do not receive the DHCP data (IP, DNS, GW, ...), but if I connect the laptop to port from 11 to 48, yes it receive all DHCP data. All the ports are in auto mode.

Where can be the error? What can I check to solve this problem?

Thanks.

MHM Cisco World · ‎02-18-2025

Share show vlan in SW

MHM

DGSAT · ‎02-18-2025

#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28, Gi1/0/29, Gi1/0/30
Gi1/0/31, Gi1/0/32, Gi1/0/33
Gi1/0/34, Gi1/0/35, Gi1/0/36
Gi1/0/37, Gi1/0/38, Gi1/0/39
Gi1/0/40, Gi1/0/41, Gi1/0/42
Gi1/0/43, Gi1/0/44, Gi1/0/45
Gi1/0/46, Gi1/0/47, Gi1/0/48
Gi1/1/1, Gi1/1/2, Gi1/1/3
Gi1/1/4
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

I have only one VLAN and all the ports are in VLAN1 default

MHM Cisco World · ‎02-18-2025

all port assign to same VLAN
now can I see the config of g1/0/1 and g1/0/48
and when you connect to these two ports (work and not work) share ipconfig

MHM

DGSAT · ‎02-18-2025

#sh int g1/0/1 (where dhcp do not work)
GigabitEthernet1/0/1 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is a0bc.6f66.b501 (bia a0bc.6f66.b501)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 7w4d, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1 packets input, 68 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
187513 packets output, 26423380 bytes, 0 underruns
Output 171050 broadcasts (55751 multicasts)
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

#sh int g1/0/38 (where the dhcp work)
GigabitEthernet1/0/38 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is a0bc.6f66.b526 (bia a0bc.6f66.b526)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:42:51, output 00:41:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
158 packets input, 24033 bytes, 0 no buffer
Received 73 broadcasts (23 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 23 multicast, 0 pause input
0 input packets with dribble condition detected
850 packets output, 391647 bytes, 0 underruns
Output 479 broadcasts (313 multicasts)
0 output errors, 0 collisions, 2 interface resets
4 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

MHM Cisco World · ‎02-18-2025

Thanks but I need to see config

MHM

Joshqun Ismayilov · ‎02-18-2025

@DGSAT

Compare port configs #show running-config interface range gig1/0/1 - 48

You can check if there any Port Security or Sticky MAC Restrictions #show port-security interface gig1/0/1-10 - if you have you can remove it
#interface range gig1/0/1-10
#no switchport port-security

Thanks!

DGSAT · ‎02-18-2025

This is the ipconfig -all of laptop on the port g1/0/2 where do not work

flushdns:

ipconfig -release && ipconfig -renew -> no contact with dhcp server

MHM Cisco World · ‎02-18-2025

c9k(config)#ip access-list extended DHCP
c9k(config-ext-nacl)#permit udp any any eq 68
c9k(config-ext-nacl)#permit udp any any eq 67

c9k#monitor capture cap interface GigabitEthernet1/0/48 in access-list DHCP
c9k#monitor capture cap start
c9k#monitor capture cap stop

c9k#show monitor capture cap buffer brief <<- share output of this

let see brief of monitor in non-work g1/0/48 port

MHM

DGSAT · ‎02-18-2025

#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 4096

Joshqun Ismayilov · ‎02-18-2025

@DGSAT it will be easy to help if you can share running-config.

DGSAT · ‎02-20-2025

Thu Feb 20 2025 07:59:53 GMT-0300
===================================================================================
#sh running-config
Building configuration...
Current configuration : 10298 bytes
!
! Last configuration change at 07:59:09 BST Thu Feb 20 2025 by cisco
! NVRAM config last updated at 15:20:18 BST Tue Feb 18 2025 by cisco
!
version 17.12
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform punt-keepalive disable-kernel-core
!
hostname SW1-CISCO
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
!
!
!
clock timezone BST -3 0
boot system switch all flash:packages.conf
switch 1 provision c9200l-48p-4g
!
!
!
!
!
no ip domain lookup
!
!
!
login on-success log
vtp version 1
!
!
!
!
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
hash sha256
!
crypto pki trustpoint TP-self-signed-3969793100
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3969793100
revocation-check none
rsakeypair TP-self-signed-3969793100
hash sha256
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 <...>
quit
crypto pki certificate chain TP-self-signed-3969793100
certificate self-signed 01
30820330 <...>
quit
!
license boot level network-essentials addon dna-essentials
memory free low-watermark processor 9899
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
enable secret 9 <...>
enable password <...>
!
username <...> privilege 15 password 0 <...>
!
redundancy
mode sso
crypto engine compliance shield disable
!
!
!
!
transceiver type all
monitoring
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 192.168.10.220 255.255.255.0
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
ip address 192.168.10.220 255.255.255.0
!
ip default-gateway 192.168.10.1
ip http server
ip http authentication local
ip http secure-server
ip http secure-trustpoint TP-self-signed-3969793100
ip forward-protocol nd
ip ssh bulk-mode 131072
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line vty 0 4
password <...>
login
length 0
transport input ssh
line vty 5 15
password <...>
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp server 192.168.10.1 prefer
!
!
!
!
!
!
end

Richard Burts · ‎02-20-2025

Thanks for posting the running config. I am quite surprised to see this "ip address 192.168.10.220 255.255.255.0" configured on G0/0 management vrf and also configured on interface vlan 1.

The OP says that behavior of ports 1 through 10 is different from behavior of ports 11 through 48. The posted config shows no difference. Perhaps the output of show interface status might shed some light on this issue?

HTH

Rick