VLAN DHCP Issue - Computer being offered DHCP address, but not accepting it
Greetings,
Newbie to VLANS here and I have a "lab" setup that I'm working with prior to an installation that will benefit from VLAN Topology. Here's the basics of the test environment.
Internet--->ZyWALL USG20 Firewall--->Cisco 2960G Switch--->Computer
ZyWALL IP is 10.1.1.1/24 with DHCP Active
Switch IP is 10.1.1.254
Management of both devices work fine as does Internet access on Native VLAN1
Steps done to create VLANS:
On ZyWALL
-Create two Zones for VLANS
-Create VLAN10 and VLAN20, both using LAN1 as "base"
-VLAN10 ip is 10.10.1.1 with DHCP server active starting with 10.10.1.50
-VLAN20 ip is 10.20.1.1 with DHCP server active starting with 10.20.1.50
-Created Policy (rule) for VLAN10 and VLAN20 zones to access the WAN
-Connect LAN1 port on ZyWALL to Gi0/1 on switch.
On Switch
-Create VLAN10 and VLAN20 on switch; VLAN1 (default) exists as well
-Set Gi0/1 to 801.2Q Trunk with "ALL" VLANS included
-Set Gi0/9 to VLAN10/STATIC ACCESS
-Set Gi0/11 to VLAN20/STATIC ACCESS
Any connections on VLAN1 (default) work as expected. DHCP, DNS, Internet all good
Connecting a computer to Gi0/9 (VLAN10) results in the computer using 169.X.X.X address on the nic, HOWEVER, in the ZyWALL DHCP logs there are entries reading
"DHCP offered 10.10.1.50 to <COMPUTERNAME(MACADDRESS)>
Same result for Gi0/11 (VLAN20)
Obviously I'm missing something in the config on the server or swtich, because the computer is asking for an address, the DHCP server is handing one out, but the computer is not registering the offered address.
Forgot to add this comment to the original post - I did try setting the computer IP static within the scope of VLAN10 and that didn't allow any transit on the network either.
Suggestions, diagnostics, sage advise all welcome and appreciated!
Thanks in advance
AiresUpNorth
Newbie to VLANS here and I have a "lab" setup that I'm working with prior to an installation that will benefit from VLAN Topology. Here's the basics of the test environment.
Internet--->ZyWALL USG20 Firewall--->Cisco 2960G Switch--->Computer
ZyWALL IP is 10.1.1.1/24 with DHCP Active
Switch IP is 10.1.1.254
Management of both devices work fine as does Internet access on Native VLAN1
Steps done to create VLANS:
On ZyWALL
-Create two Zones for VLANS
-Create VLAN10 and VLAN20, both using LAN1 as "base"
-VLAN10 ip is 10.10.1.1 with DHCP server active starting with 10.10.1.50
-VLAN20 ip is 10.20.1.1 with DHCP server active starting with 10.20.1.50
-Created Policy (rule) for VLAN10 and VLAN20 zones to access the WAN
-Connect LAN1 port on ZyWALL to Gi0/1 on switch.
On Switch
-Create VLAN10 and VLAN20 on switch; VLAN1 (default) exists as well
-Set Gi0/1 to 801.2Q Trunk with "ALL" VLANS included
-Set Gi0/9 to VLAN10/STATIC ACCESS
-Set Gi0/11 to VLAN20/STATIC ACCESS
Any connections on VLAN1 (default) work as expected. DHCP, DNS, Internet all good
Connecting a computer to Gi0/9 (VLAN10) results in the computer using 169.X.X.X address on the nic, HOWEVER, in the ZyWALL DHCP logs there are entries reading
"DHCP offered 10.10.1.50 to <COMPUTERNAME(MACADDRESS)>
Same result for Gi0/11 (VLAN20)
Obviously I'm missing something in the config on the server or swtich, because the computer is asking for an address, the DHCP server is handing one out, but the computer is not registering the offered address.
Forgot to add this comment to the original post - I did try setting the computer IP static within the scope of VLAN10 and that didn't allow any transit on the network either.
Suggestions, diagnostics, sage advise all welcome and appreciated!
Thanks in advance
AiresUpNorth
Did you allow a policy UDP port 67, 68 on the VLAN10 & VLAN20 interfaces? (comparable to the rules on the LAN1 interface.)
ASKER
noci,
No, I didn't as the tutorial I was using mentioned I was to use LAN1 as the "BASE" (a ZyWALL specific term in the VLAN setup screen) for the VLANs as "It would provide all the same access that already exists in the LAN1 configuration). That being said, I'll certainly give it a try. It beats banging my head on this wall without good result. :) I'll give that a shot and let you know what happens.
No, I didn't as the tutorial I was using mentioned I was to use LAN1 as the "BASE" (a ZyWALL specific term in the VLAN setup screen) for the VLANs as "It would provide all the same access that already exists in the LAN1 configuration). That being said, I'll certainly give it a try. It beats banging my head on this wall without good result. :) I'll give that a shot and let you know what happens.
I have no access to Zywall 20 atm. Zywall 100/200 (i can look at those) are different firware setups.
ASKER
noci,
I tired your suggestion giving both VLANS access through UDP 67,68 and no change to issue.
I tired your suggestion giving both VLANS access through UDP 67,68 and no change to issue.
From VLAN10 <-> ZyWALL?...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.