Question

Locked

3560 & 2 VLANs (DHCP issue)

By devdevil85 ·
I have (1) Cisco 3560 and I am wanting to create (2) port-based VLANs. IP addresses will be obtained via an external Windows 2003 DHCP Server. Port 22 is the only port in VLAN10 at the moment, while the others are in VLAN1.

DHCP Server = 192.168.1.1
Kentrox Router = 192.168.1.15

Here is my configuration thus far:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco_POE
!
enable secret 5
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.7 255.255.254.0
ip helper-address 192.168.1.1
!
interface Vlan10
ip address 192.168.10.1 255.255.254.0
ip helper-address 192.168.1.1
!
router rip
version 2
network 192.168.10.0
!
ip classless
ip default-network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 192.168.1.15
ip http server
!
!
control-plane
!
!
!
end

Devices on VLAN1 are being issued IP addresses correctly, yet when I connect my laptop to port 22 (VLAN10) it is not obtaining an address and I am given an error.

I have created an address range (scope) for VLAN10 on the DHCP server, yet the laptop is unable to obtain an IP address via DHCP on port 22 (VLAN10). I am left unable to test whether I can get communication between the VLANs.

I am able to ping VLAN1 but not VLAN10 (if that helps).

Is there something that I am missing/doing wrong?

This conversation is currently closed to new comments.

78 total posts (Page 3 of 8)   Prev   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Umm...

by devdevil85 In reply to That looks beautiful, doe ...

I just added every port on the 3560 as a trusted port for snooping.

I am now going to see if my laptop gets an address. If not then I will statically set one and see if inter-vlan routing works or not.

Thanks robo; the movie's not over yet!

Collapse -

Confused and Happy at the same time!

by devdevil85 In reply to That looks beautiful, doe ...

FYI: We changed DHCP servers and the address is now 192.168.1.225 instead of the old one.

Ok here's the scenario:

1) DHCP is NOT working. I debugged the switch and we watched DHCP traffic on the server and didn't see anything happening on either one.

but

2) I statically assigned my Laptop (connected to port #22) like you said to (192.168.10.15) and it could ping my PC (192.168.1.64), but my PC could not ping the Laptop.

3) I kept my PC's addressing the same, but changed its gateway to VLAN1 as 192.168.1.7 (previously it was our router 192.168.1.15), and the PC can now ping the Laptop and the Laptop can ping the PC. The PC can get to the Internet (after I manually enter DNS), but the Laptop cannot (after I manually enter DNS as well). The PC (192.168.1.64) is able ping our Router (192.168.1.15), but the Laptop (192.168.10.15) cannot. When I did a traceroute from the Laptop to 134.84.84.84 (Outside Time Server) it got to VLAN10 (192.168.10.1) and then just timed out as if it didn't know where else to go. My default route on the switch is to our Router (192.168.1.15).

Any suggestions?

Atleast inter-Vlan Routing works between devices, but I don't know what to do about getting outside of the network on VLAN10 (since I can't the Laptop to the Internet)

Here's my config file so far:

User Access Verification

Building configuration...

Current configuration : 2229 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
!
ip subnet-zero
ip routing
!
ip dhcp snooping vlan 1-10
ip dhcp snooping
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
ip dhcp snooping trust
!
interface FastEthernet0/2
ip dhcp snooping trust
!
interface FastEthernet0/3
ip dhcp snooping trust
!
interface FastEthernet0/4
ip dhcp snooping trust
!
interface FastEthernet0/5
ip dhcp snooping trust
!
interface FastEthernet0/6
ip dhcp snooping trust
!
interface FastEthernet0/7
ip dhcp snooping trust
!
interface FastEthernet0/8
ip dhcp snooping trust
!
interface FastEthernet0/9
ip dhcp snooping trust
!
interface FastEthernet0/10
ip dhcp snooping trust
!
interface FastEthernet0/11
ip dhcp snooping trust
!
interface FastEthernet0/12
ip dhcp snooping trust
!
interface FastEthernet0/13
ip dhcp snooping trust
!
interface FastEthernet0/14
ip dhcp snooping trust
!
interface FastEthernet0/15
ip dhcp snooping trust
!
interface FastEthernet0/16
ip dhcp snooping trust
!
interface FastEthernet0/17
ip dhcp snooping trust
!
interface FastEthernet0/18
ip dhcp snooping trust
!
interface FastEthernet0/19
ip dhcp snooping trust
!
interface FastEthernet0/20
ip dhcp snooping trust
!
interface FastEthernet0/21
ip dhcp snooping trust
!
interface FastEthernet0/22
description port on VLAN10
switchport access vlan 10
switchport mode access
ip dhcp snooping trust
!
interface FastEthernet0/23
ip dhcp snooping trust
!
interface FastEthernet0/24
ip dhcp snooping trust
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.7 255.255.254.0
!
interface Vlan10
ip address 192.168.10.1 255.255.254.0
ip helper-address 192.168.1.225
!
router rip
version 2
network 192.168.1.0
network 192.168.10.0
!
ip classless
ip default-network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 192.168.1.15
ip http server
!
!
control-plane
!
!
end

Cisco_POE#

Collapse -

Wait..is there a routing statement missing?

by robo_dev In reply to 3560 & 2 VLANs (DHCP issu ...

The helper address on VLAN1 is not needed since the DHCP server is on the same VLAN

should the 'network' line be?

network 192.168.1.0
network 192.168.10.0

Collapse -

Helper address is gone on VLAN1

by devdevil85 In reply to Wait..is there a routing ...

I removed helper address on VLAN1 and left it on VLAN10 as (ip helper-address 192.168.1.225), which our new DHCP server address.

I also have RIP V2 running advertising the 192.168.1.0 & 192.168.10.0 networks.

Is there something wrong that I'm missing?

Collapse -

should work if you have inter-vlan routing enabled

by CG IT In reply to Helper address is gone on ...

Note: you don't mention anything abour your routing tables, which is what I was trying to prod you into providing by referring to "router on a stick".

So for routing packets between VLANs, Here's the Cisco article on inter-vlan routing.

Network devices in different VLANs cannot communicate with one another without a router to route traffic between the VLANs. In most network environments, VLANs are associated with individual networks or subnetworks.

For example, in an IP network, each subnetwork is mapped to an individual VLAN. In a Novell IPX network, each VLAN is mapped to an IPX network number. In an AppleTalk network, each VLAN is associated with a cable range and AppleTalk zone name.

Configuring VLANs helps control the size of the broadcast domain and keeps local traffic local. However, when an end station in one VLAN needs to communicate with an end station in another VLAN, interVLAN communication is required. This communication is supported by interVLAN routing. You configure one or more routers to route traffic to the appropriate destination VLAN.

shows a basic interVLAN routing topology. Switch A is in VLAN 10 and Switch B is in VLAN 20. The router has an interface in each VLAN.

Figure 3-1 Basic InterVLAN Routing Topology


When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it sends a packet addressed to that host. Switch A forwards the packet directly to Host B, without sending it to the router.

When Host A sends a packet to Host C in VLAN 20, Switch A forwards the packet to the router, which receives the traffic on the VLAN 10 interface. The router checks the routing table, determines the correct outgoing interface, and forwards the packet out the VLAN 20 interface to Switch B. Switch B receives the packet and forwards it to Host C.

shows another common scenario, interVLAN routing over a single trunk connection to the router. The switch has ports in multiple VLANs. InterVLAN routing is performed by a Cisco 7505 router connected to the switch through a full-duplex Fast Ethernet trunk link.

Figure 3-2 InterVLAN Routing Over a Single Trunk Link

your 3500 is a layer 3 switch which means it can route packets [depending upon the IOS version and feature packs you have ]. So make sure your routing table has all the information to "route" packets between VLANs.

here's a link to the article:

http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/hybrid/routing.html#wp13354

Collapse -

Could you check my VLAN config?

by devdevil85 In reply to should work if you have i ...

Well I am able to communicate between VLANs 1 & 10 and devices on VLAN1 can get to the net, but my device on VLAN10 cannot. I posted my configuration (so far), so if you could just take a quick look at it and see if everything looks good I would greatly appreciate it. Thanks!

Collapse -

CG here's my routing information

by devdevil85 In reply to Could you check my VLAN c ...

Gateway of last resort is 192.168.1.15 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.1.15
C 192.168.0.0/23 is directly connected, Vlan1
Cisco_POE#


I'm not seeing VLAN10. Is this a problem?

Collapse -

humm .....think about routing packets...

by CG IT In reply to CG here's my routing info ...

how are packets from VLAN10 going to get to the router interface which will forward packets to the internet?

The router already knows packets from 1 to 10 and 10 to 1 are routed on the LAN interface [intervlan routing]. Packets from 1 not destined for 1 or 10 are sent to the gateway. But the router doesn't know to send packets from 10 not destined for 1 to the gateway.

So for VLAN 10 what's the gateway address? The next question is if clients obtain addressing and DNS server information from DHCP, how are they going to get gateway/router information? [which I believe was part of this problem as you were trying to setup clients in VLAN 10 to get addresses from a DHCP server on VLAN1].

VLAN10 >>>>> ???? >>>> internet
VLAN10 >>> router >>>VLAN1
VLAN1 >>>>> router either VLAN10 or[LAN interface/gateway] >>> internet

can't do the diagram using Cisco symbols but if you diagram out what you want to achieve, it makes figuring out what's needed easier.

note: unlike Windows operating system, there's no Internet connection sharing in Cisco equipment. You can't tell packets to go to VLAN1 then expect VLAN1 to forward packets to the Internet. Packets have to go to a router and the router has to know what to do with the packets. The router uses the routing table to determine what to do with packets. So it needs information on what to do with packets from VLAN10.

Should be apparent now what you need to configure.

Note: don't want to tell you what to do because what if you want to create another VLAN on your switch OR you have to add another switch and you setup VLANs on that? How do you trunk VLAN1 on switch 2 to VLAN1 on switch 1 and also provide internet access on VLAN1 switch 2 through router 1. What if you have 2 routers on the network before the interne?

Cisco CCNA/CCNP Prep Center has a CCTV video series which I highly recommend. The instructors are CCNP or CCIE and they go through the process of VLANs and inter-connect routing.

http://forums.cisco.com/eforum/servlet/PrepCenter?page=ccna_tv2007

Collapse -

What do you mean by "router"

by devdevil85 In reply to humm .....think about ro ...

When you refer to

VLAN10 --> router --> VLAN1

is "router" the routed interface/SVI on the 3560 or are you talking about our physical L3 Kentrox Router/Firewall that we have connected to it? We want to eliminate the Kentrox btw and just use the 3560 for routing traffic other than traffic meant for the internet (which I figured the 3560 would just forward to the Kentrox which it would then forward to our Nuvox Box).

Collapse -

Did you

by Dumphrey In reply to CG here's my routing info ...

turn on vlan 10 in conf t
int vlan10 enable
?

Back to Networks Forum
78 total posts (Page 3 of 8)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums