SG300-20 - Configure DHCP on VLAN interface
I have been reading the various related discussions on the SG300 and SG500 switches regarding setting up VLAN's and DHCP on those VLAN's. For whatever reason I have been unable to even get this simple task to work.
First thing I did was to update my firmware and boot version as follows:
SW version 1.3.7.18 ( date 12-Jan-2014 time 18:02:59 )
Boot version 1.3.5.06 ( date 21-Jul-2013 time 15:12:10 )
HW version V02
When I reloaded the SG300 after the SW/Boot updates the startup config was wiped out and I had to setup my switch from scratch. The intent is to have two VLAN's:
VLAN 1: all devices, servers, etc.
VLAN 2: basic subnet that hands out DHCP addresses
The SG300-20 is connected to an Asus RT-AC66U router on the 192.168.1.x subnet and provides internal network access and WiFi access (router IP address is 192.168.1.1 and is default gateway). All that works with no issues. So my task is simply to create VLAN 2 on 192.168.2.x subnet and use DHCP to allocate addresses. I have spent many hours on this and I still can't get it to work. When I connect a laptop to the port (GI8) assigned to VLAN 2, I end up getting some wonky 169.254.x.x address. I certainly thought something this "easy" wouldn't be that hard to setup, but apparently I was wrong.
The SG300 is running in L3 mode as shown in my running-config below.
Does anyone happen to see something that might be preventing my laptop client from recieving IP addresses from the VLAN 2 DHCP interface that are not in the 192.168.2.x subnet?
Any ideas / suggestions would be greatly appreciated!
Here's my running-config:
config-file-header
MYSTICSW1
v1.3.7.18 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname MYSTICSW1
logging host 192.168.1.15
logging origin-id hostname
username cisco password encrypted b4a0fcf20b2cd9d80a55b06ab8f83277f9733904 privilege 15
snmp-server location Office
clock timezone " " -5
clock summer-time web recurring usa
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 192.168.1.10 poll
interface vlan 1
ip address 192.168.1.254 255.255.255.0
no ip address dhcp
interface vlan 2
name MysticWAN
ip address 192.168.2.254 255.255.255.0
interface gigabitethernet8
switchport mode access
switchport access vlan 2
exit
ip default-gateway 192.168.1.1
Thanks in advance!
Clint Lambert
Tom,
Thanks ... I followed the steps you outlined and it worked! The only difference being that I have an Asus RT-AC66U router and the there is no "enable multiple subnet" option. So, I just followed your instructions on creating the static routes in the RT-AC66U and everything worked. The DHCP addresses were correct and I had internet connectivity when I plugged a laptop into the gi8 port.
I did make one tweak to the Network Pools screen as follows:
My DHCP configuration for gi8 on VLAN 2 now looks like:
ip dhcp server
ip dhcp pool network InternalWAN
address low 192.168.2.1 high 192.168.2.99 255.255.255.0
lease infinite
domain-name MYSTIC
default-router 192.168.2.254
dns-server 8.8.8.8
Previously I had followed your advice in the article "Need help configuring SG300-10 switch" and had setup everything using CLI. However, I didn't think about needing the static routes. So, I think it was probably setup correctly beforehand but had no chance to work because the routes were not setup.
Thanks very much for your help!
Clint
Similar Messages
-
Do anyone knows if DHCP can be configure on VLAN?
Hello and good evening,
You create a DHCP scope on a 3560 just like any other IOS DHCP configs ...here is a sample config:
interface vlan 1
ip add 1.1.1.1 255.255.255.0
interface vlan 2
ip address 2.2.2.1 255.255.255.0
ip dhcp excluded-address 1.1.1.1 1.1.1.10
ip dhcp excluded-address 2.2.2.1 2.2.2.10
ip dhcp pool vlan1
network 1.1.1.0 255.255.255.0
domain-name cisco.com
dns-server 4.4.4.2 4.4.4.1
default-router 1.1.1.1
lease 3
ip dhcp pool vlan2
network 2.2.2.0 255.255.255.0
domain-name cisco.com
dns-server 4.4.4.2 4.4.4.1
default-router 2.2.2.1
lease 3
Here is the link for configuring IOS DHCP services:
http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_svr_cfg_ps6441_TSD_Products_Configuration_Guide_Chapter.html
Your proposed design is a good one, and you have obviously done your homework! A nice design!
I would say however, that this community is really more for Cisco Small Business products and your question is in reference to a Cisco traditional products. I believe you will have a better experience by posting your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main
That forum has subject matter experts on Cisco traditional products that may be able to answer your question.
HTH,
Andrew Lee Lissitz -
Catalyst 2912 additional Vlan interface won't come out of "shutdown"
I've got an old 2912 and I'm currently converting this network over from using the dafault Vlan1 as the administrative Vlan. I've configured an additional Vlan interface but when I do a no shut on the interface it will not come up. Any idea what's going on? I haven't worked on a 2912 in years.
interface VLAN1
ip address 169.2.128.226 255.255.255.192
no ip directed-broadcast
no ip route-cache
interface VLAN299
description MGMT
ip address 10.227.95.136 255.255.255.128
no ip directed-broadcast
no ip route-cache
shutdownOK, I'll answer my own question. I found the answer in some 2912 documentation. "Only one management vlan can be administratively active at a time".
-
WLC - 4402/4 - Vlan Interface Addressing
I currently have 7 WLCs with the same Vlan interfaces defined across all 7 controllers. Does anyone know the best practice for addressing these interfaces on each of the WLCs. I currently have each unique Vlan interface assigned with the same IP address across all 7 WLCs. This is working. Should I leave it this way or should I assign each controller with a different address for the Vlan interface?
The controllers, assuming you have it configured as such, act as dhcp relay agents. Presumably, if the router got the wrong mac address in its arp entry, the dhcp message would be lost.
Clients could have taken a while before getting a dhcp addr (race condition for router arp entry) and not been able to work if dhcp was required.
That said, I've seen the controllers work with the dhcp server set to 255.255.255.255 so the ip helper addresses on the routers would pick up the requests. -
I am settting up DHCP snooping for the first time on an 3750. My DHCP server resides on another switch. The 3750 is connected through a Gig SFP fiber to a 3550 with DHCP relay.
Is the following config correct? The client will not get a dhcp with the option 82 enabled.
(config)#ip dhcp snooping
(config)#ip dhcp snooping vlan 2-200
(config)#no ip dhcp snooping info option
!The client will not get an ip with
!this option enabled.
! trusted interface connected to the 3550
(config)#int gi1/0/4
(config-if)#ip dhcp trust
! untrusted interface
(config-if)#ip dhcp limit rate 100
(config)#ip dhcp snooping database flash:/database1
(config)#ip dhcp snooping database timeout 30
(config)#ip dhcp snooping database write-delay 30Have you enabled option 82 on your DHCP server? Also, on your DHCP relay switch, configure the following under the VLAN interface in question and see if it makes any difference.
Example:
c3550-A(config)#int vlan 1
c3550-A(config-if)#ip dhcp relay information trusted ? -
Cannot Assign IP to a vlan interface SG-300 28MP
hI all a very simple configurations ... bought 10 smb sg-300 28mp switches . every thing goes fine in vlan configuration, port assigning .. but when I try to assign ip to one of the created vlan interface switch hangs GUI or CLI. Layer 3 is enabled. regards
Configure as below
Login to CLI:
switch(config):int vlan 1
switch(int-config):ip address 192.168.1.254 255.255.255.0
switch(int-config):no ip dhcp relay enable
switch(config):do wr
switch(config):int vlan 2 -----------------------> New vlan
switch(int-config):ip address 192.168.2.xx 255.255.255.0
switch(int-config):no ip dhcp relay enable
switch(config):do wr -
ASA 5505 Unable to assign ip to DMZ vlan interface
hi all,
I have ASA 5505 with base license.
I created 3rd vlan on it.it was created.
but i am unable to assign IP to it.
i assign ip address it takes it.
But when i do sh int ip brief it does not show any ip.
ciscoasa# sh int ip brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset administratively down down
Ethernet0/4 unassigned YES unset administratively down down
Ethernet0/5 unassigned YES unset administratively down down
Ethernet0/6 unassigned YES unset administratively down down
Ethernet0/7 unassigned YES unset administratively down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan1 192.168.1.1 YES CONFIG up up
Vlan2 192.168.11.2 YES CONFIG up up
Vlan3 unassigned YES manual up up*************************************************************
Virtual0 127.0.0.1 YES unset up up
ciscoasa# config t
ciscoasa(config)# int vlan 3
ciscoasa(config-if)# ip ad
ciscoasa(config-if)# ip address 192.168.12.2 255.255.255.0
ciscoasa(config-if)# end
ciscoasa# wr mem
Building configuration...
Cryptochecksum: 808baaba ced2a226 07cfb41f 9f6ec4f8
4608 bytes copied in 1.630 secs (4608 bytes/sec)
[OK]
ciscoasa# sh int ip brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset administratively down down
Ethernet0/4 unassigned YES unset administratively down down
Ethernet0/5 unassigned YES unset administratively down down
Ethernet0/6 unassigned YES unset administratively down down
Ethernet0/7 unassigned YES unset administratively down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan1 192.168.1.1 YES CONFIG up up
Vlan2 192.168.11.2 YES CONFIG up up
Vlan3 unassigned YES manual up up
Virtual0 127.0.0.1 YES unset up up
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(9)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 days 17 hours
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0 : address is 001d.a24d.ed0e, irq 11
1: Ext: Ethernet0/0 : address is 001d.a24d.ed06, irq 255
2: Ext: Ethernet0/1 : address is 001d.a24d.ed07, irq 255
3: Ext: Ethernet0/2 : address is 001d.a24d.ed08, irq 255
4: Ext: Ethernet0/3 : address is 001d.a24d.ed09, irq 255
5: Ext: Ethernet0/4 : address is 001d.a24d.ed0a, irq 255
6: Ext: Ethernet0/5 : address is 001d.a24d.ed0b, irq 255
7: Ext: Ethernet0/6 : address is 001d.a24d.ed0c, irq 255
8: Ext: Ethernet0/7 : address is 001d.a24d.ed0d, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
<--- More --->
Need to know does this License support IP to 3rd vlan ?
Thanks
MaheshHi Julio,
I tried to config namef if but here is result
ciscoasa# sh run int vlan 3
interface Vlan3
description DMZ to 3550 New Switch
no nameif
security-level 50
ip address 192.168.12.2 255.255.255.0
ciscoasa# config t
ciscoasa(config)# int vlan 3
ciscoasa(config-if)# name
ciscoasa(config-if)# namei
ciscoasa(config-if)# nameif DMZ
ERROR: This license does not allow configuring more than 2 interfaces with
nameif and without a "no forward" command on this interface or on 1 interface(s)
with nameif already configured. -
Configuring ssid and vlans on autonomous access point ?
here is an a demonstration of how to configure vlans and ssid on a auto-ap , what i dont understand is when i configure the ssid under (interface dot11radio0) and the vlan under that command , why do i need to configure sub-interfaces for the "fastethernet" and the "dot11radio0" if i already configured it under the "interface dot11radio0" , why do i need the "encapsulation dotq x" ? and what is bridge-group ?
If you want to use multiple SSID with multiple vlan, then you have to configure subinterfaces on Radio interfaces (in both Radio 0 & Radio 1 if you want to use both 2.4GHz & 5GHz band) & Ethernet interfaces.
AP simply bridge wireless traffic to wired interface using these sub-interfaces. To specify which radio sub-interface traffic to map to ethernet sub-interface, a Bridge-Group number (1-255) is used.
Bridge-Group 1 always used for native vlan traffic & usually used for AP management.
HTH
Rasika
**** Pls rate all useful responses **** -
How to see if an ip helper-address is configured on a VLAN
Hi - I'm not exactly new to networking but this question will likely say otherwise :)
I'm trying to figure out the command to show the running-config of a VLAN. The goal is to see if an ip helper-address has been configured on a VLAN.
This is both for a Cisco 6509 and Nexus 5k.
I simply don't know all the commands for VLANs so I can't get this info presented to me.
Thank You in advanceThanks for the prompt reply! Still no bueno though.
On the 6509 I get the following:
6509#show ip interface vlan xxx
^
% Invalid input detected at '^' marker.
On the Nexus 5K I can't complete the command, stops down at show ip interface with the following listed as ? after interface:
5K# show ip interface ?
<CR>
> Redirect it to a file
>> Redirect it to a file in append mode
A.B.C.D Display interface for local IP address
brief Display summary of IP interface status and configuration
ethernet Ethernet IEEE 802.3z
loopback Loopback interface
mgmt Management interface
operational Display only interfaces that are administratively enabled
port-channel Port Channel interface
vrf Display per-VRF information
| Pipe command output to filter -
Best practice configure DHCP server NAC
hi all,
any idea how the best practice deploy dhcp on cas? i tired follow user guide configure dhcp on cas but still cannot running smoothly user just only grep ip authenticate.
- CCA agent very slow appear when user get ip dhcp on authenticate.any idea ?
- how to integrated profiler with nac appliance .?Hi ahmed,
You have configured your CAS to be your DHCP server, Thats well and good because you are using Real IP mode, Which Supports the CAS to be a DHCP server.
Remember
This Setting is only For your Authentication VLAN that your client gets an ip While Authentication ok.
When your Client switches to Access VLAN , your client trafiic no longer flows through the CAS so CAS is now not responsible for DHCP.
You'll have to configure another DHCP on the Trusted Side which can Lease IPs to the Acess VLAN Members.
As you have configured OOB then your client is in Acess VLAN and does not come in contact with the CAS so you need the Trusted side DHCP to give the Client an IP address.
Here in your Scenario your ACCESS VLANS are 2022,2044
Hope this helps, Do reply after Testing.
Thank You
Regards
Edward -
Could I use "vlan interface" as a tunnel source of DMVPN ?
I have a router R2811 with a 9 port FE Switch module(HWIC-D-9ESW).
Could I use vlan interface as a tunnel source when configuring DMVPN ?
The vlan ports is on the 9 port FE Switch module.
Because it's used now in production,I can't try it.Hello.
I think there is no restriction on software routers like 2811.
PS: using loopback could be a better idea. -
Netflow on 6509 in Native Mode from Vlan Interface
I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
Or could it be that MLS is not configured except for a couple commands:
mls netflow interface
mls cef error action reset
netflow setup:
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 10.31.101.1 (Vlan52)
Destination(1) 10.30.2.196 (2055)
Version 5 flow records
14927339 flows exported in 615072 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
0 export packets were dropped due to Card not being able to export
interface:
interface Vlan52
description AN.VDI.stu
ip address 10.31.101.1 255.255.255.0
ip helper-address 10.31.149.200
no ip redirects
ip flow ingress
ip flow egress
ip pim neighbor-filter 98
ip pim sparse-dense-mode
ip cgmpEnabling MLS was the fix.
mls netflow interface
mls flow ip interface-full
mls nde sender version 5
mls cef error action reset -
Ok, I thought I had the reason for the VLAN interface command down. I thought it was either used for switch management or routing between VLANS? However, now I realized that some communication wont work with out this command which doesnt make sense. If I have a VLAN, then the switch will only switch packets to ports on the same VLAN. The only way, communication would work between VLANS is if I either enabled routing between VLANs with the VLAN Interface command, connected the switch to another multi-layer switch that did do routing between VLANS, or connected the switch to a router which routed between the VLANs.
However, I just got this new 3550 switch in, configured the correct ports with the assigned VLANs, and the only way my cisco ip phone would work is if the VLAN Interface for my voice-ip VLAN was configured. The 3550 is connected to a 4507. Now, can someone tell my why this is? You shouldnt have to configure the VLAN Interface, right?(unless I wanted to route between VLANs, which could be done by the 4507)Sounds to me like you either dont have the dot1q trunk interface between your 4506 and 3550 working properly, or your 3550 is running the enhanced image which allows routing.
It would be nice to see your config on both the 3550 and the 4500 to determine the reason. Just a stab at how it should be configured is that on your 4506, you have it running VTP server or transparent with the defined Data and Voice Vlan's. You have a port configured for trunking (which connects to the 3550). On your 3550, you have configured it as a vtp client or transparent and have verified that it has received (or if transparent VTP you have configured) the appropriate VLAN's. You than specified "interface VLAN #" or whatever number for switch management and configured the port that connects to the 4500 as a trunk. Your port connected to the port has the auxillary or voice vlan configured. If this is how your equipment is configured and it still does not work, than look for the line "ip routing" in your 3550 and negate it with "no ip routing".
If still no worky worky, post your config.
Cheers, -
ACE - Query VLAN Interfaces Status
Hi,
I am wondering what the status of the query vlan interface means in the command 'show ft peer detail':
Query Vlan IF State : UP, Manual validation - please ping peer
I am pretty sure that I did not see this status when I configured query vlan last time. Current version is A2(2.3).
Unfortunately this status does not seem to be documented anywhere on CCO.
I appreciate any help!
Thanks,
DanielHi Daniel,
The FT Query VLAN interface is an optional, yet very good, feature to be used when using redundant ACE modules or appliances. Without it, if the FT VLAN was to go down, the standby ACE will no longer receive FT heartbeats from the active ACE and therefore take the active role. However, if the active ACE is still running fine in the active role, then you don't want the standby ACE to take over as active because that will put them into an active/active scenario, which may lead to connectivity issues.
This is where the FT Query VLAN interface comes in. If the FT VLAN goes down, the standby ACE will notice this, but before taking the active role, it will ping it's peer IP address configured on the interface that is designated as the FT Query VLAN. If the ping is successful, then it will stay in the standby role, thereby saving you some headaches.
The status that you are seeing is the ACE's way of telling you that the interface is UP, but if you want to know if it can successfully ping the peer IP address, then you would have to manually ping the peer IP address from the CLI. The ACE does not periodically check the ping connectivity through any automatic mechanism. The automatic mechanism is only triggered by the FT VLAN going down.
Does this help?
Sean -
Failed to get DHCP response on interface "Marking interface dirty"
Dears
i have WLC 5508 showing the below Logs , which prevent the users from connecting to the SSIDs , also its disconnecting the associted users
DHCP Socket Task: Jul 11 09:54:08.992: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'interface-02'. Marking interface dirty.
*mmListen: Jul 11 09:54:08.638: %MM-3-INVALID_PKT_RECVD: mm_listen.c:7671 Received an invalid packet from 10.21.1.25. Source member:0.0.0.0. source member unknown.
it shows 3 to 4 times durring 1 hour ,
any idea about the problem , and what exactly Dirty interface means ??looks like you could be using interface group.
(WLC) >show interface group detailed
Interface marked with * indicates DHCP dirty interface.
whenever the existing interface goes dirty does the client tries the next available interface for dhcp.
The idea of Interface Groups is that you can have a WLAN utilize multiple interfaces/VLANs/Subnets/DHCP Pools, either for load balancing. At its heart it is purely round robin or based on hash generated using mac address(it depends on the wlc code), but should a client connect in on a certain interface and not be able to complete the DHCP process we mark it as dirty for 30 minutes. During those 30 minutes we basically remove that Interface from the Interface Group as it won't be selected for use.
Maybe you are looking for
-
Server side validation for file type with cffil sent via cfmail problem
Hello; I have a small app that I need to allow users to be able to use a form, and send me and email with a file attachment. I have it working nicely, I included file manipulation into the validation process of the form and required form fields. The
-
How to get external ip in adobe air app (as3 script)
hey guy i am so sry if i am asking a repeated question but i could not fine any result i am creating a 2-player game by usinig socket in air (flash builder ide) and as u know one of the player need to connect to other one bye useing his external ip,
-
Invoke super class constructor of super class' parent class
I would like to invoke a constructor of a super class that is the parent of the direct super class. For instance: class C extends class B, and class B extends class A. From class C, is it possible to invoke class A's constructor without first invokin
-
Illustrator CS6 crashes/freezes on Startup
am having severe Problems with my Illustrator. Whenever I started it by clicking on the icon, it said that it is unable to set the maximum amount of files that can be opened. So I downloaded the launchAI.command (http://helpx.adobe.com/illustrator/kb
-
Listing logical database for a given application component
hi which function module will return the logical database for a given application component from the SAP hierarchy. Example: Input- application component- LO output- MSM, etc., Thank you. your time and answers will be compensated with points.