Solved: Not picking up DHCP, vlan issue?

Mohamed Hamid · ‎05-14-2012

Hi Guys

I have a cisco 1142 AP connected to a Cisco 2960 switch which is connected to a Fortinet Firewall that is the DHCP Server

On the firewall I have configured 3 vLans and have 3 SSID's on the cisco. I have configured the firwall as a DHCP server for the 3 vlans and when connecting to any of the vlans I successful obtain a dhcp lease from the fortinet firewall.

The trouble I am having now is that I have created a 4th vLan and labelled it vlan5 both in the Cisco AP and the Fortinet Firewall. I have set up a DHCP server for this vlan however whenever I connect I am getting a self assigned ip addressed.

I believe I have missed something out in the Cisco AP, I have defined the vlan there as vlan5 I am not sure what I am msising and why I am not getting dhcp like I am with the other SSID's

Kind Regards

Mohamed

John Blakley · ‎05-14-2012

Mohamed,

You'll need to shut down your port channel port. According to your configuration, you should have a PO1 interface. That interface should be shut down on one side, add your vlan 5, bring the port channel up. Do this for both switches and your etherchannel should come back up. To see that you can do a "show etherchannel summary" after bringing up both port channels on both sides.

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎05-14-2012

Can you post your vlan config for the AP? We'll need to see the radio and physical interface configs as well as the ssid configuration. And did you remember to create the vlan on the 2960 and add it to the trunk that connects to the AP and FW?

HTH,

John

HTH, John *** Please rate all useful posts ***

Mohamed Hamid · ‎05-14-2012

Ah I didnt create the vlan on the 2960 or add it to the trunk..

I am quite new to cisco and I dont believe this is possible through the web interface do you have any guidance on how this can be done through cli? specfically the part where its added to the trunk?

Much appreciated

John Blakley · ‎05-14-2012

Mohamed,

If you didn't add the vlan at all, you can do this by just creating it at the cli:

conf t

vlan 5

If you didn't specify the vlans over the trunk, all vlans are allowed over the trunk manually. First try to create the vlan on the 2960 and then see if it works. If you did specify what vlans, you'll need to add this vlan to the trunk on the port that leads to the AP and the FW:

int fa0/1

desc Firewall port

switchport trunk allowed vlan add 5

int fa0/10

desc To AP

switchport trunk allowed vlan add 5

The above is assuming that you're only allowing specific vlans over the trunk though.

HTH, John *** Please rate all useful posts ***

Mohamed Hamid · ‎05-14-2012

ahh thank you very much for this

However I came accross a small issue

interface GigabitEthernet1/0/45

description HostileData-Forti14

switchport trunk allowed vlan 2-5

switchport mode trunk

!

interface GigabitEthernet1/0/46

description HostileMgt-Forti6

switchport mode access

!

interface GigabitEthernet1/0/47

description Trunk-to-(R)

switchport trunk allowed vlan 1-4

switchport mode trunk

channel-group 1 mode active

!

interface GigabitEthernet1/0/48

description Trunk-to-(R)

switchport trunk allowed vlan 1-4

switchport mode trunk

channel-group 1 mode active

Ports 47 and 48 are trunking to another cisco 2960, when I added vlan5 to them, they both went down and were suspended, when I ran the no shutdown command they said they were up but were suspended? didnt understand that so I reverted back to vlan 1-4

port 45 and 46 are connected to the Firewall, 45 being the data prot and so I added vlan5 there but still no ip address.

Im pretty sure I also need to add them to ports 47 and 48? but dont understand why the ports suspend when I add them?

Kind Regards

John Blakley · ‎05-14-2012

Mohamed,

Etherchannels have to have the same configuration. If it's between 2 switches, you'll need to shut down the port channel, make the change on both switches, and then bring the channel group back up. After that's done, they shouldn't be suspended any longer.

John

HTH, John *** Please rate all useful posts ***

Mohamed Hamid · ‎05-14-2012

Hi John

Much appreciated for your help.

As I understand is the following correct?

1) shutdown trunk ports 47/48

2) add vlan 5

3) enable ports 47/48

Im not sure if that is what you meant because when I did this and brought the ports back up they were still suspended.

John Blakley · ‎05-14-2012

Mohamed,

You'll need to shut down your port channel port. According to your configuration, you should have a PO1 interface. That interface should be shut down on one side, add your vlan 5, bring the port channel up. Do this for both switches and your etherchannel should come back up. To see that you can do a "show etherchannel summary" after bringing up both port channels on both sides.

John

HTH, John *** Please rate all useful posts ***

Mohamed Hamid · ‎05-14-2012

oh wow

John you are a STAR!

I did what you said and it now works and DHCP is working

Ive also learned quite alot in the process. Thank you so much John

YAAAAAY

John Blakley · ‎05-14-2012

That's good to hear Mohamed! Please rate useful posts...

HTH, John *** Please rate all useful posts ***

Mohamed Hamid · ‎05-15-2012

Sorry I was away, ive just rated them now

Thanks alot again John