10-29-2015 10:21 AM - edited 03-08-2019 02:29 AM
Hello,
I am in the process of deploying an Active Directory network (replacing a Novell eDirectory deployment) and have inherited a network that has been giving me fits. Some of it could be my incompetence :)
In preparing for the new network, I have created three VLANS:
VLAN 110
VLAN 111
VLAN 112
Right now I am concerned about VLAN 110. I cannot get past a DHCP DISCOVER message (Wireshark capture) when the switchport that my laptop is connected to is assigned SWITCPORT ACCESS VLAN 110.
This is on a 4506 switch. But I have the same behaviour on a 3750 stack on the same LAN as well as a standalone 3750 on the same LAN.
I have created the VLAN and VLAN interface on all of the switches. I can ping the VLAN interfaces. I can ping the gateway. I can ping the DHCP server. I can assign an IP address in that subnet range (192.168.110.0/24) to my laptop and ping everything. What I cannot do is get a DHCP address. I have added the ip-helper address to the VLAN interface. Here are the important parts of the config (no need to see all the other switchports, they are all assigned to the native vlan):
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service compress-config
!
hostname COLC-4506
!
boot-start-marker
boot system flash bootflash:cat4000-i9s-mz.122-25.EWA9.bin
boot-end-marker
!
logging console notifications
enable password ********
!
no aaa new-model
no aaa new-model
clock timezone DST -8
clock summer-time DST recurring 1 Sun Apr 1:00 1 Sun Oct 1:00
vtp domain *********
vtp mode transparent
ip subnet-zero
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 3,10-11
!
vlan 110
name Data
!
vlan 111
name SAN
vlan 112
name Phones
interface FastEthernet2/39
switchport access vlan 110
interface GigabitEthernet4/5
description trunk feed 3750-stack
switchport trunk encapsulation dot1q
switchport mode trunk
logging event link-status
interface Vlan1
description Secondary Address for Servers at Pool
ip address 192.168.6.1 255.255.255.0 secondary
ip address 192.168.0.253 255.255.255.0
no ip redirects
!
interface Vlan3
ip address 192.168.100.1 255.255.255.0
!
interface Vlan10
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.4
!
interface Vlan11
ip address 192.168.12.1 255.255.255.0
!
interface Vlan110
ip address 192.168.110.2 255.255.255.0
ip helper-address 192.168.0.4
!
interface Vlan111
ip address 192.168.111.2 255.255.255.0
ip helper-address 192.168.0.4
shutdown
!
interface Vlan112
ip address 192.168.112.2 255.255.255.0
ip helper-address 192.168.0.4
shutdown
!
router eigrp 1
redistribute ospf 1
network 10.0.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.5.0
network 192.168.6.0
network 192.168.7.0
network 192.168.8.0
network 192.168.9.0
network 192.168.10.0
network 192.168.11.0
network 192.168.12.0
network 192.168.13.0
network 192.168.14.0
network 192.168.15.0
network 192.168.16.0
network 192.168.17.0
network 192.168.18.0
network 192.168.19.0
network 192.168.20.0
network 192.168.100.0
network 192.168.110.0
network 192.168.111.0
network 192.168.112.0
no auto-summary
no eigrp log-neighbor-changes
!
router ospf 1
log-adjacency-changes
redistribute eigrp 1
network 10.0.0.0 0.255.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip default-gateway 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 10.0.0.0 255.255.255.0 192.168.0.2
ip route 192.168.14.0 255.255.255.0 192.168.253.1
ip route 192.168.14.0 255.255.255.0 192.168.0.243
ip route 192.168.19.0 255.255.255.0 192.168.253.1
ip route 192.168.20.0 255.255.255.0 192.168.0.243
ip route 192.168.20.1 255.255.255.255 192.168.253.2
ip route 192.168.253.1 255.255.255.255 192.168.0.243
no ip http server
!
!
line con 0
stopbits 1
line vty 0 4
password *********
login
!
ntp clock-period 17179502
ntp server 217.160.254.116
ntp server 216.110.192.11
!
end
192.168.0.4 is a Linux/OES DHCP server. The 192.168.110.0 network has been added to that DHCP server.
One thing that I notice is different on this 4506 than on the other switches is that IP routing is not enabled. But I get the same result on a switch WITH IP routing enabled.
This is my first experience with a layer 3 switched network. Everything else I have dealt with had layer 2 switches and subinterfaces on a router to deal with the vlans.
Any and all assistance is greatly appreciated!
~Tony
10-29-2015 10:41 AM
Tony
So is your laptop connected to fa2/39 ?
If so can you add this to the port -
"spanning-tree portfast"
ignore the warning command.
And then connect your laptop with DHCP and see what happens.
Jon
10-29-2015 11:29 AM
Yes, it is connected to fa2/39.
Added the spanning-tree portfast to that switchport configuration, still not getting past DHCP discover.
10-29-2015 11:37 AM
What is the default gateway of the DHCP server ?
Jon
10-29-2015 11:39 AM
192.168.0.1
10-29-2015 11:45 AM
Okay that IP is not on this switch.
What switch is that IP address on and does it also have an SVI for vlan 110 ?
If it does you need to make sure the connection from that switch back to the 4500 is a trunk allowing vlan 110
Jon
10-29-2015 11:45 AM
192.168.0.1 is a 2621 router. That subnet is assigned to fa0/0 on that router.
10-29-2015 11:48 AM
Should I add a subinterface for the 192.168.110.0/24 network on that router?
10-29-2015 11:56 AM
Maybe this will help. I have added an interface for VLAN 110 on my 3750 stack, the 4506, my 3750 that is in my office. Thinking that was the right thing to do. So all of the switches have an
interface vlan 110
ip address 192.168.110.x 255.255.255.0 (where x is a unique ip address).
All switches are have vlan 110 added to the database.
Like I said, I have never done routing this way. I have always done vlan routing this way:
interface fa0/0.110
encapsulation dot1q 110
ip address 192.168.110.1 255.255.255.0
I inherited this network and it is not at all documented :-/
10-29-2015 12:08 PM
The issue is the DHCP offer is being sent to the router and it is obviously not making it back to the switch.
Ideally you want the server's default gateway to be 192.168.0.253 so it is sent back to the switch.
But I'm not suggesting you do that now.
In terms of adding an SVI for vlan 110 to all switches probably not what you want but we can deal with that later.
Does the router have a route for the vlan 110 IP subnet ?
Jon
10-29-2015 01:08 PM
It does. And now everything works.
The problem?
There were three different DHCP services running on the OES box. My Novell admin (using that term loosely) was bouncing the wrong one. Once he bounced the right one (by guessing and bouncing all three) I was able to get a reply.
Sooooo... the problem was DHCP not the network.
Not to say that there aren't some configuration issues with this network. I wasted three days on this, not to mention your time. Thanks for your help and apologies for the stupidity.
Tony
10-29-2015 01:43 PM
No problem, these things happen :-)
It's difficult to say for sure but you may want to redesign some of then network and have your switches doing all the routing between vlans and perhaps decide on which switches do what.
If you do want to do that in the future feel free to post another question.
Jon
10-29-2015 01:43 PM
Thanks for understanding.
My plan is to make the 3750 stack the core of the network. I need to get a couple more 3750s and move everything off the 4506 and decomission it. I think that will simplify things greatly. It appears the last network admin had a plan but left before he implemented it. Things are kind of mish-mash.
I am grateful for this Cisco forum and will likely be asking questions as I go along :)
Thanks again!
Tony
10-29-2015 06:10 PM
Hello
Not sure if anyone has mentioned this yet but it seems your mutual redistribution is incorrect
For future reference - Each receiving protocol needs to understand the routes being redistributed and at present this is missing
Ospf - requires the SUBNETS keyword to allow classless routes
Eigrp - requires metric of BW/delay/reliability/mtu
Example
redistrubute eigrp 1 subnets
redistribute ospf 1 metric 1 1 1 1 1
Lastly if you don't wish eigrp to form an adjenancy use the passive interface command on the vlan svi in question
res
paul
10-30-2015 08:48 AM
Thanks, Paul. I will have to do some reading to fully understand mutual redistribution. For one, I don't know why the previous admin has OSPF and EIGRP enabled. And again, there is probably a reason and I am ignorant to what it is. But for local routing all I have ever configured is EIGRP so the dual protocols are confusing to me.
Thanks for pointing that out. Since everything seems to be routing properly I will dive into this and understand it better before applying any config changes :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide