Re: DHCP on a Voice Vlan

mark.evans@unt.edu · ‎04-17-2019

Im trying to configure a voice vlan with dhcp on a cisco 2960 switch. The switch doesnt seem to get the DHCPDiscovers. if i change the access vlan from 2211 to 135, the switch recieves a DHCPDiscover and the phone gets an IP address. But no such luck when the vlan 135 is used as the voice vlan. Relevant configuration is posted below. Does any know what i might be doing wrong?

ip dhcp excluded-address 10.10.10.250 10.10.10.254
!
ip dhcp pool VoIP
network 10.10.10.0 255.255.255.0
domain-name unt.edu
dns-server 192.120.210.235
default-router 10.10.10.250
lease 0 0 5
!
!
ip dhcp snooping vlan 135
ip domain-name sys-name
!
!
!
!
!
!
!
!
!
network-policy profile 135
voice vlan 135
!
vlan 135
name Voip
lldp run
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
!
!
interface GigabitEthernet0/11
switchport access vlan 2211
switchport mode access
network-policy 135
spanning-tree portfast
!
interface Vlan135
ip address 10.10.10.250 255.255.255.0
!

#show interfaces gigabitEthernet 0/11 switchport
Name: Gi0/11
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 2211 (inside)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 135 (Voip)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Mark Malone · ‎04-18-2019

Hi
did you try remove the dhcp snooping , incase its not being trusted correctly and the packets are being dropped

no ip dhcp snooping vlan 135

•If a Layer 2 LAN port is connected to a DHCP server, configure the port as trusted by entering the ip dhcp snooping trust interface configuration command.

•If a Layer 2 LAN port is connected to a DHCP client, configure the port as untrusted by entering the no ip dhcp snooping trust interface configuration command.

mark.evans@unt.edu · ‎04-18-2019

I had tried with no dhcp snooping, but that didn't resolve the issue. Currently have added "ip dhcp snooping trust" to interface GigabitEthernet0/11 like you suggested but it still doesn't seem to allow DHCP packets through.

Mark Malone · ‎04-18-2019

id remove all snooping until this is working then re-apply when your sure your getting IPs first just in case

can you use switch access voice vlan like mine just noticed that wasnt in place instead of network policy see if it helps , just in case theres something up with how its reading that network policy syntax ....

interface GigabitEthernet1/0/4
description Voice and Data
switchport access vlan 2016
switchport mode access
switchport voice vlan 2048

mark.evans@unt.edu · ‎04-18-2019

I tried that last night in an attempt to get it work. Setting it with "switchport voice vlan 135" wasn't successful either. one think I may have forgot to mention is the server stats do no increment when the device is on the voice vlan. I did a brief test last night by moving 135 to access vlan and that worked. I then immediately moved 135 back to voice vlan and I never got another ip. I've pasted the server stats below. The low number you see is from that test, by now the discovers should be in the hudreds or thousands.

Memory usage 15777
Address pools 1
Database agents 0
Automatic bindings 0
Manual bindings 0
Expired bindings 1
Malformed messages 0
Secure arp entries 0
Renew messages 0

Message Received
BOOTREQUEST 0
DHCPDISCOVER 2
DHCPREQUEST 2
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 12

Message Sent
BOOTREPLY 0
DHCPOFFER 2
DHCPACK 13
DHCPNAK 1

brselzer · ‎04-18-2019

Is the phone running CDP?

show CDP neighbor

CDP is used to tell the phone what the voice vlan is so the phone can tag its packets with that vlan tag. If the phone doesn't run CDP, it won't be able to learn the vlan tag and all it's packets will still go into the access vlan and not the voice vlan.

If the phone does not support CDP, you can turn on LLDP and see if the phone runs LLDP. LLDP provides the same function that CDP does.

conf t

lldp run

Hope that helps!

-Bradley Selzer
CCIE# 60833

mark.evans@unt.edu · ‎04-18-2019

I have LLDP running. I just discovered the mac address doesn't show up on the 135 vlan.

Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID Local Intf Hold-time Capability Port ID
Lync Phone Edition -Gi0/11 360 T 0004.f298.5fe0

Total entries displayed: 1

Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
10 541e.56d8.61c0 DYNAMIC Gi0/2
2211 0004.f298.5fe0 DYNAMIC Gi0/11
Total Mac Addresses for this criterion: 22

Mark Malone · ‎04-18-2019

if MAC is not on vlan 135 , where is it showing up ?
does it work if you set it to static just as a test , to see if its only a DHCP issue

brselzer · ‎04-18-2019

Hello,

Make sure you have network-policy for LLDP enabled or it won't be able to communicate the right vlan:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/swlldp.html#41600

EXAMPLE:

Switch# configure terminal

Switch(config)# network-policy profile 1

Switch(config-network-policy)# voice vlan 100 cos 4

Switch(config-network-policy)# exit

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# network-policy profile 1

Switch(config-if)# lldp med-tlv-select network-policy

Hope that helps!

-Bradley Selzer
CCIE# 60833

mark.evans@unt.edu · ‎04-18-2019

This issue has been resolved. Turns out this was related to running a version of code that didn't support voice vlans. Thanks for every ones input.