Getting IP from Wrong VLAN

townofnewmarket · ‎11-12-2009

I had posted this issue before, then a Tomcat issue obliterated my post. So I'm back, this time with a diagram that I hope helps. This really has me stumped, and my VAR has not been able to fix this either.

I am in Building A. I have a PC that is connected to a 2950, which is connected to a 3560. Off the 3560 is my server running DHCP. We are in VLAN 11, so we would expect the PC to get an IP address in the 11 range.

The 3560 has a fiber link that takes it to the main 3560G, which is doing some Layer 3 work, and is the main VLAN handler, so it handles VLANS 10, 11 and 12. Off of the 3560G is my server in VLAN 12, running DHCP for those devices.

Anytime I repower the PC in Building A, or try to release and renew the IP address, I get an IP address from 12. And it shows up on the 12 server. I want it to get an 11 IP, since it's in VLAN 11.

The port on the 3560 that has the 2950 attached:

interface FastEthernet0/14

description Connection Cisco 2950

switchport trunk encapsulation dot1q

switchport trunk native vlan 11

switchport mode trunk

The 2950 port connecting to the 3560 looks like this:

interface FastEthernet0/17

switchport trunk native vlan 11

switchport mode trunk

The port that my PC (off the 2950 is on) looks like this:

interface FastEthernet0/20

switchport access vlan 11

The 3560 port that connects to the 3560G:

interface GigabitEthernet0/1

description Connection to Main 3560G

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

auto qos voip trust

All devices on the 3560 properly get an 11 IP, so it must be something with my 2950.

NOW, here's something TOTALLY FLIPPIN WEIRD (if you ask me!) If I take that PC that's off the 2950, and give it a static 11 IP addy, with a proper subnet and default gateway and DNS...it cannot access the server or the web.

Totally stumped and would love a little guidance.

iyde · ‎11-12-2009

Hi.

Definitely sounds weird. Soemhow the VLAN11 of the 2950 seems to be swapped to VLAN12 of the rest of the network. IF the same VLAN11 from your 3560 was on the 2950 as well, your test with static IP should show connectivity.

Would it be possible to have the software versions and running config from all switches involved? It might be of help for us to give you guidance?

And "show vtp status" and "show vlan brief" from all switches as well?

HTH, Ingolf

townofnewmarket · ‎11-13-2009

IGNORE THIS POST, I POSTED THE ATTACHMENTS WRONG. Read further down for the better post with good attachments.

Here are the "sho runs" of the 3 switches, McPhee (3560 with 2950 attached), the 2950, and the 3560G which is the main switch in the network.

townofnewmarket · ‎11-13-2009

IGNORE THIS POST, I POSTED THE ATTACHMENTS WRONG. Read further down for the better post with good attachments.

Here are the sho vtp stat and show vlan brief of the 3 switches.

Thanks to anyone who can shed some light on this, it definitely has me stumped!!

townofnewmarket · ‎11-13-2009

Let's try again...my last post for some reason converted my text docs to binary...

So here's the three sho runs.

townofnewmarket · ‎11-13-2009

Here's the "non-binary" lol attachments for the sho vtp stat and show vlan brief

glen.grant · ‎11-13-2009

I would say somewhere you have a connection that is bridged between 11 and 12 .There is no ip helper statement on the 3560G so in order to get an address from a device in vlan 12 it would have to bridged somewhere. Check cdp between the 2950 and 3560 and make sure its on the ports you think its on . A dhcp broadcast to a server in the same vlan should just be answered by that server , the fact that 12 is answering indicates somehow 11 and 12 are bridged because I see no ip helper statements on the "G" box. If you give it a static can you ping the 3560G vlan 11 interface and all the other layer 3 interfaces ok?

townofnewmarket · ‎11-13-2009

If I give the PC a static in the 11 range, 255.255.255.0 subnet, gw of .254 (just like the PCs hanging off the 3560 using DHCP get), I *cannot* ping the server on the 3560, nor the gw!!

I have another site with a similar setup, but there we hung a 3Com off the 3560. I know the 2950 is kind of an old box....but looks like my solution might be to retire the 2950 and use a 3Com. Not sure why...

Right now this setup works OK, but I have to go to PCs on this switch and hardcode their DNS to be the server in the 11 range or logins take forever.

If anyone can think of anything else, I would love to hear it.

Jon Marshall · ‎11-13-2009

Can you post from each switch

1) "sh int trunk"

2) "sh cdp neigh"

Jon

glen.grant · ‎11-13-2009

No reason the 2950 shouldn't work , something is not configured quite right. The trunk appears not to be working like it should. If you do a show cdp neighbor does it correspond to the ports you think it should be in the config on the 2950 and 3560 ? Also use cdp neighbor to see if you have connections where they shouldn't be such as bridged between a port in vlan 11 and a port in vlan 12 .

townofnewmarket · ‎11-16-2009

From the 3560 (mcphee)

sho int trunk

Port Mode Encapsulation Status Native vlan

Fa0/14 on 802.1q trunking 11

Fa0/24 on 802.1q trunking 1

Gi0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/14 1-4094

Fa0/24 1-4094

Gi0/1 1-4094

Port Vlans allowed and active in management domain

Fa0/14 1,5-6,9-12

Fa0/24 1,5-6,9-12

Gi0/1 1,5-6,9-12

Port Vlans in spanning tree forwarding state and not pruned

Fa0/14 1,5-6,9-12

Fa0/24 1,5-6,9-12

Gi0/1 1,5-6,9-12

From the 3650

sho cdp neigh

(clipped)

2950 Fas 0/14 123 T S WS-C2950T-Fas 0/17

From the 2950

sho int trunk is not supported

From the 2950

show cdp neigh

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

MCPhee Fas 0/17 129 S I WS-C3560-2Fas 0/14

Hieu Cao · ‎11-13-2009

"switchport trunk encapsulation dot1q" needs to be set on both side of the link.

You've it set only in the 3560 for int fa0/14. Try adding the same command to the 2950 fa0/17.

Jon Marshall · ‎11-13-2009

You can't set it on the 2950 because the 2950 only supports 802.1q so there is no "switchport trunk encapsulation ..." command available on this switch.

Jon