Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2137
Views
0
Helpful
7
Replies

Issue Routing Vlans and Clients no receiving DHCP Info

cheseltine
Level 1
Level 1

‎02-02-2014 12:00 PM - edited ‎03-07-2019 05:57 PM

Hi folks,

I hoping someone here can advise me.  I have a network comprising Cisco 3500XL switch and two Cisco 2801 routers. I have a network with Cisco hardware and I am running a Motorola RF solution over it.  The network is shown on the  attached Visio schematic.  I have also outline what I think are the pertinent details regarding the switch and routers.  I have four vlans running.  At central site on vlan one i have windows 2003 server giving out dhcp with scopes set to had out ip's according to the subnet. One of these 192.168.21.0 is setup for Option 191 so that controller ip address can be sent across the network to Motorola AP6521 access points at a remote site.  The controller is at the central site.  The idea is that the AP's will be adopted by the controller over Layer 3.  Should the controller go down the AP's will have site survivability.  I am using router on a stick at the central site for the inter vlan routing.  This all appears to be working OK.  You will see on the schematic (detailed in blue) which devices can be pinged from which.  The problem I have is that the vlan 21 devices at the remote site are not getting their dhcp info.  In the case of the laptop it can ping the server but never gets an ip address.  In the case of the access point, it has an ip address at moment from a previous config and so can be pinged, but if powered down will never pick up any dhcp info.  I proved this with a second device (not shown on schematic).

There are several issues shown on schematic:

The server cannot ping interfaces on Fa0/0.22 or Fa0/0/23

The router (Defiant) at the remote site cannot ping PC (192.168.0.201) or server (192.168.0.101) or external Draytek router (192.168.0.254)

The laptop if given ip address and can ping everywhere but not the Draytek (192.168.0.254)

The Draytek (192.168.0.254) cannot ping the laptop (192.168.21.99), or the three sub-interfaces (0.240, .22.254, .23.254) on Spitfire router

I hope the above makes sense.  I cannot see what I have done wrong or missed off.  Any advice would be appreciated.  I have attached a .jpg and visio drawing of the network.

Many Thanks,

Colin.

Further bit of info.  If connect a scanner to the wireless, it wil not pick up any dhcp.  If i give it 192.168.22.x ip address I cannot ping anything, give it a 192.168.21.x ip address i can ping all ip addresses, but nothing on the internet side of draytek.

Message was edited by: COLIN HESELTINE additional info

Labels:
Preview file
219 KB
15375073-2801RouterSchematic.vsd.zip
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎02-02-2014 12:28 PM

Colin

Very detailed diagram and i suspect we may need more outputs but what stands out is the motorola AP is connected via a trunk for vlans 21,22,23. But defiant does not have any subinterfaces so the only vlan you can route off Defiant is vlan 21 ie. the native vlan. The other vlans are isolated to the motorola.

I think there are also routing issues eg. does the Draytek have all routes. If you ping the Draytek from Defiant the source IP would be 150.1.1.4 so the Draytek would need a route for this (but you may not need to add it as it would only be for testing).

The other thing that would be useful to know are the default gateways of devices.

But lets concentrate on the Defiant subinterface (or lack of) issue first.

Jon

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎02-02-2014 05:57 PM

Colin

Apologies as i have should have spotted this sooner. You cannot have the same vlans or more specifically IP subnets separated by a routed link. So vlans 21,22,23 on the Defiant site cannot use the same IP subnets as those on the Spitfire side.

This just won't work because you cannot route to the same subnet. If you wanted to use the same IP subnets for the vlans then the Defiant site would need to be L2 connected to the Spitfire site but you have a L3 routed link between the routers.

You can use different IP subnets and create subinterfaces on the Defiant router and add ip helper-address commands for the DHCP sever to the subinterfaces.  You could if you wanted use the same vlan numbers but they would not be the same vlan in both sites.

Jon

0 Helpful

cheseltine
Level 1
Level 1

‎02-03-2014 02:01 AM

Jon,  thanks for your quick responses.  If I describe what I am trying to replicate can you suggest how best to achieve it.

Have a head office site where a wireless switch (Motorola NX6500) is located. ( I am using rfs4000) in test config.  There are a number of remote sites around the region.  These sites will have Motorola AP6521 access points.  these access points need to be adopted  by the switch over L3.  They are then controlled by the switch as a RF domain master.  Should the HO NX6500 go down the AP6521's at the site will negotiate amongst themselves and create a temporary rf domain master.  The client traffic will still cross the routed link to its destination.  The access points will have the same ESSID's available at each remote location, each ESSID being associated with a VLAN., e.g. ESSID Warehouse on VLAN 22, ESSID Office on VLAN 23.  The vlans need to be the same at each remote site so that all clients see the same ESSID's and can connect to devices on same vlan

Thanks,

Colin

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cheseltine

‎02-03-2014 02:08 AM

Colin

I had just logged on as you posted

I am not a wireless person but from a L2/L3 perspective you simply can't have the same IP subnet in multiple sites separated by L3 routed links.

You would have to use different IP subnets at each site and route between sites. Can you not do this ?

If you can't then maybe L2TPv3 may be a solution which allows you to extend a L2 vlan across L3 links but it will be complicated. I have never used it so i can't say for sure whether it will work with multiple vlans.

Is it mandatory that the client vlans need to be the same vlan (in terms of IP subnet) between all sites ?

Jon

0 Helpful

cheseltine
Level 1
Level 1

‎02-03-2014 02:52 AM

Jon, I guess that so long as VLAN is same the ip subnet it's on will not matter.  Trouble us it's that long since I did any of this, it's a bit if a brain teaser.  Is there any chance you could do a quick schematic of how you would achieve the required connectivity.

Thanks

Colin

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cheseltine

‎02-03-2014 03:00 AM

Colin

I don't have anything to do a schematic with but basically it's important to understand that if the IP subnet is different then if you use the same vlan numbering scheme in each site that is all it is ie. a numbering scheme. So if a client in vlan 21 broadcasts a packet it will only go to other clients in vlan 21 within that site ie. it will not go to any clients in vlan 21 in other sites.

If that is okay then as far as your diagram is concerned you simply need to allocate new IP subnets for the Defiant site, create subinterfaces on the Defiant route for these and add them to your OSPF config. You would also need to add ip helper-address commands under those subinterfaces pointing to the DHCP server.

But before you start reconfiguring it really would be worthwhile to find out if using different IP subnets per site is going to work. Simply using the same vlan numbers as i say doesn't really do anything in terms of network connectivity it is more just a convenience thing.

Jon

0 Helpful

cheseltine
Level 1
Level 1

‎02-03-2014 03:40 AM

Jon,

I need to go away and think and talk to a few people.. Thanks for your advice so far.

Best regards,

Colin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card