Cisco Switches :: 300 - VLAN DHCP Packets Not Passing?
Jul 29, 2012
I am seeing a problem with our Cisco 300 switches. We use these switches as access switches, with a stacked 3750-G at the core, two 2960-S at the distribution layer, and about 10 300 Series switches at the access layer (10 port and 28 ports, all PoE).
We use Voice VLAN (VLAN 14) for our Mitel phones – there is a DHCP server on the Mitel system. Phones come up, get tagged VLAN 14 (LLDP), Traffic flows (including Broadcast for DHCP etc…). The system works, and has worked for months.
One day, suddenly, I find that all the Mitel phones on a particular access switch are not working. I look on the Mitel system and the lease on DHCP has expired, and the phone is stuck on renewing its DHCP IP address. I run port mirroring on the switch for VLAN 14 to see what is happening. The phones are stuck on DHCP discover, and I see the DHCP Discover broadcast packets on the switch but nothing else, no DHCP offer packets – hence the phone stuck at boot cycle.
I then do a port mirror from another access switch (that is currently working) – I can see the broadcast packets from the Mitel phones on the broken switch, but on this switch I can also see the DHCP offer packets from the Mitel system. I run two port mirrors simultaneous from the two switches (one working, one not) and I can see that the DHCP offer packets are not coming through to the broken switch. Panic ensues – I look at the distribution layer and there is no problem what so ever.
For some strange reason, the Cisco 300 28 port has stopped passing DHCP broadcast packets on a particular VLAN, even though they are being sent. I power cycle the switch – and hey presto, DHCP offer packets are coming through, and the phones get an IP address and boot properly.
Forward a couple of weeks later, and to today. I have another phone that is showing the same symptoms, luckily it is the only phone on this particular Cisco 300 28 port. The same issue is occurring as described above. I gather as much diagnostic information I can then reboot the switch – but still no joy. I then remember that this switch is not directly attached to the distribution layer and instead gets trunked to another Cisco 300 28 port. I give that a reboot and 5 minutes later, DHCP broadcast offers are passing and the phone boots.
I am listing this problem as not just a ‘one off’ now, and is recurring. It has happened to two of my 300 28 port switches.
All Switches running 1.1.2.0. No link to up time – first instance of the problem, switch was up for 14 days – second instance (another switch) uptime of 39 days LLDP is working fine on the switches, as is Voice-VLAN (Port is tagged and broadcasts out DHCP Discover which is seen by other devices throughout network) Nothing in the log file on the access switch Nothing on the Dist/Core regarding STP – Spanning tree set up is fine throughout.
View 3 Replies
ADVERTISEMENT
Apr 17, 2012
I have a 5510 that has 2 site to site vpn's that aren't working. Phase 1 and 2 are up, but no data packets are being sent. This just started randomly 2 days ago after working for weeks.
View 6 Replies
View Related
Jan 18, 2013
I have a 2620 Cisco Router plugged into a 2924 Cisco switch by a trunk.The vlan configuration works, I subdivide my router interface with dot1q and have virtual machines on different vlans and everything works perfectly.The problem comes with a DHCP request.Let's say that I have my local lan on the native VLAN 1. I create a VLAN 25 in the switch and create a fa0/0.25 in the router.In the switch, I plug the cable modem from my ISP in a port on vlan 25In the router, I go to fa0/0.25 and issue "ip address dhcp".The DHCP request goes out, but never comes back. The problem seems to be in the switch because if I try the same thing with a virtual machine I have on a trunked VMWare ESXi server, I get the exact same results. I just don't get the IP address from the ISP.The next step would be to monitor the port on which the cable modem is connected and sniff the packets to see if the DHCP request actually gets back through.
View 2 Replies
View Related
May 19, 2011
I have Multiwan router with 1 port WAN and 4 DHCP Cable modem connected to SF 300-8. I want to connect 4 modem via VLAN through switch. I define Vlan2,3,4,5 on router also in Switch. port 1 on the router as trunk and the other port 2,3,4,5 as Vlan2,3,4,5 with VLAN mode Access. I tag port 1 on every VLAN also Untagged for each port. I having problem when I check the status from multiwan router. all IP address is the same (duplicate). what I want is each VLAN has own DHCP Address. Is that any miss configuration ?
View 6 Replies
View Related
Oct 11, 2012
I'm trying to set up a new Cisco SF500-24P switch for our new Polycom IP phones but I'm having some trouble configuring them. It seems a fairly basic setup - We have a Cisco 2800 series router which is configured in a router-on-a-stick scenario to give DHCP addresses to two vlans, '1' for data and '20' for voice...
ip dhcp pool DHCPROUTER
network 10.10.0.0 255.255.255.0
default-router 10.10.0.1
dns-server 10.20.124.200 10.20.124.201
[cod]....
The switch worked practically straight out of the box- when I connected a PC or a phone into it they both got addresses in the 10.10.0.0 range and both worked fine. In the web interface I then set the Voice VLAN ID as 20 and as soon as I did this the phones can no longer get addresses from DHCP (although PCs can). The switch and the phone display both show that the phone is in VLAN 20. All ports are members of VLAN1(native, untagged) and VLAN 20 (tagged) and the port connecting to the router is trunked, as are the others.Also, I can ping 172.16.0.1 from the switch so there is no routing problem, although I did try using the switch as a DHCP relay to 172.16.0.1 but still no luck.I'm not sure how relevant this is but one thing I noticed is that data going to the router untagged (and therefore in VLAN 1) gets through but if I tag it with VLAN 1 then it doesn't.
View 5 Replies
View Related
Nov 27, 2012
We currently have a cisco 4402 with firmware version 6.0.182.0 and 4 WLANs currently running on it, we found the need to add an additional WLAN and after the configuration was completed and I tried to connect to it I found that we are not getting an address. If i connect a laptop to the VLAN I can get an IP and am able to browse. If i hard code an IP into a device and connect to the wireless i am able to connect and browse.
View 7 Replies
View Related
May 27, 2012
My company AP 1231G is not passing the DHCP address to the client from the DHCP server, my config listed below basicly the AP is on its own VLAN 10.1.123.1 and the DHCP server is 10.1.10.2 -- trying to use iphelper to pass DHCP to clients and the AP is on static IP 10.1.123.2--
!
! Last configuration change at 13:15:56 +0800 Fri May 25 2012 by root
! NVRAM config last updated at 13:15:56 +0800 Fri May 25 2012 by root
!
[Code].....
View 1 Replies
View Related
Jun 10, 2010
I have 2 1242AG APs setup with one SSID and no vlans configured. The APs are connected to a switch along with my DHCP server. Clients are able to connect to the SSID but are unable to get an IP from the server. Clients can plug into the switch and get an IP. If I configure a static IP on the wireless card, the client works fine.
Is there something I'm missing on the AP to allow DHCP requests to pass through? IPhelper?
Here is the AP info: AIR-AP1242AG-A-K9 12.4(21a)JA1
View 7 Replies
View Related
Dec 14, 2011
Cisco Small Business Switch POE ESW-520-24P with a Wireless Access Point Cisco Aironet AP1141. Both the devices are upgraded to the latest firmware.
Connected to the ESW-520-24P is a Windows 2008 SBS 2011 with DCHP and Domain Controller. Along with the server I have a number of wired computers connected to the switch which do not have any issues and connect to the DHCP server without any problems.
When connecting two wireless devices to the AP1141, they get the IP address and DHCP from the server; but when connecting other devices apart the first two they will fail to connect to the DHCP server and do not get any IP Address. They manage to connect to the Wireless access point but they cannot contact the DHCP server.
View 17 Replies
View Related
Dec 15, 2010
We have setup a bridge between two of our offices using two WET200's in adhoc mode. Everything is connected fine and the signal strengh is good. All traffic pass's over the bridge correctly but DHCP requsts/replys seem to be failing to traverse the bridge. Our DHCP server is hosted on site A and the computers on site B fail to obtain thiers IP's from the dhcp over the bridge requiring us to use static IP's.Firmware is currently the latest.
View 1 Replies
View Related
Oct 9, 2012
I have a Cisco RV220W running the latest firmware (currently 1.0.4.17), and I have noticed that after about a week of use, wireless clients can no longer acquire IP addresses via DHCP.
I have used Network Monitor on both the DHCP server, and the WiFi client, and can see that the server is receiving the requests and sending a reply, but the client never sees the response from the server. So far the only way to resolve this is to reboot the router.
View 10 Replies
View Related
Mar 4, 2012
A little background on me: I do performance testing for a large corporation, so networking is like an old hat for me - but this has me spinning because it makes no logical sense to me.Here's the layout of my home network:CableModem(passthrough) -> WRT120N -> ENH200 (Access point) -> ENH200 (Client Bridge) -> Netgear N600Both the WRT120N and the Netgear N600 are providing wireless access to clients at both locations. N600 is set not to route or DHCP, and the WAN port isn't used.Initially the WRT120N wasn't in play because the cable modem was serving DHCP, but it wouldn't successfully send DHCP to most clients on the other side of the client bridge. So I installed the WRT120N (old, I know) and it was able to serve up DHCP to any and all systems... for a while. Now DHCP doesn't appear to be working fully again on the Netgear side of the bridge. One device registers in the WRT120N, the client list shows the mac as getting assigned an ID, but the device never actually pulls the address. Static works fine. Those that already have DHCP addresses work like a charm, so I know the link is stable. pingtest.net reports near perfection.
View 4 Replies
View Related
Feb 7, 2010
I have the bridge working but I have to assign a static IP address to devices connected to it. I can't get it to pick up an address from my DHCP server. Here's what I have:
Cisco ASA5505 (Firewall & DHCP server)
WAP54G - Access Point
WET610N - This Wireless Bridge
The ASA5505 successfully gives DHCP address to ALL wired and wireless computers. The WET610N has connectivity to the WAP54G. The status page indicates it's connected and I can get on the internet if I set a static address. However, once I configure my computer to automatically get an IP from DHCP, it just times-out and says limited or no connectivity. Again, when I set a static IP, I have connectivity to everything. I know the AP is working because I can get an address from my DHCP server (ASA5505) with my other laptops and even my cell phone. Why can't I get a DHCP address through this bridge (WET610N)?
View 4 Replies
View Related
Jan 16, 2013
I have two WAP4410N plugged into my Catylist 3560 switches.One of these switches is my Default Gateway for the LAN.The only way I can get a device to connect to the WAP4410N is by assigning it a static IP. Then it works perfectly.
View 10 Replies
View Related
Oct 8, 2012
Has anything changed in the way of defaults for creating a trunk port and spanning-tree between a 3750x and the newer 2960s? I have one of each I just took out of the box and applied my standard switch configuration template but I cannot get my VLANs that are configured on my 3750X to appear on the 2960S. I find nothing that is blocking and everything seems to be forwarding and I am running out of things to check.
View 5 Replies
View Related
Mar 28, 2013
We recently extended our access layer using a pair of 5ks with extenders. We have a pair of 6509s at our core and they handle the intra-VLAN routing with SVIs. I recently noticed that access hosts connected to the extenders cannot pass traffic between each other if they are in different VLANs. The strange thing is these same hosts can ping devices in other VLANs as long as the other devices are not connected to the 5k environment.
For example, consider the following hosts. Each host has their gateway set to the appropriate SVI on our core.
HostA - VLAN100 - connected to 5k extender
HostB - VLAN200 - connected to 5k extender
HostC - VLAN100 - connected to 2960 off our core
HostD - VLAN200 - connected to 2960 off our core
Each host can ping each other with the exception of HostA and HostB. As for specifics, we use HSRP (no VSS) between our cores.
When I ping between hostA and hostB, I see the egress packets on either 5k1 or 5k2. I then see ingress AND egress on Core1. There are no ingress packets on 5k1 or 5k2.The egress packets from Core1 show the correct destination MAC address of the target host. The mac address table shows the mac address on po31.
View 16 Replies
View Related
Apr 12, 2012
I'm struggling with a configuration issue on the Cisco SG200-08P. We are using the Cisco SG200-08P on a mobile cart that will go from class room to class room that will have computer and cisco Voip phone plugged into it. The issue is that each of our closets are in differnt VLANS ( 1 voice and 1 data....lets say data vlan 20 and voice vlan 2025 for conversation) and that we route to each closet.It would be great if I could just create a generic data and voice vlan to dynamically pick up what the upstream switch has however, it seems that I've been unsuccessful in doing so. I can pass the data Vlan no probablem. The upstream switch port is set to access port and a switch port access voice vlan (these are 3750x switches) If the above is not possible I guess I will take what I can get. Should I just create data vlan 20 and voice vlan2025 on the Cisco SG200-08P and make a trunk port on the Cisco SG200-08P and a trunk on the 3750x? Is there an option on the Cisco SG200-08P to tag voice traffic?I'm also concerned with VTP and I did not see an area in the Cisco SG200-08P to set that as a client and transparent mode.
View 6 Replies
View Related
Sep 5, 2012
I am trying to hook up a SF300 switch to a cable modem and then plug some phones into the switch that are configured with static IPs. I am able to access the switch without an issue, but need it to pass traffic from the phones to the network and it is not doing so. We cannot do trunking because we are not using BSoD modems yet (next phase). For now, we just need the switches to pass everything from the phones to the network as is. Any ideas?
View 4 Replies
View Related
Sep 15, 2011
I just purchased a new SF-300 managed switch for the purpose of using it on the DMZ, so we can mirror the internet port and monitor traffic for my company. I have set it up from the web interface to miror port 1 to port 2 and that's pretty much it. I decided to test it before putting it in production, by hooking it up to one of my core network switches, connecting a laptop to it and trying to get online. It doesn't even connect to my DHCP server to get an IP address. If I put the laptop back on the same subnet as the switch management IP, I can still connect to the switches web interface. Isn't the basic functionality of a switch to pass traffic?
I should also mention that I'm not a network engineer, so there might just be something I'm missing with regard to a default setting that needs to be switched off?
View 4 Replies
View Related
Dec 27, 2011
a power analyzer in my network is sending some packets that are unexpected and incorrectly recognized as DHCPOFFERS. As a workaround, I would like to filter those packets with my Cisco switch 3750.Suppose IP_POWER_ANALYZER is the ip address, what could be the best choice
1. deny udp any IP_POWER_ANALYZER eq bootpc
2. deny udp any IP_POWER_ANALYZER eq bootpc; deny udp IP_POWER_ANALYZER any eq bootps
3. deny udp any eq bootpc IP_POWER_ANALYZER eq bootps
View 2 Replies
View Related
Mar 23, 2013
I am trying to block all dhcp packets through 2960S lan base IOS. But when i set no trust interface for dhcp snooping, the dhcp packet source port will be err-disabled. Is there any other solution to block any DHCP packet through switch without interface or other service outage?Is possible to block DHCP packet through specific VLAN?
View 6 Replies
View Related
Jun 15, 2013
SG-300 52 native VLAN blocking network packets
View 3 Replies
View Related
Jan 9, 2013
I recently installed DHCP snooping on a 3750v2 switch (Version 12.2(55)SE4) and configured the uplink(Po2) as a trusted port. The problem is that clients cannot receive an IP address. When I disable DHCP snooping it is working properly. DHCP snooping is configured correctly but I don't have an idea how to resolve it. [code]I tested the solution on the same kind of hardware switch and firmware and it worked out fine. What is causing the clients not to receive an IP address from the DHCP server?
View 10 Replies
View Related
Oct 17, 2012
I've a big problem with a loss of packets ICMP sent by different hosts in differents VLAN. Here my architecture:
Core Switch : 2 Switch's C6509 (Version 15.0 (1) SY1)- Mode VSS - One lien VSL , the other link is defective.Access Switch: C3750 , Connected to Core Switch through 2 fibre optique wires.Topology: redundant ring
When I send consecutive ping message I found always a missing of packets . Furthermore When I insert the "show ip traffic" command., the parameter "bad hop count" increase after a loss of packets. I've 2 hosts connected in my network and they send packets with TTL =127.
In the Core Switch I haven't configured the MEC because it gave me troubles with the packets multicast.
View 1 Replies
View Related
Mar 29, 2012
I faced with issue on ME3800. [code] With that configuration there is no problem with DHCP Relay packets.But if I add on interface #xconnect 82.199.1 19.1 77 encapsulation mpls it will stop forward DHCP relay packets immediately. All other traffic transfers without problem.
View 2 Replies
View Related
May 12, 2011
We are trying to config vlan 10 for data and vlan 20 for voice on the same port - port 1 of swtich SF300-24P to run both data and voice on different vlans.Do I have to add vlan 10 as an untagged vlan to port 1 and add vlan 20 as an tagged vlan to port 1?If I do not want to assign the native vlan 1 to port 1, how can I remove it ? The GUI page - assign VLAN to port does not allow to remove it.Aslo, what mode shall I set up on port 1? General, trunk or access ?
View 18 Replies
View Related
Feb 20, 2012
We have 2 6513 switches with SUP720/PFC3A and various POE modules and a 6748-GE-TX facing our servers. Additionally, we have a 4Gbps portchannel trunk interconnecting the switches. We have approximately 300 Nortel IP 1140e phones in use between the two switches.For the purpose of call recording, we've attempted to mirror the voice vlan using various approaches and have been met with limited success. We mirrored the VLAN using tx, rx, and both. When using both we appear to get duplicate packets at the destination interface.We seem to lose packets completely going in one direction or another for a given call. Packets are lost before they get to the destination interface?
View 2 Replies
View Related
Jan 20, 2011
I have a Netgear GSM7248R switch with 5 different Vlans including th management Vlan. Each of the vlans are connected to my layer 3 switch for routing. I want to access the management vlan form any of my Vlans so my layer two switch can be detected by my snmp manager.
View 3 Replies
View Related
Apr 6, 2013
I have some problem in my small network.I have 2 SF-300 48 port switches and connected to 847 router for intervlan routing. I configure 7 vlan in SW1 and uplink to SW2 with trunkport.
The problem is that if i used default gateway for users ip address of interface (vlan interface) is ok. I bring two adsl modem and connected to vlan1 and vlan2 for internet access. When i connected this two modem vlan 1 and vlan 2 are not going to access other vlan 3,4,5,6,7 and wise versa.
vlan1 users getting default gateway from adsl modem ip, how i can permit this two vlan should to access other vlan 3,4,5,6,7 and 3,4,5,6,7 should access to internet also.
[URL]...
View 4 Replies
View Related
Apr 10, 2012
We have a customer who we sent to Cisco to replace some aging Dell switches. They purchased 5 SG300-52’s for 2 different networks. Their production LAN has 2 “live” switches and 1 spare. The 2nd, a development LAN has 1 switch and 1 spare. Their primary production SG300-52 has GE1-8 VLAN’d off as VLAN2 for public IPs. The untrusted (WAN) interfaces of 2 x ASA-5510’s, 1 x ASA-5505, and 2 x RV082 v2’s are connected to GE2-6. GE1 is the uplink to the co-location center’s Cisco switches. GE7 & 8 are spare ports. Each SG and device port is hard coded for 100/Full.
One of the ASA-5510’s and the ASA-5505 maintain a site-to-site VPN (the development LAN used to be in a different facility hence the VPN). Recently the developers have stated the performance is horrible. I noticed ping traffic loss from PCs on the dev side to servers on the production side in the order of 20-30%. I assumed it was a VPN issue so I opened a ticket with Enterprise TAC (all the ASAs and the SGs have either SmartNet or extended support contracts). TAC determined the problem happened even if you ping from inside the ASA to the untrusted side of the other ASA thus eliminating the VPN as the culprit.
The 2nd ASA-5510 has the AIP module and was not even live until this weekend. Turning it up and giving it a basic config returned the same results. #ping x.x.x.x repeat 100 will drop 20-40 packets. I have no security enabled on the SGs and even tried using the spare SG300-52 this weekend in place of their primary with the same result. I’m to the point of returning one of the Dell switches to production, but this cannot be a good sign. I’m also a bit frustrated that I’ve yet to figure out how to get Cisco Enterprise to speak with Cisco Small Business on this. The customer has over $10k invested in Cisco equipment and Cisco isn’t jumping in to figure this out.
The latest rep wants a packet capture from the SG300’s VLAN2 but there are no PCs there to do this with and the manual doesn’t even talk about doing this. How we can do this as well as get the 2 divisions working together to fix this? BTW, the RV082’s exhibit the SAME exact problem. I can ping from ANY device on VLAN2 to any other device and drop packets. Copying a simple 1MB file over the VPN can take minutes where it should take 1 second. I can reproduce this for 24/7.
View 8 Replies
View Related
Feb 23, 2012
What is the switch latency for a SG302-8P for L2 and L3 packets?
View 1 Replies
View Related
Oct 23, 2011
My C6500 is having relatively high CPU (no spikes, but constantly)
I'm under the impression that cef is causing this problem because alot of packets are being processed or send to/from the CPU. [code]
I did a netdr and I can see that the majority of packets going to the CPU are packets for which I have an entry in the CEF table.What can be a reason why those packets don't get hardware switches?I'm running Version 12.2(33)SXH5 - Sup720-10G.
View 4 Replies
View Related
Mar 8, 2011
Few systems on my LAN stops recieving packets but sending, this happened after i changed my switch, i run xp professional. i have tested cables, NICs,etc.
View 1 Replies
View Related
