I have configured a vlan interface on a 3750 switch. there is aprox 4Mb active traffic flowing through the interface, but when I do a "show interface vlan (vlanid)" the output show zero bits in and zero bits out. Its a typical L3 config with one IP on the vllan interface acting as the gateway for the VLAN devices. Is this a normal behaviur ? and if so is there any way to get the traffic in/out stats. The end PC/devices are connected to this switch via an L2 TRUNK and I dont have access to the L2 switch on which the actual devices connect. so cant get the real time stats of those interfaces.
how can I show the DHCP-range of a router if I don't have privilege level? (not in enable-mode),I can do a "show ip dhcp pool" - this will show me the range which is configured with the network-command.But there are also some dhcp-exclude-addresses which I can't see.... (I did a test on a router with full privilege-access)I need this because I have a router with limited access from our provider.
We have a number of 4507s. Most are managed via VLAN 1 address. All have multiple VLANS for traffic control. When I do a show ARP or show IP ARP the command only shows VLAN 1 info. No entries for any of the other VLANS on the switch.
I have a really weired thing happening on 6509 device with one of my customers.The device has a SUP 2 (MSFC2) with version 12.2.18SXF17B.
any VLAN interface once administratively down or simply down shows on "show interface status" output as VLAN.While it supposed to show "Routed". However once the port is up it is shows "routed" like it should.
I have setup this firewall with a NAT, everything seem fine. I try pinging from my external translate IP to the internal IP address, on the ASDM Log i can see the traffic built and teardown but on the PC i used to execute the ping it will show timeout. My configuration as belows:
I have 2 Media Bridges, a Trendnet TEW-640MB and TrendNet TEW-680MB. Both are set as a Static IP on the devices 192.168.1.150 and 192.168.1.151. In the DHCP table for my E4200 I don't see those. I have no problem accessing them typing in those IP addresses but wondering why they don't show up in the table.Actually looking at it more closely, the devices hooked up that are active seem to show up.So I see the following below. And where is list LAN but no name those seem to be devices connected to the media bridges.
i am having an annoying issue with my wrt400n and my foscam FI8918W. in the dhcp reservation tab, the wrt400n doesn't show the foscam anywhere in the tab. it shows all laptops, cell phones, nases, etc. if i use the cisco connect software it does show it in the network map. i can probably add it manually via the gui. is this something normal or security cams not considered devices?
I was checking out the config on my ASA and noticed a bunch of static routes configured when I did a show route. With the exception of two that I expect to be there, the remainder point traffic destined for specific internal hosts to the outside interface, i.e.
S private_ip 255.255.255.255 [1/0] via public_ip, outside
I verified that I cannot ping those hosts from the firewall. I logged in to the ASDM. When I check the Configuration>Device Setup>Routing>Static Routes it only shows two static routes, the ones I expect to see. If I look under Monitoring>Routing>Routes, I see the same output as I did on the CLI. I looked around to see if I was missing a key location for this information, and I was able to see the same static routes output in Monitoring>Routing>Routes. Since this is under monitoring though there's no way to delete these routes, and I still don't know where they were configured originally. Then I happened to check under Monitoring>VPN>VPN Statistics>Sessions, and I see several of the private IPs used in the static routes being used by VPN users, including my own! I know I didn't assign myself a static IP for VPN use or anything like that. So, what are these static IP routes? Why do I see them in the CLI and not under the Configuration tab? I mean, I know I can delete them from the CLI but I'm trying to figure out why the info is not synced. Am I seeing dynamically created content based on the VPN connections?
Do the problem caused by the modems itself or it just sign of faulty Ethernet switch (using 20 port Allied Telesis ethernet switch). Sometimes I cannot connect to internet due to "unidentified network" buy i can resolve this problem by restarting my modem + switch.
I have a firewall that I want acting as a DHCP relay. This firewall has a number of VLAN interfaces serving clients. The DHCP relay destination is the IP address of a Windows 2012 Server running Microsoft DHCP which has multiple scopes configured, one for each client VLAN.What I'm finding confusing is how the DHCP will identify the client. Does the DHCP relay insert an identifier of some sort (opt. 54?) based on which VLAN the DHCPREQUEST comes from and then this identifier can be configured to be recognized on the DHCP server?
I have a 2620 Cisco Router plugged into a 2924 Cisco switch by a trunk.The vlan configuration works, I subdivide my router interface with dot1q and have virtual machines on different vlans and everything works perfectly.The problem comes with a DHCP request.Let's say that I have my local lan on the native VLAN 1. I create a VLAN 25 in the switch and create a fa0/0.25 in the router.In the switch, I plug the cable modem from my ISP in a port on vlan 25In the router, I go to fa0/0.25 and issue "ip address dhcp".The DHCP request goes out, but never comes back. The problem seems to be in the switch because if I try the same thing with a virtual machine I have on a trunked VMWare ESXi server, I get the exact same results. I just don't get the IP address from the ISP.The next step would be to monitor the port on which the cable modem is connected and sniff the packets to see if the DHCP request actually gets back through.
We have a server that we remove from the rack. The only role it has is to give out DHCP on the wireless network. I tried enabling the built in DHCP server on the Airespace 4112, though a Catalyst 3750G, but I dont get an address when I'm connected to the wireless network even though the range is enabled. If I set an static IP on my wireless card I can access the network. I also tried enabling DHCP on a Sonicwall that is connected to the Catalyst 3750G.
Do I need to link the DHCP scope to the wireless network? Is there anything on the switch that would be blocking DCHP since it on a VLAN? I have the last four ports in a VLAN for the AP's and the internet connection to the Sonciwall.
I have a Cisco RV220W router (firmware version 184.108.40.206).
I would like to have two separate networks with the following specifications:
Netwrork1: address range for the network is 192.168.0.1-254. All devices should be able to reach eachother within this network and connect to the internet either on LAN or through Wifi. From this network I should also be able to reach the device management page of the router. Also the devices should get the ip addresses throgh DHCP.
Network2: address range for the network is 192.168.5.1-254. All devices within this network should not be able to reach the devices in network1. All devices on this network should reach the internet through Wifi only. Device management page should not be available on this network. I have configured the router as shown in the attached screenshots but the problem is that in Network2, devices get IPs from the 192.168.0.1-254 range and not from the 192.168.5.1-254 range. Also there is no internet on these either.
I have just upgraded our WLC from 4.0 to 7.0 (via 4.2). Before the upgrade we had our ACS returning a VLAN based on user group. This seemed to be working without an issue. Now that the WLC is on version 7 this is no longer working correctly. The ACS is returning a VLAN and passing the user but the client can not get an IP from the DHCP server configured.
PN-CSC-----CSCVlan: Works PN-Others------OthersVlan: Works
PN-Others-----CSCVlan: No DHCP
When users are trying to be allocated to a vlan that is different from the native one the DHCP fails however both WLANs are configured to point to the management interface so dont have any real connection to the vlan other than by name.
Have there been any changes I haven't seen in the way the dynamic vlan allocation works in version 7?
I have Multiwan router with 1 port WAN and 4 DHCP Cable modem connected to SF 300-8. I want to connect 4 modem via VLAN through switch. I define Vlan2,3,4,5 on router also in Switch. port 1 on the router as trunk and the other port 2,3,4,5 as Vlan2,3,4,5 with VLAN mode Access. I tag port 1 on every VLAN also Untagged for each port. I having problem when I check the status from multiwan router. all IP address is the same (duplicate). what I want is each VLAN has own DHCP Address. Is that any miss configuration ?
I am seeing a problem with our Cisco 300 switches. We use these switches as access switches, with a stacked 3750-G at the core, two 2960-S at the distribution layer, and about 10 300 Series switches at the access layer (10 port and 28 ports, all PoE).
We use Voice VLAN (VLAN 14) for our Mitel phones – there is a DHCP server on the Mitel system. Phones come up, get tagged VLAN 14 (LLDP), Traffic flows (including Broadcast for DHCP etc…). The system works, and has worked for months.
One day, suddenly, I find that all the Mitel phones on a particular access switch are not working. I look on the Mitel system and the lease on DHCP has expired, and the phone is stuck on renewing its DHCP IP address. I run port mirroring on the switch for VLAN 14 to see what is happening. The phones are stuck on DHCP discover, and I see the DHCP Discover broadcast packets on the switch but nothing else, no DHCP offer packets – hence the phone stuck at boot cycle.
I then do a port mirror from another access switch (that is currently working) – I can see the broadcast packets from the Mitel phones on the broken switch, but on this switch I can also see the DHCP offer packets from the Mitel system. I run two port mirrors simultaneous from the two switches (one working, one not) and I can see that the DHCP offer packets are not coming through to the broken switch. Panic ensues – I look at the distribution layer and there is no problem what so ever.
For some strange reason, the Cisco 300 28 port has stopped passing DHCP broadcast packets on a particular VLAN, even though they are being sent. I power cycle the switch – and hey presto, DHCP offer packets are coming through, and the phones get an IP address and boot properly.
Forward a couple of weeks later, and to today. I have another phone that is showing the same symptoms, luckily it is the only phone on this particular Cisco 300 28 port. The same issue is occurring as described above. I gather as much diagnostic information I can then reboot the switch – but still no joy. I then remember that this switch is not directly attached to the distribution layer and instead gets trunked to another Cisco 300 28 port. I give that a reboot and 5 minutes later, DHCP broadcast offers are passing and the phone boots.
I am listing this problem as not just a ‘one off’ now, and is recurring. It has happened to two of my 300 28 port switches.
All Switches running 220.127.116.11. No link to up time – first instance of the problem, switch was up for 14 days – second instance (another switch) uptime of 39 days LLDP is working fine on the switches, as is Voice-VLAN (Port is tagged and broadcasts out DHCP Discover which is seen by other devices throughout network) Nothing in the log file on the access switch Nothing on the Dist/Core regarding STP – Spanning tree set up is fine throughout.
WiSM WLAN Service Module WS-SVC-WISM-1-K9 in 6509e running VSS IOs s72033-ipservicesk9_wan-mz.122-33.SXI2a.bin having trouble to get the IP from service-vlan DHCP.The pertinent config is as follows.
! vlan 300 name WiSM_Service_Vlan !interface Vlan300 description *** WiSM Service-Vlan ip address 192.168.200.1 255.255.255.0
The service IP is supposed to have been populated with an address from the dhcp pool. I am also unable to connect to it by doing a session switch 1 slot 4 processor 1. I get the following upon attempting to do so:
HO2NET0001##session switch 1 slot 4 proc 1
The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 0.0.0.0 ...
I have a Cisco SG 300 28 port switch that I have set in Layer 3 mode. I set up a second VLAN on it (vlan 4). I also set up the scope for DHCP on a Windows server for both VLAN's. The problem I am having, is that VLAN 4 is not pulling DHCP at all. The DHCP server is connected to port 1 on the switch, and the specifics are as follows:
My network is set up such that I have a Wireless Network in VLAN 1, which is the primary network that we use. The subnet is 10.5.1.x.
My goal is to set up a completely isolated Guest Wireless Network, however it would work best. What I am trying to do now is I created a seperate VLAN (VLAN 2, IP range 10.5.2.x) and turned on DHCP on the WRVS4400N. However, in the Guest Network, it is always picking up a 10.5.1.x IP which is handed out by the DHCP server (10.5.1.5, Win 2003) and still routing all of the traffic to/from our private network.
Here's What I have set:
Wireless>Security Settings>Guest Network (SSID 2) Wireless Isolation (between SSID w/o VLAN): EnabledWireless Isolation (within SSID): EnabledSetup>LAN>VLAN 1 Router IP 10.5.1.1, WLAN IP 10.5.1.3DHCP Relay for 10.5.1.5Setup>LAN>VLAN 2 Router IP 10.5.2.1DHCP Enabled for 10.5.2.x subnetDHCP Relay option is grayed out (not sure why)Setup>Advanced Routing Inter-VLAN Routing: Disabled Any way to solve this would be fine. I just do not want traffic routing through our internal network. Ideally, if I could get the Windows server to hand out 10.5.2.x addresses, that would be perfect, but I'm not sure how to configure it for such.
Stumped again with my Catalyst 2950. Everything is working perfectly with wan/dhcp/router on fa 0/1 with all ports assigned to vlan1. All devices plugged in connect to the router correctly with ip's being assigned via dhcp.Instead of hooking up by console port I want to be able to SSH or telnet in to the switch using any port while still maintaining the above functionallity. Is it possible to assign a dhcp assigned ip address to vlan 2 and have vlan1 and 2 bridged? Or is there a better way of doing this ?
We assign (reserve by MAC actually) static IPs to all of our devices. Over time we have gotten rid of some devices but haven't begun (or finished really) re-using the old IPs. On our WRVS4400N v2 routers we are able to set the max number of DHCP users per Vlan. This prevents unauthorized devices trying to connect to our LAN.For example. I set the range from 192.168.1.100 - 192.168.1.103. IPs 100, 101, and 103 are in use (reserved via MAC address). We set max number of DHCP users to 3. This prevents someone from gaining access to 192.168.1.102. Does this make sense? Or at least this was the initial goal and it tested out successfully back when we implemented it.
How can I do the same for with the RV220W? I can set the range, assign static IPs (reserve IPs by MAC address), but can't keep others from gaining accessing to our LAN via the unused IPs (not assigned a static IP).My initial thought was to create static IPs (for the unused IPs) using dummy MAC addresses. I'm sure there is a much better way of accomplishing what I am trying to do.
Local DHCP (via the 5508) is for the guest network while the management and voice use the Windows DHCP server.
My problem, Voice and guest work fine. I have two SSID's (one 802.1X and the other PSK) that use the management interface that will not get an IP. I have enabled dhcp proxy from the cli on the controller. I tried with the management VLAN tagged and untagged.
The 5508 is running code 18.104.22.168. I have created a group interface for 3 subnets and assigned the group to the WLAN. Clients are getting IP addresses in a round robin fashion. The issue or downside to this is if the lease has not expired before the next time the station connects to the WLAN it consumes an address on another subnet instead of grabbing the unexpired lease IP address on it's previous VLAN. It seems that the WLC determines the VLAN in the interface group before the DHCP request from the client in case the client already received a DHCP address that has not expired. This can be problematic since we have seen some iPhones requesting an address every 20 minutes thus consuming an address on every subnet in the interface group. Other than setting a lease time extremely low what can be done to address this?
I'm trying to set up a new Cisco SF500-24P switch for our new Polycom IP phones but I'm having some trouble configuring them. It seems a fairly basic setup - We have a Cisco 2800 series router which is configured in a router-on-a-stick scenario to give DHCP addresses to two vlans, '1' for data and '20' for voice...
ip dhcp pool DHCPROUTER network 10.10.0.0 255.255.255.0 default-router 10.10.0.1 dns-server 10.20.124.200 10.20.124.201
The switch worked practically straight out of the box- when I connected a PC or a phone into it they both got addresses in the 10.10.0.0 range and both worked fine. In the web interface I then set the Voice VLAN ID as 20 and as soon as I did this the phones can no longer get addresses from DHCP (although PCs can). The switch and the phone display both show that the phone is in VLAN 20. All ports are members of VLAN1(native, untagged) and VLAN 20 (tagged) and the port connecting to the router is trunked, as are the others.Also, I can ping 172.16.0.1 from the switch so there is no routing problem, although I did try using the switch as a DHCP relay to 172.16.0.1 but still no luck.I'm not sure how relevant this is but one thing I noticed is that data going to the router untagged (and therefore in VLAN 1) gets through but if I tag it with VLAN 1 then it doesn't.
I got some problem with enabling dhcp snooping on 4500 (cat4500e-lanbasek9-mz.122-54.SG.bin) the topology is as below: dhcp snooping enabled only on CORE (with interface trusted to dhcp server)the problem is that I put these 2 commands
ip dhcp snooping ip dhcp snooping vlan 1
but it is not enabled on any vlan
SW-CORE#sh ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: none DHCP snooping is operational on following VLANs:
On B1 if I turn it on there is a "1" in the section " DHCP snooping is configured on following VLANs:" but on core no.As you can see I did put the trusted on the interface in the direction to the dhcp.First I thought it can be a problem with option 82, I've read a lot about the issues with that, but the problem would be explicable if the client did receive IP address, but it does.
1 Cisco switch stack (SGE2010) in L3 mode, 2 Vlans.
Vlan 1 = 192.168.0.253/24, untagged on all ports except 14/15 Vlan 2 = 192.168.22.1/24, untagged on port 14 and 15 SGE2010 default route 0.0.0.0/0 next hop 192.168.0.1 (Checkpoint UTM) DHCP Relay enabled DHCP server set to 192.168.0.16 DHCP interface set to Vlan2
Expanding the ICMP entry, it appears that the destination is the pc client since it shows a Dell mac address, and the source is the Checkpoint UTM (Sofaware).
I can ping and tracert from the Checkpoint to my static IP on Vlan 2. The same goes for the DHCP server to/from Vlan2, so I am confused as to why the routing is failing. I have tried adding Port Fast to the stack ports, but nothing changes.
We have a Cisco Aironet 1130AG Wireless AP (firmware 12.4) and have a guest wireless network (internet only) and corporate wireless network configured on it. They are kept separate by having different VLANs assigned to them. When a laptop connects to the guest network I see the DHCP request go out and it is tagged with the correct VLAN. The problem is when a laptop connects to the corporate network I see the DHCP request go out but there is no VLAN tagged on the packets. This causes a problem because both of our DHCP servers (on VLAN 1 and 3, remote DHCP servers no DHCP running on the Aironet [Doesn't seem like this version has a DHCP server]) are sending responses and sometimes the corporate user will get an IP address on the Guest subnet.
Our corporate network is setup on VLAN 1 which is configured as the Native VLAN on the Aironet. Will this cause the Aironet not to tag these packets with any VLAN information? Any other thoughts as to why it isn’t tagging these packets to a VLAN?