Cisco Switching/Routing :: 3750 Not Handing Out IP Addresses
Jan 10, 2013
We have a 3750 running IOS ver 12.2 (44) SE, it has performed great and we have never had a problem with it. However we have noticed that when we had an outage some of our Wireless APs didn't come up as they get DHCP from the 3750. The DHCP scope said IP was depleted although there were IPs to give. We had to delete and recreate the DHCP Pool. However two days later we got the same problem and then had to do the same thing over again.
Had a problem with a 3750 this morning not handing out DHCP addresses. The following is a sanitized config of what the switch is using. [code] The IOS installed on the switch is c3750-ipbasek9-mz.122-55.SE1.bin. What got my attention was that the sh ip dhcp pool PC showed 180 addresses being excluded. In doing the math from the dhcp excluded addresses, only 64 should be excluded.
My next step was to remove the second dhcp excluded-address line above. Doing a clear ip dhcp binding * started letting the DHCP service hand out addresses but the sh ip dhcp pool PC stil showed 180 addresses excluded.
It finally took removing the dhcp pool and putting it back in to drop the number of excluded addresses down to a value that matches the first excluded-address line. Didnt see a dhcp bug in the bug database that would explain this.
I tried re-entering the second excluded-address line from above and saw the number of excluded addresses rise as expected. When I negated the line, the number of excluded addresses dropped back to its previous value.
Haveing issue with DHCP server handing out IP addresses to client connected to VLAN5 interface.ISP Router>Firewall -(WatchGuard Drop-in mode) I have several 3750 switches and one acting as a L3 switch. The L3 is configured as follow: [code]
If I connect a laptop to int fa1/0/10 I DO NOT get an IP address from the 10.100.0.8 scope. If I connect to another interface within the VLAN 1, I get an address from the 10.100.0.0 range.
I've created a tonne of dhcp scopes on my routers before never had any issues, however this one will not hand out any addresses at all, i even give the router a reload to see if any magic happened but nothing, ive ended having to put a temp server in with just dhcp installed until i get the router diong what it should my config below, its something simple i havent seen, as ive compared it to plenty of my working DHCP configs and seen nothing.
I Lease fiber between two locations, My operator limiting number of MAC addresses to 8 macs. Is there any possibility using some feature available in the Cisco 3750 switches to (hide mac addresses) encapsulate traffic witch flowing via operator network ?
I need to send data between locations with 1Gb/s speed. If 3750 switches can't do that, which models of switches 1 or 2U can do it. May Metro switches ?
I have Catalyst 3750 running IOS version c3750-ipservicesk9-mz.122-55.SE.bin. I have an access port that connects to a Redhat Linux version 5.4 64 bits machine. When I perform a "show mac address-table interface g1/0/3" where the redhat machine is connected to, I see two mac addresses on this access port. One of the mac addresses, 0025.9006.4898, belongs the the redhat machine. the other mac address, I have no idea where it comes from. I tried to perform clear mac address-table dynamic g1/0/3 several times but it does not work either.
I have a Belkin model F9K1102 router supplying WAN/LAN connection to three PCs and 2 laptops. Two of the PCs are hardwired with the remainder PC and laptops are wireless. I'm using the default router IP of 192.168.2.1 and my ISP is Charter Cable (if that's of significance). The router is picking up all the dynamic IP information from my ISP and internal DHCP is enabled. Here's the issue though - when I connect a PC, laptop or iTouch (wired or wireless) with obtain IP settings automatically enabled the IP address it receives an IP address on a different subnet ie, 192.168.3.x and thus won't have WAN/LAN connection. I have tried to set the router IP to 192.168.3.1 and set the scope in the .3 subnet but the IP obtained by the device is .4! This makes no sense to me at all. The router is on the latest firmware (according to Belkin) and there doesn't seem to be any other update I can find. I have also tried another Belkin router (older model: F5D8236) and it does the same thing.
I'm not sure if this is related but I upgraded my service with Charter to a 18MB connection and a D3.0 Ubee cable modem - this issue seem to have began after this upgrade but I don't see how that would have any bearing on what is happening on my LAN IP scope and Charter tech support is pretty useless. My workaround is that I've static assigned an IP for each device in the same subnet as the router but it would be nice for the DHCP to function correctly.
we have a 3750 and use dhcp services on the switch. every so often we run out of ip's even though we have much less users than the size of the allocated dhcp pool. I've noticed that the dhcp bind table is full but a ping-sweep only shows very few ip's being assinged and used. It looks like the IP addresses are not being released from the table even though I have decreased the lease time to 8 hours.
I have a LAN with about 200 computers (192.168.10.0/24) with a DHCP Server on Windows server 2003.The problem is that my company have acquired 100 others computers that I have connected on this network.Some computer does not get IP address from the DHCP server. When I investigated the log of the DHCP server, I realized that the DHCP server was out of addresses.
I have a DHCP server for a subnet that has only lightweight WAP's in it. The DHCP server is running on the gateway for this subnet which is a 3750X 2 switch stack running 12.2(53r)se2.I have the following configured:
ip dhcp excluded-address 10.1.10.161 10.1.10.162 ip dhcp pool DHCP-VL20 network 10.1.10.160 255.255.255.224 domain-name mydomain.net dns-server 10.11.11.30 10.11.11.40 default-router 10.1.10.161 ease 3
The server hands out up to 18 IP addresses and no more, with 20 devices on the subnet. Scanning the subnet with a 3rd party network management system I see the following IP's never get handed out or used:
and of course 2 IP's I have manually excluded, 11 IP's in all that wont get handed out. It should only be 2 that don't get handed out. I've double and triple checked the exclusion and thats the only one. so I run a 'sh ip dhcp pool' and see this:
Pool DHCP-VL20 : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 30
I should also mention that "sh ip dhcp bind" does not show these randomly excluded IP's in use. They also do not show up in any arp table I can find.I have looked all over the config and I cant find where these extra 9 addresses are being excluded. how to free up these 9 seemingly random exclusions? Haven't issued a reload and I haven't deleted and rebuilt the DHCP server yet, production network.
We currently have around 150 2975 switches and have had problems with it them not handing out PoE power to the cisco phones and access points at random times. There is plenty of power left for the switch to use. We have at least 15 that will be running fine for about a week and then all of the devices that use PoE power will shut off and will not come back on until we reload the switch. If you console in there aren't any messages that pop up and if you look at the port it just shows on connected or will show IeeePD in the power inline. We have contacted Cisco TAC and they just RMA them.
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
I currently have a the following configuration and am unable to get more than 2 DHCP addresses for the devices connected to the Cisco new SG 100-16 Switch.The AP have no trouble handing out DHCP to the wireless clients, but we are unable to get the SG 100-16 to be able to do the same thing to wired clients. It is currently connected to the 2960-8 in port 1. We can get 2 devices connected without a problem, but the 3rd machine and beyond do not work. Also, setting up a static IP does not work. Using a static will not even allow us to ping or tracer back to any devices beyond the SG 100-16.
I'm working on my CCNA. I purchased an old router 2610 with two ethernet ports. I configured the IP addresses on the interfaces and added the default gateway. I configured NAT to go out my ATT DSL router to the internet. With the 2610, I'm able to ping the back end or internal DSL router, but I can't ping the front end, external router, or out to any internet site such as google.
I used to use a CentOS self-made server for intranet for my little office, but I bouth few days ago a Cisco 861 router to replace the linux box.
1. I have 2 public IP classes from my ISP. 1 class is limitted to 80mbit upload, the other to 30mbit upload. So I need some sort of DNAT to be able to know exactly which intranet computer uses big internet and which one limitted internet. 2. I need DHCP server and with static IP addresses (one computer must always have the same IP address, etc).. i have my needs for this. 3. Also I need external access to some servers inside (web, ftp, etc) [code]
So far so good, all looks simple and I can achieve this in 2 hours on a centos linux box (correct routes, ip forwarding enabled and few iptables rules for NAT/SNAT/DNAT).
But on this brand new Centos router well, i'm not even successful in pinging the outside world, nor the inside world I'm tired of reading the forums, the documentation..i want (at first) a simple scenario: vlan+dhcp, fa4 with 1 public ip address and ACCESS to the real world. I wasn't able to achieve not even that much. [code]
We want to permit certain mac addresses on the cat 4506 switch wherein only those mac addresses will get access to network.
Configuration Planned: For testing purpose we have created mac access list on cat 4506 and deny laptop mac address in this access list. The mac access group is applied to the port where the laptop is connected to cat 4506.Even after applying the mac access group on the port, the laptop is able to ping the vlan ip of cat 4506 [code]
laptop with ip address 192.168.10.2/24 connected to port 2/1 is able to ping 192.168.10.1 even after applying the mac access-group
Note-we have tested same configuration on cat 3560 and its working fine. We apply the mac access-group command on interface and clear the arp-cache and we are not able to ping vlan interface ip. The moment we remove the mac access-group,ping starts again.
I have an ASA 5505 with Security Plus License ?I have 5 Static IP Addresses from my ISP?I have the following interfaces. Outside (vlan 2) / Inside (vlan 1) / Guest (vlan 3)For my Vlan3 guest network I have set it up so that DNS must be routed through opendns.org's DNS servers ( for web filtering, etc ) However, its using the static ip that I have plugged into the ASA.
What I would like to accomplish is to put my inside interface (vlan1) on another static ip for outside access if thats possible, so that I can route those clients through opendns.org however however giving them more web privlieges than what the guest network is getting.
I have a 1941 router tt needs to be setup with the range of WAN ip addresses ip nat inside outside don't allow me to use it..How can i configure on the router to ensure from outside i'm able to access to firewall (220.127.116.11) ?
I have a customer who has an ASA 5505 that is handling the routing for their internal network. They are running out of available IP addresses on their subnet 192.168.1.0/24. They have dumb switches that don't suppport multiple vlans or trunking & they are only able to connect to one switchport on the ASA. He doesn't not want to purchase any new equipment or rearrange their existing equipment at this time. The customer would like to statically assign IP addesses for 192.168.1.x & 192.168.2.x and have the ASA hand out DHCP addresses for 192.168.3.x addresses. The customer suggested configuring a super subnet. A 192.168.0.0/22 address scheme would provide an ip range 192.168.0.0 - 192.168.3.255 on a single VLAN. I know this is an unconventional way to setup an internal network & I will definitely advise the customer that this should only be considered as a temporary solution until they get more appropriate network equipment.
I inherited a Cisco ASA 5505 and am trying to piggy back the device off of an established Network. Here is the basic layout:
192.168.10.1 (Core Router - Handles DHCP/DNS) 192.168.10.9 (ASA 5505 - Piggy backing off of Network) 192.168.40.x (ASA 5505 - VLAN)
I'm able to get onto the Internet without any problems. Devices from the 192.168.10x Network can not ping the inside VLAN1 (192.168.40.x). However, I would like traffic going from the inside VLAN to the Outside VLAN to be blocked, except for 192.168.10.1 and 192.168.10.9. I've tried using ACL's but end up killing my Internet connection. 192.168.10.1 is the default route and is how I get out to the Internet. Is this possible? Essentially, I'm trying to set up a small Network that guests can connect to. The idea is that they can get to the Internet, but that is it. They can't get to internal resources on the 192.168.10.x Network
Here is the config:
ASA Version 8.2(1) ! hostname ciscoasa enable password EeCsulrpu.9LalEE encrypted
I have a network topology which you can see on image. All routers are Cisco 3745 with IOS (C3745-ADVENTERPRISEK9-M), Version 12.4(12). SW1 is L3- switch Cisco Catalyst WS-C3560E-24TD with IOS (C3560E-UNIVERSALK9-M 12.2(58)SE2). [code] After that I have problem. When PC with OS Windows 7 begins to work in corporate network, it sees "coflict ip addresses" and doesn't work with network. I've used wireshark and seen, when the PC send arp request a SW1 always send arp reply (see attached file). I think problem with command "ip sla responder", but I haven't searched information about it and I want understand this is bug or normal functioning.
I've got a problem with DHCP running on a cisco 1900 series router, 1921 to be precise. The Data VLAN works perfectly, i configured a ip helper address and its working. Problem tough is VLAN 20. This is the voice vlan. As u can see in the config below, this has been configured using VRRP and VRF for failover purposes. I did more of these configurations, and they all worked fine, just not with this particular router!
As u will notice i deleted all the not needed to know information or i X'ed it!
Jan-Aart version 15.1 service timestamps debug datetime msec
Had an odd issue that started up last few days.. Have a port on a cisco 2912 XL that keeps dropping (drops all packets) on a certain VLAN, but still passes others. Spanning-tree for that vlan says all ports are in forwarding status. VTP says that VLAN is still active.
This network is a little strange... 2924XL -> MotoPTP -> 2912XL -> Moto Canopy Array -> Some sites with cisco, some without all feed through canopy controller switch to single port (fa0/8) on 2912.
Getting a few of these on terminal monitoring, %RTD-1-ADDR_FLAP: FastEthernet0/8 relearning 5 addrs per min... Sometimes this is fa0/8, fa0/10, or fa0/1.
I'm thinking the switch has just gone nuts, cause fa0/1 is direct connected to a router used for VLAN1. fa0/8 is connected to a dumb switch on a canopy CMM as a trunk which i enabled bpdufilter on because of some spanning tree issues on VLAN1. fa0/10 is connected to canopy PTP back to the 2924 as a trunk. VLAN69s router is off the 2924. So there aren't really any possible alternate packet paths to this switch from another switch.
I also setup SPAN and captured all packets from fa0/8 and fa0/10 (seperately) and never seen packet storms of any kind on either VLAN1 or VLAN69.Further testing with debug, nothing on spanning tree, nothing on vtp, but on ethernet-controller addr I got some interesting results showing one mac moving from fa0/1 to fa0/8 and back to fa0/1 but it never moves, its the routers mac that is connected directly to fa0/1. Same with some macs on the other side of the PTP link saying they are bouncing from fa0/10 to fa0/8 and back to fa0/10 which isn't possible
- Incoming frames on three of a blade's four switchports are being put into VLAN 1 even though the ports are either in other access VLANs, or are configured as trunks with different VLAN IDs being tagged by the server. - When the ports go down the access VLAN is removed from the port.
Switch stack: 4x WS-CBS3120X-S, 12.2(58)SE1 HP blade: HP BL460c Gen8
This combination has been used successfully elsewhere.
! interface GigabitEthernet1/0/13 -------> THIS PORT IS OK switchport mode trunk
I'm looking at adding a Cisco 3750-X switch running c3750e-universalk9-mz.122-55.SE1 (IP base license) into a stack of 3750-G switches running c3750-ipbasek9-mz.122-55.SE1.bin Given that the version and feature sets are the same I don't forsee any compatibility issues. Would there be any reason why a universal image wouldn't stack correctly with other switches running the single .bin file?
i have to Bridge the AP to VLAN1 which has the DHCP pool. For some reason when I try to do this from iOS console it tells me that gig0 is not a bridgable interface. I am newb to Cisco iOS (24 hours new ). I got the Cisco Configuration Professional working and would like to fix my issue through there if possible? why my AP wont get anything but APIPA addresses?
version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
Setting up a stand-alone WDS/PXE server.Current we have helper addresses setup to forward the DHCP requests from the different VLAN's to the DHCP server. The WDS/PXE server we are setting up is on its server. How do we craft the helper addresses so DHCP requests go to the proper server hosting DHCP and PXE requests go the WDS server?
Everything I seen on Microsoft Technet, lists using Helper Address as the recommended way, but assume both services are on the same server. Our helper address is as follows on each VLAN interface in router: ip helper-address X.X.X..This is a Cisco 3750.
We have a stack of switches that is at the max number of members allowed in the stack. Problem is we are running out of port density and need to add more ports. So instead of adding a whole new stack I would rather replace 2 of the 24-port swicthes with 48-port switches.
If the two 24-port swicthes we are removing are stack members and neither of them are the stack master, I should be able to replace the 24-port switches with the 48-port switches without bringing the master offline? If the new 48-port switches are running the same IOS version as the current 24-port swicthes, they should add themselves to the stack?Would I have to tell the new 48-port swicthes what switch numbers they are replacing in order for them to be added to the stack since we are at the max number of members?Also since the 48-port swicthes are replacing 24-port switches will the master give the 48-port switches the configuration for only the 24-ports?
some of our switches have the switchport mode trunk command configured between the 3750 switches but other 3750 switches connected to our 6509 core switch do not have the switchport mode trunk command to permit Vlans from going across the swtiches instead it has an ip address and says no switchport what is the difference between does two. Is trunking used only for Layer 2 and L3 is used to route interface vlans?
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
I have a network with several catalyst 2960 switches and one catalyst 3750. I have created two VLAN and set up the proper routing and everything is working fine there. I have a client/server application that used multicast in the initial start up for the client to determine available servers, the issue is one of my clients is on a different VLAN then the server. I am able to route the multicast using MVR as long as both the server and the client are plugged into the 3750 by creating a static route, making the server a source port and the client a receive port. Unfortunately I need the client and the server plugged in to different 2960s. My question is how do I establish multicast routing between the two and perferably do it dynamically (always route multicast traffic from one VLAN to another).