ERS5520 - DHCP Question

[ableseaman]

Hi

We will be implementing a BCM50 with IP sets at one of our sites within the next month. The site is serviced via a managed MPLS WAN with managed router. We have an ERS 5520 deployed at the site serving the PC, server estate. Within the existing LAN we have a DHCP server providing IP Addresses to the PCs. As part of the IPT deployment we will be setting up a new IP Address range - won't be routed over the WAN.

ERS5520 has VLAN 10 set-up to serve the PCs. The 5520 has been set-up with the following IP Address?

Switch IP Address: 10.24.6.5
Switch Gateway Address: 10.24.6.1 (Managed Router IP Address)
DHCP Server IP Address: 10.24.6.10
Subnet Mask: 255.255.255.0

PCs are served from the 10.24.6.x range

Voice VLAN 20 will be set-up as the Voice VLAN with the sets using 10.24.32.0/24.

Can the ERS 5520 be set-up in such a way that the voice VLAN can be served from the DHCP server? The ERS5520 is running as a Layer 2 switch. I know that the DHCP server could be set-up with an additional NIC and that the BCM could possibly handle the DHCP but would rather use the existing server to cover this.

Any assistance would be appreciated.

 

[biv343]

If the 5520 is routing between the two vlans, then enable a dhcp relay on the voice vlan interface and tell it the IP of the DHCP server. If another device is doing the routing between the vlans, then that device needs to have the dhcp relay enabled. Once done, build the scopes on the server and you're set.

 

[ableseaman]

Hi Biv343

Thanks for the response.

A bit of a mix up at our end. The switch is actually an ERS 4550 not a 5520 and will be running as a layer 2 switch. Can the 4550 handle dhcp relay?

Able

 

[biv343]

A 4550 can run in layer 3 mode as well with the appropriate software. Go into the CLI configuration mode and type ip ? and see if the ip routing and dhcp relay commands are present in the subcommands list.

 

[ableseaman]

Hi Biv343

Yes if I type ip ? ip routing and dhcp-relay commands are detailed.

This has been past to me last minute so am struggling to set this up - have dealt more with the traditional voice side of BCMs.

As mentioned above we will have 1 x 4550 48 port switch were we need two VLANs - 1 for voice + 1 for data.

The voice subnet will be 10.32.4.0/24
The data subnet will be 10.24.6.0/24

On the data vlan we will have a DHCP server which we would like to provision IPs for the voice and data devices. On the DHCP server there will be two scopes to handle the two VLANs.

The 4550 will have ports specifically for PCs and ports specifically for voice - although if we can set-up the PCs and phones on one port that would be beneficial in some areas.

I have had a quick "play around" with the 4550 and can get the data vlan to see the voice but not the other way around.

I don't like to ask these things but could you provide an example config on how this may be set-up. I normally like to spend a bit of time researching/understanding these things but time is short in this instance - I can cover that off later.

Any assistance would be greatfully apprecaited.

Able

 

[tlpeter]

Hi Able,

this is an example config from a 2526 but it should work for you.
I have used ADAC and LLDP for the voice vlan.
This also implement QOS for you.

enable
conf T


adac voice-vlan 2
adac op-mode tagged-frames
adac call-server-port 24
adac uplink-port 21
adac traps enable
adac enable

interface fastEthernet 1-12
adac detection lldp
no adac detection mac
adac tagged-frames-tagging untag-pvid-only
adac enable
!exit

interface fastEthernet 1-12
lldp tx-tlv local-mgmt-addr port-desc sys-cap sys-desc sys-name
lldp status txAndRx config-notification
lldp tx-tlv med extendedPSE med-capabilities network-policy
exit

ip routing
ip address switch 192.0.0.210
interface vlan 2
ip address 172.10.40.251 255.255.255.0 2
ip route 0.0.0.0 0.0.0.0 172.10.40.254 1

vlan configcontrol autopvid

vlan ports 21-23 tagging untagall
vlan ports 21-23 pvid 2

save config

write mem

The uplink port is a link to another switch
The call server port is in my case an IP Office.


BAZINGA!

I'm not insane, my mother had me tested!

 

[biv343]

What Peter listed will get you going. Or, something like this, based on vlan 1 for data and 2. For voice.

Ip address switch 10.24.6.1 255.255.255.0
Vlan create 2 type port
Vlan configcontrol flexible
vlan member add 2 1-48
vlan port 1-48 tagging untagpvid
Vlan port 48 pvid 2
vlan port 48 tagging untagall
vlan member remove 1 48
ip routing

Int vlan 2
Ip address 10.32.4.1 255.255.255.0

Ip route 0.0.0.0 0.0.0.0 x.x.x.x (whatever your firewall/next hop ip is)

Connect the BCM to port 48, as that is the only access port in vlan 2. Your phones can be set via DHCP to tag voice packets in VLAN 2. Just add option 191 to the DCHP scope for the native vlan and have the string include VLAN-A:2. Its case sensitive, and end it with a period. Put option 128 in the voice vlan scope and you're off. If you don't want to do dhcp relay, put option 191 in the data dhcp scope, then turn on dhcp in the bcm for the phones. Since the bcm is in vlan 2, it'll work out OK. Not the cleanest solution, but it would work.

The dhcp relay stuff can be done from the web interface or Java Device Manager. I'm drawing a blank on the cli commands for dhcp relay at the moment.

I'm not a huge fan of ADAC as its been buggy in the past, and it could burn you pretty bad if you had to make changes to the uplink ports, but that probably isn't a big deal in a single switch environment. Ive read that its gotten better in the 5.5 code, but I haven't deployed that yet. ADAC caused me a lot of pain when it first came out, when the voice VLAN changed across a network of about 20 switches, so I avoid it if I can. Just personal preference.

 

[tlpeter]

biv, i think ADAC is indeed easy for one or two switches but not for a lot of switches.
I am not sure if it is bug free already because i have had some trouble to get it running.
The 2500 with the latest 4 release has DHCP on it too so the 4500 must have it for sure.


BAZINGA!

I'm not insane, my mother had me tested!

 

[biv343]

I read some release notes about finally being able to specify multiple uplink ports when using adac. Before there was only 1 if I remember correctly.

My first adac experience was with the 460 switches a long time back. Once bitten twice shy I guess.

The really early models of 45XX switches were layer 2 only. Only took a software upgrade to make them layer 3.

Sorry for derailing the OP's thread.

 

[tlpeter]

You can have 8 uplink ports now.
The 2500 can do layer 3 also i noticed.


BAZINGA!

I'm not insane, my mother had me tested!

 

[ableseaman]

Thanks for the help tlpeter and biv343, I'm starting to get my head around this only wish I had more than 10 minutes at a time to sit down and concentrate on this!!

For testing purposes - as we don't yet have the BCM or WAN connectivity - I have set-up a single 4550t switch. It has been built with two VLANs (1 x Data + 1 x Voice)and a DHCP server on the Data VLAN. I have been using two laptops - one connected to the data vlan + one connected to the voice vlan to test routing and DHCP capability.

I have build the switch as follows (I have removed any areas that aren't relavent and haven't included any QoS, ADAC setting, etc at this stage);

! *** STP (Phase 1) ***
!
spanning-tree port-mode auto
!
! *** VLAN ***
!
vlan create 100,200 type port 1
vlan name 100 "data"
vlan name 200 "voice"
vlan configcontrol flexible
vlan members 100 10-20
vlan members 200 21-30
vlan ports 10-20 pvid 100
vlan ports 21-30 pvid 200
vlan configcontrol flexible
no auto-pvid

! *** STP (Phase 2) ***
!
spanning-tree port-mode normal
!
! *** L3 ***
!
ip routing
interface vlan 100
ip address 10.200.38.254 255.255.255.0 2
exit
interface vlan 200
ip address 10.100.1.1 255.255.255.0 3
exit
! *** DHCP Relay ***
!
ip dhcp-relay fwd-path 10.100.1.1 10.200.38.203
ip dhcp-relay fwd-path 10.100.1.1 10.200.38.203 mode dhcp

This set-up works, VLANs can route between each other and the DHCP server provides IP Addresses to each VLANs. However I haven't set-up an address for the actual switch. If I try to add the switch address to the same subnet as the data vlan, the switch gives an error to the affect that the switch IP address duplicates with the L3 address already set-up.

I have changed the config on the switch to the following which would be required when the switch is moved to its new location;

! *** IP ***
!
ip default-gateway 10.200.38.254
ip address switch 10.200.38.3
ip address netmask 255.255.255.0
ip address source configured-address
!
! *** STP (Phase 1) ***
!
spanning-tree port-mode auto
!
! *** VLAN ***
!
vlan create 100,200 type port 1
vlan name 100 "data"
vlan name 200 "voice"
vlan configcontrol flexible
vlan members 100 10-20
vlan members 200 21-30
vlan ports 10-20 pvid 100
vlan ports 21-30 pvid 200
vlan configcontrol flexible
no auto-pvid
!
! *** STP (Phase 2) ***
!
spanning-tree port-mode normal
!
! *** L3 ***
!
ip routing
interface vlan 200
ip address 10.100.1.1 255.255.255.0 3
exit
! *** DHCP Relay ***
!
ip dhcp-relay fwd-path 10.100.1.1 10.200.38.203
ip dhcp-relay fwd-path 10.100.1.1 10.200.38.203 mode dhcp

When setting this up, I can't then route between vlans and can't see the DHCP server from the voice vlan. However I can understand this as we are using a default gateway that doesn't phyiscally exist (10.200.38.254).

Now my question is as follows:

The managed Cisco router will have an IP Address of 10.200.38.254. The 4550t switch will have an IP Address of 10.200.38.3. The PCs, printers, etc will be be provided with addressess from the 10.200.38.x range via DHCP. This range will be routed externally via a managed OSPF based network. Now with that in place will the set-up above then work based on the fact that the Cisco router will have the address 10.200.38.254 or do we need to add any addition config on the 4550T? Will it need the following code to be added?

Ip route 0.0.0.0 0.0.0.0 10.200.38.254 (Cisco Router)

As mentioned before I need both VLANs to be routeable at a local level and for the DHCP server to assign addresses to both VLANs but I need the 4550t to manage this and don't want to rely on the Cisco router as this is manged by an external company.

The BCM, WAN connection, cisco router, etc are all going to be fitted at the same time and expect to be working within a day or so, thus I want to make sure of my switch configuration beforehand.

As a seperate issue we also have the issue of remote support of the BCM as the new vlan won't be routed over the WAN link. I assume we have a couple of options, namely setting up OSPF via the 4550t, remotely accessing the DHCP server then "jumping on" to the BCM friom there, etc?

Thanks in advance for any assistance.

 

[biv343]

Try putting in the command vlan mgmt 100. That will tell the system to use 10.200.38.3 as the IP on VLAN 100. It's a strange way they handle it, but that should cure things.

Typically when I'll set up a switch with two VLANs and routing, without a separate management VLAN, I'll set the IP address and mask first, then issue the vlan mgmt XXX command. You don't need to specify a default gateway on the switch IP config when in L3 mode, as the default route statement will cover that for you.

 

[ableseaman]

Thanks again biv343.

Not really getting enough time to spend on this, although this shouldn't be too difficult.

I have managed to get this working, but the only way I could get this to work was to insert a static route on our DHCP server pointing back at the management switch IP address as the data vlan still couldn't "see" the voice VLAN.

I will sit down over the next few days (if I get a spare 10 minutes) and work through this properly but I think I will get a set-up pulled together that works for us. It turns out that we will have enough switch ports to cater for IP telephones to be connected directly (not have the PC connected to the phone switch), so to cover the QOS, I'm not going to bother with ADAC and just set the ports to trusted with the phones covering the QOS level. I know there are potential risks/drawbacks with this set-up but I know it will work for us.

Thanks again