Announcement

Collapse
No announcement yet.

I have a difficult vlan/dhcp question.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • I have a difficult vlan/dhcp question.

    In our other building (Vlan2) we have phones (cisco currently) that can cdp? and access VLAN 5 (voice for whole company) and obtain IP addresses from the dhcp server for VLAN5.

    When I plug in a shoretel phone, it gets a Vlan2 ip address and can not contact the ftp server (on VLAN5) Even if I hard code the tagging and VLANID on the phone, it still pulls a VLAN2 IP address and can not contact the ftp server.

    What would cause any devices on those switches to not be able to get to vlan 5?

    I have the vlans setup throughout the company with VTP.

    I have read through David's knowledgebase and can't find anything that helps me with this issue.

    Thank you,

    Marc
    Thank you,

    Marc

  • #2
    Re: I have a difficult vlan/dhcp question.

    more info....

    If the port is set up like this:

    interface FastEthernet0/24
    switchport access vlan 2
    switchport voice vlan 5
    spanning-tree portfast

    it does not work.

    If it is set up like this:

    interface FastEthernet0/25
    switchport voice vlan 5
    spanning-tree portfast

    It works, but the PCs get a vlan1 address. Unfortunately, I want all of those pcs to be in vlan 2

    Also, if I hard code the IP address and all settings in the phone (non dhcp) it will work regardless of which way the port is set up.
    Thank you,

    Marc

    Comment


    • #3
      Re: I have a difficult vlan/dhcp question.

      Hi Marc,

      I haven't run across this so does this link help at all?

      http://www.cisco.com/en/US/products/...080476389.html

      Thanks,
      David
      David Davis - Petri Forums Moderator & Video Training Author
      Train Signal - The Global Leader in IT Video Training
      TrainSignalTraining.com - Free IT Training Products
      Personal Websites: HappyRouter.com & VMwareVideos.com

      Comment


      • #4
        Re: I have a difficult vlan/dhcp question.

        Just remember that you have a dot1q trunk running to these phones and PC is receiving the default vlan 1 data broken out by the phone. You just need to change the ports native vlan to vlan 2 and boom.


        int fast 0/3
        switchport voice vlan 5
        switchport trunk native vlan 2
        no shut
        end

        Good luck, and remember to configure your QoS for voice. IP precedence 5 will need mapping to EF.

        Cheers,

        J.

        Comment


        • #5
          Re: I have a difficult vlan/dhcp question.

          Excellent Jezster, Thanks for your help!

          David
          David Davis - Petri Forums Moderator & Video Training Author
          Train Signal - The Global Leader in IT Video Training
          TrainSignalTraining.com - Free IT Training Products
          Personal Websites: HappyRouter.com & VMwareVideos.com

          Comment


          • #6
            Re: I have a difficult vlan/dhcp question.

            Originally posted by jezster View Post
            Just remember that you have a dot1q trunk running to these phones and PC is receiving the default vlan 1 data broken out by the phone. You just need to change the ports native vlan to vlan 2 and boom.


            int fast 0/3
            switchport voice vlan 5
            switchport trunk native vlan 2
            no shut
            end

            Good luck, and remember to configure your QoS for voice. IP precedence 5 will need mapping to EF.

            Cheers,

            J.
            Thank you, I found that info after going through a few links from where David sent me.

            But, I have the port set up like this:

            !
            interface FastEthernet0/25
            switchport trunk native vlan 2
            switchport voice vlan 5
            spanning-tree portfast
            !

            And the PC is picking up a Vlan 1 address instead of Vlan 2 through dhcp. when I do sh vlan, it shows that the port is in vlan 1.

            THe phone now works fine.

            Here is the link to the cisco page that explains why you can't have the switchport access command in there.......because it disables any trunking.

            http://www.cisco.com/en/US/products/...html#wp1200245
            Last edited by tnshurtm; 19th February 2007, 21:57. Reason: changed name
            Thank you,

            Marc

            Comment


            • #7
              Re: I have a difficult vlan/dhcp question.

              Really interesting ... what VLAN does the PC pick up if the phone is removed from the link? The native VLAN should kick in as untagged (non-trunk) frames will be using the Ethernet connection.

              This VLAN 1 connection sounds like the phone pushing it to the PC... normally you would just use the 'switchport trunk allowed vlan remove 1' to get rid of it. VLAN 1 should never be used given the massive security implications it carries, remember all new switches default to VLAN 1.

              Try the PC without the phone, and let us know.

              Many Thanks,

              Jeremy

              Comment


              • #8
                Re: I have a difficult vlan/dhcp question.

                Originally posted by jezster View Post
                Really interesting ... what VLAN does the PC pick up if the phone is removed from the link? The native VLAN should kick in as untagged (non-trunk) frames will be using the Ethernet connection.

                This VLAN 1 connection sounds like the phone pushing it to the PC... normally you would just use the 'switchport trunk allowed vlan remove 1' to get rid of it. VLAN 1 should never be used given the massive security implications it carries, remember all new switches default to VLAN 1.

                Try the PC without the phone, and let us know.

                Many Thanks,

                Jeremy
                ERRRR!!!!!

                With the port set up like this:

                !
                interface FastEthernet0/25
                switchport trunk native vlan 2
                switchport voice vlan 5
                spanning-tree portfast
                !

                The PC alone still gets a vlan 1 ip address. I did ipconfig /release and renew and it pulled a vlan 1 ip address. So, regardless of the phone being in the loop, with the above port config, the pc gets a vlan 1 ip address. I don't need to shut/no shut the port after changes do I?

                Could this be a global setting overiding the port setting? Here is a the full config of the switch in question. I have removed most of the ports from the config for ease of reading:

                Current configuration : 6171 bytes
                !
                ! Last configuration change at 08:53:53 EST Tue Feb 20 2007
                !
                version 12.2
                no service pad
                service timestamps debug datetime msec localtime
                service timestamps log datetime msec localtime
                service password-encryption
                !
                hostname 25D-Switch1
                !

                no aaa new-model
                clock timezone EST -5
                clock summer-time EST recurring
                ip subnet-zero
                !
                !
                !
                !
                no file verify auto
                spanning-tree mode pvst
                spanning-tree extend system-id
                !
                vlan internal allocation policy ascending
                !
                interface FastEthernet0/1
                switchport access vlan 2
                switchport voice vlan 5
                spanning-tree portfast
                !
                interface FastEthernet0/25
                switchport trunk native vlan 2
                switchport voice vlan 5
                spanning-tree portfast
                !
                interface FastEthernet0/26
                switchport access vlan 2
                switchport voice vlan 5
                spanning-tree portfast

                interface GigabitEthernet0/1
                switchport trunk encapsulation dot1q
                switchport mode trunk
                !
                interface GigabitEthernet0/2
                !
                interface GigabitEthernet0/3
                switchport trunk encapsulation dot1q
                switchport mode trunk
                !
                interface GigabitEthernet0/4
                !
                interface Vlan1
                ip address 192.168.1.20 255.255.255.0
                !
                interface Vlan2
                ip address 192.168.3.3 255.255.255.0
                !
                ip default-gateway 192.168.1.2
                ip classless
                ip http server
                !
                !
                control-plane
                !
                !
                line con 0
                line vty 0 4
                login local
                line vty 5 15
                no login
                !
                ntp clock-period 36030119
                ntp server 192.168.1.4
                !
                end

                25D-Switch1#!
                Last edited by tnshurtm; 20th February 2007, 15:09.
                Thank you,

                Marc

                Comment


                • #9
                  Re: I have a difficult vlan/dhcp question.

                  I just found this. Could it be that I should put the phone Vlan in the native command?

                  Configuring the 802.1Q Native VLAN
                  --------------------------------------------------------------------------------
                  Note Complete the steps in the "Preparing a Layer 2 Switching Port for Configuration as a Trunk" section before performing the tasks in this section.
                  --------------------------------------------------------------------------------
                  To configure the 802.1Q native VLAN, perform this task:
                  Command Purpose

                  Router(config-if)# switchport trunk native vlan vlan_ID
                  (Optional) Configures the 802.1Q native VLAN.

                  Router(config-if)# no switchport trunk native vlan
                  Reverts to the default value (VLAN 1).

                  When configuring the native VLAN, note the following syntax information:
                  •With Release 12.1(13)E and later releases, the vlan_ID value can be 1 to 4094, except for reserved VLANs (see Table 9-1).
                  •With 12.1 E releases earlier than Release 12.1(13)E, the vlan_ID value can be 1 to 1005.
                  •The access VLAN is not automatically used as the native VLAN.
                  Thank you,

                  Marc

                  Comment


                  • #10
                    Re: I have a difficult vlan/dhcp question.

                    ....nevermind... I am grasping.

                    Here is the results of a sh int switch:

                    Name: Fa0/5
                    Switchport: Enabled
                    Administrative Mode: dynamic auto
                    Operational Mode: static access
                    Administrative Trunking Encapsulation: negotiate
                    Operational Trunking Encapsulation: native
                    Negotiation of Trunking: On
                    Access Mode VLAN: 1 (default)
                    Trunking Native Mode VLAN: 2 (220_Workstations)
                    Administrative Native VLAN tagging: enabled
                    Voice VLAN: 5 (TLAN)
                    Administrative private-vlan host-association: none
                    Administrative private-vlan mapping: none
                    Administrative private-vlan trunk native VLAN: none
                    Administrative private-vlan trunk Native VLAN tagging: enabled
                    Administrative private-vlan trunk encapsulation: dot1q
                    Administrative private-vlan trunk normal VLANs: none
                    Administrative private-vlan trunk private VLANs: none
                    Operational private-vlan: none
                    Trunking VLANs Enabled: ALL
                    Pruning VLANs Enabled: 2-1001
                    Capture Mode Disabled
                    Capture VLANs Allowed: ALL



                    Could it be the pruning?
                    Last edited by tnshurtm; 20th February 2007, 17:01.
                    Thank you,

                    Marc

                    Comment


                    • #11
                      Re: I have a difficult vlan/dhcp question.

                      Sorry, I haven't posted on this in awhile. I thought I had it figured out. I am close but can't get both vlans to get along on the same port. Here is the scoop.

                      Shoretel uses the dot1q tagging so that both the phone and PC can live on one port. The recommend this setup:

                      interface FastEthernet0/4
                      description : Link to PC on HR VLAN + ShoreTel IP Phone
                      switchport mode trunk
                      switchport trunk encapsulation dot1q
                      switchport trunk native vlan 20 (20 being the DATA VLAN)

                      When I try this, and manually set the tagging/vlan ID 5 on the phone, the phone will not receive a VL 5 IP.

                      If I set the port like this:

                      interface FastEthernet0/45
                      switchport trunk encapsulation dot1q
                      switchport trunk native vlan 2
                      switchport trunk allowed vlan 5
                      switchport mode trunk

                      the phone will get a VL 5 ip, but obviously the PC can't get a VL 2 IP since it isn't allowed.

                      If I set it up like this:

                      interface FastEthernet0/45
                      switchport trunk encapsulation dot1q
                      switchport trunk native vlan 2
                      switchport trunk allowed vlan 2,5
                      switchport mode trunk

                      The phone will not get a VL 5 ip address and the PC gets a VL 2 IP.

                      Why can't I get both VLANs to work on the same port?

                      I have a feeling it might be my DHCP not traversing my network correctly, but it traverses fine if only VL 5 is selected for a port.
                      Thank you,

                      Marc

                      Comment


                      • #12
                        Re: I have a difficult vlan/dhcp question.

                        Here is an example of how Shoretel says to set up the switchports. I don't have the DHCP server on the same switch, but all switches are connected by trunk ports.

                        interface FastEthernet0/4
                        description : Link to PC on HR VLAN + ShoreTel IP Phone
                        switchport mode trunk
                        switchport trunk encapsulation dot1q
                        switchport trunk native vlan 20
                        !
                        interface FastEthernet0/5
                        description : Link to Stand-Alone ShoreTel IP Phone (VLAN 30, tagged)
                        switchport mode trunk
                        switchport trunk encapsulation dot1q
                        !
                        interface FastEthernet0/6
                        description : Link to Stand-Alone PC on HR VLAN (VLAN 20, untagged)
                        switchport mode access ! (this is the default and will not display)
                        switchport access vlan 20
                        !
                        interface FastEthernet0/10
                        description : Link to DHCP Server (VLAN 10, untagged)
                        switchport mode access
                        switchport access vlan 10
                        !
                        interface FastEthernet0/11
                        description : Link to ShoreTel Server (VLAN 30, untagged)
                        switchport mode access
                        switchport access vlan 30
                        !
                        interface FastEthernet0/12
                        description : Link to ShoreTel ShoreGear Switch (VLAN 30, untagged)
                        switchport mode access
                        switchport access vlan 30
                        !
                        Recommendations for Implementing VLANs in a ShoreTel VoIP Environment Application Note—Page 6
                        Thank you,

                        Marc

                        Comment


                        • #13
                          Re: I have a difficult vlan/dhcp question.

                          Originally posted by tnshurtm View Post
                          Thank you, I found that info after going through a few links from where David sent me.

                          But, I have the port set up like this:

                          !
                          interface FastEthernet0/25
                          switchport trunk native vlan 2
                          switchport voice vlan 5
                          spanning-tree portfast
                          !

                          And the PC is picking up a Vlan 1 address instead of Vlan 2 through dhcp. when I do sh vlan, it shows that the port is in vlan 1.

                          THe phone now works fine.

                          Here is the link to the cisco page that explains why you can't have the switchport access command in there.......because it disables any trunking.

                          http://www.cisco.com/en/US/products/...html#wp1200245
                          did you ever get this resolved?? I'm having the same problem

                          Comment


                          • #14
                            Re: I have a difficult vlan/dhcp question.

                            It ended up being my dhcp server. I still don't know what the problem was. I moved the scope over to another dhcp server (which now houses all scopes) and it worked. I wish I had more information than that.

                            If you want to test out this, the lastest tftp software has a virtual dhcp server built in. That is how I narrowed it down.
                            Thank you,

                            Marc

                            Comment

                            Working...
                            X