Re: layer 2 and trunking

mistryj · ‎08-13-2011

Hello,

I have a cisco 3750 Access switch trunked to a single Cisco Core 6509 switch. If I connect a PC to the Access Switch on Vlan 75 and configure static ip address of 10.130.75.1 / 255.255.255.0 Gatway 10.130.75.253, I can ping all devices fine. However when configuring DHCP this fails to pickup an ip address. NTP also fals. The Core has OSPF running between all Core Switches. The Access needs to be layer 2. Any ideas what maybe missing or incorrect ?

1. User Switch Config Brief

spanning-tree mode rapid-pvst

spanning-tree portfast bpduguard default

spanning-tree portfast bpdufilter default

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

vlan 75

name DATA

!

vlan 501

name Management-vlan

interface Loopback0

ip address 10.130.75.250 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no ip route-cache

!

Ports 1-48 Configured------------------------------

interface GigabitEthernet1/0/1

switchport access vlan 75

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/49

description Uplink to Core Switch

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 75,501

switchport mode trunk

udld port aggressive

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan501

des Management -Vlan

ip address 10.130.200.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no ip route-cache

no ip mroute-cache

!

ip default-gateway 10.130.75.253

2. Core switch Config----------------------------------------------------------------

interface GigabitEthernet1/1

description uplink to Access Ly2 Switch

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 75,501

switchport mode trunk

no ip address

udld port disable

interface Vlan75

ip address 10.130.75.252 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

standby 1 ip 10.130.75.253

standby 1 preempt

standby 1 authentication XXXX

end

interface Vlan501

description Management-Vlan

ip address 10.130.200.252 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no mop enabled

standby 1 ip 10.130.200.253

standby 1 priority 110

standby 1 preempt

standby 1 authentication XXXX

end

Jon Marshall · ‎08-13-2011

What is your DHCP server address ? If it is not on vlan then you need to add this to your vlan 75 interface on the 6500 -

int vlan 75

ip helper-address x.x.x.x <--- where x.x.x.x is the ip address of the DHCP server.

Jon

Peter Paluch · ‎08-13-2011

Hello,

If your PC is working with statically assigned IP address, mask and gateway then the basic Layer2 and Layer3 connectivity should be working properly, as you suggested. The reason you are not receiving DHCP is not directly visible from the output you provided.

Where is the DHCP server configured? Is is within the VLAN75? If not, you need to use the DHCP Relay function to forward DHCP requests from clients towards the DHCP server - using the ip helper-address X.X.X.X command on the Core interface Vlan75.

Also you can try pinging the DHCP server from your PC while having a static IP address set. If the DHCP server is reachable, it should respond.

I am somewhat surprised by the Loopback0 interface on your access switch. Why is it placed in an IP subnet that overlaps the VLAN75? This does not appear to me like a correct configuration.

Best regards,

Peter

mistryj · ‎08-13-2011

Hi,

I can ping the DHCP server fine from the PC. I can also ping the PC from another PC on the network. I do have an ip helper-address on Core interfce Vlan 75 which is confusing.

In order to manage the layer 2 switch remotely, I thought I could configure a loopback which is in the same address range for 75 vlan. I have also configured a management vlan instead as I cannot ping the loopback. Is a loopback needed ? Is having a management vlan the best way to manage the layer 2 switch ?

From the layer 2 switch I cannot ping the NTP server ?

Regards,

J.

Jon Marshall · ‎08-13-2011

Your config does not show an ip helper-address for vlan 75 ? - have you posted the wrong config.

L2 switches are best managed by using a L3 SVI (vlan interface) for the management. Loopbacks are more useful for L3 devices. You already have a management vlan. Change the default-gateway on your 3750 to point to 10.30.200.252.

Jon

mistryj · ‎08-13-2011

No the config does have an ip helper on the vlan 75. I forgot to include this in this attached config.

Is setting the default-gateway on the access switch to the management address going to affect the PC which is on access vlan 75 default gateway ?

Jon Marshall · ‎08-13-2011

Setting the default-gateway on the 3750 will not affect DHCP but should allow your 3750 to get to the NTP server.

You say it is a single 6500 but you have HSRP running on the 6500 switch ?

What is the DHCP server, is it a switch/router or a windows DHCP server. Have you setup the scope correctly on the DHCP server.

Jon

mistryj · ‎08-13-2011

The DHCP is a windows server and scope is configured correctly. The HSRP is configured for Vlan 75 and vlan 501.

However I have not configured Vlan 75 on Core switch #2 only 501 has been configured on second core.

The default-gateway points to the management interface on Vlan 501 10.130.200.252 not HSRP address.

There is only one trunk connection between access switch to Core #1. The other trunk to Core #2 will be put in once dhcp is working.

DHCP service has been configured on access switch.

I can ping 10.130.501.252 and 10.131.501.253 but nothing else including NTP Server from the switch. I get a timeout on first hop if I ping NTP server from access switch. I can ping the NTP server fine from the Core Switch.

Jon Marshall · ‎08-14-2011

Can you provide full details rather than bits and bobs ie.

you say -

DHCP service has been configured on access switch.

what do you mean by this ? You can't configure anything to do with DHCP on the access-layer switch because it is L2. And you don't even have a L3 interface for vlan 75 on the access-layer switch (which you shouldn't have so it is correct) so where would you configure DHCP ?

It's also confusing as to the state of the core switches ie. you say you have configured the mnagement vlan on both switches. Have you interconnected these core switches with a trunk ?

Basically you need to check these things -

1) you have a management vlan for the switches - vlan 501. Make sure that -

a) the 3750 has a L3 vlan interface for that vlan (it seems to have from your configs)

b) the 3750 is using the HSRP VIP address assigned to the 6500 L3 vlan interface for 501 as it's default-gateway

c) the 6500 vlan interface for vlan 75. Either -

a) the DHCP server is in vlan 75 so no need to do anything for DHCP

b) the DHCP server is in a different vlan in which case you need an ip helper-address for the DHCP server

4) the NTP server - is this on a remote subnet ? If so make sure that there is a route back for the vlan 501 subnet because that is the source address when the 3750 pings.

It sounds like you have half a setup built. Personally i would connect up the 3750 to both 6500 switches, setup your L3 vlan interfaces for all the vlans you need, ensure that you are advertising out the relevant routes and then do your testing.

If the NTP server/DHCP server are both on remote subnets, don't just come back and say that, provide details of how your network is setup etc.. We do our best to help but we can't read minds

Jon

cadet alain · ‎08-13-2011

Hi,

For DHCP relay you need to enable the dhcp service with service dhcp on the relay-agent , have you done this?

For NTP can you do a traceroute to the server.

Regards.

Alain.

Don't forget to rate helpful posts.

mistryj · ‎08-15-2011

OK just to confirm from the checks all are correct Jon.

I only had default-gateway to 10.130.200.253 but no have added a default static route to everything going via 10.130.200.253 and now I can ping NTP server and DHCP servers fine from the switch. NTP works fine.

I have removed the loopback.

I have added Vlan 75 on both Core switches. The ip helper for the DHCP has been applied to vlan 75 on both switches.

I can ping the DHCP servers fine from Core and L2 switch.

At the moment I only have a single trunk to the L2 switch from one of the core switches and I can reach the switch fine from anywhere on the network.

Static address on PC fine works everywhere but still cannot get DHCP to pick up and ip address.

I connected PC directly to the Core and configured port as an access port on vlan 75, but still DHCP failed.

Somasundaram Jayaraman · ‎08-15-2011

Hi,

Can you enable debug dhcp detail and see whether dhcp process (DORA) is getting completed successfully?

For debugging purposes, the debug dhcp detail command provides the most useful information such as the lease entry structure of the client and the state transitions of the lease entry. The debug output shows the scanned option values from received DHCP messages that are replies to a router request. The values of the op, htype, hlen, hops, server identifier option, xid, secs, flags, ciaddr, yiaddr, siaddr, and giaddr fields of the DHCP packet are shown in addition to the length of the options field.

http://www.cisco.com/en/US/docs/ios/12_2/debug/command/reference/dbfclns.html#wp1019376

Hope this helps

Cheers

Somu

Rate helpful posts

Eder Silva · ‎08-15-2011

Hi Mistryi.

What is the IP Address of the Gateway in scope of VLAN 75 on DHCP Server?

Is the same IP Address of HSRP the VLAN 75 or is the IP Address of interface vlan 75 of Switch 6509?

Eder

.

mistryj · ‎08-15-2011

Thank you all for your help.

The issue has now been resolved.

The Core switch needed DHCP service configured on it in order to enable ip helper to work.

cadet alain · ‎08-15-2011

Hi,

That's what I had told you to verify.

Hi,

For DHCP relay you need to enable the dhcp service with service dhcp on the relay-agent , have you done this?

For NTP can you do a traceroute to the server.

Regards.

Alain.

Happy you solved your problem.

Regards.

Alain.

Don't forget to rate helpful posts.