09-17-2019 05:27 AM - edited 09-17-2019 05:30 AM
hello, friends
I need a help. For more info open an attached image, please.
1. I installed DHCP Server on Windows server 2012. Created 8 dhcp scopes for 8 subnets.
2. I configured DHCP relay on Nexus 6000. (configuration file is attached)
3. I configured C3560 switch to connect user devices, as you know on Nexus all ports are SFP, that's why I use this switch to connect user devices to the nexus. (configuration file of C3560 is attached)
4. The interface fastethernet0/2 on C3560 I configured as switchport mode access and the port belongs to vlan 402. Then I
connected my laptop to this port, but I couldn't get any IP-address from this scope (dhcp-address-range 10.111.3.6 - 10.111.3.254)
That is my problem. Any advice would be helpful
09-17-2019 05:53 AM
Hi incognito!
looks simple enough, and the diagrams make it really clear so thanks for uploading those!
basically you’ve done later 2 and 3 segregation but you haven’t told the switch where to forward DHCP requests.
Before doing any programming, verify you can ping the dhcp server from the 3650 switch. If so, continue ahead.
Youll need to set the “helper address” to tel the switch where to forward dhcp requests to. Log into the switch and do as follows:
(config)#int VLAN 402
(config-int)#ip helper-address (10.100.0.18)
exit
exit
write
I would recommend doing this on a per-VLAN basis (so it sounds like 8 times?), although if I remember correctly Cisco recommends you do this at the global config level (setting the helper address for the entire switch rather than per VLAN).
Hope this helps!
Please remember to rate and mark as solved if this fixes the issue!
-Zac
09-17-2019 09:21 AM
Thanks for the answer
Ok I will check/config.
What else would be a reason of a problem
09-17-2019 10:22 AM
It is possible that your relay (the nexus) is dropping the DHCP packets from the switch. I’m not sure what the default feature are for that nexus but if your ip helper command is programmed into your access switch and you can ping try one of the following two commands on the nexus:
(Config) ip dhcp relay information policy keep
OR
Navigate to the trunk link between interfaces on the nexus and
(config-If) ip dhcp relay information trusted
both of these commands effectively tell your nexus switch to not replace any dhcp information that it receives from the access switch 3650.
Please rate/mark if this is useful.
-Zac
09-17-2019 06:29 AM
From 3560, check you have reachability for your DHCP server, Once that is confirmed
interface Vlan402
ip address 10.111.3.1 255.255.255.0
ip helper-address 10.100.0.18
!
09-17-2019 09:17 AM
Thanks for the answer
ok I will check it all
What else can be the reason of this problem? Do I need some configurations on DHCP server (Windows server 2012)??
09-17-2019 01:16 PM
On DHCP Server there is no modification required, changes required on the VLAN on the Core side
as I have suggested other post make sure you able to ping the IP address of the DHCP Server before proceeding further.
adding the same comment as paul suggested configure static IP and test for the same port and see you able to ping GW IP.
09-17-2019 08:55 AM
Hello
As the Nxos core is performing the L3 routing suggest apply the helper address on it L3 interface for that vlan
int vlan xx
ip dhcp relay address x.x.x.x
09-17-2019 09:08 AM
Hello, Paul
i have configured it already. From config file of nexus:
Nexus-6001# show ip dhcp relay address Interface Relay Address VRF Name ------------- ------------- -------- Vlan402 10.100.0.18
09-17-2019 09:20 AM - edited 09-17-2019 09:24 AM
Hello
Can you ping the dhcp server from the core switch sourced from that vlan?
Do your switches have a l2 vlan created for that vlan, it should have been created automatically on the L2 switch when you assigned an access port to it but check anyway on all switches
sh vlan brief
Also as a test if you manually apply addressing ( ip address/subnetmask/default-gateway) to an host connected to that switch does have reachability to the network?
09-17-2019 10:45 AM
09-17-2019 11:49 PM
hello
Can you ping the dhcp server from the core switch sourced from that vlan?
- yes
Nexus-6001# ping 10.100.0.18 source 10.111.3.1
Nexus-6001# ping 10.100.0.18 source 10.111.3.1
PING 10.100.0.18 (10.100.0.18) from 10.111.3.1: 56 data bytes
64 bytes from 10.100.0.18: icmp_seq=0 ttl=127 time=0.853 ms
64 bytes from 10.100.0.18: icmp_seq=1 ttl=127 time=0.714 ms
64 bytes from 10.100.0.18: icmp_seq=2 ttl=127 time=0.619 ms
64 bytes from 10.100.0.18: icmp_seq=3 ttl=127 time=0.625 ms
64 bytes from 10.100.0.18: icmp_seq=4 ttl=127 time=0.603 ms
Do your switches have a l2 vlan created for that vlan, it should have been created automatically on the L2 switch when you assigned an access port to it but check anyway on all switches
sh vlan brief
-yes.
3560#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8
90 VLAN0090 active
99 Fortigate active
100 Servers active
120 VLAN0120 active
199 AP active
201 Switches active
288 BMS2 active
289 BMS active
290 cinema active
295 Equipment active
298 Ekran active
299 Sound active
300 Service_Data active
301 Service_WiFi active
302 Service_Voice active
400 Office_Data active
401 Office_WiFi active
402 Office_Voice active Fa0/2
500 Video active
501 Temporary active
510 Security active
511 Security_Data active
512 Security_Voice active
606 Wireless active
860 test active
Also as a test if you manually apply addressing ( ip address/subnetmask/default-gateway) to an host connected to that switch does have reachability to the network?
- yes.
C:\Users\user> ping 10.100.0.18
Pinging 10.100.0.18 with 32 bytes of data:
Reply from 10.100.0.18: bytes=32 time<1ms TTL=127
Reply from 10.100.0.18: bytes=32 time=1ms TTL=127
Reply from 10.100.0.18: bytes=32 time=8ms TTL=127
Reply from 10.100.0.18: bytes=32 time=1ms TTL=127
------------------------------------------------------------------------
on nexus i configured this one:
interface Vlan402
ip address 10.111.3.1 255.255.255.0
ip dhcp relay address 10.100.0.18 (not this one: ip helper-address 10.100.0.18)
------------------------------------------------------------------------
Do I need some configuration on DHCP server, or some commands on nexus (may be I have to configure interfaces like trusted or stuff like that)...?
09-18-2019 12:51 AM
on quick high level I have noticed that you have configured both switch interface VLAN 402 with IP address.
Nexus :
=====
interface Vlan402
description Main_Office(17)_Voice
ip address 10.111.3.1/24
3560
=====
interface Vlan402
ip address 10.111.3.1 255.255.255.0
!
As per my understanding, you want to extend the VLAN to 3650 and user device connected should get IP address from DHCP.
in this case, remove interface VLAN 402 from 3650. - this no makes any sense ( you can have IP address if you like not the same IP address on both the switches.)
to remidiate for testing :
Go to 3650
config t
!
no interface Vlan402
!
end
Connect the PC to
interface FastEthernet0/2
switchport access vlan 402
switchport mode access
!
test and advise.
09-18-2019 12:57 AM
Yes you’re right. It was a mistake. I already deleted this vlan interfaces from c3560.
I cant realize what would be reason of problem
09-18-2019 02:01 AM - edited 09-18-2019 02:01 AM
Hello
Thank you for you posts --
After reviewing your configuration again you don't need ip routing enabled on your 3560 switch in fact you dont require any of those L3 interfaces apart from fa0/1for mgt reach-ability as the nxos is performing the inter-vlan routing
3560 switch
could you try disabling no ip routing thus making that switch a host switch and see if you are then able to obtain dhcp allocation
conf t
no ip routing
ip default-gateway 192.168.210.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide