VLANs and DHCP issues

[hunterdw]

Okay, let's see if I can explain.

Without going into the details of the larger network, let's consider a VERY small portion of my network.

3550-PWR-24 SMI --gigastack-- 3524-PWR-24

The 3550 is my core L3 routing switch. It is in a 4 switch gigastack.

I have several vlans...2 is mgmt, 3 is data, 10 is voice (ip phones) and 999 is my native for trunking between switches. On the 3550 I have my Windows DHCP on vlan 3. It does great. It gives 192.168.x.x addresses. On the 3550 I have my Cisco Call Manager that gives 172.16.x.x ip addresses for the phones...on vlan 10. I'm adding another vlan, 20, that will have a linux dhcp server on it (with nocat) for free wifi I want to provide to visitors. When I have a Cisco 1100 Series (setup with multiple ssid and multiple vlans) plugged DIRECTLY into the 3550 on a trunk port, when a client connects and is directed to vlan 20, it gets an IP in teh correct range. All is good.

Now, let's consider the 3524 switch. When I plug computer in, it gets IP just fine from vlan 3 (192.168.x.x). When I plug a phone in, it gets an IP just fine from vlan 10 (172.16.x.x). BUT, when I plug an AP in, and then connect via te public ssid, I never get an IP on the vlan 20. It doesn't forward over the DHCP ports.

I guess my question is two fold: 1) can I use ip-helper with multiple vlans? and 2) how? Do I set that up on the 3524? on the 3550? On a router somewhere?

I just took over this network and am fairly green with ip-helper and vlans and dhcp and such.

Any links to cisco articles would be great.

I can send configs too if you'd like.

Thank you!

--DW

 

[pmesjar]

I don't think ip helper-address will help you. IP helper-address command is used in situations when you need UDP broadcasts to be passed from one IP subnet to another, eg. if your DHCP server lies eg. in subnet 192.168.1.0/24 and your hosts in subnet 192.168.2.0, which I think is not true for your setup because since Linux DHCP server being in the VLAN20 it must be from same subnet as hosts in VLAN20 connected to switch 3524.

You say that devices connected to switch 3524 to VLANs 3 and 10 get their IP addresses assigned but devices connecting to VLAN20 does not. Well I suspect your port-to-VLAN20 assignment on switch 3524 is not correct. Check this on switch 3524 using "show vlan" command. If this will not help send the config of 3524 switch

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[hunterdw]

When a client connects to the public ssid on the AP that's connected to the 3550, it gets an IP address from the linux box just fine (vlan 20). All is great. If connected to private ssid, it gets an IP from Windows (vlan 3).

When a client connects to the public ssid on the aP that's connected to the 3524, it does not get an IP from vlan 20. BUT, if it connects to the private ssid, it does get an IP from Windows (vlan 3) just fine.

relevant information

On the Cisco AP

ssid private is on vlan 3

ssid public is on vlan 20

on switch 3550

fa0/1
description to AP
switchport trunk encaps dot1q
switchport trunk native vlan 3
switchport mode trunk
switchport voice vlan 10

fa0/2
description to linux/nocat
switchport access vlan 20

gi0/1
description to 3524
switchport trunk encaps dot1q
switchport trunk native vlan 999
switchport mode trunk




3524

gi0/1
description to 3550
switchport trunk encaps dot1q
switchport trunk native vlan 999
switchport mode trunk

fa0/1
description to AP
switchport trunk encaps dot1q
switchport trunk native vlan 3
switchport mode trunk
switchport voice vlan 10

 

[pmesjar]

Wireless is not my strong point, but I still think you have VLAN problem and this has nothing to do with your SSID - if anybody think I am wrong, feel free to correct me.

You showed me a part of config that you think is relevant, but have you checked that whether your port assignment is correct as I suggested? One more thing, how come you have two native vlans? Native VLAN is VLAN on which frames are sent untagged, that is without the additional 4byte 802.1q header.

Next time when posting config, send the whole config, edited from important info like passwords or IP addresses of course.

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[hunterdw]

Peter,

The APs are running multiple VLANs... therefore, they are trunked ports. I'm positive the port assignment is correct because it works on the 3550 (same switch) but not when the AP and the linux/dhcp box are on different switches. On the 3550, I have the linux box plugged in to fa0/2. I have the AP plugged in to fa0/1. I can connect to either ssid and it gets the appropriate IP address depending on what ssid (VLAN) the traffic comes from. All is good.

The problem is when I use an AP plugged into the 3524. It doesn't forward broadcasts on vlan 20. I was unsure of where to place the ip-helper information. From the CCO site, it appears that it needs to be placed on the L3 gateway...in this case my 3550.

You can run multiple native vlans just fine. I've done it for years. Those are just the native VLANS for that particular link. I use 999 most anywhere when I want to pass through any vlan. While I could continue to use 999 in the rest of them, and prune what I don't want, I find it easier to have a different native VLAN on certain links.

I think I found my problem.

On my 3524, the default gateway is the 3550. So, on the 3550 on vlan 20, I added the ip-helper addresss pointing to the linux dhcp box. I'm at home and can't test it, but will on Tuesday.

I agree 100% that it is VLAN related and not SSID related.

If, as you suggested, I place my AP that's on port fa0/1 just on vlan 20, I will not get what I want. Remember, I'm using multiple VLANs per subnet. A Trunked port on the 3524 is the correct configuration as per Cisco CCO documentation for using multiple VLANs per AP.

 

[pmesjar]

From your first post I could not find out you are using multiple VLANs per one IP subnet. From your first post I understood that you have:

VLAN 3 = IP subnet 192.168.x.x
VLAN 10 = IP subnet 172.16.x.x
VLAN 20 = IP subnet ???

and because the relation between VLANs and IP subnets is 1 VLAN = 1 IP subnet I though that VLAN 20 is again in its own subnet. Your configuration is the first one I have met so far that uses multiple VLANs per subnet.

Another point, from your config on 3550

fa0/2
description to linux/nocat
switchport access vlan 20

you have your linux DHCP box on just VLAN 20, but 3524 have no ports specifically configured for VLAN 20. When traffic from f0/2 crosses the trunk it will be tagged with VLAN 20 and unless the NIC of computer connected to port fa0/1 knows how to read tagged frames, connecting it to trunked port fa0/1 on 3524 will not work. I think linux has "vconfig" program that allows this.

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.