cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2333
Views
0
Helpful
20
Replies

IntraVLAN routing DHCP Issue

Tony LaSoya
Level 1
Level 1

Hello,

I am in the process of deploying an Active Directory network (replacing a Novell eDirectory deployment) and have inherited a network that has been giving me fits. Some of it could be my incompetence :)

In preparing for the new network, I have created three VLANS:

VLAN 110

VLAN 111

VLAN 112

Right now I am concerned about VLAN 110. I cannot get past a DHCP DISCOVER message (Wireshark capture) when the switchport that my laptop is connected to is assigned SWITCPORT ACCESS VLAN 110.

This is on a 4506 switch. But I have the same behaviour on a 3750 stack on the same LAN as well as a standalone 3750 on the same LAN.

I have created the VLAN and VLAN interface on all of the switches. I can ping the VLAN interfaces. I can ping the gateway. I can ping the DHCP server. I can assign an IP address in that subnet range (192.168.110.0/24) to my laptop and ping everything. What I cannot do is get a DHCP address. I have added the ip-helper address to the VLAN interface. Here are the important parts of the config (no need to see all the other switchports, they are all assigned to the native vlan):

version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service compress-config
!
hostname COLC-4506
!
boot-start-marker
boot system flash bootflash:cat4000-i9s-mz.122-25.EWA9.bin
boot-end-marker
!
logging console notifications
enable password ********
!
no aaa new-model

no aaa new-model
clock timezone DST -8
clock summer-time DST recurring 1 Sun Apr 1:00 1 Sun Oct 1:00
vtp domain *********
vtp mode transparent
ip subnet-zero
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 3,10-11
!
vlan 110
name Data
!
vlan 111
name SAN

vlan 112
name Phones

interface FastEthernet2/39
switchport access vlan 110

interface GigabitEthernet4/5
description trunk feed 3750-stack
switchport trunk encapsulation dot1q
switchport mode trunk
logging event link-status

interface Vlan1
description Secondary Address for Servers at Pool
ip address 192.168.6.1 255.255.255.0 secondary
ip address 192.168.0.253 255.255.255.0
no ip redirects
!
interface Vlan3
ip address 192.168.100.1 255.255.255.0
!
interface Vlan10
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.4
!
interface Vlan11
ip address 192.168.12.1 255.255.255.0
!
interface Vlan110
ip address 192.168.110.2 255.255.255.0
ip helper-address 192.168.0.4
!
interface Vlan111
ip address 192.168.111.2 255.255.255.0
ip helper-address 192.168.0.4
shutdown
!
interface Vlan112
ip address 192.168.112.2 255.255.255.0
ip helper-address 192.168.0.4
shutdown
!
router eigrp 1
redistribute ospf 1
network 10.0.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.5.0
network 192.168.6.0
network 192.168.7.0
network 192.168.8.0
network 192.168.9.0
network 192.168.10.0
network 192.168.11.0
network 192.168.12.0
network 192.168.13.0
network 192.168.14.0
network 192.168.15.0
network 192.168.16.0
network 192.168.17.0
network 192.168.18.0
network 192.168.19.0
network 192.168.20.0
network 192.168.100.0
network 192.168.110.0
network 192.168.111.0
network 192.168.112.0
no auto-summary
no eigrp log-neighbor-changes
!
router ospf 1
log-adjacency-changes
redistribute eigrp 1
network 10.0.0.0 0.255.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip default-gateway 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 10.0.0.0 255.255.255.0 192.168.0.2
ip route 192.168.14.0 255.255.255.0 192.168.253.1
ip route 192.168.14.0 255.255.255.0 192.168.0.243
ip route 192.168.19.0 255.255.255.0 192.168.253.1
ip route 192.168.20.0 255.255.255.0 192.168.0.243
ip route 192.168.20.1 255.255.255.255 192.168.253.2
ip route 192.168.253.1 255.255.255.255 192.168.0.243
no ip http server
!
!
line con 0
stopbits 1
line vty 0 4
password *********
login
!
ntp clock-period 17179502
ntp server 217.160.254.116
ntp server 216.110.192.11
!
end

192.168.0.4 is a Linux/OES DHCP server. The 192.168.110.0 network has been added to that DHCP server.

One thing that I notice is different on this 4506 than on the other switches is that IP routing is not enabled. But I get the same result on a switch WITH IP routing enabled. 

This is my first experience with a layer 3 switched network. Everything else I have dealt with had layer 2 switches and subinterfaces on a router to deal with the vlans. 

Any and all assistance is greatly appreciated!

~Tony

20 Replies 20

Jon Marshall
Hall of Fame
Hall of Fame

Tony

So is your laptop connected to fa2/39 ?

If so can you add this to the port -

"spanning-tree portfast"

ignore the warning command.

And then connect your laptop with DHCP and see what happens.

Jon

Yes, it is connected to fa2/39.

Added the spanning-tree portfast to that switchport configuration, still not getting past DHCP discover.

What is the default gateway of the DHCP server ?

Jon

192.168.0.1

Okay that IP is not on this switch.

What switch is that IP address on and does it also have an SVI for vlan 110 ?

If it does you need to make sure the connection from that switch back to the 4500 is a trunk allowing vlan 110

Jon

192.168.0.1 is a 2621 router. That subnet is assigned to fa0/0 on that router.

Should I add a subinterface for the 192.168.110.0/24 network on that router?

Maybe this will help. I have added an interface for VLAN 110 on my 3750 stack, the 4506, my 3750 that is in my office. Thinking that was the right thing to do. So all of the switches have an 

interface vlan 110

ip address 192.168.110.x 255.255.255.0 (where x is a unique ip address).

All switches are have vlan 110 added to the database.

Like I said, I have never done routing this way. I have always done vlan routing this way: 

interface fa0/0.110

encapsulation dot1q 110

ip address 192.168.110.1 255.255.255.0 

I inherited this network and it is not at all documented :-/

The issue is the DHCP offer is being sent to the router and it is obviously not making it back to the switch.

Ideally you want the server's default gateway to be 192.168.0.253 so it is sent back to the switch.

But I'm not suggesting you do that now.

In terms of adding an SVI for vlan 110 to all switches probably not what you want but we can deal with that later.

Does the router have a route for the vlan 110 IP subnet ?

Jon

It does. And now everything works.

The problem?

There were three different DHCP services running on the OES box. My Novell admin (using that term loosely) was bouncing the wrong one. Once he bounced the right one (by guessing and bouncing all three) I was able to get a reply.

Sooooo... the problem was DHCP not the network. 

Not to say that there aren't some configuration issues with this network. I wasted three days on this, not to mention your time. Thanks for your help and apologies for the stupidity. 

Tony

No problem, these things happen :-)

It's difficult to say for sure but you may want to redesign some of then network and have your switches doing all the routing between vlans and perhaps decide on which switches do what.

If you do want to do that in the future feel free to post another question.

Jon

Thanks for understanding.

My plan is to make the 3750 stack the core of the network. I need to get a couple more 3750s and move everything off the 4506 and decomission it. I think that will simplify things greatly. It appears the last network admin had a plan but left before he implemented it. Things are kind of mish-mash.

I am grateful for this Cisco forum and will likely be asking questions as I go along :)

Thanks again!

Tony

Hello

Not sure if anyone has mentioned this yet but it seems your mutual redistribution is incorrect

For future reference -  Each receiving protocol needs to understand the routes being redistributed and at present this is missing 

Ospf - requires the SUBNETS keyword to allow classless routes

Eigrp - requires metric of BW/delay/reliability/mtu 

Example

redistrubute eigrp  1 subnets

redistribute ospf 1 metric 1 1 1 1 1

Lastly if you don't wish eigrp to form an adjenancy use the passive interface command  on the vlan  svi in question

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thanks, Paul. I will have to do some reading to fully understand mutual redistribution. For one, I don't know why the previous admin has OSPF and EIGRP enabled. And again, there is probably a reason and I am ignorant to what it is. But for local routing all I have ever configured is EIGRP so the dual protocols are confusing to me.

Thanks for pointing that out. Since everything seems to be routing properly I will dive into this and understand it better before applying any config changes :)

Review Cisco Networking for a $25 gift card