Cisco Switching/Routing :: P3750-E - Port Based DHCP IOS 15 Not Working
Apr 9, 2013
I am upgrading from 3750-E IOS 12.2 to 3750-X IOS 15.0
I have a dhcp pool set up to give out an ip address based on the Physical port of the switch. I also have it configured to give out "reserved only" addresses.
The configuration works when i plug a dhcp device in the 3750E. (IOS12.2) The configuration does not work when i use the same config on 3750X (IOS15)
When i debug dhcp, i see the DHCP discover message come in, but no offers or anykind of response from the 3750X.
If i remove the "reserved only" line the switch gives out IPs, but of ocurse not the ones i want. I did that to prove both the client and the switch can give out an IP.
So i have a feeling the subscriber-id client-id interface name mapping is not right, or not created.
Here is a snippet of config.
!
no ip dhcp use vrf connected
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
I want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id ip dhcp subscriber-id interface-name ip dhcp excluded-address 192.168.0.0 192.168.0.2 ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
I just bought a Catalyst 2960S to test out the feature "Port-Based Address Allocation" which is required for our factory. I followed the instruction from Cisco IOS and did all the steps but I could not get it to work, my network client did not received the expected IP address that I configured.
I seem to be having a problem with DNS name resolution after configuring my router (Cisco 3725 running IOS image: c3725-adventerprisek9-mz.124-25.bin) for handling DHCP requests.
Before I made the change, everything was working correctly; I could ping Google.com from a computer inside my LAN and would get response from one of Google's public IP's like normal.
I had a separate DHCP/DNS server running Windows Server 2008 handling the DHCP request and DNS queries.
When I made the change, I turned off the DHCP/DNS server and issued the following DHCP commands to my router:
So I have a 2600 that I have configured three sub interfaces on. FA0.0.1 is set for DHCP and supports VLAN 1. FA 0/0.2 for Voice, FA 0/0.3 for Data. I have this router interface plugged into FA 0/24 on my 3550 and the 3550 is configured as a dot1Q trunk (I have attached configs for RTR and SW).I have most ports configured as access VLAN 1 which is where i have my ISP connection plugged FA0/1 on the 3550. When I connect the service provider link FA0/0.1 never picks up an address. If I take my internal DHCP server and connect it to FA0/1 of the 3550 it snags an address almost immediately.In my mind this validates that my config is fine. I also took the same cable from the service provider cable modem and connected it to my laptop and the laptop is pulling DHCP.
I recently installed DHCP snooping on a 3750v2 switch (Version 12.2(55)SE4) and configured the uplink(Po2) as a trusted port. The problem is that clients cannot receive an IP address. When I disable DHCP snooping it is working properly. DHCP snooping is configured correctly but I don't have an idea how to resolve it. [code]I tested the solution on the same kind of hardware switch and firmware and it worked out fine. What is causing the clients not to receive an IP address from the DHCP server?
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
i have a strange problem in my campus network.im trying to run port security on my access switches which they are 3550 with ios c3550-ipservicesk9-mz.122-52.SE when i run the port security with Sticky option, even i put 1000 mac address for just learning on the port but when i issue the switchport port-security command every pc connected to that port loses its connection with network UNTIL i enable dhcp snooping!!! all my client are getting they ip address from DHCP server but strange thing is that how on earth i have to enable DHCP snooping to port security work properly? also when i check the configuration under the interface when dhcp snooping is not yet enabled switch doesnt add any mac address under the interface so no one can work until i enable snooping and then switch adds mac addresses under the interface configuration.is this Bug on this version of IOS?[code]
we've an infrastructure were the Access is based on Cat3750G Stacks connected to both Cores using L3 connections.On the Access Switches are implemented the following features DHCP Snooping, IP Source Guard and Dynamic ARP Inspection and all is working fine since years...the DHCP Servers are on a dedicated stack which act as a SFarm.
On the Access Switches the port configuration is the following:the Uplink Ports to both of the Cores are configured in TRUST for DHCP Snooping and ARP Inspection the Access Ports, where the end-device are connected, are UNTRUST for DHCP and ARP Inspection with IP Source Guard Active Right now I've to add a new L2 switch on one of the Access Port and I'm wondering if this is possible since I've to keep on the Stack Access Ports all the security feature active and I've also to implement DHCP Snooping on the new L2 switch to avoid rouge DHCP Server...
I suppose that the uplink to the L2 switch on the Stack Access Switch should be left as it is connected to an end device...but the uplink port on the L2 switch should be set up as TRUST...isn'it? Keeping in mind that I want to implement DHCP Snooping also on this L2 switch to avoid that Rogue DHCP Servers will impact the end-device connected to this L2 switch...is this scenario possible??? or I can't do that and should leave DHCP Snooping only on the Access Stack.
I need to configure a Cisco 2960 switch as a DHCP server. The current IP address will be on a different seed than the DHCP addresses. i.e.
Switch IP = 10.1.2.3, GW = 10.1.2.1, Subnet = 255.255.255.0 DHCP addresses would be 192.168.1.1 - 200, GW=???? (10.1.2.3?) and subnet would be 255.255.255.0
I need to apply DHCP snooping on 4500 series switches working as L2 in my Network. We have external DHCL Server in another location connected with 6500 series switch.
Running EIGRP Configured Voice & Data Vlan both DHCP Server -------- 6509 switch<----------------------------------->6509 Switch -------- 4500 switch ----------------------------------------------------------Ip Phones. (ving Redundant) (ving Redundant)
I need to know whether the configuration which I mentioned in scenario is enough for apply DHCP snooping in my network.
I have a c3560 that on Port 1 I can not get any device to talk to the DHCP server.Previously there was a client connected to this port however over the weekend he stated he lost connectivity.
In my troubleshooting I have connected that client to another port and now he is good to go...I connected my laptop and tried to connect to the network however I could not.I checked the logs and did not see anything that lead me to think it was having problems.
Is there another way to shut this down and hopefully start it back up without having to restart the entire switch?
when plugging a Cisco 7060 to the specific switch port it does not power on. The inline power consumption is abnormally high compared to the other phones that are plugged in, maybe double the amount.
I have network consists of more then 20 cisco 2950/2960/3700 switches. I have configured port security in my switches. initially when i configured on my switches it worked fine....even for copule of months it worked fine. but suddenly it start creating issues and now i am not able to implement port security on switches. the configuration is same but there is no effect now. Same switches were fine but now even having same configuration it is not working. please see the configuration: [code]
Brand new 2960. When I plug a cable into the port, nothing happens. The port light doesn't begin negotiation or anything, it just stays dark. The cable works fine--I have it on another switchport with a crossover connector connecting to a little Cisco SOHO switch without problems.
I've done the following: switchport switchport mode trunk switchport trunk allowed vlan 1 no shutdown
In other words, I've fiddled with it. But I don't know why it doesn't light up..
I've created some port forwards from my public IP (Dialer0) to our private LAN but only the 25565 port forward works. I've even added an any statement to the Nat source list Homenet_NAT. Full config attached. My Cisco router is an 877W. [Code]
I have issue with Cisco Router 2801's Console Port. My student was doing a lab and he said during configuration, Console Port stopped responding. He was in middle of configuration, so now at present, only telnet is able to login on "R2>" user mode, enable password is not set, so getting "R2>en % No password set R2>" I have tried different terminal software but no output from Console Port, changed the Console Cables, replace with working console cables, change speed (baud) settings. Also tried to connect same console with "AUX" port and got same error mentioned above. AUX Port responds but I am not able to change mode (R2#) because of incomplete running-config. it seems "Console Port" is physically damaged.
We purchased a number of 3750X 48 and 24 port switches for the College Campus. Am finally getting around to getting them inserted on the network. Working with a WS-3750X-48PF-S and a WS-3750X-24P-L. Have them stacked with the 10Gb uplink on the 48 port switch. Have not been having fun.In the boot sequence, the switches recognize they are stacked, but as soon as they finish boot, I get the message on the 48 port switch: “Stack Port 1 Switch 1 has changed to state down.” Then “Stack Port 2 Switch1 has changed to state down.” Am noticing that I have a message preceding that: “Major version mismatch with stack neighbor.”The 48 port is running c3750e-universalk9-mz.150-1.SE3, HBOOT 12.2(53r)SE2.The 24 port is running c3750e-unversalk9-mz.122-55.SE3, HBOOT 12.2(53r)SE2Most of our 3750X and older switches are running 122-55 or 122.58 code. IP base or Universal. There is speculation that the problem is the 24 Port is Lan base, as the part number might indicate. (WS-C3750X-24-P-L.... I think that is the part number) and the 48 is IP base. Both switches are Universal, and my understanding is that they don't care about LAN or IP Base until you enable a function that falls in the IP Base domain. Then I have to call Cisco Licensing.For these switches, LAN Base is fine, based on the boot message, I feel the real problem is 122-55 versus 150-1 in the stack. So.. the question is: Do I downgrade the 48 port to match what we have in our environment, and what is on the 24 port switch. Or... Upgrade the 24 port switch to match the 48 port switch and have an installation that is not consistent with our environment? I do have two more edge closets to install with this purchase of 3750X 48 port switches.
a switch port is shutdown, but when i use NO SHUTDOWN command it is working and shows administratively down. like this command does not affect on it. i should enable this port? what can i do btw, port is not in errdisable and portfast is enabled.
We recently upgraded the switch to which an old security device was connected. It worked fine on the old switch's FastEthernet port, which was configured for speed 10 and duplex half, as that is what the device required. The new switch is a 3560X with all Gigabit ports, but the security device's port, also configured with speed 10 and duplex half, does not connect properly.As a temporary test, we daisychained another switch that has FastEthernet ports, and the security device works again.Is there anything else that needs to be added to the configuration, when using Gigabit ports at 10/half?
I have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
Firmware version 1.3.3.5 STAR 9202 Chipset 64 MB DRAM 8MB Flash DOS, Block WAN Rq, Remote mgmt all OFF IPSec Tunnel none used
[code].....
Every day or so the Router becomes unresponsive to the HTTP mgmt interface, as well as it no longer offers DHCP services.then this happens the only remedy is to power reboot.
Everything comes back online just fine, however, the LOGS are initilaized so no data to figure out what`s going on.My next step is to setuo a syslog server and have the logs copied out.( No, I have no Torrents running at all, but I do have several devices like AppleTV, PS3s etc that run streaming Video plus I have the SPA3102 )
The first is I have a laptop running XP with a Dell Wireless 1390 WLAN Mini-Card built in to it. But for some reason when I'm using that wireless connector my computer won't connect to my router and give me a 192.168.0.x address, it gives me a regular IP address. I can surf the net and everything but I can't access files on other computers. But from it it'll allow me to connect to the router admin fine.Whenever I put the mac address in to my DHCP setting on my router it comes up * RESERVED INACTIVE * and never gives my laptop a local ip address.The other problem is on my 192.168.0.2 computer I've tried to set up port forwarding but it won't open the ports. My router is a Motorola SBG6580 provided by my cable company. This particular computer is connected by Ethernet and not Wifi if that makes a difference.
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
I am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1 | Router | ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes ! ! Last configuration change at 05:18:56 UTC Mon Jun 25 2012 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
