Cisco Switching/Routing :: SGE2010 / DHCP Offer But No ACK From Client On VLan?
Jun 26, 2012
1 Cisco switch stack (SGE2010) in L3 mode, 2 Vlans.
Vlan 1 = 192.168.0.253/24, untagged on all ports except 14/15
Vlan 2 = 192.168.22.1/24, untagged on port 14 and 15
SGE2010 default route 0.0.0.0/0 next hop 192.168.0.1 (Checkpoint UTM)
DHCP Relay enabled
DHCP server set to 192.168.0.16
DHCP interface set to Vlan2
[code]....
Expanding the ICMP entry, it appears that the destination is the pc client since it shows a Dell mac address, and the source is the Checkpoint UTM (Sofaware).
I can ping and tracert from the Checkpoint to my static IP on Vlan 2. The same goes for the DHCP server to/from Vlan2, so I am confused as to why the routing is failing. I have tried adding Port Fast to the stack ports, but nothing changes.
View 3 Replies
ADVERTISEMENT
May 28, 2012
I have a hybrid kind of network. I want to create create two VLANs on Cisco SGE2010 so that these two VLANs should not talk each other but at the same time they are able to talk Domain controllers, DHCP and other servers which are on other switches.I am able to create two separate VLANs but they stop talking with other servers(DC, DHCP, etc) which are on another switch.
View 7 Replies
View Related
May 16, 2012
I have 4 SGE2010P switches in L3 stacked mode in my production environment. I am having trouble routing traffice to/from my vlans. I have successfully set this up in a test environment and have compared switch settings, but still having trouble in the production environment.
Main network:
192.168.0.0/24, DG 192.168.0.1
Vlan 1 interface on switch: 192.168.0.253/24
Vlan 22 interface on switch: 192.168.22.1/24
Vlan 23 interface on switch: 192.168.23.1/24
I have assigned port 1/g14 to Vlan 23. I have enabled DHCP Relay and Option 82. I have set DHCP interface to Vlan 23. Static routes auto-genned as shown in image below. My DHCP server is on 192.168.0.16 on Vlan 1. It has a scope for 192.168.23.0/24 to give a DG of 192.168.23.1 (Vlan 23 IP address).I cannot get DHCP to give me an address from the .23 scope. So I tried to hard code an IP address into the client. When I did this, the switch sees the machine just fine, I can ping 192.168.0.253 (Vlan 1 IP address), but cannot ping any other IP on Vlan 1 (192.168.0.0/24)Do I need a static route somewhere that I am missing? I didn't need to on my test network, so I am a bit stumped.
View 1 Replies
View Related
Oct 3, 2011
I've recently installed an SGE2010 switch, which I have set to 'Layer 3' mode.
I have created 2 VLANs using 192.168.10.x and 192.168.20.x (using .50 for the VLAN IP address in each case) - however, I need to be able to allow certain traffic between the VLANs.Alternatively, to get things started - I'm assuming I need to set up ACLs to allow access between VLANs - how would I configure the switch to allow all traffic from one VLAN to the other?
View 5 Replies
View Related
Mar 31, 2013
I have a Cisco SG 300 28 port switch that I have set in Layer 3 mode. I set up a second VLAN on it (vlan 4). I also set up the scope for DHCP on a Windows server for both VLAN's. The problem I am having, is that VLAN 4 is not pulling DHCP at all. The DHCP server is connected to port 1 on the switch, and the specifics are as follows:
VLAN 1: 192.168.5.251 subnet 255.255.255.0
VLAN 4: 192.168.55.251 subnet 255.255.255.0
DHCP Server 192.168.5.1
[Code]......
View 6 Replies
View Related
May 23, 2013
I need to configure public and private wireless access using an ASA 5505 and an Aironet AIR-AP1041N-A-K9. I need to be able to do this via ASDM and http if at all possible. I simply do not have the time to learn hundreds of lines of arcane CLI code. The Aironet connects to the ASA successfully, and receives an IP. I can then connect to the AP wirelessly, but do not receive an IP. I have setup a second SSIDVLAN on the AP, and can't connect to it at all.
View 4 Replies
View Related
May 17, 2012
I can ping [URL], from the router but not from a client attached to the router dhcp interface(10.1.3.1). When I turn on ip routing I cannot ping at all. Here is the config I have now that can ping the internet from the router.
sh runBuilding configuration... Current configuration : 1191 bytes!! No configuration change since last restart!version 12.3no service timestamps debug uptimeservice timestamps log datetime msecno service password-encryption!hostname
[code]....
View 7 Replies
View Related
Apr 27, 2012
Stumped again with my Catalyst 2950. Everything is working perfectly with wan/dhcp/router on fa 0/1 with all ports assigned to vlan1. All devices plugged in connect to the router correctly with ip's being assigned via dhcp.Instead of hooking up by console port I want to be able to SSH or telnet in to the switch using any port while still maintaining the above functionallity. Is it possible to assign a dhcp assigned ip address to vlan 2 and have vlan1 and 2 bridged? Or is there a better way of doing this ?
View 3 Replies
View Related
Nov 24, 2011
I got some problem with enabling dhcp snooping on 4500 (cat4500e-lanbasek9-mz.122-54.SG.bin) the topology is as below: dhcp snooping enabled only on CORE (with interface trusted to dhcp server)the problem is that I put these 2 commands
ip dhcp snooping
ip dhcp snooping vlan 1
but it is not enabled on any vlan
SW-CORE#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
[Code]...
On B1 if I turn it on there is a "1" in the section " DHCP snooping is configured on following VLANs:" but on core no.As you can see I did put the trusted on the interface in the direction to the dhcp.First I thought it can be a problem with option 82, I've read a lot about the issues with that, but the problem would be explicable if the client did receive IP address, but it does.
View 3 Replies
View Related
May 31, 2012
i am not sure if this is something with my DHCP setup or not, but it certainly seems to be the culprit. I am running a 3560G and using it as DHCP and to do V LAN routing (Geiger protocol). I have 10 pools configured with a few static addresses per pool. Now to get down to the problem. I have a computer (and this problem seems to be a gremlin as it changes what computer is affected quite often) that will connect, get its IP, immediately disconnect, then send out a DHCP req again. The computer has a static assignment in the pool, and for the brief second that it connects, it gets the right address. If i move the computer to another v lan, all works right. If i delete the static entry it will get an address in the right v lan no problem. The command i have been using to add static entries is:
address xxx.xxx.xxx.xxx client-id 01xx.xxxx.xxxx.xx
That seems to have been working on all my static routes except for a bank of computers in vlan3. I have went as far as to delete the pool and recreate it, heck i even recreated the v lan and i am still having issues. Below are some snippets of the running config for review.
The DHCP Pool for the affected LAN:
ip dhcp pool Dev3
network 192.168.3.0 255.255.255.0
boot file bootx86wdsnbp.com
next-server 192.168.1.78
dns- server 192.168.1.8 192.168.1.78
[Code] .....
View 4 Replies
View Related
May 29, 2012
I have upgraded a C3750G-12S-E to c3750-ipserviceslmk9-tar.122-55.SE5This switch is a distribution layer switch for one of my remote sites. it contains an ip helper-address on the site vlan's SVI.DHCP relay is no longer functioning for client PCs. Static address assignment allows full network functionality. I enabled debug ip dhcp server packet. [code] Actually I am betting you upgraded your IOS from something before 12.2(50)SE to 12.2(50)SE or later. We added enhancement CSCso19800 which will validate DHCP options when we are a relay agent.
View 1 Replies
View Related
Jan 14, 2013
I'm working at a company that has several 6509 switches running CatOS. They have two of the 6509's running in vtp server mode and the rest as clients. I set up a new vlan from one of the vtp servers and it propagated out. The problem comes when I try to assign a port on one of the vtp clients to this new vlan. It gives me an error that the switch must be in vtp server mode to add/delete vlans. I'm not trying to add/or delete a vlan just trying to add a port into an existing vlan. I'm hesitant to put the switch in vtp server mode. Is this a CatOS thing or is there a specific command to accomplish this?
View 5 Replies
View Related
Sep 11, 2011
The 5508 is running code 7.0.116.0. I have created a group interface for 3 subnets and assigned the group to the WLAN. Clients are getting IP addresses in a round robin fashion. The issue or downside to this is if the lease has not expired before the next time the station connects to the WLAN it consumes an address on another subnet instead of grabbing the unexpired lease IP address on it's previous VLAN. It seems that the WLC determines the VLAN in the interface group before the DHCP request from the client in case the client already received a DHCP address that has not expired. This can be problematic since we have seen some iPhones requesting an address every 20 minutes thus consuming an address on every subnet in the interface group. Other than setting a lease time extremely low what can be done to address this?
View 1 Replies
View Related
Jan 28, 2013
I am going to creat VLANs very 1st time therefore for test purpose I have following simple scnerio.I have created 2 VLANs , VLAN2 and VLAN3 on Cisco Catalyst 2960 series switch. Ports 1-12 is assigned to VLAN2 and Ports 13-24 are assiged to VLAN3. Now I have configured DHCP on Microsoft Server 2003 defining 2 scopes with following configurations.
Scope 1 for VLAN 2--- Range is 172.16.0.17 to 172.16.0.30 with subnet mask=255.255.255.240 . Server IP address 172.16.0.17
( Note: Address 172.16.0.17 is excluded from dhcp server Scope 1 and give to the MS server itself)
Scope 2 for VLAN 3----Range is 172.16.0.33 to 172.16.0.46 with subnet mask=255.255.255.240 .
Now in Cisco 2960 series switches, under Vlan 2 and Vlan 3, I have following configurations...
interface Vlan2
ip address 172.16.0.30 255.255.255.240
ip helper-address 172.16.0.17
interface Vlan3
ip address 172.16.0.46 255.255.255.240
ip helper-address 172.16.0.17
Now the problem is when i connect a client computer to any port from 1-12, It gets correct IP address from Scope 1 but when I connect a computer to any port from 13-24, it does not get the ip address.
Further I want to do inter VLAN comunication as well for that purpose i Have an ISR 2900 series router. What further configuration i will have to do on router for inter vlan communication.
View 3 Replies
View Related
Jul 30, 2012
How to configure cisco 3560 to force the client only can get ip by dhcp-relay server ?
The company i am working in has 5 vlans which have been set an lay-3 switch(3560), uses the dhcp-relay server .(in svi configuration: ip helper-address X.X.X.X) well , that works ok~
Now , I got my problem: I need to force the client only can get ip by dhcp-relay server, that means if anyone set static IP manunally , he can't really access to anywhere (to provent anyone set static IP with malignancy )
I know if a h3c router , how to set this configuration n svi configuration : dhcp relay security address-check enable )
the how to configure on a cisco 3560 ?
View 1 Replies
View Related
Feb 12, 2013
I am configuring DHCP pool for voice vlan on cisco 2921 router.
Here is the setup.
2921 router -> 3750 -> 2960 PoE -> 7942 IP Phone
Router Config
ip dhcp excluded-address 10.146.54.1 10.146.89.50
!
ip dhcp pool VoiceVlan
network 10.146.54.0 255.255.255.0
subnet prefix-length 24
dns-server 10.144.68.32 10.144.68.33
option 150 ip 10.146.68.36
default-router 10.146.54.1
netbios-name-server 10.144.68.32 10.144.68.33
netbios-node-type h-node
[code]....
View 1 Replies
View Related
May 7, 2013
I am trying to configure interface vlan1 to get an ip address from dhcp by entering the commnad ip address dhcp ios rejects the dhcp portion of my command as not recognised although it is referred to in Cisco manuals.my IOS version is c2950-i6k2l2q4-mz.121-22.EA14.bin.I get the same problem when I try to configure ip http secure-server on the switch. Is this a known bug or whether I have the correct IOS version for these commands?
View 6 Replies
View Related
Feb 23, 2012
Haveing issue with DHCP server handing out IP addresses to client connected to VLAN5 interface.ISP Router>Firewall -(WatchGuard Drop-in mode) I have several 3750 switches and one acting as a L3 switch. The L3 is configured as follow: [code]
If I connect a laptop to int fa1/0/10 I DO NOT get an IP address from the 10.100.0.8 scope. If I connect to another interface within the VLAN 1, I get an address from the 10.100.0.0 range.
View 7 Replies
View Related
May 4, 2012
I am having some issues on my network and i think i have narrowed them down to a single switch.
On this switch the following logs can be seen
2147482407 05-May-2012 15:40:54 Informational %AAA-I-CONNECT: New http connection for user admin, source 10.0.5.135 destination 10.0.5.172 ACCEPTED
2147482431 05-May-2012 09:03:31 Warning %STP-W-PORTSTATUS: g13: STP status Forwarding
2147482432 05-May-2012 09:03:01 Informational %LINK-I-Up: g13
[code]......
All other switches are OK and do not show anything in their logs. I am trying to figure out what could be going wrong. Spanning tree is enabled on all switches. The switch tihs is happening on, ends in the ip 172 and is where all building cables connect to. They also connect to 174. I have attached an image of the infrastructure so you can visually see what i mean.
View 5 Replies
View Related
May 28, 2013
We have a single SGE2010 in layer 3 mode switch with a Server 2008 DHCP server.
We will be implimenting a Voip netowork where the PC's connect to the voip phone. I would like to create another vlan - 10. I have created the vlan and assigned the IP on the swtich.
Routing seems to be working. I can ping both IP addresses of the switch on either vlan.
I cannot get DHCP working. In the SGE switch I have enabled DHCP Relay, enabled option 82, set my DHCP Interface as VLan1, and specified the DHCP servers IP address. On the ports I have set the port where the DHCP server connects to as a trunk port with Vlan 1 untagged and vlan 10 tagged. I have set the ports where the phones connect as a trunk port with vlan1 untagged and vlan 10 tagged.
View 1 Replies
View Related
Oct 16, 2012
I have a setup where - I have a cisco stack (4X SGE2010 Switches) trunking over to a 3COM switch. Both switches believe to be the "ROOT" of the network. Note The 3COM is running RSTP as opposed to the Cisco Stack which is running normal STP. To my understanding of STP - Essentially STP is not functioning! Both switches believe to be the "ROOT" so they don't shut ports down. (We are currently having major issues with ports going up and down for seconds at a time on both switches)
View 3 Replies
View Related
Mar 18, 2013
I can't connect to the console of switch cisco sge2010, I tried several console cables and none worked for me, I followed step by step manuals and nothing.
Also try the web 192.168.1.254 according to the manual but when I connect from the laptop to do ping to the switch doesnt work.
View 3 Replies
View Related
May 4, 2010
I realize this is just a small business switch, basically a rebranded Linksys, but why I'm only getting 200Mbits/s
- 48 port - 10/100/1000 , set to standalone mode
- 3 separate PCs on this switch , all are fast machines with Core 2 duo / plenty of RAM etc...
- all 3 auto-sense 1Gbps connection
I use iperf tool for bandwidth testing and no matter which PC I pick as server, which as client I get about 150 to 250Mbits/s
I am not looking for full 1000 here, but 200 seems rather sad....
- jumbo frames seem to make no difference
- I am using TCP test in iperf , standard no extra flags , 10 seconds, 20 seconds or even 30 seconds all come out the same.
- wiring is shady as some of it is just Cat5 , but when going from one laptop on the switch to another with brand new Cat6 cables I STILL only got 200.
View 2 Replies
View Related
Oct 12, 2012
Our environment consits of 4 cisco SGE2010 switches (stacked). I have implemented STP BPDUGUARD and Portfast on all client ports (suspected a loop). And our uplink to the Server DMZ recieves almost all of it's BPDU packets back(is that normal?) The issues lies where we have random ports dropping out - across all stacks for seconds at a time. We get errors/warning such as,Pinging between the DMZ network appears to be fine. Pinging from the client/switch network show packets being dropped quite frequently.All devices are on VLAN1 (I've have researched this and this could be the cause of the issue)
View 12 Replies
View Related
Nov 11, 2012
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
15,11/09/12,09:52:27,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:28,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:29,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
[code]....
View 6 Replies
View Related
Jan 10, 2012
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Mar 31, 2013
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
View 4 Replies
View Related
Apr 3, 2012
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
View 1 Replies
View Related
Sep 16, 2012
I have a 3750G switch in my production network that only has VLAN 1 on it. All ports are in a default state and VLAN 1 is disabled. The switch is passing traffic but shouldn't having the default VLAN shut down cause the ports not to pass traffic? If I start to create VLANs will that cause the switch to stop passing traffic?
View 4 Replies
View Related
Jun 13, 2011
I am trying to setup a L2tpv3 VLAN-to-VLAN tunnel.My setup has two Cisco 890 router with Cisco IOS Software version 15.0(1) M4. These routers are connected directly on FastEthernet port 8.
One linux machine is connected on FastEthernet port 0 on each router. The two linux machines are on same vlan. I am trying to establish a vlan-to-vlan tunnel between the routers and send traffic between the linux machines.
I followed the case study 11.4 from [URL] and configured the l2tp-class and pseudowire-class. However, the vlan interface configuration is different on 890 router.
I configured a vlan interface as follows.
(config)#vlan 200
(config)# interface FastEthernet 0
#shutdown
#switchport access vlan 200
(config)# interface vlan 200
I don't see the 'xconnect' command in this context. What's wrong with my configuration?
View 3 Replies
View Related
Nov 20, 2012
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
View 2 Replies
View Related
Apr 21, 2013
Do the problem caused by the modems itself or it just sign of faulty Ethernet switch (using 20 port Allied Telesis ethernet switch).
Sometimes I cannot connect to internet due to "unidentified network" buy i can resolve this problem by restarting my modem + switch.
View 4 Replies
View Related
