We help IT Professionals succeed at work.

DHCP not working on 2960 trunked to 2801 with sub-interfaces

3,504 Views
Last Modified: 2012-02-29
I don't know if I'm going crazy or what, but I can't get DHCP to hand me an IP address on VLANs configured on a 2960 switch.  I've set this up many many times on 2950s, 3550s, 3750s, etc and it works.  For some reason this 2960 switch is not cooperating.

Basically I have a 2960 that I'm going to play around with.  I configured a 2801 router with the DHCP pools and the appropriate sub-interfaces.  I created the vlans on the 2960 switch and created a trunk to the 2801 router.  For testing I assigned port 14 on the switch to a vlan.  I should be able to plug a laptop in and grab an IP address. However, it won't grab an IP address.  If I statically assign an IP address I can ping the corresponding sub-interface gateway on the router.  Very stange.  I hope I'm just missing something very obvious.

Here are the configs:
2801 ROUTER

Current configuration : 4470 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2801RTR
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
clock timezone CST -6 0
clock summer-time CST recurring
dot11 syslog
ip source-route
!
!
!        
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.2.1 172.16.2.10
ip dhcp excluded-address 172.16.11.1 172.16.11.10
ip dhcp excluded-address 172.16.11.100 172.16.11.254
ip dhcp excluded-address 172.18.11.1 172.18.11.10
ip dhcp excluded-address 10.1.1.1 10.1.1.10
ip dhcp excluded-address 192.168.11.1 192.168.11.9
!
ip dhcp pool voice
 network 172.16.2.0 255.255.255.0
 option 150 ip 172.16.2.1
 default-router 172.16.2.1
!
ip dhcp pool data
 network 172.16.11.0 255.255.255.0
 dns-server 172.16.11.100
 default-router 172.16.11.1 255.255.255.0
 domain-name etechxp.local
 lease infinite
!
ip dhcp pool test
 network 172.18.11.0 255.255.255.0
 dns-server 8.8.8.8 208.67.222.222
 default-router 172.18.11.1 255.255.255.0
 lease 7
!
ip dhcp pool lab
 network 10.1.1.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 10.1.1.1 255.255.255.0
 lease 7
!
ip dhcp pool mgmt
 network 192.168.11.0 255.255.255.0
 default-router 192.168.11.1 255.255.255.0
 lease infinite
!
!
ip cef
no ip domain lookup
ip domain name
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!        
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
ip ssh version 2
!
!
!
!
!
interface FastEthernet0/0
 description To ASA 5505
 ip address 10.0.10.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Service-Engine0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 description Native VLAN
 encapsulation dot1Q 10 native
 ip address 192.168.11.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface FastEthernet0/1.100
 description Voice VLAN
 encapsulation dot1Q 100
 ip address 172.16.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface FastEthernet0/1.200
 description Data VLAN
 encapsulation dot1Q 200
 ip address 172.16.11.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface FastEthernet0/1.500
 description Test VLAN
 encapsulation dot1Q 500
 ip address 172.18.11.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface FastEthernet0/1.600
 description Lab VLAN
 encapsulation dot1Q 600
 ip address 10.1.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
no ip classless
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip http path flash:
ip route 0.0.0.0 0.0.0.0 10.0.10.1
!
!
!
!
control-plane
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!        
voice-port 0/0/3
!
!
!
mgcp profile default
!
!
!
!
telephony-service
 max-conferences 4 gain -6
 transfer-system full-consult
!
!
!
line con 0
 logging synchronous
 login local
line aux 0
line 66
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
 exec-timeout 15 0
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 exec-timeout 5 0
 logging synchronous
 login
 transport input ssh
!
scheduler allocate 20000 1000
ntp master
ntp server 128.138.141.172
end
-------------------------------------------------------------------------------------------------------------------------------------
Catalyst 2960:

Current configuration : 4747 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SW01
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
!        
!
crypto pki trustpoint TP-self-signed-713166720
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-713166720
 revocation-check none
 rsakeypair TP-self-signed-713166720
!
!
crypto pki certificate chain TP-self-signed-713166720
 certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37313331 36363732 30301E17 0D393330 33303130 30303233
  345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3731 33313636
  37323030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  BAB805E3 F4D224C5 1428CADF 4C4E5414 C63247C6 F9A52E92 FF49D526 464AA149
  838C6CAC 076F8FE4 BE1BD6CC 969AC7B3 34F09BB4 A226D190 66BF7A5D 564E3FFD
  793B93A8 4F01FCF4 E455B495 7C557150 B5CF50DA 8E28636A C2125C91 20B68A72
  DDB9E6C3 0C3AD50E 68368445 44537BFC FD952F75 BC1674DE E85B1508 8FB37193
  02030100 01A36B30 69300F06 03551D13 0101FF04 05300301 01FF3016 0603551D
  11040F30 0D820B45 54454348 2D535730 312E301F 0603551D 23041830 168014C5
  98D72D2E 3CA712D9 BDC3917C 460336B3 F2D1C830 1D060355 1D0E0416 0414C598
  D72D2E3C A712D9BD C3917C46 0336B3F2 D1C8300D 06092A86 4886F70D 01010405
  00038181 00539909 55DE7C2E 2FBCFACC 7F921D5A 6655660A 06380C6A A53E1197
  1C2EBA53 B01A5EEF 3626F41F FD63A317 100D341C 764DE96E 85E1383C F122A259
  F36772EF 0BA69E9F BA85165D 35745E8D B51195B0 BA981474 559C5D7D D4A55EEE
  50085234 022992BF A10CF20F 7F944094 7ADB3E27 CD7AE7F2 8319D826 3B975603
  622168F7 F9
  quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
 no ip address
 shutdown
!
interface GigabitEthernet1/0/1
!        
interface GigabitEthernet1/0/2
 description Trunk to 2801 Router
 switchport trunk native vlan 10
 switchport mode trunk
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!        
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
 switchport access vlan 500
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!        
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 192.168.11.2 255.255.255.0
!
ip default-gateway 192.168.11.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
 logging synchronous
 login local
line vty 0 4
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 logging synchronous
 login local
 transport input ssh
!
end


SW01#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/3, Gi1/0/4
                                                Gi1/0/5, Gi1/0/6, Gi1/0/7
                                                Gi1/0/8, Gi1/0/9, Gi1/0/10
                                                Gi1/0/11, Gi1/0/12, Gi1/0/13
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20
                                                Gi1/0/21, Gi1/0/22, Gi1/0/24
                                                Gi1/0/25, Gi1/0/26, Gi1/0/27
                                                Gi1/0/28
10   MGMT                             active    
100  VOICE                            active    
200  DATA                             active    
500  TEST                             active    Gi1/0/14
600  LAB                              active    
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Comment
Watch Question

CERTIFIED EXPERT

Commented:
You are missing the ip helper-address, try below;

interface FastEthernet0/1.500
 description Test VLAN
 encapsulation dot1Q 500
 ip address 172.18.11.1 255.255.255.0
 ip helper-address 192.168.11.1
 ip nat inside
 ip virtual-reassembly in
Nayyar HH (CCIE RS)Network Architect
CERTIFIED EXPERT

Commented:
I believe we only need "ip helper-address" when the dhcp server is more than one L3 hop away

In this case the dhcp server is hosted on the first-hop router. So "ip helper...." shouldn't be needed

Cant find anything wrong with the above config

eliminate the PC by having the switch request dhcp ip address

! --- Test

int vlan 10
no ip address

int vlan 500
ip address dhcp
shutdown
no sh

! --- Debug

debug dhcp

Author

Commented:
I tried the suggested test and "int vlan 500" was assigned 172.18.11.12.  However the laptop won't grab an IP from port 14.
Nayyar HH (CCIE RS)Network Architect
CERTIFIED EXPERT

Commented:
OK that's Good

Can you test with a different PC/Laptop ?

Author

Commented:
Sorry fo the delay.  I can only work on this in the the evenings.  It's not the laptop.  I use the laptop daily to troubleshoot onsite and I know it works.  It's not the cable either.  I can plug into our production environment and grab an IP immediately.

Running a debug dhcp on the switch I am receiving:

*Mar  1 11:04:34.964: DHCP: Received a BOOTREP pkt Not for us..:  xid: 0xDAB87BBF
*Mar  1 11:04:37.586: DHCP: Received a BOOTREP pkt Not for us..:  xid: 0x481F3E37
*Mar  1 11:04:40.207: DHCP: Received a BOOTREP pkt Not for us..:  xid: 0x678C28F2
*Mar  1 11:04:42.829: DHCP: Received a BOOTREP pkt Not for us..:  xid: 0x5FEBE339
*Mar  1 11:04:45.445: DHCP: Received a BOOTREP pkt Not for us..:  xid: 0x1FEA6A7

That looks to be like something is blocking MAC addresses.

Author

Commented:
Troubleshooting this, I have noticed that the router is actually assigning an IP address as can be seen in the "show ip dhcp bind" command.  Running a few more debugs on the router shows that the router is saying the dhcp pool has no parent and is also looking for an option 125.  Here are the excerpts from the debugs:


2801RTR#show ip dhcp bind
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
172.18.11.11        0100.24e8.e8f5.a8       Feb 20 2012 10:31 PM    Automatic




Feb 14 04:f000000
Feb 14 04:09:44.407: DHCPD: Found previous server binding
Feb 14 04:09:44.411: DHCPD: requested address 172.18.11.11 has already been assigned.
Feb 14 04:09:44.411: DHCPD: Sending DHCPOFFER to client 0100.24e8.e8f5.a8 (172.18.11.11).
Feb 14 04:09:44.411: DHCPD: child  pool: 172.18.11.0 / 255.255.255.0 (test)
Feb 14 04:09:44.411: DHCPD: pool test has no parent.d_data_syslog: num_matches = 0
Feb 14 04:09:41.783: IPpacketQ deq s=169.254.148.82 (FastEthernet0/1.500), d=169.254.255.255, f,
Feb 14 04:09:44.411: DHCPD: child  pool: 172.18.11.0 / 255.255.255.0 (test)
Feb 14 04:09:44.411: DHCPD: pool test has no parent.
Feb 14 04:09:44.411: DHCPD: child  pool: 172.18.11.0 / 255.255.255.0 (test)
Feb 14 04:09:44.411: DHCPD: pool test has no parent.
Feb 14 04:09:44.411: VSTACK_PROTOCOL:
smi_insert_dhcp_options: Inside DHCP options
Feb 14 04:09:44.411: VSTACK_PROTOCOL:
smi_insert_dhcp_options:Role Not Director
Feb 14 04:09:44.411: DHCPD: no option 125
Feb 14 04:09:44.411: DHCPD: broadcasting BOOTREPLY to client 0024.e8e8.f5a8.
Feb 14 04:09:44.411: UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=308 forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Feb 14 04:09:FastEthernet0/1.500), len 328, output feature, NAT Inside(8), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Feb 14 04:09:44.415: IP: s=172.18.11.1 (local), d=255.255.255.255 (FastEthernet0/1.500), len 328, output feature, Stateful Inspection(27), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
Feb 14 04:09:44.415: L4F_DEBUG(PRO): enter L4F IPv4 process feature check [0x689812AC 0x686C8EA8 0x686C8E40] 41.783: IP: s=169.254.148.82 (FastEthernet0/1.500), d=169.254.29.254.148.82 (FastEthernet0/1.500), d=169.254.255.255, len 78, in4 04:09:44.427: fh_fd_syslog_event_match: num_matches = 0
Feb 14 04:09:44.427: fh_fd_data_syslog: num_matches = 0
Feb 14 04:09:44.427: process_get_socket_event(): pid 301, proc_soc 0x6863B340 fd 0 mask 0x1 sock 0x672FD360, sock->next 0x672FD360
Feb 14 04:09:44.427: read_ancillary: Check if in-bound IF is UN-numbered
Feb 14 04:09:44.427: remove_event(1):pid 301 fd 0x0, soc 0x672FD360 sock->event_mask 0 watcher 0x6863B364 watcher->event_mask 1
Feb 14 04:09:44.427: remove_event(2):pid 301 fd 0x0, soc 0x672FD360 sock->next 0x672FD360, sock->prev 0x672FD360, sock->event_mask 0 watcher 0x6863B364 watcher->event_mask 1put feature, MCI Check(80), rtype 0, forus FALSE, sendself FALSoEST received from client 0100.24e8.e8f5.a8.
Feb 14 04:09:44.427: DHCPD: Sending notification of ASSIGNMENT:
Feb 14 04:09:44.427:  DHCPD: address 172.18.11.11 mask 255.255.255.0
Feb 14 04:09:44.427:   DHCPD: htype 1 chaddr 0024.e8e8.f5a8
Feb 14 04:09:44.427:   DHCPD: lease time remaining (secs) = 604800
Feb 14 04:09:44.427: DHCPD: Appending system default domain
Istvan KalmarHead of IT Security Division
CERTIFIED EXPERT
Top Expert 2010

Commented:
Hi,

You need:
conf t
ip dhcp snooping vlan 100-600
no ip dhcp snooping information option
ip dhcp snooping
int giga 0/2
   ip dhcp snooping trust
Systems Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
When I removed the mask on the default-router everything started working.  Thanks!
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.