Solved: VLAN problems...

Liam Dwyer · ‎01-04-2013

hello,

I am installing a new wireless solution in a hotel environment and I am having a problem with DHCP traffic on the VLAN.

here is the scenario..

there is already a wireless infrastructure in place.

ISP -> default gateway -> cisco 3550 switches -> fiber trunks to 2950 switches on upper floors cisco AP's attached to those switches.

I have a new default gateway doing another subnet and DHCP scope for my solution. I will also have new switches attached to the old 2950 switches.

I have added a new VLAN for this traffic and added the gigabit cat5 port to this VLAN and trunked that port on the core 3550.

I should add that I have added the VLAN to the switch on the upper floor.

I have also added a Vlan interface for the new traffic since the default gateway is already pointing to the old DHCP server.

How do I get the DHCP traffic for my new equipment up to the closet switch without crossing DHCP scopes.

I had also added a ip route on the3550 core pointing to the new default gateway.

I am trying to do this without taking out the old solution in one shot.

I feel as though I have tried everything but I am missing just one little thing.

Any help would be greatly appreciated!

thanks

shamax_1983 · ‎01-06-2013

Thanks for the info,

First of all, if you want both DHCP servers to work as default gateways to old and new AP's seperately at the same time, you should have 2 public IP addresses (you got from your ISPs) assigned to the default gateways seperately on the outside interfaces. I think you already have this setup. If you don't have two Public IP addresses from the ISP, you will have to have connectivity to 2 different ISPs on each gateway..

If you want your new DHCP server to serve the new AP's DHCP requests only, your server should be conneted to the cisco 3550 switch via Access Port to VLAN 15 ( switchport access vlan 15). ( Assuming the old DHCP server is on the some other vlan )

Make sure the new DHCP server hands out the IP addresses from a pool, that resides in the same subnet you assigned the New default gateway's LAN side IP address ( I think in your case an IP range is 10.20.0.0 255.255.248.0 )

Also make sure on the DHCP reply, it gives the Default-Router IP address as it's own lan side IP address.

You should have vlan 15 configured on the 3550 core switch and the old 2950 ( no need to have an IP address but the vlans should be in the vlan database ) make sure the trunk between the 3550 and 2950 allows VLAN 15.

The new switch should be connected to the old switch on an Access Port VLAN 15 ( switchport access vlan 15) on the old switch side and normal(default vlan 1) access port on the new switch side

The new Access point should be plugged in to the new Switch using normal access ports on the new switch side.

In this setup no need to make AP ports changed because you are running only 1 SSID which will be on the VLAN 1 within the AP.

This is how it works,

User selects the SSID on the new AP

He gets Authenticated in to the SSID

The SSID is bound to VLAN 1 on the AP

User send the DHCP request (broadcast)

DHCP request goes up to the New Switch and out from the new switch ( still on vlan 1 ). Hits the old switch on the Access Port ( VLAN 15 ) it goes in to the old switch, but because it came in via access port VLAN 15 it's now seperated and tagged as VLAN 15 ( So the old APs wouldn't see it/ or can access it because they are in some other VLAN )

The reply goes out from the trunk port ( Still tagged as VLAN 15 , where requests from old AP's will be tagged as some other VLAN (or could be untagged (VLAN 1)) ). Packet get's in to the Core switch, still tagged, the core switch only sees the VLAN 15 Tag and broadcast it out only on the Access Ports on VLAN 15 where our new DHCP server is. The reply packet will follow the same rules along the path back to the user PC.

This is how it should look like

Let me know how you go.

PS: I'm not quite sure why you said "I had also added a ip route on the3550 core pointing to the new default gateway.".

I assume your Server-CoreSwitch is a Layer 2 connection. That is, You don't have seperate subnets between the server and core-swtich, and the default gateway the clients are assigned is the direct IP on the server and Not the core switch's VLAN interface??. But If that's not the case and you have L3 connectivity to your servers from the switch, I will have to change the whole answer.. Let me know..

View solution in original post

Liam Dwyer · ‎01-04-2013

Oh and I need other tagged VLAN's to flow as well through the new equipment.

shamax_1983 · ‎01-05-2013

Hi Liam,

Few clarifications..

- Your DHCP server is configured on the Default-Gateway or Cisco 3550 ?

- Have you installed new Access Points as a part of your solution or are you going to use the same APs currently availale ?

Thanks

Shamal

shamax_1983 · ‎01-05-2013

Hi Liam,

After reading the question again, I think I understood what you are after,

- In order to get the new subnet working with DHCP, if you use the exsisting acccess points, you will have to have two VLANs created in your Access Points and bind the two SSIDs to each VLAN and make the AP's port to be a trunk port

( or make the old VLAN to be the native vlan on the AP as appropriate).

- Make all switch interconnections trunks.

- Add all VLANs in to each switch ( If no vtp is configured )

- Assuming your DHCP is setup on 3550, you will have to have 2 DHCP pools for each subnet with correct default-gateway address ( correct vlan interface created on the 3550 ) and dns settings.

Your question is a bit unclear.. But hope I understood the setup.. if not let me know..

Please rate this post if helpful

Liam Dwyer · ‎01-06-2013

Hi Shamal,

First off thanks for responding, this has been driving me a little nuts and it is kind of a high profile assignment...

I have two DHCP servers one serving up the old AP's that are currently in place.

The second one is the new one that will serve up the new AP's and will ultimately take the place of the new.

I have added the VLAN on the 3550 and the switch in the closet on the upper floor and made them both trunk ports.

There is no VTP so I do need to add the VLAN to every switch in the evnironment???

The 3550 is the core and has 10 fiber trunk ports connecting the IDF closet switches I thought by adding the VLAN to the core and to the one switch (that I am testing with) that traffic would flow??

I should add that traffic gets to the new switches and AP's but there is a cross connection of DHCP.

I do have the VLan interface configured on the core.

I will post part of the config for the core and the IDF closet switch to show what I have in place....

Core switch (I have added VLAN 15 and interface Vlan 15 to this config) -

interface GigabitEthernet0/12

description TMOBILE

switchport access vlan 12

switchport mode access

no ip address

!

interface Vlan1

ip address 10.0.100.3 255.255.0.0

!

interface Vlan2

description hotel_admin

no ip address

!

interface Vlan12

description TMOBILE

no ip address

!

ip default-gateway 10.0.0.1

ip classless

ip http server

!

snmp-server engineID local 800000090300000CCEAC8001

snmp-server community tbmanager RW

snmp-server community tbconferences RO

snmp-server host 10.0.0.1 tbconferences

!

line con 0

password 7 0459190D210F1D

login

line vty 0 4

password 7 0111140F752557

login

line vty 5 15

password 7 13070519252255

login

!

IDF Switch -

interface FastEthernet0/22

switchport mode trunk

no ip address

spanning-tree portfast

!

interface FastEthernet0/23

switchport mode trunk

switchport protected

no ip address

spanning-tree portfast

!

interface FastEthernet0/24

switchport mode trunk

no ip address

!

interface GigabitEthernet0/1

switchport mode trunk

no ip address

!

interface GigabitEthernet0/2

no ip address

shutdown

!

interface Vlan1

ip address 10.0.152.98 255.255.0.0

no ip route-cache

shutdown

!

interface Vlan15

ip address 10.20.0.51 255.255.248.0

no ip route-cache

!

ip default-gateway 10.0.0.1

ip http server

!

I have added fa 0/22 as the trunk for VLAN 15.

Again thanks for the help!!!!

shamax_1983 · ‎01-06-2013

Hi Liam,

Just to get an idea about your setup..

- You have two DHCP servers ( The old DHCP server and the new one ) directly plugged in to your 3550 core switch via Access ports ?

- Your old DHCP server work as a Default gateway to the old access point traffic, and you want the new DHCP server to work as a second gateway for the new access point traffic ( while the old one is in operation ) ?

- At the moment for testing purposes you have setup you new switch like this,

ISP ?? -> NEW default gateway -> cisco 3550 switches -> fiber trunks to OLD 2950 switches -> trunk to New Switch -> Access port to NEW Access Point

If you can give me answeres to these questions, i think I can give you a comprehensive answer to this..

Liam Dwyer · ‎01-06-2013

My apologies it is a very confusing set up believe me...

- You have two DHCP servers ( The old DHCP server and the new one ) directly plugged in to your 3550 core switch via Access ports ? - YES

- Your old DHCP server work as a Default gateway to the old access point traffic, and you want the new DHCP server to work as a second gateway for the new access point traffic ( while the old one is in operation ) ? - YES

- At the moment for testing purposes you have setup you new switch like this, - almost there is a new switch connected to the closet 2950 switch via VLAN 15

ISP ?? -> NEW default gateway -> cisco 3550 switches -> fiber trunks to OLD 2950 switches -> trunk to New Switch -> Access port to NEW Access Point - YES!!

current setup

ISP -> DHCP/Default Gateway server ->core 3550 ->fiber connect to 2950 switches in the closet

New setup

ISP -> DHCP/default gateway server ->same core 3550 ->same fiber connects to 2950

the only new thing I am adding are new switches and new AP's - I will be reusing the 2950's and core switches for the time being.

Thank you so much!!!

shamax_1983 · ‎01-06-2013