Switch doesn't pass DHCP traffic- Clients behind 2960 switch can't get an IP address.

router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
in CCNA & CCENT
Folks,


I am trying to implement a DHCP server so that it can lease out IP address to the client in two subnets.
First subnet is 192.168.20.x
Second subnet is 192.168.30.x

Both these subnets are connected to Gig interfaces of a router, DHCP server is on 192.168.30.x network. DHCP works fine on 192.168.30.x as there are no vlans.

192.168.20.x is an issue, DHCP traffic doesn't seem to pass through the switch1.


Here I have a vlan created on a switch1 which doesn't seem to be able to pass the DHCP traffic which results in the clients behind the switch1 unable to acquire an IP address.

Router Config:
Building configuration...


Current configuration : 1648 bytes
!
version 15.1
service timestamps log datetime msec
service timestamps debug datetime msec
service password-encryption
!
hostname dhcprelay
!
login on-failure trap
login on-success log
!
!
enable password 7 0829454A0D1C0B464058
!
ip dhcp relay information trust-all
!
!
!
ip dhcp pool new
ip dhcp pool 123
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX15242S4X
!
!
!
lldp run
!
!
!
!
!
!
!
ip ftp username cisco
ip ftp password router
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1000
encapsulation dot1Q 1000 native
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.30.1
!
interface GigabitEthernet0/1
description "DHCP_Pool_Side"
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.30.1
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
!
banner login ^C THIS IS THE DHCP RELAY ROUTER $ PLEASE BE CAUTIOUS WHEN CHANGING ANY CONFIG ^C
banner motd ^C WELCOME TO THE DHCP RELAY ROUTER, DO NOT CHANGE ANY CONFIGS ^C
!
!
!
snmp-server community ROUTERCOM RW
snmp-server community router RW
!
logging trap debugging
logging 192.168.30.1
line con 0
!
line aux 0
!
line vty 0 4
session-limit 7
password 7 0829454A0D1C0B464058
logging synchronous
login
line vty 5 15
session-limit 7
password 7 0829454A0D1C0B464058
logging synchronous
login
!
!
ntp authentication-key 741852 md5 0876181F514C57 7
ntp server 192.168.30.1 key 0
ntp update-calendar
!
end

******************************************************************

Switch 1 Config

Building configuration...


Current configuration : 3864 bytes
!
version 12.2
service timestamps log datetime msec
service timestamps debug datetime msec
service password-encryption
!
hostname LANswitch
!
enable password 7 0829454A0D1C0B464058
!
ip dhcp relay information trust-all
!
!
!
ip ssh version 1
ip domain-name route.com
ip name-server 192.168.30.1
!
ip dhcp snooping
!
lldp run
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/2
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/21
switchport trunk native vlan 1000
!
interface FastEthernet0/22
switchport trunk native vlan 1000
!
interface FastEthernet0/23
switchport trunk native vlan 1000
!
interface FastEthernet0/24
switchport trunk native vlan 1000
!
interface GigabitEthernet0/1
switchport trunk native vlan 1000
switchport trunk allowed vlan 1000
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan1000
description Native
mac-address 0060.5c5a.de01
ip address 192.168.20.2 255.255.255.0
ip helper-address 192.168.30.1
!
ip default-gateway 192.168.20.254
!
banner motd ^C THIS IS THE LAN SWITCH, DO NOT CHANGE ANY CONFIGURATION ON THIS SWITCH AS IT MAY CAUSE OUTAGES. CHANGES TO CONFIGURATION ARE ALLOWED AFTER AN APPROVAL IS OBTAINED^C
logging trap debugging
logging 192.168.30.1
!
!
snmp-server community switches RW
!
line con 0
!
line vty 0 4
exec-timeout 0 0
password 7 0829454A0D1C0B464058
login
privilege level 0
line vty 5 15
exec-timeout 0 0
password 7 0829454A0D1C0B464058
login
privilege level 0
!
!
!
end





Attached DHCP server config and architecture.
· Share on FacebookShare on Twitter

Comments

  • hodgey87hodgey87 Member Posts: 232
    What troubleshooting have you done so far? How far along the network can the PC get?
    · Share on FacebookShare on Twitter
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    What is your scope setup on your dhcp server? Maybe change it to 192.168.20.x thru .30.x?

    OR

    enable DHCP relay agent, if your layer 3 device supports that
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    I connected a sniffer to one of the ports on the switch1 and saw that the DHCP request was getting to it.
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    shochan wrote: »
    What is your scope setup on your dhcp server? Maybe change it to 192.168.20.x thru .30.x?

    OR

    enable DHCP relay agent, if your layer 3 device supports that



    Where do I change the scope on DHCP server? Can you please take a look at the attachment.
    · Share on FacebookShare on Twitter
  • Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    Can the pc on vlan 1000 ping the DHCP server? I don't see any route statements. Also since the DHCP server is connected to switch0 you should show that config as well.
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    PC has not received any IP address so it can't ping the DHCP server.
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    Switch 0 config



    Building configuration...


    Current configuration : 2568 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname Switch
    !
    !
    !
    !
    !
    spanning-tree mode pvst
    !
    interface FastEthernet0/1
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/2
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/3
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/4
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/5
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/6
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/7
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/8
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/9
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/10
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/11
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/12
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/13
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/14
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/15
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/17
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/18
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/19
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/20
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/21
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/22
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/23
    switchport access vlan 1000
    switchport mode access
    !
    interface FastEthernet0/24
    switchport access vlan 1000
    switchport mode access
    !
    interface GigabitEthernet0/1
    switchport access vlan 1000
    switchport trunk native vlan 1000
    switchport mode trunk
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan1000
    mac-address 0001.c988.1a01
    ip address 192.168.30.2 255.255.255.0
    !
    ip default-gateway 192.168.30.254
    !
    !
    !
    !
    · Share on FacebookShare on Twitter
  • Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    How about if you manually set an IP on the PC within the subnet but outside the range? Can you ping it then?
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    I tried manually setting an IP on the PC but it was within the range, let me try what you said above.
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    dmarcisco wrote: »
    How about if you manually set an IP on the PC within the subnet but outside the range? Can you ping it then?



    I was able to ping the DHCP server when I manually set an IP address on the PC. I gave it an IP address of 192.168.20.100
    · Share on FacebookShare on Twitter
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    router_switch wrote: »
    Where do I change the scope on DHCP server? Can you please take a look at the attachment.

    Is your dhcp server running a windows server, this is what I am more familiar with?
    from the looks of it, this is a cisco dhcp server (according to your screenshot).

    DHCP - Configuring the Cisco IOS DHCP Relay Agent  [Support] - Cisco Systems
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
    · Share on FacebookShare on Twitter
  • DCDDCD Member Posts: 475 ■■■■□□□□□□
    You need to take off the vlan's on switch0. Also can you post you PT file? Last thing move the server over to other switch and see if it give out a IP address for the 20 network. I don't think debug ip dhcp works on PT.
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    DCD wrote: »
    You need to take off the vlan's on switch0. Also can you post you PT file? Last thing move the server over to other switch and see if it give out a IP address for the 20 network. I don't think debug ip dhcp works on PT.


    Thanks for the reply, it works when there are no Vlans on siwtch0 but the problem started after I added a vlan. Is there a reason that this doesn't work with a Vlan?

    I will attach the PT file.
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    Wasn't able to add the zip file, keeps giving me the following error

    " Invalid file"
    · Share on FacebookShare on Twitter
  • CertifiedMonkeyCertifiedMonkey Member Posts: 172 ■■□□□□□□□□
    Try attaching just the .pka file only.
    · Share on FacebookShare on Twitter
  • DCDDCD Member Posts: 475 ■■■■□□□□□□
    You have to use a link to Dropbox or Gdrive to share the file. Also remove the switchport trunk native vlan 1000 from the LANswitch access ports don't need it.
    · Share on FacebookShare on Twitter
  • Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    Ok are you sure from the pc that you manually added the ip address within the 192.168.20.0 subnet can you ping the switch 192.168.30.2 and the dhcp server 192.168.30.1

    Your config is all over the place but I see you are trying different topics so I gave it a whirl and dropped it in gns3 since you said you could ping even though visually it doesn't seem like it should work.
    After applying your configuration I certainly could not ping from switch 1 (192.168.20.2) to switch 0 (192.168.30.2).





    !Router --YOUR CONFIG


    interface GigabitEthernet0/0.1000
    encapsulation dot1Q 1000 native
    ip address 192.168.20.254 255.255.255.0
    ip helper-address 192.168.30.1
    !
    Switch 1
    !
    interface GigabitEthernet0/1
    switchport trunk native vlan 1000
    switchport trunk allowed vlan 1000
    switchport mode trunk


    ip default-gateway 192.168.20.254
    Router --CHANGES


    ! Subinterface would only be configured when you're setting up Router on a stick to communicate between 2 vlans on the same switch
    !Since you have an IP address on vlan 20 that is an Switched Virtual Interface so there is no need for that, i left the ROAS example
    just so you see how a subinterface is configured


    interface GigabitEthernet0/0.1000
    encapsulation dot1q 1000
    ip address 192.168.20.254 255.255.255.0
    ip helper-address 192.168.30.1
    !
    !Remove the trunking to the router since router on a stick is not configured and set it as an access port
    !configure the port as an access port


    Switch1


    interface GigabitEthernet0/1
    switchport trunk encap dot1q
    switchport mode trunk
    switchport trunk allowed vlan 1000


    !
    !remove defaut-gateway since that command would only be used to have the switch accessible via telnet/ssh
    no ip default-gateway 192.168.20.254
    replace with a default route to the gateway for that subnet
    ip route 0.0.0.0 0.0.0.0 198.168.20.254



    Router ---YOUR CONFIG
    interface GigabitEthernet0/1
    description "DHCP_Pool_Side"
    ip address 192.168.30.254 255.255.255.0
    ip helper-address 192.168.30.1
    !


    Switch 0
    interface GigabitEthernet0/1
    switchport access vlan 1000
    switchport trunk native vlan 1000
    switchport mode trunk
    !


    ip default-gateway 192.168.30.254
    Router -CHANGES


    !This is fine as is


    interface GigabitEthernet0/1
    description "DHCP_Pool_Side"
    ip address 192.168.30.254 255.255.255.0
    ip helper-address 192.168.30.1
    !
    !
    Switch0
    !
    !You do not configure an access and trunk on the same interface its either one or the other


    interface GigabitEthernet0/1
    switchport mode trunk
    switchport access vlan 1000
    !
    !remove defaut-gateway since that command would only be used to have the switch accessible via telnet/ssh


    no ip default-gateway 192.168.20.254
    replace with a default route to the gateway for that subnet


    ip route 0.0.0.0 0.0.0.0 198.168.20.254

    Try to ping the DHCP SERVER from the pc on subnet 192.168.20.0/24.
    If it pings it should work. Also, if you are having a hard time configuring the DHCP server on packet tracer you can easily configure a router as a dhcp server

    quick example
    On DHCP ROUTER:
    int g0/0
    ip add 192.168.30.1 255.255.255.0
    no shut
    !
    ip dhcp exclusion-list 192.168.20.1 192.168.20.10
    !
    ip dhcp pool TEST
    network 192.168.20.0 255.255.255.0
    default-router 192.168.30.254
    !
    ip route 0.0.0.0 0.0.0.0 192.168.30.254
    · Share on FacebookShare on Twitter
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    You'll need to get the physical port on the router to be running both VLANs (subnets). This is basically router-on-a-stick.
    2017 Certification Goals:
    CCNP R/S
    · Share on FacebookShare on Twitter
  • router_switchrouter_switch Member Posts: 47 ■■□□□□□□□□
    Thanks for your time, appreciate it.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.