Cisco LAN :: 3560 To Use IP Address Helper Feature
Mar 5, 2012
I would like to use the ip address-helper feature of my 3560 switch to point 10.1.0.0/24 to my Windows DHCP Server on 10.0.0.0/24 and I am unsure how to go about doing this.
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1 ----------------------------------- | 4500 | ----------------------------------- interface Vlan1 ip address 10.10.0.2 255.255.0.0 ip helper-address 10.10.0.1 standby 1 ip 10.10.0.1
I have a stack of 3750's running IOS 12.2(25). "IP forward-protocal" command is configured, but the IP helper command is just not an option to put on an interface. Any have any idea of why that could be?
I am trouble shooting a SF 200-48P and I am a bit lost without a CLI not used to the GUI. What I need to know is how to add the IP address helper command to the switch?I have a number of IP phones which are not getting an IP address from DHCP (PCs which are diasy chained off the phones are all working correctly). On the higher end switches I would have added the IP address helper command to the VLAN and that would have sorted it. How to do this on the small business switch.
Version 12.2(33)SXI int vlan 1 description client vlan ip vrf forwarding A ip address 10.1.1.1 255.255.255.0 standby 129 ip 10.1.1.2 standby 129 timers 1 4 standby 129 priority 105 standby 129 preempt ip helper-address 10.1.2.20
[code]....
dhcp requests are not making it to the dhcp server SAME VRF (ip helper-addres is not doing anything.....)extended vrf traceroutes on udp 67 sourced from vlan2 are fine
I am expecting udp unicast packets on port 67 "giaddr" relay packets on the DHCP server generated and sourced by the relay on Vlan1
eg. Mar 1 01:59:06.731: DHCPD: setting giaddr to 10.1.1.1
This exact setup works in our preprod environment with the same code.Only difference is we run Distributed etherchannel on the 6500's where this doesnt work.
Wireshark on the client I can see the requests being sent Going to check it with debug ip dhcp server to check the relay logs out of production hours.
I have seen so many people say it IS and ISN'T supported on this version of the code.e.g. [URL]
I am aware the helper-adddress should inherit the vrf of the interface ip helper-address vrf command is not supported.The fact it works in the PP environment.... could this be due to the Distributed EtherChanel difference? or just some bug....
I have the following scenario. Connected to a Cisco 3560 switch (fa0/9) is another Cisco switch (that is operating at layer 2). On the other side of that second switch is a firewall. I want to send traffic from my Cisco 3560 switch to a network behind the firewall. [code] However, when I try to add the ip address to int fa0/9, I get an error. Right now, the 3560 is operating at layer 2. I think that I need to issue the command: "ip routing" to put it in layer 3, then put the ip address on port fa0/9. However, I am concerned that I will mess up my production environment. Is there any other way of doing this? The "ip route 0.0.0.0 0.0.0.0" statement sends traffic out the gateway to the Internet. I just want to send packets to 209.52.62.16/28 out int fa0/9.
i'm using some catalysts 3560 with 10 VLANs and inter vlan routing. we use a windows deployment services server to install our workstations. the pxe boot works fine. the image is loading, and when the windows 7 PE is booting, the dhcp request failes. when i use a small not manageable switch between the computers and the catalysts, it works fine.all other things work fine.
Problem is that at some C65K I have directly connected Unix servers and the don't show MAC address at port, and same has happened at 3560 switched where I have too Unix based equipments connected. When use show mac-address interface XXXX, nothis appears at port and tested them with other equipments that worked fine.
We have a server connected to a 3560 switch which in turn connects to 6500s. The gateway interface is on the 6500. We will be changing the 6500s so the mac address for the gateway will change, however the IP address will remain the same. As we change out the 6500s the uplink connections to the 3560 will go down. This will flush the old mac address from the 3560.When the 3560 removes a MAC address does it update servers so they have to relearn the correct MAC address?
we have a 3560 switch configured with EIGRP with dhcp. We have a user that we cannot ping, however the interface show up / up and no errors on interface. the ip address is 10.2.0.199 - however we have dhcp configured to exclude the range from dhcp ip dhcp excluded-address 10.22.0.1 10.22.0.200 how can this work station get a dhcp address if we have that ip range excluded from the dhcp pool?
The user is off a different switch that is a uplink to this distribution switch. Traceroutes shows that the problem is with the distribution switch.
I have Cisco 3560x layer 3, but there is one problem with MAC ACL. Here is sample scenario:
I have two V LANS 2 & 3. There is one device (D1) on V LAN 2 and three (D2,D3,D4) devices on V LAN 3. D1 can talk only to D2 and D3. D4 can talk only to D2 and D3. D1 and D4 cannot talk at all. I got the IP access list all set, but I was asked to get the MAC ACL on it. The problem is that as soon as packet is routed, its MAC addresses will change, correct? Is there way of preventing device with same IP but different MAC from talking to device it should not to, keeping in mind that the packet will be routed?
Cisco PIX Security Appliance Software Version 8.0(2) Device Manager Version 6.1(5)51
Cisco PIX Security Appliance Software Version 8.0(2)Device Manager Version 6.1(5)51 Running VPN on this device with an internal DHCP Pool tunnel-group JVusergroup type remote-accesstunnel-group JVusergroup general-attributesaddress-pool JVusergroup-DHCP-Pool I would like to use an external DHCP insted of the pix itselvf. How do I relay (IP-helper) DHCP request on the VPN policy to an external DHCP-server?
I have some Ethernet-connected cameras that all have the same Ethernet MAC address FF:FF:FF:0A:0A:0A. They were originally designed to directly connect to a Windows PC, but they can also connect through a simple unmanaged switch.A Catalyst 3560 switch won't forward packets to or from anything with that MAC address, at least not by default. Is there a way to convince the switch to do so?
It was my hope to replace the dedicated connections we have for these cameras with a separate VLAN for each camera, and switch them through our existing switch network. Given that all of the cameras use the same MAC address, putting them on the same network is out of the question, but different VLANs, where the only two devices on each VLAN were the camera and the PC that uses it, would be fine.
The switches run IOS 12.2(55) SE through SE3. I learned the camera MAC address from the PC's ARP table while the camera software runs; it turns out the cameras don't have a full IP stack either and don't even do ICMP.
I've a Cisco 1941W router which is DHCP server for data-VLANs and uses ip-helper for voice-VLANs. [code] I don't know why I can't have IP from wireless voice VLAN whereas it is OK and wired voice VLAN and conf is the same!
I have 2 3560 switches that are running 12.2(25)SEE2. Port security is enabled on some of the ports. Whenever there is a power failure, when power is restored, 1 port on each switch goes to err-disabled. The mac address that causes this is a valid address for that port. Below is the configuration on one of the ports.
Setting up a stand-alone WDS/PXE server.Current we have helper addresses setup to forward the DHCP requests from the different VLAN's to the DHCP server. The WDS/PXE server we are setting up is on its server. How do we craft the helper addresses so DHCP requests go to the proper server hosting DHCP and PXE requests go the WDS server?
Everything I seen on Microsoft Technet, lists using Helper Address as the recommended way, but assume both services are on the same server. Our helper address is as follows on each VLAN interface in router: ip helper-address X.X.X..This is a Cisco 3750.
I am attempting to send net and IPTV multicast to an Entone STB. This STB has some OTT features such as Vudu that need internet access. The DHCP address that we receive from our ISP strictly sends multicast streams to the STB.The first challenge is allowing DHCP options to pass through to the STB.Then I need to figure out a way to pass both the net and multicast to the STB.
I'm running a cisco 891 with ios Version 15.2(4)M3 ,now I have a dialer 0 interface with fast0 and 1 as well, all is working fine.now I just read about the new sh int 'INT' history feature but when I do it I get nothing.. not a graph or anything I get just nothing as if I just hit enter.anything I need to do to enable the feature?,if I do a sho proc cpu history that works just fine but not the sh int XYZ history commands
I have cisco 3560G with C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(53)SE1 Image. I want to configure it for EEM feature so that when my Gig 0/7 port goes on it will automatically shutdown the port Gig 0/1.
I'm a bit confused about new NAT functionality in Ver 8.4(2). I've gone through all the documentation as well as different blogs but still not clear about the various things.One of these is NAT-CONTROL. I understand that this has now been removed. Does this means that traffic traversing the ASA doesn't need any NAT'ing commands unless specifically required by the administrator? In other words by default traffic is allowed through the firewall without any NAT'ing.
My Second Query
I've ASA5520 running ver 8.4(2). For inside interface, I've created 13 x sub-interfaces under Gi0/1. All have same security level i.e. 100. What I want to achieve is that:Traffic from these sub-interfaces should be NATTed to outside interface when going to internetBut, intra sub-interface traffic should be allowed without NAT'ing. I'm using RFC1918 on both sides i.e. source / destination The first point is not a problem it's working, however. I'm struggling with the second point. On ver 8.2, it wasn't a problem, I used NAT 0 with access-list permitting RFC1918 addresses as source and destination.
My problem with ASR 1006 as i tried to use the feature IRB ( integrated routing and bridging ) but i find that this feature is not supported i assume it may be a problem with IOS version or may be i made he configuration not in the proper way
so i am asking to try this feature on ASR 1000 series and work with it as I test this feature on other routers and it work just fine.
I've a new Dlink DIR-632. All ports snif from outside are answering stealth by default. And the port forwarding feature works good.The problem is that I would like to allow a trusted net IP to reach my computer, whatever the request may be (whatever tcp/udp and on any ports). A kind of DMZ just for a precise IP. I tried the inbound filter feature. I've choosen allow, and I've put the remote IP start and end the same IP. It has been added correctly to the list. However, this IP still doesn't seem to be able to access to my computer on any port unless it tries on an already forwarded port.
I've looked in many places but cannot see how or if it is possible to configure a phone, in CUCM to have a feature ring instead of the normal ring.In CUCME you go into the ephone x configuration mode, and assign the DN to the phone with the button xfx command. What this gives you is a slightly different ring tone when a call comes through. If I am not mistaken it is the same ringtone they use on the show "24".Is there a way to do this "feature" with CUCM?
We are currently installing RV-042 V3 Dual WAN VPN Routers for a Customer with an HQ Office & 3 Branch Offices. The Customer recently requested to use the WEB Filter feature available in the RV-042 V3 Router to do the followng : - " Block all the HTTP Traffic Except for the company Website " We tried all the Combinations between " Access Rules " & " Content Filtering " available under the " Firewall " but we always reach the result that either to Allow ALL HTTP Tarffic to All Websites or to Block ALL HTTP Traffic.
how to Block all HTTP Traffic except for certain URL ( Using the URL Name NOT the IP Address ).