IntraVLAN routing DHCP Issue - Page 2

Tony LaSoya · ‎10-29-2015

Hello,

I am in the process of deploying an Active Directory network (replacing a Novell eDirectory deployment) and have inherited a network that has been giving me fits. Some of it could be my incompetence :)

In preparing for the new network, I have created three VLANS:

VLAN 110

VLAN 111

VLAN 112

Right now I am concerned about VLAN 110. I cannot get past a DHCP DISCOVER message (Wireshark capture) when the switchport that my laptop is connected to is assigned SWITCPORT ACCESS VLAN 110.

This is on a 4506 switch. But I have the same behaviour on a 3750 stack on the same LAN as well as a standalone 3750 on the same LAN.

I have created the VLAN and VLAN interface on all of the switches. I can ping the VLAN interfaces. I can ping the gateway. I can ping the DHCP server. I can assign an IP address in that subnet range (192.168.110.0/24) to my laptop and ping everything. What I cannot do is get a DHCP address. I have added the ip-helper address to the VLAN interface. Here are the important parts of the config (no need to see all the other switchports, they are all assigned to the native vlan):

version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service compress-config
!
hostname COLC-4506
!
boot-start-marker
boot system flash bootflash:cat4000-i9s-mz.122-25.EWA9.bin
boot-end-marker
!
logging console notifications
enable password ********
!
no aaa new-model

no aaa new-model
clock timezone DST -8
clock summer-time DST recurring 1 Sun Apr 1:00 1 Sun Oct 1:00
vtp domain *********
vtp mode transparent
ip subnet-zero
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 3,10-11
!
vlan 110
name Data
!
vlan 111
name SAN

vlan 112
name Phones

interface FastEthernet2/39
switchport access vlan 110

interface GigabitEthernet4/5
description trunk feed 3750-stack
switchport trunk encapsulation dot1q
switchport mode trunk
logging event link-status

interface Vlan1
description Secondary Address for Servers at Pool
ip address 192.168.6.1 255.255.255.0 secondary
ip address 192.168.0.253 255.255.255.0
no ip redirects
!
interface Vlan3
ip address 192.168.100.1 255.255.255.0
!
interface Vlan10
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.4
!
interface Vlan11
ip address 192.168.12.1 255.255.255.0
!
interface Vlan110
ip address 192.168.110.2 255.255.255.0
ip helper-address 192.168.0.4
!
interface Vlan111
ip address 192.168.111.2 255.255.255.0
ip helper-address 192.168.0.4
shutdown
!
interface Vlan112
ip address 192.168.112.2 255.255.255.0
ip helper-address 192.168.0.4
shutdown
!
router eigrp 1
redistribute ospf 1
network 10.0.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.5.0
network 192.168.6.0
network 192.168.7.0
network 192.168.8.0
network 192.168.9.0
network 192.168.10.0
network 192.168.11.0
network 192.168.12.0
network 192.168.13.0
network 192.168.14.0
network 192.168.15.0
network 192.168.16.0
network 192.168.17.0
network 192.168.18.0
network 192.168.19.0
network 192.168.20.0
network 192.168.100.0
network 192.168.110.0
network 192.168.111.0
network 192.168.112.0
no auto-summary
no eigrp log-neighbor-changes
!
router ospf 1
log-adjacency-changes
redistribute eigrp 1
network 10.0.0.0 0.255.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip default-gateway 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 10.0.0.0 255.255.255.0 192.168.0.2
ip route 192.168.14.0 255.255.255.0 192.168.253.1
ip route 192.168.14.0 255.255.255.0 192.168.0.243
ip route 192.168.19.0 255.255.255.0 192.168.253.1
ip route 192.168.20.0 255.255.255.0 192.168.0.243
ip route 192.168.20.1 255.255.255.255 192.168.253.2
ip route 192.168.253.1 255.255.255.255 192.168.0.243
no ip http server
!
!
line con 0
stopbits 1
line vty 0 4
password *********
login
!
ntp clock-period 17179502
ntp server 217.160.254.116
ntp server 216.110.192.11
!
end

192.168.0.4 is a Linux/OES DHCP server. The 192.168.110.0 network has been added to that DHCP server.

One thing that I notice is different on this 4506 than on the other switches is that IP routing is not enabled. But I get the same result on a switch WITH IP routing enabled.

This is my first experience with a layer 3 switched network. Everything else I have dealt with had layer 2 switches and subinterfaces on a router to deal with the vlans.

Any and all assistance is greatly appreciated!

~Tony

Jon Marshall · ‎10-30-2015

You may be running OSPF if you have non Cisco equipment you need to exchange routes with.

But as Paul says redistribution is not happening although I think you are right ie. don't enable it until you understand the whole network layout otherwise it could cause no end of problems.

Jon

Tony LaSoya · ‎10-30-2015

I am assuming that since everything *seems* to be routing ok that it's not a huge deal. As for non-cisco equipment, there is some Nortel switching equipment at the remote sites that have IP phones. Pehaps that is why OSPF is running.

I always proceed with caution. I have been doing this long enough to have experience in not doing so. And 'reload in' has saved me several times :)

Thanks for all the help. As I dive into this and have more questions, I will certainly be posting on the forums. I have been in management for so long that I have lost a lot of knowledge. It's fun relearning everything and reminds me why I got into this in the first place. I can fix equipment. Can't always fix people :)

Masoud Pourshabanian · ‎10-29-2015

Hello,

Does your Laptop get IP when it is resided in VLAN1?

Try IP debug DHCP on your switch and check the exchanging messages.

Masoud

Tony LaSoya · ‎10-29-2015

Yes, my laptop gets an IP from the DHCP server when in VLAN 1.

Turned on debug dhcp. Did not receive any log messages while the laptop was trying to obtain an address.

Masoud Pourshabanian · ‎10-29-2015

If you are connecting by telnet or SSH, you need to apply this command on privilage mode to see the logs.

"terminal monitor"

Tony LaSoya · ‎10-29-2015

Aaaah, ok. Now receiving these messages regardless of whether or not I am trying to obtain a DHCP address:

5d20h: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.10.1 not on common subnet for Vlan1
5d20h: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.0.1 (Vlan1) is down: retry limit exceeded
5d20h: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.0.1 (Vlan1) is up: new adjacency
5d20h: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.10.1 not on common subnet for Vlan1
5d20h: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.0.253 (Vlan1) is down: retry limit exceeded
5d20h: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.0.253 (Vlan1) is up: new adjacency

192.168.10.1 is an ethernet interface on the 2621 gateway.

192.168.0.253 is the 4506.