[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 12603
  • Last Modified:

Cisco 2950 VLAN problem

Here is my setup:

Cisco 2950
p1 - Server
p2 - ShoreTel Voice Switch
p4 - Kentrox Q2300 Router (with VLan trunking set in the corresponding Kentrox port)
p23 - ShoreTel iP Phone
p24 - ShoreTel IP Phone
         Switch in phone connected to a workstation

Server has dhcp scopes for 10.99.0.x, 10.99.100.x, 10.99.200.x and is itself at 10.99.0.10.

The intent is to have servers in vlan10, data in vlan100, and voice in vlan200.  The phones determine their vlan by a dhcp string.  
The phone will boot up, get a dhcp address from the server (in the 10.99.0.x range) along with the custom string, which tells the phone to use 802.1q tagging and vlan 200
The phone then reboots, and requests an address from vlan 200 in the 10.99.200.x range.

What is happening now is that the phone comes up, requests a DHCP address... and nothing.

The Kentrox router is configured with one port in Trunking mode
That port is configured for the following VLans, 802.1q tagging on
VL-1  id 10  10.99.0.2
VL-100 id 100 10.99.100.2
VL-200 id 200 10.99.200.2

Here is the Cisco Config

no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
ip subnet-zero
!
spanning-tree mode pvst
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
!
interface FastEthernet0/4
 switchport mode trunk
!
interface FastEthernet0/5
!
interface FastEthernet0/22
!
interface FastEthernet0/23
 switchport trunk native vlan 100
 switchport mode trunk
 switchport voice vlan 200
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport trunk native vlan 100
 switchport mode trunk
 switchport voice vlan 200
 spanning-tree portfast
!
interface Vlan1
 ip address 10.99.0.2 255.255.255.0
 no ip route-cache
!
interface Vlan10
 no ip address
 ip helper-address 10.99.0.10
 no ip route-cache
 shutdown
!
interface Vlan100
 no ip address
 ip helper-address 10.99.0.10
 no ip route-cache
 shutdown
!
interface Vlan200
 no ip address
 ip helper-address 10.99.0.10
 no ip route-cache
 shutdown
!
ip default-gateway 10.99.0.2
ip http server
!
0
Chuck Brown
Asked:
Chuck Brown
  • 16
  • 14
  • 2
1 Solution
 
icanhelpCommented:
I believe I've spotted your problem.

*Your Shoretel voice switch (port 2) is on vlan 10
*Your ip phones (port 23 & 24) are on voice-vlan 200

Problems:

You have port 23 & 24 in trunking mode instead of access...trunking only passes dot1q vlan tag info across switching fabric.

You need to move either the phones or Shoretel switch all on same VLAN for example:
..... [begin change]

interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport mode access vlan 200
 switchport voice vlan 10
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport mode access vlan 200
 switchport voice vlan 10
 spanning-tree portfast
!

.... [end change]
By the way, your "server" (port 1) is also on vlan 10...voice vlan...what is the role of this server?  If it's not a voice call processing or voicemail server, you'll need to move it to vlan 200 (computers)
like this:

interface FastEthernet0/1
 switchport access vlan 200
 switchport mode access
 spanning-tree portfast
!
.....

Your comment above "The phone will boot up, get a dhcp address from the server (in the 10.99.0.x range) along with the custom string, which tells the phone to use 802.1q tagging and vlan 200" is a little confused.  Leave the dot1q tagging duties to layer 2 devices ONLY.  This means that your phones are layer 3 and above, and do not need to know anything about the vlan domain, but needs only to know that it can access those vlan subnets.

You've achieved this by doing a "access vlan 200" on ports 23 & 24, which is used on your secondary phone jack for your computers.  The "voice vlan 10" is the first jack on your ip phone(s) that are utilizing your access into vlan 10....towards the shoretel device.  Hope this helps

cheers.
rc
0
 
Chuck BrownAuthor Commented:
ican,

thanks for the response.  this info may help clear things up a bit.

1. *Your Shoretel voice switch (port 2) is on vlan 10
*Your ip phones (port 23 & 24) are on voice-vlan 200
 I realize this may ultimately be a problem, but the ShoreTel voice switch doesn't play any roll in the issuing of DHCP addresses...

2. You have port 23 & 24 in trunking mode instead of access...trunking only passes dot1q vlan tag info across switching fabric.
* The phones have a built in switch, so that you can plug a workstation in.  The DHCP string initialy passed to the phone tell the phone to use dot1q and which vlans to mark voice packets with.  So, the switch has to be set for trunking, as there will be two VLAN packet types coming through it.

3. As far as the server goes, this is a special case of a demo system. The server is AD, DNS, DHCP, ShoreWare management, voicemail, etc, so it's a little unclear which VLAN to put it in. However, in this case, does it really matter as long as the router knows how to get packets back and to?   Or DOES it matter for the sake of things working?

4. I can turn off 802.1q on the phones, but was under the impression that I HAD to have that on if I wanted a workstation to access a data VLAN via the phones?
0
 
Chuck BrownAuthor Commented:
Another finding... if I change port 23 as follows:

int fa0/23
switchport access vlan 10
switchport mode access
switchport voice vlan 200
spanning-tree portfast

and turn off dot1q on the phone


Phone boots, gets ip address (10.99.0.105), and downloads code from the ftp server.  The problem with this is that we now have an ip address in the wrong subnet; does this mean something else is misconfigured, or that we have to have dot1q turned on on the phone?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
icanhelpCommented:
clbrownjr:

I'll answer your items in like fashion:

1.  Though your Shoretel voice switch isn't the dhcp server, normal IP communications must take place between Shoretel Switch and IP phones...take this to mean you want them all on EXACT same subnet (vlan).  You could separate into different vlans (not recommended) and do ip route statements to route subnet traffic back and forth.  This extra duty of routing between subnets (for performance sake) is why it's not recommended.

2.  I'm not sure with Shoretel phones, but I'd bet a shiny penny that you don't want the phone to be a trunking device.  This is because with any trunking protocol, the end device (ip phone in this case) will not be able to use one of the vlans...the voice vlan in this case.  It's true your phone has a built in switch, however, the data packets are separated by your "voice vlan 10" statement...all other packets go to second port on IP phone (to the computer)...do not use trunking on ports that do not have a VTP domain server or client attached to them (such as a router or a switch capable of vlan trunking)

3.  It matters for performance only.  If your router has to route between 2 vlans, there's extra overhead involved...personal preference I suppose...just didn't know what to make of it when I read "server"

4.  A cisco switchport (port 23 for example) can only be in one mode at a time.  That is "trunking" for passing VTP domain & vlan tagging info, and "access" mode that enables it to participate in a subnet packet switching.  A special feature of these switches are "voice vlan" which allows it to send to 2 different vlan packets.  I know this is confusing, but your phones have a built in switch and at least with Cisco phones, all they need is membership to this vlan via "voice vlan" statement and all other packets (access vlan 200) are sent to the second jack without having to decipher what vlan tags to send to which ip phone interface.

Let me know if theres more.

rc
0
 
icanhelpCommented:
You have the following 2 lines switched:

switchport access vlan 10
switchport voice vlan 200

It shoud read:

int fa0/23
switchport access vlan 200
switchport mode access
switchport voice vlan 10
spanning-tree portfast

Remember to keep your Shoretel switch and ip phones on same vlan....You may have been confused by the following


Port 2:
switchport access vlan 10

Port 23
switchport voice vlan 10

.....
On port 2, the shoretel device, it does not need to have "special" access into the vlan...just give it straight-forward access to vlan 10 by issuing a "access vlan 10".  Once you know your shoretel is on vlan 10, you are required to put the phones on the same vlan by issuing "voice vlan 10" for voice services traffic.  The "access vlan 200" on switchports 23 & 24 are there only for your computer's sake

rc


0
 
Chuck BrownAuthor Commented:
1. Doesn't my router with all of the vlans configured on the trunked port route between the vlans by default?  I understand the overhead issues, and agree with what you said, I'm just trying to understand if it SHOULD work with them in different vlans.

the plan was to have data in vlan 100, voice in vlan 200; doesn't this mean I need to have the two switchport lines as
switchport access vlan 200
switchport voice vlan 10

2. I'm still confused about the 802.1q; if this is the case, why would it even be an option on the phone?  Also, if I don't use it, the phone does not get an ip address in the subnet range associated with VLAN 200.  Not sure how to tell if it is actually marking it's packets to be in subnet 200 or not.  I know the switchport voice statement works a bit different if you have a Cisco phone; apparently, it tells Cisco phones that the voice data is VLAN 200; for ShoreTel, the dhcp string tells the phone the voice is in subnet xxx (in this case, 200).

0
 
icanhelpCommented:
Ok.

1.  Yes you are correct about your router on a stick if it's interface has the ability to do dot1q trunking.  Your lines are correct about switchport access vlan 200....for second pc jack and voice vlan 10...for voice traffic

2.  Again, I apologize as I'm not familiar with Shoretels, however you're working on a Cisco network.  Let me ask you something about your voice vlan DHCP settings...does it have an "option 150" parameter inserted in the DHCP scope?  If so, your shoretel phones are probably doing what my Cisco phones are doing in that "option 150" is a tftp download ip address...this is where our phones get their settings, registrations and software upgrades from...the option 150 should be the ip address of your Shoretel switch/server.

rc
0
 
Chuck BrownAuthor Commented:
Yep.  We're using option 150 to supply the ftp server, language, 802.1q on/off, vlan number/off.

If we set it to vlan 200, the phone gets a dhcp address from the 10.99.0.x range, then goes ahead and boots up.  If we set it to vlan 200 and turn 802.1q on, the phone does the same, but then says 'reconfiguring network' and reboots, as it should do.  It SHOULD then be attempting to go out on VLAN200 and get a new dhcp address, but is not successful.
0
 
icanhelpCommented:
When moving these ip phones to vlan 10...you need to have a DHCP scope for VLAN 10, I think this is your problem.  You're trying to get a DHCP address from VLAN 200 when it has no business on that subnet for voice traffic....this includes registration to the Shoretel switch....configure another DHCP scope with option 150 that applies only to VLAN 10..voice

Here's an example of having 2 different DHCP scopes on the same switch:

ip dhcp pool PHONES
   network 10.134.0.0 255.255.0.0
   default-router 10.134.0.1
   option 150 ip 10.110.0.2
!
ip dhcp pool DATA
   network 10.34.0.0 255.255.0.0
   default-router 10.34.0.1
   dns-server x.x.x.x
!


The only thing that's splitting these traffics are the "network" statement parameters within each scope

rc
0
 
TahzeebhaiderCommented:
As you are using Layer 2 switch 2950 intervlan communication is not possible on it without you putting a router to communicate between vlans. if you want to do intervlan communication you need a layer 3 switch to do that.
as your phone are on one vlan and dhcp server on different vlan it will not communicate as once you create vlan on 2950 all communication between different vlan stops only devices on the same vlan can communicate with each other ou you put a router to communicat with different vlan and making the router on trunk port.
0
 
icanhelpCommented:
Agreed Tahzeebhaider.  However I think this guy's problem is in his use of DHCP scope.  I'm not sure how many DHCP scopes that Cat 2950 can create, I have 3550's and 60's, but he needs to create one specifically for his phone/Shoretel switch vlan with the specific "option 150" pointing to his Shoretel server...I'd make this easy and perform better by moving his Shortel server onto the same vlan that his phones/Shortel Switch is located on.  Packet flow will not need to have the use of routers (overhead) in order for his voice network to work.

rc
0
 
Chuck BrownAuthor Commented:
1. I DO have a router capable of VLAN trunking on port 4 of the switch.  This should take care of issues Tahzeebhaider brought up, no?

2. I have dhcp scopes set up on server at 10.0.99.10 for
10.99.0.x
10.99.10.x
10.99.100.x
10.99.200.x

My understanding was that the trunked router added the appropriate information to the dhcp request packet so that Windows DHCP would issue from the correct subnet of the superscope.
0
 
icanhelpCommented:
The best way to handle your problem with DHCP is to have it run on the Catalyst 2950.  I say that you have a problem with DHCP because even though your phones are snatching an address for vlan 200, your phones belong on vlan 10 (voice network).  By having your phones on vlan 200, your server & PBX on vlan 10, you're having some sort of routing issue.  Keep it simple.  The configuration below is an example of setting up a DHCP scope on the catalyst:

ip dhcp pool PHONES
   network 10.134.0.0 255.255.0.0      -----> This is the line that ties this subnet to a vlan
   default-router 10.134.0.1
   option 150 ip 10.110.0.2                 -----> Here's the option 150 pointing to your Shoretel server..that's why you want
!                                                                 The Shoretel server on the same vlan as your IP phones/Shoretel Switch


cheers.
rc

0
 
Chuck BrownAuthor Commented:
Ok... Just to simplify things, I moved dhcp to the switch.  This should at least take some of the routing issues out of the way.  Not sure what I have wrong now, but the phone doesn't get any address now, not even the first one, from which it's told to use VLAN 200.

!
ip subnet-zero
ip dhcp excluded-address 10.99.0.1 10.99.0.25
ip dhcp excluded-address 10.99.0.200 10.99.0.254
ip dhcp excluded-address 10.99.10.1 10.99.10.25
ip dhcp excluded-address 10.99.10.200 10.99.10.254
ip dhcp excluded-address 10.99.100.1 10.99.100.25
ip dhcp excluded-address 10.99.100.200 10.99.100.254
ip dhcp excluded-address 10.99.200.1 10.99.200.20
ip dhcp excluded-address 10.99.200.200 10.99.200.254
!
ip dhcp pool 1
   network 10.99.0.0 255.255.255.0
   default-router 10.99.0.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging
=1, vlanid=200"
!
ip dhcp pool 100
   network 10.99.100.0 255.255.255.0
   default-router 10.99.100.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging
=1, vlanid=200"
!
ip dhcp pool 200
   network 10.99.200.0 255.255.255.0
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging
=1, vlanid=200"
!
ip dhcp pool 10
   network 10.99.10.0 255.255.255.0
   default-router 10.99.10.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging
=1, vlanid=200"
!
spanning-tree mode pvst
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 200
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
!
interface FastEthernet0/4
 switchport mode trunk
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/23
 switchport trunk native vlan 100
 switchport mode trunk
 switchport voice vlan 200
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport trunk native vlan 100
 switchport mode trunk
 switchport voice vlan 200
 spanning-tree portfast
!
interface Vlan1
 ip address 10.99.0.2 255.255.255.0
 no ip route-cache
!
interface Vlan10
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan100
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan200
 no ip address
 no ip route-cache
 shutdown
!
ip default-gateway 10.99.0.2
ip http server
!
0
 
icanhelpCommented:
On port 1

interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!

Change switchport access vlan 10 ----> change it to access vlan 200 (coincides with shortel switch and phones)
0
 
icanhelpCommented:
Also, I see you're using option 156....is it possible to have your shortel server configured to handout firmware/register...etc on tftp instead of ftp?  if so change change vlan 200 dhcp scope option to:

option 150 <new static ip for shoretel server because it was moved to vlan 200>

try this and let us know
rc
0
 
Chuck BrownAuthor Commented:
Nope.  This isn't an option.  Has to be option 156, and ftp from the server.
0
 
icanhelpCommented:
In that case, leave your configs the way you have it, and change your server static ip to match the subnet id of your ip phone dhcp scope and move your server to vlan 200 where all your other voice stuff is located.
0
 
Chuck BrownAuthor Commented:
However, remember we are trying (unsuccessfully) to get dhcp from the switch, so the server hasn't come into play yet.  The change to vlan 200 didn't help, but again, this would have affected access to the server; right now, we can't even get a dhcp address from the switch.
0
 
Chuck BrownAuthor Commented:
I can move the server, but have a question to help me understand... should I HAVE to move the server?  If I have the server in VLAN 10, corresponding to 10.99.0.x, and I have my phones in VLAN 200, corresponding to 10.99.200.x, shouldn't my trunked router route these two such that they can talk?  I do understand that this isn't the most efficient way to do it, I just want to understand if it SHOULD work this way...
0
 
icanhelpCommented:
I agree that your phone on port 23 or 24 should be getting a new ip address lease.  That said, let's test something:


from your dhcp scop:

ip dhcp pool 200
   network 10.99.200.0 255.255.255.0
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging
=1, vlanid=200"
!

Remove:  option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging=1, vlanid=200"

and leave the rest of scope the way it is....and power cycle the phone
0
 
icanhelpCommented:
This may be quicker if I could just call you and work thru it.
0
 
Chuck BrownAuthor Commented:
This didn't work either, but I'm not sure why it would have changed anything.  I don't think the switch has any knowledge of what 'voice' or 'data' is at this point.  The phone is going to mark its packets for vlan 200, once it gets put into vlan 200.  However, at this point, the phone is simply a device requesting an IP address, so why would the switch associate that with vlan 200?

Sure, if you don't mind calling, I don't mind the help!  You can reach me at (912) 629-2411.
0
 
Chuck BrownAuthor Commented:
Randy,

Our configuration is:
ShoreGear 40/8 voice switch
Windows 2003 Server (AD, DNS, DHCP, ShoreWare Services) (This is a DEMO system)
Cisco 2950-24 Switch
Kentrox Q2300 Router
ShoreTel 230 IP Phone

Right now, when the phone boots up, it gets NO DHCP address.

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable password InfPW
!
ip subnet-zero
ip dhcp excluded-address 10.99.0.1 10.99.0.25
ip dhcp excluded-address 10.99.0.200 10.99.0.254
ip dhcp excluded-address 10.99.10.1 10.99.10.25
ip dhcp excluded-address 10.99.10.200 10.99.10.254
ip dhcp excluded-address 10.99.100.1 10.99.100.25
ip dhcp excluded-address 10.99.100.200 10.99.100.254
ip dhcp excluded-address 10.99.200.1 10.99.200.20
ip dhcp excluded-address 10.99.200.200 10.99.200.254
!
ip dhcp pool 100
   network 10.99.100.0 255.255.255.0
   default-router 10.99.100.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging=1, vlanid=10"
!
ip dhcp pool 200
   network 10.99.200.0 255.255.255.0
   default-router 10.99.200.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging=1, vlanid=10"
!
ip dhcp pool 10
   network 10.99.0.0 255.255.255.0
   default-router 10.99.0.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging=1, vlanid=10"
!
!
spanning-tree mode pvst
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
!
interface FastEthernet0/4
 switchport mode trunk
!
interface FastEthernet0/5
!
interface FastEthernet0/22
!
interface FastEthernet0/23
 switchport trunk native vlan 100
 switchport mode trunk
 switchport voice vlan 10
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport trunk native vlan 100
 switchport mode trunk
 switchport voice vlan 200
 spanning-tree portfast
!
interface Vlan1
 ip address 10.99.15.2 255.255.255.0
 no ip route-cache
!
interface Vlan10
 ip address 10.99.0.1 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan100
 ip address 10.99.100.1 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan200
 ip address 10.99.200.1 255.255.255.0
 no ip route-cache
 shutdown
!
ip default-gateway 10.99.0.2
ip http server
0
 
TahzeebhaiderCommented:
Again to let you know that 2950 can take only one DHCP per switch you cannot create more than one DHCP scope in single switch which is again Layer 2 switch.in all case you have to get a Layer 3 Switch to accomplished your problem.or just put router for each vlan you create and have the dhcp scope through that.
0
 
icanhelpCommented:
If this is the case, we can just have him setup 1 dhcp scope for his voice and have a dhcp server (Win2k win23k) on the data subnet handout for PC's

rc
0
 
Chuck BrownAuthor Commented:
Update... I don't think the comment about 1 dhcp scope is correct, as two are working currently.  I'm listing the 'current' config below, but here is what I've found out in the meantime.

1. The ports into which ShoreTel phones are plugged must be set as trunking ports.
2. The ShoreTel phones must have layer2tagging turned on if you wish to use VLANS with them
3. The Cisco 'voice vlan' tag means nothing and does nothing in a ShoreTel environment
4. The phone boots, requests a DHCP address from the default vlan unless that's been changed on the port.  It gets the DHCP address along with the request to turn on layer2tagging and vlans.  It then reboots, and requests a new address from the vlan it has been assigned.  Once this is accomplished, all packets from the phone come out tagged with the vlan requested.  All packets from a device (pc) plugged into the second port in the phone are passed along unchanged, leaving the switch to tag them with the vlan assigned to the port.


Where I am right now... phone boots, gets dhcp address with vlan assignment, boots again, gets new dhcp address in proper subnet, but then BOOTS AGAIN and goes into a forever unanswered DHCP request.  Not sure why.

However, let me digress.  I think there is a basic config problem with the switch.  I unplugged everything except the router from the switch.  I plugged an old cheap hub between the switch and the router.  I plugged a PC into the hub as well, running Ethereal to monitor the traffic.  When I try to ping the router from the switch, I don't see arp packets go out.  Even if the router was misconfigured, which I don't think it is, shouldn't the switch try to send the arp request out of a trunk port to be resolved?

Here's the switch config:

ip subnet-zero
ip dhcp excluded-address 10.99.0.1 10.99.0.25
ip dhcp excluded-address 10.99.0.200 10.99.0.254
ip dhcp excluded-address 10.99.10.1 10.99.10.25
ip dhcp excluded-address 10.99.10.200 10.99.10.254
!
ip dhcp pool 10
   network 10.99.10.0 255.255.255.0
   default-router 10.99.10.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging
=1, vlanid=10"
!
ip dhcp pool 0
   network 10.99.0.0 255.255.255.0
   default-router 10.99.0.2
   option 156 ascii "ftpservers=10.99.0.10, country=1, language=1, layer2tagging
=1, vlanid=10"
!
!
spanning-tree mode pvst
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
!
interface FastEthernet0/4
 switchport mode trunk
 speed 10
 duplex half
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
 switchport mode trunk
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport mode trunk
 switchport nonegotiate
 switchport voice vlan 10
 spanning-tree portfast
!
interface Vlan1
 ip address 10.99.10.2 255.255.255.0
 no ip route-cache
!
interface Vlan10
 ip address 10.99.0.1 255.255.255.0
 no ip route-cache
 shutdown
!
ip default-gateway 10.99.10.2
ip http server
0
 
icanhelpCommented:
First and foremost, you need an "ip default-gateway" statement in each vlan:

interface vlan1
  ip default-gateway x.x.x.x x.x.x.x  ---> Kentrox router (should take care of your ethereal problem)
  no shut
!
interface vlan10
  ip default-gateway x.x.x.x x.x.x.x   ---> Kentrox router (should take care of your ethereal problem).  Also might be the
  no shut                                       ---> reason why your phones aren't getting the second dhcp lease...router is doing
!                                                  ---> intervlan routing.  With no default gw on vlan10 int, how would phone make
                                                   ---> the request

Second, on catalyst 2950, switchports in trunk mode (such as port 4, port 23, port 24), default is dot1q.  Trunking protocols MUST match on both sides.  I would check all 3 devices, especially Kentrox as it's duty in this scenario is intervlan routing.  Default is vlan1, unless manually set...Looks like you took those out, I would manually override them and set them on vlan10.

rc
0
 
Chuck BrownAuthor Commented:
Apparently the ip default-gateway command is not local to the interface statement; I tried adding the ones specified, but when I do a show config, the last ip default-gateway I put in is found at the end of all of the interface vlan statements, set apart from them.  Also, if I do a config t/interface vlan1/ip ?, default-gateway is not one of the options.

According to Kentrox, dot1q is all they do.
Also, I just added the switchport access vlan 10, then tried pinging 10.99.10.2, to no avail.
0
 
icanhelpCommented:
I'm curious Chuck, how'd you resolve this issue?
0
 
Chuck BrownAuthor Commented:
We ran out of time and did our testing on the customers Cisco switches, which were layer 3.  They worked, of course.  I think the issue is our Kentrox router. They said it will work, but I haven't had time to find out why it's not.
0
 
icanhelpCommented:
Nice.  Great Job!
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 16
  • 14
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now