cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2345
Views
0
Helpful
10
Replies

DHCP via switch

Dustin Anderson
VIP Alumni
VIP Alumni

Greetings,

So, I have an odd problem. I'm setting up a switch with 5 vlans. 10,20,30,40, and 50.

192.168.10.0/24

192.168.20.0/24

192.168.30.0/24

192.168.40.0/22

192.168.50.0/24

.1-.49 excluded.

vlans interfaces defined with .2 ip. I have a firewall with the .1 default gateway.

Now, I get served on vlan 10 and 20, but not 30, 40, or 50. And, if I set the port to that vlan, the light goes amber even if I manually assign an IP.

Switch is a 3750g ipbase running 12.2[55] SE7

Here is the current config.

show run
Building configuration...

Current configuration : 6131 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime
service password-encryption
!
hostname TRFEFCS1
!
boot-start-marker
boot-end-marker
!
logging console critical
logging monitor critical
!
username master privilege 15 secret 5
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip routing
no ip sticky-arp
ip domain-list trfefc.org
no ip domain-lookup
ip domain-name trfefc.org
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp excluded-address 192.168.20.1 192.168.20.49
ip dhcp excluded-address 192.168.30.1 192.168.30.49
ip dhcp excluded-address 192.168.40.1 192.168.40.49
ip dhcp excluded-address 192.168.50.1 192.168.50.49
!
ip dhcp pool cisco
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool ap
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   option 43 hex f104.c0a8.0a03
   dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool faculty
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1
   dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool guest
   network 192.168.40.0 255.255.252.0
   default-router 192.168.40.1
   dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool private
   network 192.168.50.0 255.255.255.0
   default-router 192.168.50.1
   dns-server 8.8.8.8 8.8.4.4
!
!
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping
ip device tracking probe interval 28800
ip device tracking probe delay 60
ip device tracking
!
no setup express
!
!
!
!
!
errdisable recovery cause psecure-violation
!
spanning-tree mode mst
spanning-tree loopguard default
spanning-tree logging
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
lldp run
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip scp server enable
!
!
interface GigabitEthernet1/0/1
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/9
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/10
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/11
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/12
 description AP
 switchport access vlan 20
 switchport mode access
 speed 1000
 duplex full
 no mdix auto
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1001
 switchport mode trunk
 ip arp inspection trust
 logging event bundle-status
 spanning-tree portfast disable
!
interface GigabitEthernet1/0/24
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1001
 switchport mode trunk
 ip arp inspection trust
 logging event bundle-status
 spanning-tree portfast disable
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 192.168.10.2 255.255.255.0
!
interface Vlan20
 ip address 192.168.20.2 255.255.255.0
!
interface Vlan30
 ip address 192.168.30.2 255.255.255.0
!
interface Vlan40
 ip address 192.168.40.2 255.255.252.0
!
interface Vlan50
 ip address 192.168.50.2 255.255.255.0
!
ip default-gateway 192.168.10.1
ip classless
no ip http server
no ip http secure-server
!
!
!
line con 0
 exec-timeout 15 0
 logging synchronous
 length 54
line vty 0 4
 access-class 10 in vrf-also
 exec-timeout 15 0
 logging synchronous
 autocommand  terminal monitor
 autocommand-options nohangup
 length 54
 transport input ssh
line vty 5 15
 access-class 10 in vrf-also
 exec-timeout 15 0
 logging synchronous
 autocommand  terminal monitor
 autocommand-options nohangup
 length 54
 transport input ssh
!
ntp server 204.9.54.119
end

TRFEFCS1#

1 Accepted Solution

Accepted Solutions

Maybe vlan.dat file is corrupted, Delete it from flash and reload switch.

Also, just in case (since there is no VLANs listed in running configuration), can you paste output from:

sh vtp status

View solution in original post

10 Replies 10

Julio E. Moisa
VIP Alumni
VIP Alumni

Hi

Is the firewall the gateway for each vlan? 

I see you are using dhcp snooping but the following command is not applied on the way to the DHCP server

ip dhcp snooping trust.

Now from point of view if the firewall is the gateway for the networks you should create the DHCP pools on the firewall and not on the switch unless it is the gateway.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

OK, the firewall is the gateway. I was trying to use the switch for DHCP as the firewall will ony do a /24 and I wanted to do a /22 on the switch.

The odd thing is I wipe the config, I can set ports into vlan 10, 20, 30, 40, 50. do a show vlan and only see vlan 10 and 20. 30, 40, and 50 are not in the list even if a port is assigned to it. This is the oddest thing I have ever run into.

Maybe vlan.dat file is corrupted, Delete it from flash and reload switch.

Also, just in case (since there is no VLANs listed in running configuration), can you paste output from:

sh vtp status

deleting the dat seems to have worked. I don't have the output as it's a mockup at home I'm messing with. Thanks for your help. I'm not sure why I can't tag correct answer.

Sometimes the fix is staring you in the face. Not sure why I didn't even think of this.

Thanks,

You're welcome.

ok, not sure why, but put vtp to transparent and it started working. vtp in server had the same issue.

If switch is vtp server and VTPv3 is configured switch also need to be primary server to be able to create VLAN, that's why I am asking about current VTP mode. In transparent mode it should work OK if vlan.dat is not corrupted.

Predrag Jovic
Level 3
Level 3

And, if I set the port to that vlan, the light goes amber even if I manually assign an IP.

Typically assigning port to non existing VLAN will have effect of light goes amber. Also the speed negotiation problem will have the same effect, but then I guess it would not happen only when specific VLANs are assigned to ports.
Since you are assigning port to VLAN it should create VLAN, except in the case that switch is configured as vtp client. Check if VLANs 30, 40, 50 exist on switch and check vtp mode.
sh vlan brief
sh vtp status

Hello,

in addition to the other posts, since you have ip routing enabled on the switch, you don't need the 'ip default-gateway'. Use a default static route instead:

ip route 0.0.0.0 0.0.0.0 192.168.10.1

Hello

Do these clients obtain dhcp allocation?
Do you have L2 vlan connectivity ( sh vllan brief)



@Julio


Now from point of view if the firewall is the gateway for the networks you should create the DHCP pools on the firewall and not on the switch unless it is the gateway.

I think this wouldn't matter, If the FW is indeed performing the off site routing, then the switch has the necessary interfaces to accommodate, The connection from the switch to the Fw will be directly connected, so the switch dhcp pools can indeed advertise the FW's interface as gateway

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul