• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 834
  • Last Modified:

mulitple vlans and dhcp

Although we opened a 2nd vlan...and used ip helped to point it at our dhcp...we are not getting an ip.

We are using a Cisco 3560g.

Any ideas?

We added the range to DHCP....
0
lgropper
Asked:
lgropper
  • 14
  • 10
1 Solution
 
Scotty_ciscoCommented:
you need to add ip helper address in the vlan interface.

http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/48383.htm#xtocid670622

here is a link that explains the command

put it in the vlan that is away from the vlan that the server is in.

Thanks
scott
0
 
lgropperAuthor Commented:
IP helper is done...it points to the static ip of our dhcp....

For example:

192.168.100.1 (range)----dhcp 192.168.100.5 is listed in the helper
192.168.201.201 (range)----dhcp 192.168.100.5 is listed in the helper

Yet...the 2nd range cannot get an ip...
0
 
Scotty_ciscoCommented:
what are the show runs looking like in those vlan's?

Thanks
Scott
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
lgropperAuthor Commented:
sorry...can you explain? how do I do a show run?

Thanks!! (can you tell this is my first time! argh!)
0
 
Scotty_ciscoCommented:
need to be at Switch#
and type show run (enter)
if you are at switch(config)# you need to type end
then show run

Thanks
Scott
0
 
lgropperAuthor Commented:
we are trying but we are getting a memory error...seems like we need a reboot but that cannot be until after hours....

any chance you take one on one phone calls? You have been a great help and would love to just walk through this with you.

Thanks!
0
 
lgropperAuthor Commented:
This is what we have.


ip subnet-zero
ip routing
!
ip name-server 192.168.100.5
ip name-server 192.168.100.12
ip dhcp-server 192.168.100.5
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
 switchport access vlan 3
 switchport mode access
!
interface GigabitEthernet0/42
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
 ip address 192.168.100.201 255.255.255.0
 ip helper-address 192.168.100.5
!
interface Vlan2
 ip address 192.168.200.201 255.255.255.0
 ip helper-address 192.168.100.5
!
interface Vlan3
 ip address 192.168.205.201 255.255.255.0
 ip helper-address 192.168.100.2
 ip helper-address 192.168.201.201
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.100.71
ip http server
!
snmp-server community public RO
snmp-server enable traps tty
!
control-plane
0
 
Scotty_ciscoCommented:
I could talk to you ... I am at work currently as well.... what is after hours in your case?  

also a reboot generally won't help solve this type of problem.  

when you do a show vlan what do you see?

Thanks
Scott
0
 
lgropperAuthor Commented:
it seems that its not really just dhcp thats not working?  even is i plug into the second vlan i cannot ping anything on the vlan1 side.  This issue just popped out of no where! here is the config

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
                                                Gi0/5, Gi0/6, Gi0/7, Gi0/8
                                                Gi0/9, Gi0/10, Gi0/11, Gi0/12
                                                Gi0/13, Gi0/14, Gi0/15, Gi0/16
                                                Gi0/17, Gi0/18, Gi0/19, Gi0/20
                                                Gi0/21, Gi0/23, Gi0/24, Gi0/25
                                                Gi0/26, Gi0/27, Gi0/28, Gi0/29
                                                Gi0/30, Gi0/31, Gi0/32, Gi0/35
                                                Gi0/37, Gi0/38, Gi0/39, Gi0/40
                                                Gi0/43, Gi0/44, Gi0/45, Gi0/46
                                                Gi0/47, Gi0/49, Gi0/50, Gi0/51
                                                Gi0/52
2    VLAN2                            active    Gi0/36, Gi0/42, Gi0/48
3    VLAN3                            active    Gi0/41
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
0
 
Scotty_ciscoCommented:
what vlan is you DHCP server sitting in looks like it is in vlan 1 if that is the case you do not need the helper address in that vlan. you also have the wrong address in vlan 3

interface Vlan3
 ip address 192.168.205.201 255.255.255.0
 ip helper-address 192.168.100.2
 ip helper-address 192.168.201.201
!

ip helper-address in the other vlan is 192.168.100.5

the Ping issue .... what is the default gateway that is getting assigned to both the sending PC and the responding PC and what VLANs are they in?

Thanks
scott
0
 
lgropperAuthor Commented:
Yes the DHCP is in vlan1, how do i remove the helper on it?

Vlan 3 i was just playing around with to see if we could fix the issue and i pointed at another server that i ran dhcp on.  Is there a quick way to remove it?

i am trying to ping 192.168.100.5 from 192.168.200.10.

gateway on 192.168.100.5 is 192.168.100.71
gateway on 192.168.200.10 is 192.168.200.201 (switch)

chad
0
 
Scotty_ciscoCommented:
what is the 192.168.100.71 is that the switch as well?  if not then it needs to know where the 192.168.200.0 network lives which if you point a static route at 192.168.100.201 for that 200 network then it will work.

the way to remove a command in Cisco syntax is just NO before the command

Thanks
Scott
0
 
lgropperAuthor Commented:
yep, the .71 is our firewall with a static route for the 200 network.

See the thing is, everything was in place and working smoothly... then the .200 subnet just stopped working.  my only conclusion is something on the 3560g must have changed... but i am the only one who has access to it.

its a very odd situation... when i try and ping something on the .100 subnet i get nothing except for pinging the 192.168.100.201 ip.. thats the switches .100 port.

chad
0
 
Scotty_ciscoCommented:
Chad..

try adding a host route to a box on the 192.168.100.0 network to the switch of 200 and I bet your ping starts to work.  A firewall by default will not generally allow a packet to leave the same interface that it comes in on it will discard the packet.

Thanks
Scott
0
 
lgropperAuthor Commented:
there is a current route in the firewall,

IP
192.168.200.0

subnet mask
255.255.255.0

Gateway
192.168.100.201 (3560g)

I just plugged my laptop into port 42 (vlan2) on the 3560 and i picked up an ip of 192.168.100.134.  it seems dhcp is working for some reason but its not offering ip's from .200.  is there something that needs to be set to ensure the dhcp server knows what subnet the requests are coming from?

0
 
Scotty_ciscoCommented:
how many scopes do you have setup in the DHCP server?  What type of firewall do you have?  the switch can probably router layer3 traffic much faster than the firewall can.  I would set everything to the Switch as a default gateway and then set the default route in the switch to the firewall.

Thanks
Scott
0
 
lgropperAuthor Commented:
the 3560 is a newer device, i was planning on getting that setup as well.

our dhcp server hosts for out stores as well, there are about 70 scopes.

it also seems something has locked the config on the switch, so i cannot edit or change it.

%Error opening nvram:/startup-config (Device or resource busy)

Chad
0
 
lgropperAuthor Commented:
sorry the firewall is a noirtel contivity 1100
0
 
Scotty_ciscoCommented:
what type of DHCP server is it?  is it a Windows or unix?  

The switch tages the request with the subnet and that is how the DHCP server know's what scope it is pulling them out of.  If you switch config is locked that is a little harder to trouble shoot.  

Cisco stores all of the config information on NVRAM and they only have so many valid writes and then they no longer function.  I hope that is not the case as I have never seen that directly happen I have known that it has happened.

I have setup multipule vlan structure like this in the past and I have not had a problem with this.

What time would you be able to preform a reboot of the equipment?

Thanks
Scott
0
 
lgropperAuthor Commented:
the dhcp server is a windows 2000 box.  I am going to be moving the dhcp services to another windows box that is 2003 but thats a later issue.

I have to wait till after 5 to do the reboot today.


I am still confused to the fact as why this stopped working in the first place! i initially setup a second vlan and configured the helper to point to the dhcp server on 192.168.100.5.  All was fine and working... then yesterday and today it just stopped...

i want to clean up the config on the 3560, but i guess i have to wait for a reboot.

thanks for the help, i'll post back later if you are around... unless there is anything else that you may think is causing the issue.

Thanks again!

Chad
0
 
Scotty_ciscoCommented:
depending on the time I am in mountain time zone so quite possibly will be here.... the switch could be running buggy code have you searched for bugs on cisco's web site?

Do a show ver and post that lets see what code your running.

Thanks
Scott
0
 
lgropperAuthor Commented:
Cisco Internetwork Operating System Software
IOS (tm) C3560 Software (C3560-I9-M), Version 12.2(20)SE4, RELEASE SOFTWARE (fc1
)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Sat 08-Jan-05 23:06 by antonino
Image text-base: 0x00003000, data-base: 0x00996F6C

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SE, RELEASE SOFTWARE
 (fc)

CMT3560_Server_Room uptime is 32 weeks, 3 days, 2 hours, 47 minutes
System returned to ROM by power-on
System image file is "flash:c3560-i9-mz.122-20.SE4/c3560-i9-mz.122-20.SE4.bin"

cisco WS-C3560G-48TS (PowerPC405) processor (revision A0) with 118784K/12280K by
tes of memory.
Processor board ID FOC0911U1LV
Last reset from power-on
3 Virtual Ethernet/IEEE 802.3  interface(s)
52 Gigabit Ethernet/IEEE 802.3 interface(s)
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:13:80:66:F8:00
Motherboard assembly number     : 73-9358-03
Power supply part number        : 341-0107-01
Motherboard serial number       : FOC09104QKC
Power supply serial number      : FXD0844008E
Model revision number           : A0
Motherboard revision number     : A0
Model number                    : WS-C3560G-48TS-S
System serial number            : FOC0911U1LV
SFP Module assembly part number : 73-7757-02
SFP Module revision Number      : A0
SFP Module serial number        : CAT09070M7R
Top Assembly Part Number        : 800-25428-01
Top Assembly Revision Number    : A0
Version ID                      : 01
CLEI Code Number                : CNMWY00ARA
Hardware Board Revision Number  : 0x05


Switch   Ports  Model              SW Version              SW Image
------   -----  -----              ----------              ----------
*    1   52     WS-C3560G-48TS     12.2(20)SE4             C3560-I9-M


Configuration register is 0xF

CMT3560_Server_Room#
0
 
mikebernhardtCommented:
Since you're using DHCP, make sure you have a scope correctly configured on the DHCP server for each of the 3 IP subnets. Your default gateway for hosts on ANY vlan should be the ip address you configured for the vlan interface on the switch.

As Scotty said, remove the ip helper-address on vlan 1 and fix the one on vlan 3:
config t
interface vlan 1
 no ip helper-address 192.168.100.5
interface vlan 3
 no ip helper-address 192.168.100.2
 no ip helper-address 192.168.201.201
 ip helper-address 192.168.100.5
end
wr mem

The ping problem is because the users on vlan 1 have a default gateway of 192.168.100.71. The firewall will not route traffic back out the inside interface to the switch. You need to make their default gateway 192.168.100.201. The switch will redirect internet traffic to the firewall. Make sure the firewall has routes pointing traffic for vlans 2 and 3 to 192.168.100.201.
0
 
lgropperAuthor Commented:
i don't believe that is the problem with the ping as there are routes in the firewall to pass traffic to the switch and the switches last resort ip in the firewall.  

As i have stated a few times.... it worked before for a few months... just yesterday it started having problems.

i am going to restart the switch and i will be able to update the config. hopefully that helps and resolves the issues.

Thanks!
0
 
lgropperAuthor Commented:
turned out to be a routing issue.  but your help definitley helped me find the problem!!

192.168.200.0 was being routed to a branch office vpn.

Thanks for all your help and quick replies!!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 14
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now