DHCP won't work on new VLAN created on Cisco switch and CME

vinhvtscisco · ‎06-07-2012

I really appreciate if anyone can help with this issue. I have a Cisco CME that acts as a router and DHCP server. On the CME I setup 2 VLANs, 15 and 40 for phone and devices with the following subnets: 172.16.2.0 and 172.16.40.0. I have 2 DHCP pools on the CME as below:

ip dhcp pool phone
network 172.16.2.0 255.255.255.0
default-router 172.16.15.1
option 150 ip 172.16.15.1

!
ip dhcp pool Devices
network 172.16.40.0 255.255.255.0
default-router 172.16.40.1
dns-server 8.8.8.8

*************

interface Vlan15
ip address 172.16.15.1 255.255.255.0

interface Vlan40
ip address 172.16.40.1 255.255.255.0
!

I connect the Catalys 2960 switch to the CME and created a trunk port for both. I also created 2 VLAN 15 and 40 and assigned the ports to the right VLAN. Please see configuration below. While I have no problem getting IP address for devices connected to VLAN 15, I don't get any IP for devices connected to ports on VLAN 40. Also I am not sure why the new VLAN 40 that I created on the CME didn't show under "Vlans allowed and active in management domain". Is it because right now I don't have any device connected to VLAN 40? I did the "shut and no shut" several time on VLAN 40 interface but it didn't work. We know that the trunk is fine because we can get IP on the other VLAN. Below is the configuration for the CME and the switch. I removed the phone configuration parts.

Thank you in advance.

T.

**************************************

cme01#
dot11 syslog
ip source-route
ip cef
!
!
ip dhcp relay information trust-all

ip dhcp excluded-address 172.16.2.1 172.16.2.99
ip dhcp excluded-address 172.16.40.1 172.16.40.99
!
ip dhcp pool phone
network 172.16.2.0 255.255.255.0
default-router 172.16.2.1
option 150 ip 172.16.2.1

!
ip dhcp pool Devices
network 172.16.40.0 255.255.255.0
default-router 172.16.40.1
dns-server 8.8.8.8
!
!
ip domain name xxx.com
ip name-server 77.22.85.17
ip name-server 8.8.8.8
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
no ipv6 cef
!
!
stcapp ccm-group 1
stcapp
!
!

!
interface GigabitEthernet0/1/1
switchport mode trunk
switchport voice vlan 15
macro description cisco-switch | cisco-switch | cisco-switch | cisco-switch
!
!
interface GigabitEthernet0/1/2
macro description cisco-desktop | cisco-desktop | cisco-desktop | cisco-desktop
spanning-tree portfast
!
!
interface Serial0/3/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-dms100
isdn incoming-voice voice
isdn sending-complete
trunk-group ALL_T1E1
no cdp enable
!
!
interface Vlan1
description
ip address 192.168.10.1 255.255.255.0
ip virtual-reassembly
!

!
interface Vlan15
ip address 172.16.2.1 255.255.255.0
!

!
interface Vlan40
ip address 172.16.40.1 255.255.255.0
!

!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 172.16.254.1
!

cme01#show interface trunk

Port Mode Encapsulation Status Native vlan
Gi0/1/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1/1 1-4094

Port Vlans allowed and active in management domain
Gi0/1/1 1,10,15,20,25,30,90,100

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1/1 1,10,15,20,25,30,90,100

Configuration on switch

sw01#show run
Building configuration...

Current configuration : 3332 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw01
!
boot-start-marker
boot-end-marker
!

!
!
!
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
authentication mac-move permit
!
!
ip domain-name xxx.com
vtp mode transparent
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
vlan internal allocation policy ascending
!
vlan 10
name LAN
!
vlan 15
name Phones
!
vlan 40
name Devices
!

interface Vlan1
no ip address
!
interface Vlan10
ip address 172.16.1.9 255.255.255.0
!
ip default-gateway 172.16.1.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
line vty 0 4

!
end

sw01#show interface trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/25 on 802.1q trunking 1
Gi1/0/26 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/25 1-4094
Gi1/0/26 1-4094

Port Vlans allowed and active in management domain
Gi1/0/25 1,10,15,40
Gi1/0/26 1,10,15,40

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/25 1,10,15,40
Gi1/0/26 1,10,15,40

sw01#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
10 LAN active Gi1/0/27, Gi1/0/28
15 Phones active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
40 Devices active Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
15 enet 100015 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

sw01#

Reza Sharifi · ‎06-07-2012

Hi,

On vlan 40 since you don't have any devices connected to it, the vlan interface will not come up. do a "sh ip int bri vlan 40"

and see the interface is in up and up mode. If the interface is down, connect a pc to a port in vlan 40 and that will bring it to up an mode.

HTH

glen.grant · ‎06-07-2012

It looks like you don't have the layer 2 vlan created on the CME side for vlan 40 . You should not need a device active in vlan 40 if the trunk is working correctly as that will make the SVI come active. 2960 side looks fine. Create l2 vlan for 40 and it should work ok.

vinhvtscisco · ‎06-07-2012

Hi Glen,

Thank you very much for your reply. From what you were saying I should delete the current VLAN 40 on the CME and do the following to create Layer 2 VLAN for VLAN 40?

vlan database

Switch(vlan)# vlan 40

Can you explain why the other VLAN: VLAN 15 worked? If I don't assign a virtual interface for VLAN 40 how would the DHCP server for "Devices" know to assign the IP for the right VLAN? Is it because on the 2960 switch, the port has been assign to VLAN 40?

Thank you

glen.grant · ‎06-08-2012

No do not get rid of the l3 SVI for vlan 40 , just make sure vlan 40 is in the L2 vlan database on CME . Vlan 40 must be defined on both sides to work across the trunk . If it already is in the vlan database then I am not sure why it would not show up. Just by your displays it just does not look like it is currently in the database. Just try to add it like you have shown below . Yes you do need a layer 3 SVI for vlan 40 on CME for dhcp to work.

vlan database

Switch(vlan)# vlan 40