Solved: Re: DHCP and VLAN on 3560

konopkad · ‎04-13-2011

I setup VLANs on Catalyst 3560 (8 port, PoE). The switch is connected vial trunk link to Brocade SuperX 800 switch. When I plug in a laptop to one of the Voip VLANs on 3560, it gets DHCP lease fine. If I plug in Polycomm phone instead, it doesn't get DHCP lease. If I setup static IP on the phone, the phone works fine. Why the phone doesn't get DHCP? It must be something not configured on the 3560, I just don't know what. the phone with DHCP works fine if connected directly to the Brocade switch. What am I missing on the 3560?

VLAN101 is VOIP vlan and FastEthernet0/1 port is was tested.

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Catalyst3560
!

!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan 101
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
switchport access vlan 30
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30,101
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
no ip address
!
interface Vlan30
ip address 172.16.80.5 255.255.252.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Eugene Lau · ‎04-18-2011

Typically, if the switch was dropping the packet, I would expect an input error such as invalid frame, crc error etc to be logged on the interface. What was inconsistent for me is that when the polycom was connected, you mentioned that the receive broadcast was incrementing but no mac-address is learnt.

The next step you could try is what cadetalain suggested - connect a hub to capture traffic in between the switch and the polycom (inline sniff) to see if there is anything unusual and to verify that the DHCP broadcast is generated from the polycom.

Did you manage to capture all the information as well? Just wanted to take a quick look to see if there was anything unusual.

Could also try disabling CDP, DTP and hardcode to access port if you're waiting for a hub - just to make sure nothing fishy is happening there

#switchport mode access

#switchport noneg

#no cdp enable

Eugene

View solution in original post

bmuggall · ‎04-18-2011

Hi,

I worked on this long time back, could remember few things. I think you should configure vlan 101 in voice mode. "switchport voice vlan " command is used for that. Can you try that? Cisco uses different vlans for voice and data

Reg,

Balu

View solution in original post

Eugene Lau · ‎04-19-2011

Great that you resolved it!

If you open a ticket with Cisco, you'll probably need that wireshark trace from the hub.

- The wireshark not seeing the DHCP and the mac address not appearing indicates no traffic is switched

- receive broadcast indicate traffic is seen by the interface

- switchport voice vlan is OPTIONAL and this should have worked in access mode. Cisco IP phones work in access vlan. The voice vlan allows an access port to accept tagged traffic.

We'd suspect that the IP Phone was sending traffic tagged, with a VVID of 101 (voice VLAN ID).

CDP would also announce the voice VLAN so it could be some interaction with CDP and the polycom. Eg. If polycom saw CDP packet it would automatically start tagging traffic with the VLAN seen in CDP --> so disabling CDP, DTP etc could possibly have helped determine this.

For reference, some times IP stacks (interface drivers) Could have unusual behaviour in certain speed/duplex - this would be a bug - so these simple steps could help debug things in the field.

Ultimately, since the switchport was dropping traffic, you would need the trace from the hub to check the above theory

Eugene.

View solution in original post

Eugene Lau · ‎04-20-2011

Thanks for confirming the vvid!

Start up delay should be caused by Spanning-tree.

By default, with the original configuraiton posted for port f0/1, it could take up to 30-45 seconds to get connectivity to the network (a mix of STP and DHCP timers etc)

#spanning-tree portfast

is part of best practice host port configuration (I would recommend it being configured on all host ports in the network).

Benefits:

- reduce start up time -> port goes straight into forwarding instead of going through the STP state transitions, listening, learning etc

- does not generate a TCN upon link up or down (improves accuracy of TCN flag in STP topology and troubleshooting)

You'll also see this recommendation in Cisco IP Phone guides such as:

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_example09186a0080722cdb.shtml

(contact web-help@cisco.com if unable to access)

HTH

Eugene.

View solution in original post

Eugene Lau · ‎04-13-2011

G'day!

When you connect the polycom IP phone to fa0/1, could you try the following:

1. #sh int fa0/1 <<-- check interface is up and proper speed and duplex is negotiated

2. #sh spanning-tree vlan 101 --> make sure it is forwarding

3. #sh mac address int fa0/1 --> make sure mac address is learnt

4. #sh controller ethernet int fa/01 --> multiple times to see if receive broadcast is incrementing (DHCP request)

One thing you could add to the config under the interface fa0/1 is

#spanning-tree portfast

to ensure it is not a start up delay causing the issue and part of STP best practice config on host ports

Eugene.

Latchum Naidu · ‎04-13-2011

Hi,

Where is the vlan 101 is configured?

It is not there in the configuration.

Please rate the helpfull posts.

Regards,

Naidu.

konopkad · ‎04-14-2011

Catalyst3560#sh int fa0/1
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 6c50.4d99.a482 (bia 6c50.4d99.a482)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 23:05:19, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     43896 packets input, 12086376 bytes, 0 no buffer
     Received 1625 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 56 multicast, 0 pause input
     0 input packets with dribble condition detected
     92145 packets output, 12725130 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

Catalyst3560#sh spanning-tree vlan 101

VLAN0101
Spanning tree enabled protocol ieee
Root ID    Priority    32768
             Address     0012.f21d.2900
             Cost        4
             Port        1 (GigabitEthernet0/1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32869 (priority 32768 sys-id-ext 101)
             Address     6c50.4d99.a480
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Root FWD 4         128.1    P2p
Fa0/1            Desg FWD 19        128.2    Edge P2p

Catalyst3560#sh mac address int fa0/1
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----

When I run sh controller ethernet int fa/01 multiple times, receive broadcast is incrementing. I run spanning-tree portfast on the port but it didn't make a difference. So why the switch doesn't learn mac address of the polycom? What else can I do?

Thank you.

Eugene Lau · ‎04-14-2011

There's no special config required in this case of a simple access port on an access vlan 101. Portfast should remain to avoid any start up issues.

OK - so this is how it looks so far and correct me if there's anything wrong. The idea is to go through all the basics to ensure we haven't missed anything.

Reported results from testing.

1. PC connected to fa0/1 - obtains DHCP on VLAN101 and can ping to the network (default gateway - confirming it is functional)

2. Polycom IP phone - works if you statically configure IP and connect to the same fa0/1 (please confirm that it is actually functional)

3. No errors seen on interface

We can focus on why the mac-address is not appearing at the moment.

Here's what I would do.

#Clear counters

#check the log #sh log (if you can, clear log)

Capture some state info

#sh int trunk <<--- vlan is on trunk and not pruned

#sh vtp status <<--- understand the mode

#sh vlan <<--- double check the VLAN.

#sh spann vlan 101 detail

a. Connect polycom with static IP and verify functionality. Confirm what a working scenario looks like on the switch

#sh int fa0/1

#sh controller ethernet fa0/1 (always a few times to see what's incrementing - any invalid frames?)

#sh spann vlan 101

#sh mac address int fa0/1 <<--- grab the mac and copy it into a note pad, we'll use it later

b. Do the same for the PC with DHCP - always verify and confirm functionality

#sh int fa0/1

#sh controller ethernet fa0/1 (always a few times to see what's incrementing - any invalid frames?)

#sh spann vlan 101

#sh mac address int fa0/1 <<--- grab the mac and copy it into a note pad, we'll use it later

c. Now reconnect the polycom for DHCP scenario. Would be good to have a SPAN session on this and monitor the port traffic (eg. WIRESHARK) and monitor the behaviour over 2-3 minutes. If you see receiving traffic increment

For the SPAN you could monitor source fa0/1 and also source VLAN 101 tx (to see if there's actual traffic being sent)

#sh platform port-asic stat drop fa0/1 <<--- snapshot before connecting polycom

#sh int fa0/1

#sh controller ethernet fa0/1 (always a few times to see what's incrementing - any invalid frames?)

#sh spann vlan 101

#sh mac address int fa0/1 <<-- run it a few times to ensure it doesn't appear and disappear

#sh mac address-table address [mac] <<---- here we want to see if the mac is seen anywhere at all?

#sh mac add aging vlan 101 <<--- should see 300 seconds as default

#sh log <<--- any log messages

#sh platform port-asic stat drop fa0/1 <<--- looking for drops on asic during DHCP.

Other quick scenarios you could test

- hardcode speed duplex to 100/full

- hardcode speed duplex to 10/half (for testing only)

- try another port

I would like to get a look at the incoming traffic to see if there's anything unusual

Eugene.

konopkad · ‎04-18-2011

I'm sorry for my delayed response. So I set up a SPAN session and when the phone is configured for DHCP I've never seen anything coming to the fa0/1 (I tested different port as well). I use Wireshark. I run a filter on the MAC address of the Polycom phone. Not even DCHP broadcast traffic so the fa0/1 could learn the MAC. Is it possible that CISCO switch is not accepting Polycom MAC and DHCP? I can see MAC of the Polycom if IP is static. Polycom plugged in to Brocade port works fine with DHCP. Laptop plugged in to CISCO 3560 fa0/1 works fine. I can try another Polycom and CISCO 3560.

Thank you.

konopkad · ‎04-14-2011

VLAN 101 is configured on the Brocade SuperX 800 switch, virtual interface and routing is configured on that one as well. If I configure Polycom with static IP, it works. It doesn't work with DHCP. And again, if I plug in a laptop with DHCP it works. If I plug in Polycom to Brocade on VLAN 101, it gets IP fine. It looks like 3560 is not learning the MAC address of the Polycom.

Thank you.

cadet alain · ‎04-14-2011

Hi,

 If I configure Polycom with static IP, it works

So the 3560 must learn the mac-address in this case

If I plug in Polycom to Brocade on VLAN 101, it gets IP fine

With 3560 still attached to Brocade ? If so it must still learn the mac-address

If so why is this not the case with Polycom directly in f0/1? can you put a hub between Polycom and 3560 when Polycom configured for DHCP and sniff.

Regards.

Alain.

Don't forget to rate helpful posts.

konopkad · ‎04-18-2011

Yes, If Polycom is configured with static IP, it works. Fa0/1 learns MAC fine as well as Wireshark shows it.

Yes, if Polycom plugged in to Brocade on VLAN101, it get IP fine while 3560 is still attached to Brocade via trunk. 3560 doesn't learn MAC when Polycom is directly attached to fa0/1. It's like 3560 is rejecting DHCP broadcast from the Polycom. Please see my previous post (reply to Eugene).

Thank you.

Eugene Lau · ‎04-18-2011

Typically, if the switch was dropping the packet, I would expect an input error such as invalid frame, crc error etc to be logged on the interface. What was inconsistent for me is that when the polycom was connected, you mentioned that the receive broadcast was incrementing but no mac-address is learnt.

The next step you could try is what cadetalain suggested - connect a hub to capture traffic in between the switch and the polycom (inline sniff) to see if there is anything unusual and to verify that the DHCP broadcast is generated from the polycom.

Did you manage to capture all the information as well? Just wanted to take a quick look to see if there was anything unusual.

Could also try disabling CDP, DTP and hardcode to access port if you're waiting for a hub - just to make sure nothing fishy is happening there

#switchport mode access

#switchport noneg

#no cdp enable

Eugene

konopkad · ‎04-19-2011

I agree. I tried it again and broadcast counter increases "sh int fa0/1". At the same time, Wireshark doesn't show any broadcast frames from the phone's MAC. when I tried static IP, I see Polycom's phone MAC/IP fine and after Balu suggested to run "switchport voice vlan 101", I can see phone frames/packets, MAC/IP fine so the sniffer's options must have been set up properly. I don't have an explanation. As you can see from the Balu's post the issue was I didn't have "switchport voice vlan 101" set on the port. This corrected the problem. I thought that even without this I should have seen some activity shown by the sniffer, first the phone needs to get IP, then other protocols set up voip session. So I'm not sure how to explain this. I am going to open CISCO trouble ticket and post the anser here if I get one. Thank you for your effort in helping me.

bmuggall · ‎04-18-2011

Hi,

I worked on this long time back, could remember few things. I think you should configure vlan 101 in voice mode. "switchport voice vlan " command is used for that. Can you try that? Cisco uses different vlans for voice and data

Reg,

Balu

konopkad · ‎04-19-2011

That's it. I run "switchport voice vlan 101" and it worked. I saw that before in the Configuration Guide but it said "(Optional) Configure the voice VLAN". Also, if it worked with static IP I didn't bother with trying it. I'm still not sure why the broadcast counter is increasing when I run "sh int fa0/1" when DHCP didn't work and at the same time I didn't see any broadcast frames coming to the fa0/1 using Wireshark. I tried that again today with the same result. I guess at this point as long as it works, when I have time I might open a ticket with CISCo and see what they say. when I know it, I post it here. Thank you!

Eugene Lau · ‎04-19-2011