cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
916
Views
4
Helpful
8
Replies

Not getting ip address through DHCP

parba.basu
Level 1
Level 1

We have somany vlans and we put some access-list on trunk link for restricting the intervlan communication.but whenever we are going for ip request from DHCP server, we are not able to get that.the communication between DHCP server vlan and all the other vlans is allowed.pls suggest us on this.

8 Replies 8

gauravshar
Level 2
Level 2

Mr. Basu,

plz post the running conf of the device which is doing inter VLAN routing in your LAN

--gaurav

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname xxxxxxxx

!

enable secret 5 xxxxxxxxxxxx

ip subnet-zero

ip routing

ip dhcp-server 10.1.1.21

ip dhcp-server 10.1.2.21

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 50

!

interface FastEthernet0/5

switchport access vlan 100

!

interface FastEthernet0/6

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 2

!

interface FastEthernet0/9

switchport access vlan 50

!

interface FastEthernet0/13

switchport access vlan 2

!

interface FastEthernet0/14

switchport access vlan 2

!

interface FastEthernet0/23

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/24

no switchport

ip address 10.1.26.1 255.255.255.252

ip route-cache policy

flowcontrol receive on

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

ip access-group 110 in

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

ip access-group 110 in

!

interface Vlan1

ip address 10.1.1.1 255.255.255.0

ip helper-address 10.1.2.21

ip helper-address 10.1.1.21

ip directed-broadcast

!

interface Vlan2

ip address 10.1.2.1 255.255.255.0

ip helper-address 10.1.1.21

ip helper-address 10.1.2.21

ip directed-broadcast

!

interface Vlan3

ip address 10.1.3.1 255.255.255.0

ip helper-address 10.1.2.21

ip helper-address 10.1.1.21

!

interface Vlan4

ip address 10.1.4.1 255.255.255.0

ip helper-address 10.1.1.21

ip helper-address 10.1.2.21

!

interface Vlan6

ip address 10.1.6.1 255.255.255.0

ip helper-address 10.1.1.21

ip helper-address 10.1.2.21

!

interface Vlan8

ip address 10.1.8.1 255.255.255.0

ip helper-address 10.1.2.21

ip helper-address 10.1.1.21

!

interface Vlan10

ip address 10.1.10.1 255.255.255.0

ip helper-address 10.1.1.21

ip helper-address 10.1.2.21

ip accounting output-packets

!

access-list 110 permit ip 10.1.1.0 0.0.0.255 any

access-list 110 permit ip 10.1.2.0 0.0.0.255 any

access-list 110 permit ip 10.1.3.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 110 permit ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 110 permit ip 10.1.3.0 0.0.0.255 10.1.3.0 0.0.0.255

access-list 110 deny ip 10.1.3.0 0.0.0.255 10.1.0.0 0.0.255.255

access-list 110 permit ip 10.1.3.0 0.0.0.255 any

access-list 110 permit ip 10.1.4.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 110 permit ip 10.1.4.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 110 permit ip 10.1.4.0 0.0.0.255 10.1.4.0 0.0.0.255

access-list 110 deny ip 10.1.4.0 0.0.0.255 10.1.0.0 0.0.255.255

access-list 110 permit ip 10.1.4.0 0.0.0.255 any

access-list 110 permit ip 10.1.6.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 110 permit ip 10.1.6.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 110 permit ip 10.1.6.0 0.0.0.255 10.1.6.0 0.0.0.255

access-list 110 deny ip 10.1.6.0 0.0.0.255 10.1.0.0 0.0.255.255

access-list 110 permit ip 10.1.6.0 0.0.0.255 any

access-list 110 permit ip 10.1.8.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 110 permit ip 10.1.8.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 110 permit ip 10.1.8.0 0.0.0.255 10.1.8.0 0.0.0.255

access-list 110 deny ip 10.1.8.0 0.0.0.255 10.1.0.0 0.0.255.255

access-list 110 permit ip 10.1.8.0 0.0.0.255 any

access-list 110 permit ip 10.1.10.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 110 permit ip 10.1.10.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 110 permit ip 10.1.10.0 0.0.0.255 10.1.10.0 0.0.0.255

access-list 110 deny ip 10.1.10.0 0.0.0.255 10.1.0.0 0.0.255.255

access-list 110 permit ip 10.1.10.0 0.0.0.255 any

arp 10.1.1.16 0007.508d.7700 ARPA alias

!

monitor session 2 source interface Fa0/24

monitor session 2 destination interface Fa0/11

end

.. and what all VLAN's should not talk to what all other VLANs. I means what vlan restrictions you are looking for?

--gaurav

except the vlan 1 & 2 all other vlan should not talk to each other by any mean but other vlans must talk to vlan 1 & 2.and also vlan 1 & 2 should talk to each other and to other vlans also.

do you have 'access-list 110 permit ip any any ' at the end of the access-list 110? Try it once if it is not there.

thanks buddy i have just checked it out and its working.Thanks a lot.

hi

I Have 1 Question:why you enable ip directed-broadcast on some particular Vlan's

10xs

Although Mr. Basu would be the best person to answer this question yet my understanding behind this is :

vlan1 and vlan2 accomodates DHCP servers where they have to reply/acknowledge on a broadcast from clients. By enabling 'ip directed broadcast' on vlan1 and 2 he has enabled all the ports under these vlans to accept DHCP-requests like brodcasts from hosts.

By assigning a separate vlan to DHCP servers he has flexibility of extending the no. of dhcp servers.

This is my understanding, your views invited plz.

--gaurav

Review Cisco Networking for a $25 gift card