Switch doesn't pass DHCP traffic- Clients behind 2960 switch can't get an IP address.

Folks,

I am trying to implement a DHCP server so that it can lease out IP address to the client in two subnets.
First subnet is 192.168.20.x
Second subnet is 192.168.30.x

Both these subnets are connected to Gig interfaces of a router, DHCP server is on 192.168.30.x network. DHCP works fine on 192.168.30.x as there are no vlans.

192.168.20.x is an issue, DHCP traffic doesn't seem to pass through the switch1.

Here I have a vlan created on a switch1 which doesn't seem to be able to pass the DHCP traffic which results in the clients behind the switch1 unable to acquire an IP address.

Router Config:
Building configuration...

Current configuration : 1648 bytes
!
version 15.1
service timestamps log datetime msec
service timestamps debug datetime msec
service password-encryption
!
hostname dhcprelay
!
login on-failure trap
login on-success log
!
!
enable password 7 0829454A0D1C0B464058
!
ip dhcp relay information trust-all
!
!
!
ip dhcp pool new
ip dhcp pool 123
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX15242S4X
!
!
!
lldp run
!
!
!
!
!
!
!
ip ftp username cisco
ip ftp password router
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1000
encapsulation dot1Q 1000 native
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.30.1
!
interface GigabitEthernet0/1
description "DHCP_Pool_Side"
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.30.1
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
!
banner login ^C THIS IS THE DHCP RELAY ROUTER $ PLEASE BE CAUTIOUS WHEN CHANGING ANY CONFIG ^C
banner motd ^C WELCOME TO THE DHCP RELAY ROUTER, DO NOT CHANGE ANY CONFIGS ^C
!
!
!
snmp-server community ROUTERCOM RW
snmp-server community router RW
!
logging trap debugging
logging 192.168.30.1
line con 0
!
line aux 0
!
line vty 0 4
session-limit 7
password 7 0829454A0D1C0B464058
logging synchronous
login
line vty 5 15
session-limit 7
password 7 0829454A0D1C0B464058
logging synchronous
login
!
!
ntp authentication-key 741852 md5 0876181F514C57 7
ntp server 192.168.30.1 key 0
ntp update-calendar
!
end

******************************************************************

Switch 1 Config

Building configuration...

Current configuration : 3864 bytes
!
version 12.2
service timestamps log datetime msec
service timestamps debug datetime msec
service password-encryption
!
hostname LANswitch
!
enable password 7 0829454A0D1C0B464058
!
ip dhcp relay information trust-all
!
!
!
ip ssh version 1
ip domain-name route.com
ip name-server 192.168.30.1
!
ip dhcp snooping
!
lldp run
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/2
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode access
!
interface FastEthernet0/21
switchport trunk native vlan 1000
!
interface FastEthernet0/22
switchport trunk native vlan 1000
!
interface FastEthernet0/23
switchport trunk native vlan 1000
!
interface FastEthernet0/24
switchport trunk native vlan 1000
!
interface GigabitEthernet0/1
switchport trunk native vlan 1000
switchport trunk allowed vlan 1000
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan1000
description Native
mac-address 0060.5c5a.de01
ip address 192.168.20.2 255.255.255.0
ip helper-address 192.168.30.1
!
ip default-gateway 192.168.20.254
!
banner motd ^C THIS IS THE LAN SWITCH, DO NOT CHANGE ANY CONFIGURATION ON THIS SWITCH AS IT MAY CAUSE OUTAGES. CHANGES TO CONFIGURATION ARE ALLOWED AFTER AN APPROVAL IS OBTAINED^C
logging trap debugging
logging 192.168.30.1
!
!
snmp-server community switches RW
!
line con 0
!
line vty 0 4
exec-timeout 0 0
password 7 0829454A0D1C0B464058
login
privilege level 0
line vty 5 15
exec-timeout 0 0
password 7 0829454A0D1C0B464058
login
privilege level 0
!
!
!
end

Attached DHCP server config and architecture.

DHCP_vlan.jpg

DHCP_server_config.jpg

Find more posts tagged with

Comments

hodgey87

What troubleshooting have you done so far? How far along the network can the PC get?

shochan

What is your scope setup on your dhcp server? Maybe change it to 192.168.20.x thru .30.x?

OR

enable DHCP relay agent, if your layer 3 device supports that

router_switch

I connected a sniffer to one of the ports on the switch1 and saw that the DHCP request was getting to it.

router_switch

shochan wrote: »

What is your scope setup on your dhcp server? Maybe change it to 192.168.20.x thru .30.x?

OR

enable DHCP relay agent, if your layer 3 device supports that

Where do I change the scope on DHCP server? Can you please take a look at the attachment.

Legacy User

Can the pc on vlan 1000 ping the DHCP server? I don't see any route statements. Also since the DHCP server is connected to switch0 you should show that config as well.

router_switch

PC has not received any IP address so it can't ping the DHCP server.

router_switch

Switch 0 config

Building configuration...

Current configuration : 2568 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 1000
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan1000
mac-address 0001.c988.1a01
ip address 192.168.30.2 255.255.255.0
!
ip default-gateway 192.168.30.254
!
!
!
!

Legacy User

How about if you manually set an IP on the PC within the subnet but outside the range? Can you ping it then?

router_switch

I tried manually setting an IP on the PC but it was within the range, let me try what you said above.

router_switch

dmarcisco wrote: »

How about if you manually set an IP on the PC within the subnet but outside the range? Can you ping it then?

I was able to ping the DHCP server when I manually set an IP address on the PC. I gave it an IP address of 192.168.20.100

shochan

router_switch wrote: »

Where do I change the scope on DHCP server? Can you please take a look at the attachment.

Is your dhcp server running a windows server, this is what I am more familiar with?
from the looks of it, this is a cisco dhcp server (according to your screenshot).

DHCP - Configuring the Cisco IOS DHCP Relay Agent [Support] - Cisco Systems

DCD

You need to take off the vlan's on switch0. Also can you post you PT file? Last thing move the server over to other switch and see if it give out a IP address for the 20 network. I don't think debug ip dhcp works on PT.

router_switch

DCD wrote: »

You need to take off the vlan's on switch0. Also can you post you PT file? Last thing move the server over to other switch and see if it give out a IP address for the 20 network. I don't think debug ip dhcp works on PT.

Thanks for the reply, it works when there are no Vlans on siwtch0 but the problem started after I added a vlan. Is there a reason that this doesn't work with a Vlan?

I will attach the PT file.

router_switch

Wasn't able to add the zip file, keeps giving me the following error

" Invalid file"

CertifiedMonkey

Try attaching just the .pka file only.

DCD

You have to use a link to Dropbox or Gdrive to share the file. Also remove the switchport trunk native vlan 1000 from the LANswitch access ports don't need it.

Legacy User

Ok are you sure from the pc that you manually added the ip address within the 192.168.20.0 subnet can you ping the switch 192.168.30.2 and the dhcp server 192.168.30.1

Your config is all over the place but I see you are trying different topics so I gave it a whirl and dropped it in gns3 since you said you could ping even though visually it doesn't seem like it should work.
After applying your configuration I certainly could not ping from switch 1 (192.168.20.2) to switch 0 (192.168.30.2).

!Router --YOUR CONFIG

interface GigabitEthernet0/0.1000
encapsulation dot1Q 1000 native
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.30.1
!
Switch 1
!
interface GigabitEthernet0/1
switchport trunk native vlan 1000
switchport trunk allowed vlan 1000
switchport mode trunk

ip default-gateway 192.168.20.254

Router --CHANGES

! Subinterface would only be configured when you're setting up Router on a stick to communicate between 2 vlans on the same switch
!Since you have an IP address on vlan 20 that is an Switched Virtual Interface so there is no need for that, i left the ROAS example
just so you see how a subinterface is configured

interface GigabitEthernet0/0.1000
encapsulation dot1q 1000
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.30.1
!
!Remove the trunking to the router since router on a stick is not configured and set it as an access port
!configure the port as an access port

Switch1

interface GigabitEthernet0/1
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allowed vlan 1000

!
!remove defaut-gateway since that command would only be used to have the switch accessible via telnet/ssh
no ip default-gateway 192.168.20.254
replace with a default route to the gateway for that subnet
ip route 0.0.0.0 0.0.0.0 198.168.20.254

Router ---YOUR CONFIG
interface GigabitEthernet0/1
description "DHCP_Pool_Side"
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.30.1
!

Switch 0
interface GigabitEthernet0/1
switchport access vlan 1000
switchport trunk native vlan 1000
switchport mode trunk
!

ip default-gateway 192.168.30.254

Router -CHANGES

!This is fine as is

interface GigabitEthernet0/1
description "DHCP_Pool_Side"
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.30.1
!
!
Switch0
!
!You do not configure an access and trunk on the same interface its either one or the other

interface GigabitEthernet0/1
switchport mode trunk
switchport access vlan 1000
!
!remove defaut-gateway since that command would only be used to have the switch accessible via telnet/ssh

no ip default-gateway 192.168.20.254
replace with a default route to the gateway for that subnet

ip route 0.0.0.0 0.0.0.0 198.168.20.254

Try to ping the DHCP SERVER from the pc on subnet 192.168.20.0/24.
If it pings it should work. Also, if you are having a hard time configuring the DHCP server on packet tracer you can easily configure a router as a dhcp server

quick example
On DHCP ROUTER:
int g0/0
ip add 192.168.30.1 255.255.255.0
no shut
!
ip dhcp exclusion-list 192.168.20.1 192.168.20.10
!
ip dhcp pool TEST
network 192.168.20.0 255.255.255.0
default-router 192.168.30.254
!
ip route 0.0.0.0 0.0.0.0 192.168.30.254

Capture.jpg

MAC_Addy

You'll need to get the physical port on the router to be running both VLANs (subnets). This is basically router-on-a-stick.

router_switch

Thanks for your time, appreciate it.