Re: Simple issue on 3750 using DHCP?

martens72 · ‎01-06-2013

I have a 3750 stack setup as DHCP server on two vlans. I get an ip and default gateway when plugging into a port configured.

The problem is this:

I plug into vlan 20 and get an IP of 10.1.20.x and default gateway of 10.1.20.1

I can ping 8.8.8.8 and I can ping other vlan gateway IP addresses on the switch (10.1.21.1 and 10.1.210.1)

I cannot ping the 10.1.20.1 gateway or ssh using that IP address.

I have other issues stemming from this, but this is the root issue - directly connected to the switch and unable to ping or ssh to the default gateway, but I can ping and ssh to other vlan gateways in the switch. I also have a tunnel, as there is an ASA attached. I am unable to ping the gateway IP's across the tunnel as well.

My config is simple:

ip routing

ip dhcp excluded-address 10.1.20.1 10.1.20.10

ip dhcp excluded-address 10.1.21.1 10.1.21.63

ip dhcp pool vlan20

network 10.1.20.0 255.255.255.0

default-router 10.1.20.1

dns-server 10.1.20.10

!

ip dhcp pool vlan21

network 10.1.21.0 255.255.255.128

default-router 10.1.21.1

dns-server 10.1.20.10

ip route 0.0.0.0 0.0.0.0 <asa IP>

interface Vlan20

ip address 10.1.20.1 255.255.255.0

no ip proxy-arp

interface Vlan21

ip address 10.1.21.1 255.255.255.128

no ip proxy-arp

Am I missing something here about the DHCP pools? I am finding I am unable to ping other computers in the same DHCP pool, but can still ping Internet websites, as well as the ASA IP. Any help or suggestions would be appreciated.

martens72 · ‎01-06-2013

I forgot to mention....from the switch, I can ping anything and everything. From my laptop directly plugged in, I cannot ping anything but the ASA, the VLAN21 interface, and some Internet sites.

Jeff Van Houten · ‎01-06-2013

What does the port config for the laptop look like?

Sent from Cisco Technical Support iPad App

Richard Burts · ‎01-06-2013

I have the sense that there are aspects of the configuration that we have not been told about that will explain some of the behaviors. But I will answer now based on what we have been told and hope that additional information will be provided.

The original poster says that there are two fundamental problems - can not ping and can not SSH to the gateway addresses for the client device. I can think of several potential issues with the SSH part.

- can we verify that SSH is enabled on the switch? (including whether the RSA keys have been generated)

a simple follow up question is whether SSH to other addresses on the switch work?

- can we find whether the switch has been configured with access-class? and if so whether the access list used for access-class permits 10.1.20.0 and 10.1.21.0?

I am a bit puzzled at the description that ping to the other gateway address work but not ping ot its own gateway. I am wondering if there is any possibility of overlapping addresses or of ip routes. So I would like to see the output of show ip interface brief from the switch and also the output of show ip route from the switch.

HTH

Rick

HTH

Rick

martens72 · ‎01-07-2013

Just as follow-up, but I found that there was an "undeclared" duplicate IP in use on the DHCP pool. The error cleared after receiving the error message on my Windows laptop. I did not get to check bindings in the switch, but since receiving the error, I was able to ping all devices and the gateway address.

There was also another issue on the ASA with the identity NAT, but that was a seperate issue, and did ot explain the weird ping results I was getting.

Michael Martens