Vlan on 2950 Switch

[duster123]

Here is my issue. I created a vlan on my 2950 switch with the name myvlan and vlan id of 2 and manually assigned 5 ports to that vlan. however, when i plug the cable from my DHCP server into one of the vlan ports and connect some workstations, it doesnt assign ip address to those ports. do i have to create a new ip scheme for Vlan2? If so, how do i do that?

 

[KiscoKid]

You only really need to create an IP scheme for your VLAN if users on the new VLAN need to connect to users on different VLANs.

If all the clients and the DHCP server reside on the same VLAN on the same switch and using the same IP subnet, it should work if your ports and clients/server are configured properly.

Can you confirm the IP address of the server and the DHCP addresses it is addressing. Can you also include a snippet from your 2950 running config and paste it below.

Thanks

 

[duster123]

the two separate vlan is on the same cisco 2950 switch. but when i plug in my DCHP server into one of the ports thats on vlan 2 with the workstations on vlan two i cant get ip address from the dhcp servers for the workstations but vlan one still works. ex. my ip address for the switch is 10.x.x.x when i plug a workstation in vlan 2 i cannot connect to the switch via 10.x.x.x.. is the initial setup of the switch ip address only attached to vlan1?

 

[KiscoKid]

Can you paste a copy of your running configuration here please?

Thanks

 

[duster123]

AASH2950# sh run
Building configuration...

Current configuration : 2429 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AASH2950
!
enable secret 5 $1$T5lh$h4UHY3g4LlNAUIamLdp770
enable password **********
!
clock timezone UTC -5
clock summer-time UTC recurring
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
description LinkToLinksys
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security aging time 1
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0004.2381.f3e0
switchport port-security mac-address sticky 000c.41f6.3703
no ip address
speed 100
!
interface FastEthernet0/2
description Laptoplink
switchport mode access
switchport port-security
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
no ip address
!
interface FastEthernet0/7
no ip address
!
interface FastEthernet0/8
no ip address
!
interface FastEthernet0/9
no ip address
!
interface FastEthernet0/10
no ip address
!
interface FastEthernet0/11
no ip address
!
interface FastEthernet0/12
no ip address
!
interface FastEthernet0/13
no ip address
!
interface FastEthernet0/14
no ip address
!
interface FastEthernet0/15
no ip address
!
interface FastEthernet0/16
no ip address
!
interface FastEthernet0/17
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/18
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/19
switchport access vlan 2
no ip address
!
interface FastEthernet0/20
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/21
no ip address
!
interface FastEthernet0/22
no ip address
!
interface FastEthernet0/23
no ip address
!
interface FastEthernet0/24
no ip address
!
interface Vlan1
ip address 10.10.10.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
!
snmp-server community RO
banner motd ^C ****** Unauthorized access Prohibited***** ^C
!
line con 0
line vty 0 2
password
login
line vty 3
password
login local
line vty 4
password
login
line vty 5 15
password
login
!
end

AASH2950#

 

[vipergg]

The way you have it the switch mgt address is on vlan 1 . The only way for a device on vlan 2 to talk to the switch would be you would have to have a trunk link to a router or l2/l3 switch . If you do a "show vlan" does vlan 2 show active with ports assigned to it ? I don't see a layer 2 vlan for vlan 2 created in the config. Do a config t , "vtp mode transparent . Then do " vlan 2 " then hit enter . Exit to command prompt and do a show vlan , if it is configured right it will show vlan 2 and all the switchports assigned to vlan 2 . Also on "all" user ports enter the command "switchport host" , this will turn on portfast, its very possible the dhcp request is just timing out because you do not have portfast turned on your switchports....

 

[duster123]

I added an ip to vlan 2 but i still cant telnet to the switch with and ip address with vlan 2 how can i configure the vlan so when i type the 10.10.10.x and 172.16.x.x i can configure the switch. this is my output for sh vlan


****** Unauthorized access Prohibited*****

User Access Verification

Password:
AASH2950>en
Password:
AASH2950#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/21, Fa0/22, Fa0/23, Fa0/24
2 mynewvlan active Fa0/17, Fa0/18, Fa0/19, Fa0/20
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

AASH2950#

 

[KiscoKid]

With just your 2950 on the network, you will not be able to access 10.10.10.2 from any device on vlan 2. You need a device capable of inter-vlan routing to do this - maybe the linksys router on port fa0/1 can perform this task albeit I don't know for sure. Understand that this switch is a layer 2 switch and that the IP address you have allocated is for management only - it will not route packets between vlans for you.

That said, if your DHCP server and its pools are correctly configured, they should be able to work if they are attached to ports 17-20. As previoust poster says , turn on portfast on these ports in case the broadcasts simply aren't being seen by the server at startup.

You can do this quickly as follows:

interface range fa 0/17 - 20
spanning-tree portfast

 

[duster123]

can i also telnet to the switch via vlan2 172.16.x.x?? im trying that but it doesnt work. is it that telnet session can only be accessed from vlan1 by default?

 

[duster123]

I assign the 172.16.2.3 ip to a laptop and plug it into one of the ports for vlan2 and i cant ping the vlan2(172.16.2.2) they are all on the same subnet.My nic card works fine and ports are fine.

 

[KiscoKid]

What device is using 172.16.2.2? What subnet mask is defined on 172.16.2.2 and 172.16.2.3? Have you enabled portfast on your vlan 2 ports? Are there any software firewalls in use on either of the 172.16.2.2 and 172.16.2.3 devices - if so, try disabling them?

 

[duster123]

172.16.2.2 is Vlan2 interface address. both subnet mask are 255.255.255.0 I have no firewall.

 

[vipergg]

Check to see if the vlan 2 mgt address is in a up/up state.show ip int brief . You can only have 1 address active and it still may be the vlan 1 address that you had on their originally. You would have to force down the vlan 1 SVI and then do a no shut on the vlan 2 SVI .