Hi All,
Thank you in advance for reading and thank you very very much if you can assist.
Just wondering if anyone would be able to assist with my problem on a Cisco c870-advsecurityk9-mz.124-15.T13.bin.
We had a Cisco tech configure the following and now his nowhere to be found:
* 2 VLAN2
* BVI for the wireless and VLAN1
* Server 2008 DHCP on VLAN1 (should be anyways)
* Cisco DHCP for VLAN2
The problem is that the DHCP which should be bound to VLAN2 is passing to VLAN1 and causes the server DHCP to shutdown and assigns all new users to the VLAN2 DHCP.
Here are the snippets I am assuming would be important:
* No DHCP Pool allocated to VLAN1
ip dhcp pool VLAN2
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 61.*** 61.***
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Vlan2
no ip address
ip tcp adjust-mss 1452
bridge-group 2
!
interface BVI1
ip address 192.168.19.1 255.255.255.0
ip access-group VLAN1 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface BVI2
ip address 192.168.20.1 255.255.255.0
ip access-group VLAN2 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip access-list extended VLAN1
permit udp any any eq bootpc
permit udp any any eq bootps
permit ip 192.168.19.0 0.0.0.255 any
ip access-list extended VLAN2
permit udp any any eq bootps
permit udp any any eq bootpc
permit tcp any any established
permit udp any any eq domain
deny ip 192.168.20.0 0.0.0.255 192.168.19.0 0.0.0.255
permit udp 192.168.20.0 0.0.0.255 any eq domain
permit tcp 192.168.20.0 0.0.0.255 any eq domain
permit tcp 192.168.20.0 0.0.0.255 any eq www
permit tcp 192.168.20.0 0.0.0.255 any eq 443
permit tcp 192.168.20.0 0.0.0.255 any eq smtp
permit tcp 192.168.20.0 0.0.0.255 any eq ftp
How do I stop the DHCP from interfering within VLAN1 and passing the DHCP requests as its driving us nuts at the moment?
Thank you in advance for reading and thank you very very much if you can assist.
Just wondering if anyone would be able to assist with my problem on a Cisco c870-advsecurityk9-mz.124-15.T13.bin.
We had a Cisco tech configure the following and now his nowhere to be found:
* 2 VLAN2
* BVI for the wireless and VLAN1
* Server 2008 DHCP on VLAN1 (should be anyways)
* Cisco DHCP for VLAN2
The problem is that the DHCP which should be bound to VLAN2 is passing to VLAN1 and causes the server DHCP to shutdown and assigns all new users to the VLAN2 DHCP.
Here are the snippets I am assuming would be important:
* No DHCP Pool allocated to VLAN1
ip dhcp pool VLAN2
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 61.*** 61.***
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Vlan2
no ip address
ip tcp adjust-mss 1452
bridge-group 2
!
interface BVI1
ip address 192.168.19.1 255.255.255.0
ip access-group VLAN1 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface BVI2
ip address 192.168.20.1 255.255.255.0
ip access-group VLAN2 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip access-list extended VLAN1
permit udp any any eq bootpc
permit udp any any eq bootps
permit ip 192.168.19.0 0.0.0.255 any
ip access-list extended VLAN2
permit udp any any eq bootps
permit udp any any eq bootpc
permit tcp any any established
permit udp any any eq domain
deny ip 192.168.20.0 0.0.0.255 192.168.19.0 0.0.0.255
permit udp 192.168.20.0 0.0.0.255 any eq domain
permit tcp 192.168.20.0 0.0.0.255 any eq domain
permit tcp 192.168.20.0 0.0.0.255 any eq www
permit tcp 192.168.20.0 0.0.0.255 any eq 443
permit tcp 192.168.20.0 0.0.0.255 any eq smtp
permit tcp 192.168.20.0 0.0.0.255 any eq ftp
How do I stop the DHCP from interfering within VLAN1 and passing the DHCP requests as its driving us nuts at the moment?