Cisco Switching/Routing :: 4500 / 3560 - DHCP Redundancy - IP Helper Address Point To HSRP?
Jan 5, 2012
My actual Scenario
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1
-----------------------------------
| 4500 |
-----------------------------------
interface Vlan1
ip address 10.10.0.2 255.255.0.0
ip helper-address 10.10.0.1
standby 1 ip 10.10.0.1
[code]....
View 3 Replies
ADVERTISEMENT
Feb 22, 2013
Version 12.2(33)SXI
int vlan 1
description client vlan
ip vrf forwarding A
ip address 10.1.1.1 255.255.255.0
standby 129 ip 10.1.1.2
standby 129 timers 1 4
standby 129 priority 105
standby 129 preempt
ip helper-address 10.1.2.20
[code]....
dhcp requests are not making it to the dhcp server SAME VRF (ip helper-addres is not doing anything.....)extended vrf traceroutes on udp 67 sourced from vlan2 are fine
I am expecting udp unicast packets on port 67 "giaddr" relay packets on the DHCP server generated and sourced by the relay on Vlan1
eg. Mar 1 01:59:06.731: DHCPD: setting giaddr to 10.1.1.1
This exact setup works in our preprod environment with the same code.Only difference is we run Distributed etherchannel on the 6500's where this doesnt work.
Wireshark on the client I can see the requests being sent Going to check it with debug ip dhcp server to check the relay logs out of production hours.
I have seen so many people say it IS and ISN'T supported on this version of the code.e.g. [URL]
I am aware the helper-adddress should inherit the vrf of the interface ip helper-address vrf command is not supported.The fact it works in the PP environment.... could this be due to the Distributed EtherChanel difference? or just some bug....
View 2 Replies
View Related
Mar 5, 2012
I would like to use the ip address-helper feature of my 3560 switch to point 10.1.0.0/24 to my Windows DHCP Server on 10.0.0.0/24 and I am unsure how to go about doing this.
View 2 Replies
View Related
Aug 14, 2012
I am facing a problem in implementing HSRP. My scenario is like this, I have two 3750 switches and I have a server with two NICs. I want to run HSRP in these two switches. By the way the server is connected directly with the switches. I mean each NIC to each switch.we have teamed the two NIC (Active / Standby).what configuration need to done in switches to work HSRP.
View 4 Replies
View Related
Apr 29, 2012
we have a 3560 switch configured with EIGRP with dhcp. We have a user that we cannot ping, however the interface show up / up and no errors on interface. the ip address is 10.2.0.199 - however we have dhcp configured to exclude the range from dhcp ip dhcp excluded-address 10.22.0.1 10.22.0.200 how can this work station get a dhcp address if we have that ip range excluded from the dhcp pool?
The user is off a different switch that is a uplink to this distribution switch. Traceroutes shows that the problem is with the distribution switch.
View 4 Replies
View Related
Jun 12, 2013
I've a Cisco 1941W router which is DHCP server for data-VLANs and uses ip-helper for voice-VLANs. [code] I don't know why I can't have IP from wireless voice VLAN whereas it is OK and wired voice VLAN and conf is the same!
View 4 Replies
View Related
May 7, 2013
One of our customer , where there 2 6509 switch , one is Core_sw1 and other is Core_sw2 , catering about 32 Vlan , and HSRP in running for all Vlans , till here no problem , now there internet Router which having one Internet link , which connected and configured on Core_sw1 in a way that one interface of Core_sw1 is given Public IP and there is vlan 85 which internet vlan and vlan 85 ip are natted with that public IP with one simple static route given toward internet router , this is how internet is working ok.
Now i have configured vlan 85 in hsrp as all other are , how can give redundancy to vlan 85 user , that if Core_sw1 get down , internet traffic can get out through Core_sw2.using same internet router with single internet link .i am not talking of ISP redundancy , but Vlan 85 in Core_sw1 goes down , other Core_sw2 will server internet.
View 1 Replies
View Related
Jul 29, 2012
If I setup 4948E's in HSRP configuration. And I connect devices to the Standby Unit that do not require redundancy. Will there be any issues passing traffic? I don't believe that standby unit blocks the traffic but wanted to confirm.
View 5 Replies
View Related
Jan 9, 2012
I would like to know if ip helper-address feature is working on a layer 2 switch (2950,2960) or you should use a Layer 3 switch to do that?
View 7 Replies
View Related
Feb 27, 2012
On a 4500 switch having a single sup engine, another sup engine was installed to act as redundant one.the redundancy mode was changed to sso, thereafter the secondary sup was prompted to be reset.
After it came back up again, the redundancy status still shows as RPR in operation mode.
View 9 Replies
View Related
Dec 9, 2012
Can i have HSRP or GLBP between two different switch like 3550 and 3560?
View 3 Replies
View Related
Jan 21, 2013
As per the attached diagram: How do I configure the 2 ports on the 3560 (Ports 6 & 7) and the connected ports on each of the 2960 switches (Port 25) to provide redundancy.
If the up link from Switch A dies then I need the traffic to flow through the trunk and utilize the up link on Switch B with minimal delay (milliseconds).
View 9 Replies
View Related
Nov 24, 2010
I understand on older IOS codes If the same hsrp group number is assigned to multiple standby groups, it creates a non-unique MAC address. Is this true on newer codes like 12.2(52)SE for 3750 & 3560?
View 4 Replies
View Related
Jan 14, 2012
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
View 15 Replies
View Related
Apr 24, 2012
I have a question about RSPAN, is this feature only supported on 6500 and 4500 switchs?
we have 2 3560 switches and want to use RSPAN to monitor different source ports.I checked thorugh the cisco feature navigator and the IOS we have on 3560 has the RSPAN fature listed in them.
View 2 Replies
View Related
Dec 18, 2012
I have a setup with two Cat 4506E working as a HA,I used a bundle 4Gb interfaces working as ether-channel,I'm facing a problem with DHCP pools on the both SW's,There is no problem if I use the pools on one sw,But when I but the pool on both sw's then I faced a lot of conflict IP in the DHCP pools,How can setup a real DHCP redundancy on both SW's,
View 6 Replies
View Related
Jan 31, 2012
Our network feels slow and trying to find the best way to investigate this properly. We have Cisco chassis 4500 with mix of 3560/2950 Edge switches 1GB backbones and WLC/WCS in place. The network is broken into multiple V LANS and IOS on our switches haven't been updated in 3-4 years.
On a wireless laptop (G) with get throughput of 1-2MB/s transfer speed with usually 10 clients per AP and LAN we get anywhere between 7-15 MB/s transfer. Using wire shark on a wireless laptop we see a lot broadcast traffic from other clients and the same for LAN. What is the best way to troubleshoot performance issues on the network and where do I start?
View 1 Replies
View Related
Feb 21, 2013
I have a few old 2600 routers (2621, different IOS's) which I'm now replacing for new one's from the 2900 series (2901, Version 15.1(4)M4).In my configuration I have two IP addresses in my LAN interface and I have HSRP configured within the secondary IP subnet range. It would be something like this:
interface GigabitEthernet0/1
ip address 172.x.x.x x.x.x.x secondary
ip address 10.z.z.z z.z.z.z
[Code].....
Now, in the new 2900 routers, my interface configuration hasn't changed however I can see that the hello packets are now sent with the source within the respective HSRP IP subnet so I had to edit my acl for that:
permit udp 172.x.x.x x.x.x.x host 224.0.0.2 eq 1985
Is there a way I can force the HSRP to work as it previously did in the old IOS's?
View 3 Replies
View Related
Jan 2, 2013
I have setup a 4500 series core/router.. the customer decided to run dhcp off the router for whatever reason... I have 20 different scopes handing out to their vlans. Does each vlan interface need an helper address?
vlan 1 on router is 10.85.0.1
i used the ip dhcp-server command pointed to 10.85.0.1
and then for ex.
int vlan 20
ip add 10.85.20.1 255.255.248.0
ip helper-address 10.85.0.1
i am now getting a loopback error on the router, and i believe this is the cause...
View 2 Replies
View Related
Jun 11, 2013
I have my hsp setup where switch A and switch B share active/standby roles among several vlans. In the last few weeks, i have seen trouble tickets where connectivity is lost and upon investigation i discover that i can ping physical interface IP addresses for both standby and active devices but not the standby IP. I have also validated configurations and layer 2 paths and they haven't been broken.
What I end up doing is failover to the standby device and back and the problem clears, reachability is restored. My question is whether I am solving this the right way. If so, what is it that would cause the standby IP to not be reachable and how does my solution fix that? N/B the switches are catalyst 6509's.
View 2 Replies
View Related
Aug 16, 2012
Having 2 router with 2 sub interface configured with HSRP. The server sending the data have the route default gw xxx.xxx.xx.252 HSRP address. But on of the routers did got HW problem so we did shut it down, R2 with IP xxxx.xxxx.xxxx.251, problem so the traffic didn't go there correct when was using the HSRP address some packaged went there but not all of them no blocks in the logs. But then we did change the server direct to to the working router R1 xxxx.xxxx.253 everything did start working fine again. was working fine. Logs i got in the router was max tcp half-open connections.
I am wondering if something wrong in the configuration below and why the traffic didn't got there correct when using the HSRP address. Its working fine when using R1 IP address. The devices are 2 Cisco 2620 routers.
R!1
interface FastEthernet0/0.192
description Prod_Inside
encapsulation dot1Q 192
ip address xxx.xxx.xxx.253 255.255.255.192
ip access-group Inside_Outside in
ip verify unicast reverse-path
no ip redirects
[code]...
View 3 Replies
View Related
Apr 18, 2012
I've two Cisco 4500 running as core switches for huge and complex network. The two 4500 are going to act as dhcp server for several subnets. The easiest solution would be to split each DHCP pool in two, and assign the first half of the pool to one of the core switch and the second half of the pool to the second core switch. This would be a partial solution since if one of the two fails, the second core switch would not have enough dhcp leases available for all the devices connected for each subnet.For such a reason, I'm wondering if it the 4500 switches support a stateful redundant DHCP servers, so that the two switches can synchronize their DHCP lease tables. If this feature is available, I could define the same pools for both the switches without the risk of having duplicate ip addresses within the network.
View 3 Replies
View Related
May 21, 2012
Can you confirm that if I want to disable temporarily a dhcp pool on a 4500, I need just to shutdown the interface VLAN corresponding to a specific dhcp pool?
ip dhcp pool test
network 10.X.27.0 255.255.255.0
default-router 10.15.27.250
[Code].....
View 3 Replies
View Related
Apr 3, 2012
i am trying to configure my HP 420 access point. I have configure different SSID on it, This access point is connected to cisco 4500 switch, i have configure trunk on up link to access point.my problem is the client are not able to get an IP address form the correct vlan if i tagged the SSID to it.
in the following the output of show run int in cisco 4500 switch:
interface GigabitEthernet3/13
description ==== HP ACCess point ====
switchport trunk allowed vlan 99,130,132
switchport mode trunk
[code]....
View 1 Replies
View Related
Apr 24, 2011
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
View 10 Replies
View Related
Nov 24, 2011
I got some problem with enabling dhcp snooping on 4500 (cat4500e-lanbasek9-mz.122-54.SG.bin) the topology is as below: dhcp snooping enabled only on CORE (with interface trusted to dhcp server)the problem is that I put these 2 commands
ip dhcp snooping
ip dhcp snooping vlan 1
but it is not enabled on any vlan
SW-CORE#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
[Code]...
On B1 if I turn it on there is a "1" in the section " DHCP snooping is configured on following VLANs:" but on core no.As you can see I did put the trusted on the interface in the direction to the dhcp.First I thought it can be a problem with option 82, I've read a lot about the issues with that, but the problem would be explicable if the client did receive IP address, but it does.
View 3 Replies
View Related
Dec 24, 2011
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
View 1 Replies
View Related
Oct 23, 2012
I have some question about HSRP in 3750 switch. I have two Cisco 3750 switch which configured HSRP. Let say, we have interface vlan 100 that join in HSRP group member 1. The configuration on both switch is like as follows :
SWI-3750-A (Active)
==========
interface Vlan100
description *** gateway User NPL ***
[Code]....
View 8 Replies
View Related
Apr 24, 2012
In mucking around with my 4500 I accidently deleted the ip address that I use to get into it with telnet and CNA. I have a console cable hooked up to and I'm in that way but the commands I got off the internet did not work. Those commands were set interface sc0 10.x.x.x/xx and set interface me1 10.x.x.x/xx. It didn't like interface and I notices when I did a set ?
View 6 Replies
View Related
Apr 12, 2012
Would like to impliment VLAN's on Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(25)SEB4...But I need a DHCP Realy to my Windows Based DHCP Server. How do I enable DHCP Relay on the 3560?
View 8 Replies
View Related
Sep 25, 2012
I need to apply DHCP snooping on 4500 series switches working as L2 in my Network. We have external DHCL Server in another location connected with 6500 series switch.
Running EIGRP Configured Voice & Data Vlan both
DHCP Server -------- 6509 switch<----------------------------------->6509 Switch -------- 4500 switch ----------------------------------------------------------Ip Phones.
(ving Redundant) (ving Redundant)
I need to know whether the configuration which I mentioned in scenario is enough for apply DHCP snooping in my network.
View 4 Replies
View Related
Jan 13, 2010
I have a setup using LogMeIn Hamachi and the network type creates a Windows Bridge. I also use the DHCP Reservations List to assign the same IP to specific devices. Well I have the MAC Address for my NIC in the list which works when I am not using the bridge. When using the bridge, of course the MAC address changes and when I try to add it to the list I get the following message in a popup window. The MAC Address is 02:e0:61:05:45:3e I have tried manually entering it, letting the router enter it from the list of computers and just to rule out something stupid, I have tried changing the letters to upper case and removing the colons.
Another issue I can see when this issue is resolved is that I do not believe it will let me add this reservation since I will be using the same IP used by another reservation. My DGL-4500 allowed this if I had the other reservations using the same IP disabled.Below these comments/rants are some feature requests. I have put them last as some of the requests are explained in the comment/rant section.I have read through this list and I have to say that after I purchased the router, which I ordered on-line, I was dreading it, but I have not had issues. It is possible that I am not using features that cause this issue. I believe the issues occur when using certain configurations with the "Enable Advanced DNS Service" enabled. I am not using this service. Since I knew people were having issue s with it, I wanted to see my results leaving that out. I have had this router running since a week before Christmas and I have many Virtual Server entires, QoS and port forwarding entries, https based remote administration, both 5GHz and 2.4GHz networks enabled supporting a/b/g/n(on both networks) and a guest network enabled on both bands all supporting WPA (TKIP and AES). I have 2 Giga wired connections that are always active, a 100Mb connection that is on an off but used almost daily, 2 Laptops that use the 2.4GHz network daily and one is 802.11g 54Mb and the other is 802.11n 150Mb and they are on at the same time almost daily, a printer that is on and used multiple times a week that uses 802.11g and a game system that uses 802.11a this device is used daily. Most devices are on and used at the same time daily and we have a good deal of regular Internet traffic and moderate other network traffic during these times. At night all computers are backed up over the network and most of the other network devices are off or not during this time. Other than having to reboot my Internet hardware provided by my ISP, I have not had issues. The router has been rebooted for config changes and I usually cycle it when I cycle the Internet hardware. Point is, so far no issues, good performance and it works and I have of course had other devices connected using the guest network and I have been testing features, performance, etc.
What's up with having so much variation in how features work across routers?e.g. My DHCP Reservation issue above. This router does not work with a setup like my DGL-4500.This router allows a preset amount of services like QoS and Virtual Server entries while the DGL-4500 just lets you add entries. Now maybe there is a limit and it just looks like there is no limit. Of course, there is at least a limit that is reached when you have used a certain amount of memory with the configuration.so many routers while leaving gaps and the lack of feature explanation and comparison?I switched to this router because I wanted a dual band setup which my DGL-4500 does not provide. That leads to the issue of the new way D-Link deals with dual-band. When I purchased the router it did not list that you had to choose 2.4GHz or 5GHz or it is not simultaneous dual-band. I was duped because I used to install DWL-7100AP for people that needed better wireless options for home businesses and small businesses and that provides simultaneous dual-band and back then if it was dual-band it was simultaneous. But I am disappointed in some of the features lost like WISH support and a few options here and there which do not seem like they are specific to gaming routers and this router is more on the mid range and low high range end of consumer, prosumer, home business and lower traffic small business routers, so why is it missing these features and why does it have the limitations I listed in the "variation in how features work" section above?
Other examples of lack of feature clarity are with Game Fuel, HD FUEL and Intelligent QoS. Isn't Game Fuel Intelligent QoS of some sort. Now from the example provided in the overview for the DGL-4500, Game Fuel optimizes game performance, but it does not say this is automatic or if it works along with the rules you set in the Game Fuel section which is the same as the QoS Engine section in the DIR-825. The difference is that the DIR-825 has a "Enable QoS Engine" option while the DGL-4500 has an "Enable Game Fuel" option. It seems that Intelligent QoS does what Game Fuel does, but expands that to VOIP, Media Streaming, etc. and it may be more automatic. HD Fuel in the only place I have seen it mentioned seems to refer to the combination of Intelligent QoS and the inclusion of 5GHz wireless support. Of course there is no version and feature documentation and in fact while the overview of the DIR-825 talks about gaming with Intelligent QoS, but if you bring up a comparison of routers, the chart has no in the gaming section for the DIR-825. I can't say I have noticed better or worse gaming performance with the DIR-825 compared with the DGL-4500, but given the shear lack of documentation on how to use Game Fuel and Intelligent QoS properly, who knows if I have this setup correctly. I will say the QoS Engine section in the DIR-825 is easier to use than the Game Fuel section in the DGL-4500.
1) The ability to reduce the brightness of the status lights, set them to solid if enabled with brightness options and to set them to off with an option to have some very faint light to show that the router is on. Of course I should be able to set different options to be applied at specific times.
2) Add the applicable features missing from the DIR-825 that are found in the DGL-4500 and applicable features from other routers. Also, get them all so they work the same on each router and let get the best from them all and make that the standard. e.g. In my DHCP reservation example above don't set the standard to the limitations of the DIR-825, but make the DGL-4500 function set or better function set of all routers combined for each feature the standard with-in router categories. e.g. the DIR-825, DGL-4500 and DIR-855 would be in the high end router category for consumer, prosumer, home business and lower traffic small business routers.
3) For DHCP reservations, you should not be limited to the DHCP IP Address Range.
4) On the log-in screen, get a better captcha and fix the tab order.
5) Add a log-out option in the web interface.
6) Allow for a next hop option in the DCHP server section. It would be cool, if there could be a list of IPs allows one to be enabled at a time.
7) Allow different DHCP server settings for each network. There are 5 on the DIR-825. Wired, 2.4GHz regular, 2.4GHz Guest, 5GHz regular and 5GHz Guest. Would be nice if you could set a couple of VLANs on the Ethernet ports and then have different DHCP setings for each VLAN.
For guest wireless networks, allow rules to be set to allow access to certain services on the network. E.g. I may want to allow printing. So allow a single port or multiple ports with easy settings for consecutive port ranges to be opened to an IP, IP range or all IPs and allow all ports for an IP or range of IPs. Of course, leave the allow full access option.
8a) Allow users to set rule sets that can be enabled/disabled like the full access option.
8b) Allow a control that can be set in the rule sets that controls if the wireless devices can talk to each other and another that controls if they can access devices on the wired network and another that controls if the wireless devices can access the Internet.
8c) Allow rules above to be limited to be applied to specific MAC Addresses.
8d) These options would be good to have for the non-guest wireless networks and wired network as well.
View 15 Replies
View Related
Dec 19, 2012
We want to filter IP traffic by MAC address on Catalyst 4500. Since we are using bonding (active-backup mode) we need those mac addresses appear on different ports. Below are solutions that we have tried: ACL but it does not work since mac acls only match non ip traffic (We CAN NOT use ip acl). Use a static mac address-table entry to ALLOW specific mac addresses. It does not work either since the same MAC address needs to be seen on a different port. Catalyst 4500 does not support auto-learn option (as e.g. Nexus 5000).
View 3 Replies
View Related
