DHCP Vlan

[orionpex]

Hi all,


I have an issue, and need some assistance with solving it. I am attempting to use a Vlan as for public DHCP via my ISP.

I have multiple IP's from ISP and would like use that VLAN as sort of a dump switch per say. For better understanding here is my setup.


I created Vlan6 on my 3550.
I added fastE ports 0/44 through 0/48 to that Vlan.
I then plugged port fastE 0/48 to the my cable modem.
I then plugged four devices that I wish to pull public DHCP IP's to fastE's 0/44 through 0/47.


I configured vlan6 as "ip address DHCP"


Now I'm not sure if there are any other configs that I would need to add.

Please assist.

 

[VinceWhirlwind]

You made those interfaces "Untagged" in VLAN6?

Are you sure the cable modem is configured to not terminate the connection to the ISP itself?

 

[orionpex]

Not sure what you mean by "UNTAGGED". But I am only using the one VLAN and have not created a trunk of any kind. I'm mainly trying to pull DHCP address through that VLAN.


As far as the the terminating connection to the ISP can you elaborate on what you mean.

 

[imbadatthis]

if im reading this correctly then yeah that SHOULD work. the c3550 doesn't do NAT but you are saying that your ISP is providing you with a block of publicly routed IP addresses.

so as long as you have:

switchport mode access
switchport access vlan 6

as your minimum code that should work fine.
You might want to look into setting up at least an IPS of some sort if you dont have any though. at least some access-lists defining what kind of traffic is allowed in / out.

cheers,


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[baddos]

If they are sending you dhcp, you probably need to add a default route from it if you want it to do routing as well.

ip route 0.0.0.0 0.0.0.0 dhcp

 

[orionpex]

imbadatthis, yes I do have an isp and am being provided multiple IP's. I do have the minimum config as identified, however I am unable to pull an IP on any the devices I plug into any of the ports under the vlan. I pasted a copy of my config below, I am able to get it to work on any port outside of the vlan.

Here is my config
##################

3550.SW#
3550.SW#sh run int vlan 6
Building configuration...

Current configuration : 40 bytes
!
interface Vlan6
ip address dhcp <<<<<<<<<<<--------------does not work with or without this option.
end

3550.SW#
3550.SW#sh run int fastEthernet 0/44
Building configuration...

Current configuration : 94 bytes
!
interface FastEthernet0/44
switchport access vlan 6
switchport mode access
shutdown
end

3550.SW#sh run int fastEthernet 0/45
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/45
switchport access vlan 6
switchport mode access
end

3550.SW#sh run int fastEthernet 0/46
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/46
switchport access vlan 6
switchport mode access
end

3550.SW#sh run int fastEthernet 0/47
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/47
switchport access vlan 6
switchport mode access
end

3550.SW#sh run int fastEthernet 0/48
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/48
switchport access vlan 6
switchport mode access
end

3550.SW#
###################################

 

[VinceWhirlwind]

1/ Show us the switch interfaces' config

2/ How is the connection to the ISP established (authentication)?

 

[orionpex]

The switch interface configs are sow before your post via my last post. also the connection to the ISP is through the cable modem, which basically works like this.

A request goes out to the ISP's DHCP server via the cable modem and once and an IP is assigned. previously I had my wireless plugged directly to the cable modem and it pulled an IP fine. Also I as able to pull an IP when I configured one of the fastE's not in a vlan as shown below. What I am trying to do is use the ports in the vlan like a dumb switch/hub.


I was able to pull an IP via this port on the switch with the following config. however I would like to have the devices pull IP's from the ISP through the port.

####################################


3550.SW#sh run int fastEthernet 0/48
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/11
no switchport
ip address DHCP
end

 

[imbadatthis]

Im assuming your devices are connected directly to ports 45-47 and are setup as DHCP clients correct?( im not saying 44 because that one shows to be in shutdown state) .

when u do a sh ip int bri does it show vlan 6 as up / up?



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[orionpex]

Yes that is correct those are the assigned ports and the devices are configured for DHCP addressing.

And yes vlan6 does show as up up.

 

[VinceWhirlwind]

Are you sure DHCP is the first thing that happens when you connect to your ISP? I would expect them to want to authenticate the connection attempt before handing out an IP address.

 

[orionpex]

Well, I would say then that the authentication would involve the cable modem and not any edge device i connect to it. I identified earlier that my wireless pulled an IP without issue, and I can do the same with any port on the 3550 that does not belong to a vlan.

 

[imbadatthis]

the only thing i can think of is that you added ip address dhcp to interface vlan 6 before you performed a no shut and before you added a memeber to said vlan.

cisco admits that sometimes dhcp request does not get sent if that happens.

do this :

int vlan 6
shut down

do not assume that its shut down until the switch tells you it is

then do a 'no shut' that should generate a proper dhcp request for your vlan interface.

C3550(config-if)#
*Apr 16 04:30:23.348: %LINK-5-CHANGED: Interface Vlan23, changed state to administratively down
*Apr 16 04:30:24.348: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan23, changed state to down
C3550(config-if)#no shut
C3550(config-if)#
*Apr 16 04:30:29.512: %LINK-3-UPDOWN: Interface Vlan23, changed state to up
*Apr 16 04:30:30.512: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan23, changed state to up
C3550(config-if)#
*Apr 16 04:30:30.588: %DHCP-6-ADDRESS_ASSIGN: Interface Vlan23 assigned DHCP address 10.254.23.3, mask 255.255.255.0, hostname c3550

Current configuration : 56 bytes
!
interface Vlan23
 ip address dhcp hostname c3550
end
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES NVRAM  up                    up
Vlan6                  unassigned      YES unset  down                  down
Vlan23                 10.254.23.3     YES DHCP   up                    up

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[orionpex]

Ok I started everything from scratch, and have the config show as below. I did as you stated but still no DHCP allocation. To test it properly and make sure it was not an issue wit my cable/ISP, I plugged the 3550 into my wireless with the following config to see if it will pull an IP. It was unsuccessful, and also noticed the item below the config shown after debugging DHCP.

Current configuration : 72 bytes
!
interface Vlan6
 ip dhcp client client-id Vlan6
 ip address dhcp
end

3550.SW#
3550.SW#s run int fast 0/48
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/48
 switchport access vlan 6
 switchport mode access
end

Debug output after config setup.

3d20h: RAC: DHCP stopped on interface Vlan6
3d20h: %LINK-5-CHANGED: Interface Vlan6, changed state to administratively down
3d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan6, changed state to down
3550.SW#
3d20h: DHCP: DHCP client process started: 10
3d20h: RAC: Starting DHCP discover on Vlan6
3d20h: DHCP: Try 1 to acquire address for Vlan6
3d20h: DHCP: allocate request
3d20h: DHCP: new entry. add to queue
3d20h: DHCP: SDiscover attempt # 1 for entry:
3d20h: Temp IP addr: 0.0.0.0  for peer on Interface: Vlan6
3d20h: Temp  sub net mask: 0.0.0.0
3d20h:    DHCP Lease server: 0.0.0.0, state: 1 Selecting
3d20h:    DHCP transaction id: 22BE
3d20h:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs
3d20h:    Next timer fires after: 00:00:03
3d20h:    Retry count: 1   Client-ID: 000a.f41a.3d00
3d20h:    Client-ID hex dump: 000AF41A3D00
3d20h:    Hostname: 3550.SW
3d20h: DHCP: SDiscover: sending 287 byte length DHCP packet
3d20h: DHCP: SDiscover 287 bytes 
3d20h:             B'cast on Vlan6 interface from 0.0.0.0
3d20h: %LINK-3-UPDOWN: Interface Vlan6, changed state to up
3d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan6, changed state to up
3d20h: DHCP: SDiscover attempt # 2 for entry:
3d20h: Temp IP addr: 0.0.0.0  for peer on Interface: Vlan6
3d20h: Temp  sub net mask: 0.0.0.0
3d20h:    DHCP Lease server: 0.0.0.0, state: 1 Selecting
3d20h:    DHCP transaction id: 22BE
3d20h:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs
3d20h:    Next timer fires after: 00:00:03
3d20h:    Retry count: 2   Client-ID: 000a.f41a.3d00
3d20h:    Client-ID hex dump: 000AF41A3D00
3d20h:    Hostname: 3550.SW
3d20h: DHCP: SDiscover: sending 287 byte length DHCP packet
3d20h: DHCP: SDiscover 287 bytes 
3d20h:             B'cast on Vlan6 interface from 0.0.0.0
3d20h: DHCP: SDiscover attempt # 3 for entry:
3d20h: Temp IP addr: 0.0.0.0  for peer on Interface: Vlan6
3d20h: Temp  sub net mask: 0.0.0.0
3d20h:    DHCP Lease server: 0.0.0.0, state: 1 Selecting
3d20h:    DHCP transaction id: 22BE
3d20h:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs
3d20h:    Next timer fires after: 00:00:03
3d20h:    Retry count: 3   Client-ID: 000a.f41a.3d00
3d20h:    Client-ID hex dump: 000AF41A3D00
3d20h:    Hostname: 3550.SW
3d20h: DHCP: SDiscover: sending 287 byte length DHCP packet
3d20h: DHCP: SDiscover 287 bytes 
3d20h:             B'cast on Vlan6 interface from 0.0.0.0
3d20h: DHCP: QScan: Timed out Selecting state%Unknown DHCP problem.. No allocation possible
3d20h: DHCP: Waiting for 5 seconds on interface Vlan6
3d20h: DHCP: Try 2 to acquire address for Vlan6
3d20h: DHCP: allocate request
3d20h: DHCP: zapping entry in DHC_PURGING state for Vl6
3d20h: DHCP: new entry. add to queue
3d20h: DHCP: SDiscover attempt # 1 for entry:
3d20h: Temp IP addr: 0.0.0.0  for peer on Interface: Vlan6
3d20h: Temp  sub net mask: 0.0.0.0
3d20h:    DHCP Lease server: 0.0.0.0, state: 1 Selecting
3d20h:    DHCP transaction id: 22BF
3d20h:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs
3d20h:    Next timer fires after: 00:00:03
3d20h:    Retry count: 1   Client-ID: 000a.f41a.3d00
3d20h:    Client-ID hex dump: 000AF41A3D00
3d20h:    Hostname: 3550.SW
3d20h: DHCP: SDiscover: sending 287 byte length DHCP packet
3d20h: DHCP: SDiscover 287 bytes 
3d20h:             B'cast on Vlan6 interface from 0.0.0.0
3d20h: DHCP: SDiscover attempt # 2 for entry:
3d20h: Temp IP addr: 0.0.0.0  for peer on Interface: Vlan6
3d20h: Temp  sub net mask: 0.0.0.0
3d20h:    DHCP Lease server: 0.0.0.0, state: 1 Selecting
3d20h:    DHCP transaction id: 22BF
3d20h:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs
3d20h:    Next timer fires after: 00:00:03
3d20h:    Retry count: 2   Client-ID: 000a.f41a.3d00
3d20h:    Client-ID hex dump: 000AF41A3D00
3d20h:    Hostname: 3550.SW
3d20h: DHCP: SDiscover: sending 287 byte length DHCP packet
3d20h: DHCP: SDiscover 287 bytes 
3d20h:             B'cast on Vlan6 interface from 0.0.0.0
3d20h: DHCP: SDiscover attempt # 3 for entry:
3d20h: Temp IP addr: 0.0.0.0  for peer on Interface: Vlan6
3d20h: Temp  sub net mask: 0.0.0.0
3d20h:    DHCP Lease server: 0.0.0.0, state: 1 Selecting
3d20h:    DHCP transaction id: 22BF
3d20h:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs
3d20h:    Next timer fires after: 00:00:03
3d20h:    Retry count: 3   Client-ID: 000a.f41a.3d00
3d20h:    Client-ID hex dump: 000AF41A3D00
3d20h:    Hostname: 3550.SW
3d20h: DHCP: SDiscover: sending 287 byte length DHCP packet
3d20h: DHCP: SDiscover 287 bytes 
3d20h:             B'cast on Vlan6 interface from 0.0.0.0
3d20h: DHCP: QScan: Timed out Selecting state%Unknown DHCP problem.. No allocation possible
3d20h: DHCP: Waiting for 10 seconds on interface Vlan6

 

[imbadatthis]

can you post your full config please?
something is wrong, you are not receiving bootrep pkt.

I have to ask , did you activate the vlan before or after you added ip dhcp client command ?

same configuration gets me:

C3550(config-if)#no shut
*Apr 17 04:36:57.614: %LINK-5-CHANGED: Interface Vlan23, changed state to administratively down
C3550(config-if)#no shut%Unknown DHCP problem.. No allocation possible
*Apr 17 04:36:57.866: DHCP: Waiting for 60 seconds on interface Vlan121
C3550(config-if)#no shut
*Apr 17 04:36:58.614: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan23, changed state to down
C3550(config-if)#no shut
C3550(config-if)#
*Apr 17 04:37:06.174: DHCP: DHCP client process started: 10
*Apr 17 04:37:06.178: RAC: Starting DHCP discover on Vlan23
*Apr 17 04:37:06.178: DHCP: Try 1 to acquire address for Vlan23
*Apr 17 04:37:06.178: DHCP: allocate request
*Apr 17 04:37:06.178: DHCP: zapping entry in DHC_PURGING state for Vl23
*Apr 17 04:37:06.178: DHCP: deleting entry 2F8D63C 10.254.23.3 from list
*Apr 17 04:37:06.178: DHCP: new entry. add to queue
*Apr 17 04:37:06.178: DHCP: SDiscover attempt # 1 for entry:
*Apr 17 04:37:
C3550(config-if)#06.178: DHCP: SDiscover: sending 293 byte length DHCP packet
*Apr 17 04:37:06.178: DHCP: SDiscover 293 bytes
*Apr 17 04:37:06.182:             B'cast on Vlan23 interface from 0.0.0.0
C3550(config-if)#
*Apr 17 04:37:08.174: %LINK-3-UPDOWN: Interface Vlan23, changed state to up
C3550(config-if)#
*Apr 17 04:37:08.182: DHCP: Received a BOOTREP pkt
*Apr 17 04:37:08.182: DHCP: offer received from 10.254.23.1
*Apr 17 04:37:08.182: DHCP: SRequest attempt # 1 for entry:
*Apr 17 04:37:08.182: DHCP: SRequest- Server ID option: 10.254.23.1
*Apr 17 04:37:08.182: DHCP: SRequest- Requested IP addr option: 10.254.23.4
*Apr 17 04:37:08.182: DHCP: SRequest placed lease len option: 86400
*Apr 17 04:37:08.182: DHCP: SRequest: 311 bytes
*Apr 17 04:37:08.182: DHCP: SRequest: 311 bytes
*Apr 17 04:37:08.186:
C3550(config-if)#            B'cast on Vlan23 interface from 0.0.0.0
*Apr 17 04:37:08.190: DHCP: Received a BOOTREP pkt
*Apr 17 04:37:09.174: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan23, changed state to up
C3550(config-if)#
*Apr 17 04:37:11.190: DHCP Client Pooling: ***Allocated IP address: 10.254.23.4
*Apr 17 04:37:11.302: Allocated IP address = 10.254.23.4  255.255.255.0

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[orionpex]

No I actually added the command to the vlan interface prior to activating the vlan. I then added the fastE to the vlan, yet still no success. I keep getting this in the debug output "B'cast on Vlan6 interface from 0.0.0.0%Unknown DHCP problem.. No allocation possible"


Below is the running config

3550.SW#sh run 
Building configuration...

Current configuration : 8367 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3550.SW
!
!
username admin password 7 ???????????????
username cisco password 7 ???????????????
!
!

ip subnet-zero
ip routing
no ip domain-lookup
!
ip dhcp snooping vlan 6
!
!

!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
! 
!
!
!
interface Loopback0
 no ip address
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.1.10 255.255.255.252
!
interface FastEthernet0/2
 no switchport
 ip address 192.168.0.3 255.255.255.0
!
interface FastEthernet0/3
 no switchport
 ip address 192.168.1.13 255.255.255.252
!
interface FastEthernet0/4
 description Lab Pod 4 Gateway
 no switchport
 ip address 172.20.20.13 255.255.255.252
 speed 100
 duplex full
!
interface FastEthernet0/5
 description Dynamips Lab Pod 5 Gateway
 no switchport
 ip address 172.20.20.17 255.255.255.252
 speed 100
 duplex full
!
interface FastEthernet0/6
 description Dynamips Lab Pod 6 Gateway
 no switchport
 ip address 172.20.20.21 255.255.255.252
 speed 100
 duplex full
!
interface FastEthernet0/7
 description Dynamips Lab Pod 7 Gateway
 no switchport
 ip address 172.20.20.25 255.255.255.252
 speed 100
 duplex full
!
interface FastEthernet0/8
 description Dynamips Lab Pod 8 Gateway
 no switchport
 ip address 172.20.20.29 255.255.255.252
 speed 100
 duplex full
!
interface FastEthernet0/9
 description Dynamips Lab Pod 9 Gateway
 no switchport
 ip address 172.20.20.33 255.255.255.252
 speed 100
 duplex full
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
description DHCP-TEST
 no switchport
 ip address dhcp
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/17
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/18
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/19
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/20
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/21
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/22
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/23
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/24
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/25
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/26
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/27
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/28
 switchport access vlan 5
 switchport mode access
 shutdown
!
interface FastEthernet0/29
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/30
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/31
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/32
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/33
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/34
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/35
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/36
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/37
 switchport mode dynamic desirable
 shutdown
!         
interface FastEthernet0/38
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/39
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/40
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/41
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/42
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/43
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/44
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/45
 switchport mode dynamic desirable
!
interface FastEthernet0/46
 switchport mode dynamic desirable
!
interface FastEthernet0/47
 switchport mode dynamic desirable
!
interface FastEthernet0/48
 switchport access vlan 6
 switchport mode access
!
interface GigabitEthernet0/1
 description 1 Gig Uplink from 2950 Switch# 1
 switchport mode access
 speed nonegotiate
!
interface GigabitEthernet0/2
 description 1 Gig Uplink from 2950 Switch# 2
 switchport mode access
 speed nonegotiate
!
interface Vlan1
 no ip address
!
interface Vlan2
 no ip address
!
interface Vlan3
 no ip address
!
interface Vlan4
 ip address 10.40.0.1 255.255.0.0
!
interface Vlan5
 ip address 10.50.0.1 255.255.0.0
!
interface Vlan6
 ip dhcp client client-id Vlan6
 ip address dhcp
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
ip http secure-server
!
!

control-plane
!

!
line con 0
 exec-timeout 300 0
 privilege level 15
 password 7 1511021F0725
 login authentication LOCAL
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 password 7 1511021F0725
line vty 5 15
 exec-timeout 30 0
 password 7 112A1016141D
!
ntp clock-period 17180539
ntp peer 192.168.1.231
ntp peer 192.168.1.50
end

3550.SW#

 

[imbadatthis]

dude!!!!!

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network.

ip dhcp snooping vlan 6

here ya go ;

http://www.cisco.com/en/US/docs/swi.../13ew/configuration/guide/dhcp.html#wp1073367

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[orionpex]

Ok I see what your seeing, and so I removed the snooping configuration on the box. Now I'm trying to rebuild the vlan and add all associated interfaces afterward.

let me see how it goes.

 

[orionpex]

imbadatthis,

man I attempted the whole thing all over again, and even erased the running config and started fresh without any trace of the dhcp snooping items. I ten created the vlan, then created the vlan interface and added the dhcp setting to it. I then edited the fastE port and added to the. the vlan was then no shut. and I watched the debug. I am still receiving the error message. still seeing the same output and error messages.

 

[orionpex]

ok I managed to get my firewall to pull a dynamic ip through the vlan from my wireless router as a test. Now what I need to understand is that you managed to pull dynamip IP to your vlan23 that you pasted in one of your post. would you mind pasting your config, so I can see if I am missing something.