01-22-2013 07:46 AM - edited 03-21-2019 06:52 AM
Morning all. Hopefully someone here can help me out with this issue. I am beating my head against the wall.
I installed a UC540 for a client. The implementation has evolved since I first put it in to now include a SG300P and several UC541 AP's.
The issue I am experiencing is a communication problem on the Data vlan if it is part of a Bridge Group. Currently the Voice all seems to work fine. Here is an example of the switch port config:
interface FastEthernet0/1/4
switchport access vlan 124
switchport voice vlan 205
no ip address
macro description cisco-phone
spanning-tree portfast
A phone plugged into this port gets the appropriate IP address and works fine. Currently I have this set to vlan 124 for Data with an IP helper to a domain controller. My goal is to use local DHCP for the data but when I assign this to vlan 200 (Data) the PC does not get an IP address and if I assign a hard set IP it will not talk.
Here is an example of the configurations for VLAN 200:
interface Vlan200
no ip address
no ip redirects
no ip unreachables
bridge-group 200
bridge-group 200 spanning-disabled
interface BVI200
description $FW_INSIDE$
ip address 192.168.102.1 255.255.255.0
ip access-group 118 in
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly in
ip dhcp pool data
import all
network 192.168.102.0 255.255.255.0
default-router 192.168.102.1
domain-name XXXX
dns-server 192.168.124.9
So right now if I plug in a PC it gets an ip address on VLAN 124 with no issues. As soon as I switch the port to access vlan 200 no ip no communication. One other thing to note the 200 VLAN is also assigned to wireless via the bridge-group 200 and I cannot get an IP from wireless either.
Help please.
01-22-2013 09:45 AM
interface FastEthernet0/1/4
switchport access vlan 124
switchport voice vlan 205
no ip address
macro description cisco-phone
spanning-tree portfast
Is that a typo?
01-22-2013 10:31 AM
No that is the correct Voice Vlan which works fine. The data vlan should be 200 accept is does not work. I pulled the current info from the port and the Access Vlan 124 is there because it works.
01-22-2013 10:33 AM
Then you need to add access to the VLAN 200 to that port. From the looks of it that port only has access to VLAN's 124 and 205.
01-22-2013 10:36 AM
The issue is if I change the access vlan to 200 the machines do not get an IP address from the UC540. The Domain controller is not serving DHCP for vlan 200.
That is the problem, no DHCP from the UC540.
01-22-2013 10:54 AM
Okay add a helper to the port pointing to your DHCP server.
ip helper-address (your dhcp server ip)
01-22-2013 11:09 AM
The DHCP server is the UC540. Maybe I am not explaining correctly.
The DHCP scope I am trying to use is on the UC540.
ip dhcp pool data
import all
network 192.168.102.0 255.255.255.0
default-router 192.168.102.1
domain-name XXXX
dns-server 192.168.124.9
If I assign Vlan 200 as the access vlan on the switchports it does not get an address from the router. When I assign a VLAN that is not part of a bridge group everything works fine (i.e., vlan 124)
The only difference is the bridge group.
interface Vlan124
description $FW_INSIDE$
ip address 192.168.124.2 255.255.255.0
secondary ip address 192.168.124.1 255.255.255.0
ip access-group 119 in
ip helper-address 192.168.124.9
ip nat inside
ip virtual-reassembly in
interface Vlan200
no ip address
no ip redirects
no ip unreachables
bridge-group 200
bridge-group 1 spanning-disabled
interface BVI200
description $FW_INSIDE$
ip address 192.168.102.1 255.255.255.0
ip access-group 120 in
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly in
Does that help?
01-22-2013 12:07 PM
Do you have the rest of the config? We are getting a bit out of my comfort zone but fuller look may help.
I understand you have 3 vlans
205 - voice
124 - data
200 - data from wireless
Is this correct?
I see BVI200 has the same IP as the default router in the DHCP pool. This is where I am confused.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: