Cisco Switching/Routing :: 3560x / Block DHCP Requests Over VLANs
Jan 10, 2012
I have two 3560x Catalyst switches setup between two different locations. They link via a PTP line (Layer 2). I have setup Intervlan routing between the switches and that works fine.Each location has a separate subnet and a Windows DHCP server for each subnet.I want to block any DHCP requests to be sent from hosts on one subnet to the DHCP server on the other side (i.e across the PTP link) What is the best method to do this?
I have several Cata 3500XL switches connected to one 1 HP L3 switch which is connected Sonicwall router. Vlan1 has subnet of 10.10.0.0/24 and Microsoft DCHP server lays inside VLAN1.
Now i want to add VLAN11 (192.168.10.0/24) as second data VLAN but DHCP requests should go to microsoft DCHP server.
This is what i did: Configured VLAN11 IP on each cisco switch IP default gateway with IP from other subnet (i guess this is bad since maybe it should be IP of VLAN11 on HP L3 switch?) Trunk ports are configured to pass everything on cisco switches On VLAN11 i configured IPhelper IP to be MS DHCP server on each Cisco switch
I haven't tested this yet but i have problem in process.I can't ping VLAN11 IPs between switches (i configured VLAN1 and VLAN11 with IP). When client plugs computer to a port that belongs to VLAN11 will i be sure that client will get IP from the 192.168 range or there is possiblity that he gets IP from the management VLAN range?
I have a Cisco 3560X 48 port Ip base switch with v lan configured and ip routing. Ports 1 and 2 are in ether channel and routed ports to ASA and have their own network of 192.168.22.49/30. The ASA is configured with the same config for ports 1 and 2. The channel group ip address on the 3560X is 192.168.22.49/30 while the other end of the up link is the ASA and its configured with .50/30.
I have 6 v lans plus the one native v lan. They are all configured with ip addresses. Each V lan should be able to talk to one another other than DMZ v lan which is trunk and routed directly in the ASA. On the switch I can ping the IP address on the ASAs up link .50/30 but I cannot ping the ASA from any host on any of the V lans. My switch config file is posted below. The ASA seems to be able to ping any host in the VL ANS due to static routes that are in place. Why I'm not able to communicate to other v lans or even ping the ASA?
Config for 3560X L3Switch#sh run Building configuration... Current configuration : 8056 bytes ! Last configuration change at 00:45:43 UTC Mon Mar 8 1993 version 15.0 no service pad [code]....
Cisco Small Business Switch POE ESW-520-24P with a Wireless Access Point Cisco Aironet AP1141. Both the devices are upgraded to the latest firmware.
Connected to the ESW-520-24P is a Windows 2008 SBS 2011 with DCHP and Domain Controller. Along with the server I have a number of wired computers connected to the switch which do not have any issues and connect to the DHCP server without any problems.
When connecting two wireless devices to the AP1141, they get the IP address and DHCP from the server; but when connecting other devices apart the first two they will fail to connect to the DHCP server and do not get any IP Address. They manage to connect to the Wireless access point but they cannot contact the DHCP server.
We've got 5 remote offices with cisco 881 routers, Win Clients behind them and all routers connected via vpn site-to-site to central software router.
Mostly all clients recieve ip addresses from routers in their subnets 192.168.x.024 We have Win DHCP Server in subnet 192.168.181.024
The problem is that some of clients,physically sutuated in 192.168.10.024 subnet, recieve ip addresses from Win DHCP server from 192.168.181.024 subnet.
Here's part of cisco cfg:
interface FastEthernet0 no ip address ! interface FastEthernet1
After configuring DHCP, all the users needs to get IP from USER VLAN and all the servers should get IP from SERVER VLAN. If yes, what are the steps as I am very new in this kind of configuration.
Do you have the ability to setup DHCP servers on this layer 3 switch? I know I can with my old 3550 switch. Want to upgrade and make sure this model supports setting up dhcp servers on it.
I have a LAN with 6 vlans and a 2821 router. By default, intervlan routing is enabled for all vlans, however, I want specific vlans to be denied access to others, though all should still be able to use the Internet being served from GE/0.
I have a Cisco C3560CG which is running C3560c405ex-UNIVERSALK9-M), Version 12.2(55)EX2.The switch has vlan 1 and vlan 50 configured, vlan 50 should have access to a limited number of host in vlan 1.The following acl has been applied on the inbound to vlan 50:
I sure the above would work, but for some reason some of the packet counter are not incrementing but the traffic is being blocked. But I would like to see the counter increment.Also I have that I may beed to use VACL wouls this be the case?
I am trying to block all dhcp packets through 2960S lan base IOS. But when i set no trust interface for dhcp snooping, the dhcp packet source port will be err-disabled. Is there any other solution to block any DHCP packet through switch without interface or other service outage?Is possible to block DHCP packet through specific VLAN?
I can't seem to find any info on how to configure 2 DHCP server pools on a C3750, to use with 2 user vlans. The purpose is that users in vlan 1 should get an IP address from DHCP server1, and users in vlan 2 should get an IP address from DHCP server2. Both DHCP servers are configured in a stack of C3750 switches, which acts a a L2 switch.
We have an 1140N AP connected to a switch and our "network partner" controls the router and will hand out DHCP and do the NAT for this WLAN. How can I configure the AP to forward DCHP requests through.
I have WPA2 PSK (TKIP) setup and the client is able to authenticate however we fail to get an address. In this case the Ethernet interface was left alone so it has the default config and it gets a DHCP address fine. How can I configure this AP to enable the rest of the WiFI clients to get an IP?
I have 2 1242AG APs setup with one SSID and no vlans configured. The APs are connected to a switch along with my DHCP server. Clients are able to connect to the SSID but are unable to get an IP from the server. Clients can plug into the switch and get an IP. If I configure a static IP on the wireless card, the client works fine.
Is there something I'm missing on the AP to allow DHCP requests to pass through? IPhelper?
Here is the AP info: AIR-AP1242AG-A-K9 12.4(21a)JA1
I am trying out a DAP-1513 unit but there is no forum section for this? My question seems to be general and might cover the other models also. Do the DHCP request, from the attached LAN devices on the DAP, get pass to the DHCP "server?"
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE) 6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4 For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
I have a school with 550 iPads. We are using two 5508 WLCs sharing the number of APs. The DHCP server and the default gateway for the network are on the firewall. The clients are able to get a DCHP. After some time, maybe about longer than a month, the clients are no longer able to get DCHP addresses. A reboot of both controllers takes care of this. Presently we are runing 7.2.110 OS. I am going to upgrade to the latest 7.4.100, and reload tonight.
I have a Linksys WAP200 Wireless-G Access Point problem. It is SW version 2.0.4.0. I have it configured for a small network and the problem seems to be that it is not forwarding DHCP requests onto my DHCP server. I know that it is not a SSID or Key issue as when I give my devices static IP addresses, they communicate fine within my system. The only issue seems to be when the devices make DHCP client requests. I also know that the problem is not my DHCP server as it has the device's IP / mac addresses in its configuration file and other wired devices are able to communicate with it to get their IP address through DHCP.
I have seen that there was talk in some blogs about WAP200 no forwarding DHCP requests and I was hoping that updating the device to the latest release would have resolved the problems.
We have setup a bridge between two of our offices using two WET200's in adhoc mode. Everything is connected fine and the signal strengh is good. All traffic pass's over the bridge correctly but DHCP requsts/replys seem to be failing to traverse the bridge. Our DHCP server is hosted on site A and the computers on site B fail to obtain thiers IP's from the dhcp over the bridge requiring us to use static IP's.Firmware is currently the latest.
I have a sg200-18 connected via one of the ports to my ISP's router/modem. Using an unmanaged switch everything works as expected, but after a few days on my sg200 my two computers fail to get assigned IP's and cannot connect to anything. I also have a couple printers that seem to have no problems getting their IP's passed through to the router as I can use them fine from my machines when connected to the unmanaged switch.
Is there a possibility I don't have my switch setup properly to know that all outgoing data must go to the router, or UDP traffic is being dropped somehow?
i cant find any difference in these two devices when i am trying to compare throughput.I need upgrade our new POP and there will be around 4900 MAC adresses in VLAN 150 and 130 MAC adresses in vlan 200.Uplink is 1 gig routed internet connection and there is 14 downlinks to separate villages.i found a few differences for eg stack interface on 3750x but i dont need it.
i have several cisco 3500XL switches with trunking. I created a VLAN lets say 20 which purpose is for wireless clients. I installed wireless controller with 4 APs and controllers sees all 4 APs. Controller is also DCHP server. When wireless client authenticates it's DCHP requests in not getting to DHCP server (controller). If i connect all equipment in non managed switch everything works.
I'll start out with the fact I work mostly with Wi-Fi and not a lot in the security realm... If I plug my workstation into the 3560, my wired client adapter can get an IP address. But the WLAN adapter will not when associated to WLAN.Usually this is not a problem since you may only have two access points on the controller and a dozen or so hosts. In my case, however, I want to put a few of the ports on the 3560 into the same VLAN as the WLAN on the 2106 so I can give them the same guest access as the WLAN. The hosts plugged into the 3560 get an IP address without issue from the ASA. When I disable dhcp proxy, the WLAN clients get an IP address, but then the APs cannot get an IP address from the internal DHCP server on the WLAN controller, and cease to function when rebooted since they cannot get to the controller without an IP address.
Any way to configure the ASA to accept the modified DHCP packets from the WLAN controller? It appears to me that the ASA is not able to accept DHCP relayed packets.
I unpacked a new 3560x and went to put our standard code version on it c3560e-ipbasek9-mz.122-53.SE2. Everything seemed to upgraded fine but it won't boot to a console prompt. It seems like it loads the IOS image fine but can't get passed the Front-end Microcode IMG MGR: Programming device 0. [code]
We have a small site that has an Avaya voice switch connected to a c3560x switch.The avaya tech told us to set this on our ports to which the phone and the desktop are connected.
Setting up a stand-alone WDS/PXE server.Current we have helper addresses setup to forward the DHCP requests from the different VLAN's to the DHCP server. The WDS/PXE server we are setting up is on its server. How do we craft the helper addresses so DHCP requests go to the proper server hosting DHCP and PXE requests go the WDS server?
Everything I seen on Microsoft Technet, lists using Helper Address as the recommended way, but assume both services are on the same server. Our helper address is as follows on each VLAN interface in router: ip helper-address X.X.X..This is a Cisco 3750.
I have seen a similar post here from last year about a 10/half connection, but this is different. I have a provider using a 2950 switch (they left CDP on so we can see it). And we have to be set to 10/full to make this connection (as you know 10/half connected here would be or is horrible). I have had this connection running on my 2921 router w/o issue but when I connect it to my 3560X, then I get no link light (shows down/down, not connected).
What else to know about what has been tried: Connecting link to switch with switch set to auto/auto (sp/dup). Speed is 10 (as it should be) but of course w/o the other side pulsing the voltage to know what to auto to, it defaults to half so this is unacceptabel, but, I do get a link light and can pass traffic, it's just a horrible experience.
Also tried the same setting speed and duplex vs. auto disco speed and duplex on other ports of the switch, no difference, same results. Also different patch cables, same results.
My current work around is to connect the providers 2950 (10/full) to my 2921 router @ (10/full) with a BVI to another port on the router which continues on to my 3560X at 1G/full. And this works just fine. Here's more info from my 3560X and the providers 2950:
If the 3560 or 3750 "X" series support GRE.I am pretty certain the older 3750-E does not support GRE (both in hardware and software)Was hoping the new super duper X series do. If not, it could get expensive
I have a 3560X switch with interfaces 36-48 on the same LAN. All interfaces are switchports. Hosts on 38, 39 and 40 are multicast senders: all sending to the same single multicast address. Hosts on 36 and 37 are receivers, having joined that multicast group. I created an SVI for the LAN and put it in ip pim passive. (That is the only PIM mode allowed for an SVI with my IOS.) Show ip igmp snooping groups shows that 36 and 37 are the only interfaces in this group. I attach a laptop to interface 42 and Wireshark, and the laptop is receiving the multicast traffic. The laptop does not join the group. I expect it would not see the traffic.
