Our consultant had created a VLAN for us. On one of 3500 switch, I have these command lines:
switchport access vlan 300
That works fine. However, I did the same commands on otehr 3500 swicth, that doesn't work. I can't receive IP from the DHCP. Why?
The configuration can be found thsi link:
What you are missing from there (not sure if you've done it already) is configuring the layer2 Vlan.
Can you please post the output from
Also, where is the DHCP server located. On Vlan 300 ?
I see this switch has trunk ports, can you post the output from
show int trunk
1. show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/14,
Fa0/15, Fa0/16, Fa0/17, Fa0/18,
Fa0/19, Fa0/20, Fa0/21, Fa0/22,
Fa0/23, Fa0/24, Fa0/25, Fa0/26,
Fa0/27, Fa0/28, Fa0/29, Fa0/30,
Fa0/31, Fa0/32, Fa0/33, Fa0/34,
Fa0/35, Fa0/36, Fa0/37, Fa0/38,
Fa0/39, Fa0/40, Fa0/41, Fa0/42,
Fa0/43, Fa0/44, Fa0/45, Fa0/46,
300 VLAN0300 active Fa0/12, Fa0/13
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
2. show int trunk
% Invalid input detected at '^' marker.
3. The DHCP is located in our PIX 515Ewhich is 10.0.0.2.
PIX is on Vlan1 and the hosts are on Vlan300. You need a Layer3 switch for this task. The 3500 is Layer2 only. Can we see a 'show version' to make sure we are dealing with the right product ?
For Layer3, you need a 3550 or 3560/3750.
With a Layer3 switch, then you can configure the ip helper command under SVI 300 pointing to 10.0.0.2
Here are shh version
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWA
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 15-Feb-02 10:51 by antonino
Image text-base: 0x00003000, data-base: 0x00337600
ROM: Bootstrap program is C3500XL boot loader
gurd_3548_1 uptime is 20 minutes
System returned to ROM by reload
System image file is "flash:c3500XL-c3h2s-mz.120-5.WC3b.bin"
cisco WS-C3548-XL (PowerPC403) processor (revision 0x01) with 16384K/1024K bytes
Processor board ID FAA0445W1CK, with hardware revision 0x00
Last reset from warm-reset
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:04:4D:13:10:C0
Motherboard assembly number: 73-3903-11
Power supply part number: 34-0971-01
Motherboard serial number: FAA04449AQ1
Power supply serial number: PAC04340935
Model revision number: R0
Motherboard revision number: B0
Model number: WS-C3548-XL-EN
System serial number: FAA0445W1CK
Configuration register is 0xF
sw trunk en do
sw mo tr
I highly suggest you hit the docs
Couple things here:
1) If the DHCP server is living on the PIX it will not ACK relayed DHCP requests (i.e. from ip-helper) This leads to my next point..
2) PIX has been doing trunking for some time so you could create a logical interface for VLAN300 and create another DHCP scope. However, getting the natting and access control working properly will be a PITA unless you're using 7.X (same-security-traffic permit inter-interface FTW).
3) Consider moving DHCP to the 3560, its a bit more flexible and you can back up the database (very important in scopes that are close to full).
4) Trunk those switches. VTP or no VTP is up to you just make sure the VLANs get created somehow. Mind your native vlans.
5) The 3500 *will* do ip helper-address for hosts so long as the vlan interface that "sees" the requests has an ip on it and the switch has ip default-gateway config'd.