| Author |
DHCP, VLAN don't work :(
|
|
| Lebanese_007 2003-11-24, 3:40 pm |
| Hi
i have cisco switches and routers... and i need to create VLANs and give ip addresses to all the pcs in the VLANs... but for some reason the PCs are not getting any IP addresses after i created VLANs... any suggestions???
thanks | |
| dmaftei 2003-11-24, 4:00 pm |
| You most likely need to configure your DHCP server to serve addresses on all VLANs. | |
| edmonds_robert 2003-11-25, 1:42 pm |
| Did you use the ip helper-address command? It would look like this in your configuration:
interface vlan 10
ip helper-address 10.0.10.10
I hope that helps
Robert | |
| Lebanese_007 2003-11-25, 8:50 pm |
| thanks for replying.... i found this website http://www.tencorp.com/SALESTIP.NSF...79?OpenDocument
i have questions about it...
1)when he says "All Ports on Cisco switch that connect to hosts (PCs, Servers, Printers, etc.) should be configured with
the "spanning-tree portfast" command." is it on the priviliage mode, i mean in the "router<config-t>#" ?? or in each interface i should type the "spanning-tree portfast" command ???.
2) when he says "Then each VLAN interface needs to be configure with "ip helper-address x.x.x.x" (x.x.x.x = IP address
of the DHCP server) You can also use the "ip helper-address" command for WINS and DNS servers." does he mean that the DHCP server is on seperate switch??? can it be in the same switch???
and when he syas, "each VLAN interface" does he mean each port???!!!
thanks | |
| Yankee 2003-11-26, 6:01 am |
| ip helper address goes on the layer 3 device (where the gateway is configured), so that it will pass the dhcp broadcast amongst other things.
port fast is not required to do what you are asking.
Yankee | |
| ibshyx 2003-11-26, 12:22 pm |
| yeah spantree is a comaand u use on aswicth not a router and ip helper-address is a layer 3 device command | |
| edmonds_robert 2003-11-27, 12:03 am |
| quote:
Originally posted by Lebanese_007
thanks for replying.... i found this website http://www.tencorp.com/SALESTIP.NSF...79?OpenDocument
i have questions about it...
1)when he says "All Ports on Cisco switch that connect to hosts (PCs, Servers, Printers, etc.) should be configured with
the "spanning-tree portfast" command." is it on the priviliage mode, i mean in the "router<config-t>#" ?? or in each interface i should type the "spanning-tree portfast" command ???.
All portfast does is configure the port to skip the blocking, listening, and learning modes in spanning-tree and go straight into forrwarding mode. Its use is to prevent bridging (or switching) loops. It is an interface command.
quote:
2) when he says "Then each VLAN interface needs to be configure with "ip helper-address x.x.x.x" (x.x.x.x = IP address
of the DHCP server) You can also use the "ip helper-address" command for WINS and DNS servers." does he mean that the DHCP server is on seperate switch??? can it be in the same switch???
The DHCP server will be on a computer running the DHCP service, and properly configured with DHCP scopes. The IP helper-address command works by forwarding a DHCP request, which it would normally drop because it is a broadcast, to the DHCP server specified by the ip helper-address command.
quote:
and when he syas, "each VLAN interface" does he mean each port???!!!
Finally, you have to understand the difference between a physical interface and a virtual interface here. A VLAN is a virtual interface that basically defines which computers will be on the same subnet. Any physical ports (i.e. fastethernet 0/1) that are members of the same VLAN should be on the same subnet. So, when he says each VLAN, he means just that; not each port. | |
| Yankee 2003-11-27, 5:20 pm |
| [QUOTE]Originally posted by edmonds_robert
[B]All portfast does is configure the port to skip the blocking, listening, and learning modes in spanning-tree and go straight into forrwarding mode. Its use is to prevent bridging (or switching) loops. It is an interface command.[B] [QUOTE]
No, just the opposite. By using portfast you are saying you know there are no loops so you tell STP to proceed to the "forwarding" state immediately. This is not a command to use lightly and should only be used when you have control over what gets attached to that port.
Don't trust your users...
Yankee | |
| darthfeces 2003-11-27, 10:50 pm |
| well,
you can use bpdu guard with portfast
so when the occasional loser plugs in a hub
his port will get shut down. | |
| Yankee 2003-11-28, 7:44 am |
| Darth, ain't that the feature that watches MAC addresses and when a second or more show up, it disables the port?
I still recommend keeping designs as basic and simple as possible. That way I can understand them 
Yankee | |
| darthfeces 2003-11-28, 12:13 pm |
| the new rapid spanning tree expects you to
configue portfast on all "edge" ports.
no, it looks for bpdu's under the assumption
that there shouldn't be any there on a portfast port. ie one host
and no other networking device talking st
on the other end ... that could be bridging.
there wont be a bpdu coming from a port with a single host.
portfast itself has no knowledge of the presence of a mac address. it simply instructs the st process to skip to forwarding.
the presence of a bpdu or other mac addresses on a portfast port can cause a loop due to a st "fluttering" caused when a 2nd,3rd etc mac is seen on the port. | |
| Yankee 2003-11-28, 2:37 pm |
| the new rapid stp...no wonder I wasn't sure what you were referring to. Guess I was talking about a port security function that only allows one MAC on a port or it disables it.
Do you want to rephrase your comments about multiple MACs causing a loop or fluttering? Something don't ring true about the way you have phrased that, but I'll standby to be corrected 
Yankee | |
| Yankee 2003-11-28, 2:37 pm |
| the new rapid stp...no wonder I wasn't sure what you were referring to. Guess I was talking about a port security function that only allows one MAC on a port or it disables it.
Do you want to rephrase your comments about multiple MACs causing a loop or fluttering? Something don't ring true about the way you have phrased that, but I'll standby to be corrected
Yankee | |
| darthfeces 2003-11-28, 10:25 pm |
| sometimes i don't explain things well
ccie ps2 has a nice discussion on this .
do we a agree that having more than one host at the other end of a portfast port
will create a loop ?
i've seen this with hubs, 350 access points,
and airports that have been plugged into portfast ports.
i've also seen 3 people who plugged into a hub on a portfast port.
and they would take turns being able to the network.
1 mac at a time would be able to talk at a time st
would change and the next mac would be there.
http://makeashorterlink.com/?L28B43AA6
http://makeashorterlink.com/?C27B31AA6 | |
|
|
| Yankee 2003-11-29, 7:40 am |
| I don't see how the word loop could be accurate if the fact was that two or MACs had access to only one switch port. I only use port fast on the server farm not on user ports, so you probably have experience I don't have. Course I am replying prior to viewing your docs
Yankee | |
| edmonds_robert 2003-11-29, 5:17 pm |
| quote:
Originally posted by Yankee
No, just the opposite. By using portfast you are saying you know there are no loops so you tell STP to proceed to the "forwarding" state immediately. This is not a command to use lightly and should only be used when you have control over what gets attached to that port.
Don't trust your users...
Yankee
The way I wrote my statement was loopy. I meant that spanning-tree helps protect against loops, not spanning-tree portfast. | |
| darthfeces 2003-11-29, 7:59 pm |
| actually i work in a rather large
switched infrastructure and we always use portfast. it lowers the st convergence time
considerably. from 50-60 sec to like 0-10.
the caviat is that a spanning tree loop can develop if a port configured w/ pf is connected to another switch trying to talk stp.
it's the interaction between a portfast port and a switch talking stp that's the problem.
single host ... no problem
bpdu guard simply is recommended with pf to disable a port configured portfast if it senses a bpdu ie (another switch.)
the thinking here is that it's better to disable a single port then cause an enterprize-wide stp loop.
switchport mode access on the 3550 turns on pf by default. | |
| Yankee 2003-11-30, 5:31 am |
| then we do agree 
My network ain't small (3000+ users on the local campus of 4 bldgs, 30,000+ worldwide). Our problem is we are a technical company with many people setting up labs and trying to do their own thing, so we have always protected ourselves by not using portfast. Thanks for the info on bpdu guard. I'm going to look more into that as it seems a suitable solution for us at first glance.
Appreciate your comments as always!
Yankee | |
|
|
| Yankee 2003-12-01, 4:36 am |
| thanks Darth!
Yankee |
|
|
|