×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Not picking up DHCP, vlan issue?

Answered Question
May 14th, 2012
User Badges:

Hi Guys


I have a cisco 1142 AP connected to a Cisco 2960 switch which is connected to a Fortinet Firewall that is the DHCP Server


On the firewall I have configured 3 vLans and have 3 SSID's on the cisco. I have configured the firwall as a DHCP server for the 3 vlans and when connecting to any of the vlans I successful obtain a dhcp lease from the fortinet firewall.


The trouble I am having now is that I have created a 4th vLan and labelled it vlan5 both in the Cisco AP and the Fortinet Firewall. I have set up a DHCP server for this vlan however whenever I connect I am getting a self assigned ip addressed.


I believe I have missed something out in the Cisco AP, I have defined the vlan there as vlan5 I am not sure what I am msising and why I am not getting dhcp like I am with the other SSID's



Kind Regards


Mohamed

Correct Answer by John Blakley about 5 years 3 months ago

Mohamed,


You'll need to shut down your port channel port. According to your configuration, you should have a PO1 interface. That interface should be shut down on one side, add your vlan 5, bring the port channel up. Do this for both switches and your etherchannel should come back up. To see that you can do a "show etherchannel summary" after bringing up both port channels on both sides.


John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
John Blakley Mon, 05/14/2012 - 06:51
User Badges:
  • Purple, 4500 points or more

Can you post your vlan config for the AP? We'll need to see the radio and physical interface configs as well as the ssid configuration. And did you remember to create the vlan on the 2960 and add it to the trunk that connects to the AP and FW?


HTH,

John

Mohamed Hamid Mon, 05/14/2012 - 07:05
User Badges:

Ah I didnt create the vlan on the 2960 or add it to the trunk..


I am quite new to cisco and I dont believe this is possible through the web interface do you have any guidance on how this can be done through cli? specfically the part where its added to the trunk?


Much appreciated

John Blakley Mon, 05/14/2012 - 07:16
User Badges:
  • Purple, 4500 points or more

Mohamed,


If you didn't add the vlan at all, you can do this by just creating it at the cli:


conf t

vlan 5


If you didn't specify the vlans over the trunk, all vlans are allowed over the trunk manually. First try to create the vlan on the 2960 and then see if it works. If you did specify what vlans, you'll need to add this vlan to the trunk on the port that leads to the AP and the FW:


int fa0/1

desc Firewall port

switchport trunk allowed vlan add 5


int fa0/10

desc To AP

switchport trunk allowed vlan add 5


The above is assuming that you're only allowing specific vlans over the trunk though.

Mohamed Hamid Mon, 05/14/2012 - 08:01
User Badges:

ahh thank you very much for this


However I came accross a small issue


interface GigabitEthernet1/0/45

description HostileData-Forti14

switchport trunk allowed vlan 2-5

switchport mode trunk

!

interface GigabitEthernet1/0/46

description HostileMgt-Forti6

switchport mode access

!

interface GigabitEthernet1/0/47

description Trunk-to-(R)

switchport trunk allowed vlan 1-4

switchport mode trunk

channel-group 1 mode active

!

interface GigabitEthernet1/0/48

description Trunk-to-(R)

switchport trunk allowed vlan 1-4

switchport mode trunk

channel-group 1 mode active



Ports 47 and 48 are trunking to another cisco 2960, when I added vlan5 to them, they both went down and were suspended, when I ran the no shutdown command they said they were up but were suspended? didnt understand that so I reverted back to vlan 1-4



port 45 and 46 are connected to the Firewall, 45 being the data prot and so I added vlan5 there but still no ip address.


Im pretty sure I also need to add them to ports 47 and 48? but dont understand why the ports suspend when I add them?


Kind Regards

John Blakley Mon, 05/14/2012 - 08:35
User Badges:
  • Purple, 4500 points or more

Mohamed,


Etherchannels have to have the same configuration. If it's between 2 switches, you'll need to shut down the port channel, make the change on both switches, and then bring the channel group back up. After that's done, they shouldn't be suspended any longer.


John

Mohamed Hamid Mon, 05/14/2012 - 08:51
User Badges:

Hi John


Much appreciated for your help.


As I understand  is the following correct?


1) shutdown trunk ports 47/48

2) add vlan 5

3) enable ports 47/48


Im not sure if that is what you meant because when I did this and brought the ports back up they were still suspended.

Correct Answer
John Blakley Mon, 05/14/2012 - 09:05
User Badges:
  • Purple, 4500 points or more

Mohamed,


You'll need to shut down your port channel port. According to your configuration, you should have a PO1 interface. That interface should be shut down on one side, add your vlan 5, bring the port channel up. Do this for both switches and your etherchannel should come back up. To see that you can do a "show etherchannel summary" after bringing up both port channels on both sides.


John

Mohamed Hamid Mon, 05/14/2012 - 09:10
User Badges:

oh wow


John you are a STAR!


I did what you said and it now works and DHCP is working


Ive also learned quite alot in the process. Thank you so much John


YAAAAAY

John Blakley Mon, 05/14/2012 - 10:06
User Badges:
  • Purple, 4500 points or more

That's good to hear Mohamed! Please rate useful posts...

Mohamed Hamid Tue, 05/15/2012 - 01:26
User Badges:

Sorry I was away, ive just rated them now


Thanks alot again John

Actions

This Discussion