Topic '[HELP] Using VLANS on a 2900 Series switch.' in forum 'Cisco' - dslreports.com

Re: [HELP] Using VLANS on a 2900 Series switch.

Wed, 19 May 2004 21:09:58 EDT

astamand posted : [QUOTE=dpocoroba ]Glad to see you got it working. AS for the AP and assigning static vlans. Im honestly not sure on a AP. I know my switches here can most certainly assign a mac addy to a vlan using a static entry. :)

Basically its straight forward

sw1(config)#mac address-table static 1111.2222.3333 vlan 51

Yeah that looks right. I printed out several chapters on the VLAN config for the AP350. I'm going to start tonight. I'll let you know how it goes.

Thanks again,

-=Alex

Re: [HELP] Using VLANS on a 2900 Series switch.

Wed, 19 May 2004 21:08:42 EDT

astamand posted :

said by Dan_D:
The only other thing we did not discuss was the access-lists. Make sure if you have an access-list on the sub-interfaces inbound the first line permits hosts with an address of 0.0.0.0(access-list 1xx permit ip host 0.0.0.0 any). This will allow dhcp requests from clients.

OK, now that I'm paying more attention, I realized you said “IF” I have an ACL. I don't.

Maybe you had a different mask on your nets that allowed you to get through to the DHCP server? We had to use the helper IP on our layer three switches as well. I'm going to do more research on it.

At least it's working. Thanks!

Re: [HELP] Using VLANS on a 2900 Series switch.

Wed, 19 May 2004 20:14:56 EDT

dpocoroba posted : Glad to see you got it working. AS for the AP and assigning static vlans. Im honestly not sure on a AP. I know my switches here can most certainly assign a mac addy to a vlan using a static entry. :)

Basically its straight forward

sw1(config)#mac address-table static 1111.2222.3333 vlan 51

DP

--
"Knowledge is contagious, infect"

Re: [HELP] Using VLANS on a 2900 Series switch.

Wed, 19 May 2004 12:48:29 EDT

astamand posted :

said by Dan_D:
I am glad all is working.......I am however surprised that the IP helper had to be added to make it function. Like i stated earlier i have a similar setup at about 700 sites with no issues. The only other thing we did not discuss was the access-lists. Make sure if you have an access-list on the sub-interfaces inbound the first line permits hosts with an address of 0.0.0.0(access-list 1xx permit ip host 0.0.0.0 any). This will allow dhcp requests from clients.

It could possibly be the need for an ACL. Does that mean Cisco is blocking that by default? I would imagine it would be wide open since I have nothing specified between virtual interfaces.

I also noticed my VPN connection to work no longer works. It appears I can not pick up an IP address there as well. I was going to add a helper IP for the VPN switch and possible our internal DHCP server as well to work around it.

If I need to add an ACL inbound to the virtual interfaces, then I assume I need to add it inbound to all of them, correct? Can I just add it inbound to the parent interface (FE0/0)?

It's not a problem because half of the reason for having the Vlans was to be able to isolate traffic; the other half was purely educational.

said by Dan_D:
As far as the Aironet 350, I am not sure if you can assign clients based on the mac, without additional hardware, software, etc. Maybe peaches or rizacerx can shed some light on the topic.

Yeah your right, I was out of my mind when I was going over the wireless Vlans. What I do plan on doing is configuring the Vlans on the access point just like the switch. I'll continue the trunk up to the access point and have a separate SSID for each Vlan. Then I can keep my work laptop and the wife’s laptop on separate Vlans.

Doing this allows me to eliminate the Wireless Vlan from my original config!

Thanks again.

-=Alex

Re: [HELP] Using VLANS on a 2900 Series switch.

Wed, 19 May 2004 11:03:09 EDT

Dan_D posted :

said by astamand:

WOOOOOOOOOOOOO HOOOOOOOOOOOOO!!!!

Thanks guy's it works!!!

One interesting thing I should point out however is that I needed to put the ip helper-address back in order for DHCP to work. It would work with a static address but could not find the DHCP server. This is something I learned from our Layer III switch at work.

Now, I want to pass this trunk up to my ap350 running IOS and set it to assign clients to a particular VLAN based on their MAC address. I've been told this is possible.

If I can accomplish that, I will remove the WIRELESS VLAN since I would now be able to keep home laptops and work laptops on their respective VLANS. There will be no reason to have a third VLAN.

Any thoughts? (I can post a new help wanted thread if necessary).

Thanks!!!

I am glad all is working.......I am however surprised that the IP helper had to be added to make it function. Like i stated earlier i have a similar setup at about 700 sites with no issues. The only other thing we did not discuss was the access-lists. Make sure if you have an access-list on the sub-interfaces inbound the first line permits hosts with an address of 0.0.0.0(access-list 1xx permit ip host 0.0.0.0 any). This will allow dhcp requests from clients.

As far as the aironet 350, I am not sure if you can assign clients based on the mac, without additional hardware, software, etc. Maybe peaches or rizacerx can shed some light on the topic.

We keep all wireless clients segregated for security and manageability reasons. We allow essential services only from the WLAN such as http, pop, smtp, etc. We disallow all netbios, icmp, etc mostly as a result of lessons learned from virus' past. It ultimately gives us an on/off switch for all wireless to avoid or react to problems.

Food for thought!!

Dan
--
^^There's no place like 127.0.0.1 ^^

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 23:24:58 EDT

astamand posted :

WOOOOOOOOOOOOO HOOOOOOOOOOOOO!!!!

Thanks guy's it works!!!

One interesting thing I should point out however is that I needed to put the ip helper-address back in order for DHCP to work. It would work with a static address but could not find the DHCP server. This is something I learned from our Layer III switch at work.

Now, I want to pass this trunk up to my ap350 running IOS and set it to assign clients to a particular VLAN based on their MAC address. I've been told this is possible.

If I can accomplish that, I will remove the WIRELESS VLAN since I would now be able to keep home laptops and work laptops on their respective VLANS. There will be no reason to have a third VLAN.

Any thoughts? (I can post a new help wanted thread if necessary).

Thanks!!!

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 16:35:17 EDT

ChitownSVT5 posted : ^^^^ He's the man ;)

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 15:44:19 EDT

Dan_D posted :

said by astamand:

Would it be safe to say that if I left them there I would then be able to manage the switch from a client attached to a port in any VLAN as long as it had an IP address on that VLANS network already? Not that I can imagine a scenario that would warrant it...

I believe peaches stated earlier that the SVI can only affix to one Vlan. That being said elimination of the additional addressing seems appropriate.

If you need to telnet to to the switch from a client on say Vlan 20 you can always telnet to the router's vlan 20 subinterface(192.168.20.1) and then telnet to the switch from there.
--
^^There's no place like 127.0.0.1 ^^

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 14:55:01 EDT

astamand posted :

said by Dan_D:
The 802.1Q standard allows for a single Vlan to be bridged and all others tagged. Cisco operates in this manner, and as such make sure you set a subinterface of 0/0.1(corresponds to Vlan 1) and that it is specified as the native(This insures if the trunk drops you will be able to access the IP for management purposes). The native vlan will be bridged and all others on the trunk will have tags added.

interface FastEthernet0/0.1
description FE interface for VLAN 1 (default)
encapsulation dot1Q 1 native
ip address 172.25.1.1 255.255.255.0

I'm with ya...

said by Dan_D:
You can effectively eliminate the IP addresses on all Vlans in the switch config with the exception of Vlan1. The objective is to provide an ip address for management purposes.

Would it be safe to say that if I left them there I would then be able to manage the switch from a client attached to a port in any VLAN as long as it had an IP address on that VLANS network already? Not that I can imagine a scenario that would warrant it...

said by Dan_D:
:)!!!!!Getting Closer!!!!!:)

I can taste it!

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 14:29:15 EDT

Dan_D posted : rizacerx stated:
"For the router interface, im not 100% sure but I would only worry about setting the speed and duplex on the main interface."

This is factual and sound advice:D

The 802.1Q standard allows for a single Vlan to be bridged and all others tagged. Cisco operates in this manner, and as such make sure you set a subinterface of 0/0.1(corresponds to Vlan 1) and that it is specified as the native(This insures if the trunk drops you will be able to access the IP for management purposes). The native vlan will be bridged and all others on the trunk will have tags added.

interface FastEthernet0/0.1
description FE interface for VLAN 1 (default)
encapsulation dot1Q 1 native
ip address 172.25.1.1 255.255.255.0

You can effectively eliminate the IP addresses on all Vlans in the switch config with the exception of Vlan1. The objective is to provide an ip address for management purposes.

:)!!!!!Getting Closer!!!!!:)
--
^^There's no place like 127.0.0.1 ^^

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 13:44:13 EDT

astamand posted :

said by dpocoroba:
Basicly the two commands you have in bold are defaults. As we pointed out before the native vlan is 1. As for the allowed vlan's, all vlans are allowed by default on a trunk port. The only commands you will need to form a trunk is to set the encapsulation then set it to trunk.
switchport mode trunk
switchport trunk encapsulation dot1q
Should be just fine

That makes sense. Thanks for clarifying it.

said by dpocoroba:
For the router interface, im not 100% sure but I would only worry about setting the speed and duplex on the main interface. However if your using nat you will need to use "ip nat inside" on the subinterface.HTH

Excellent, I will keep those other specific entries on the virtual interfaces.

Thanks, again.

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 13:31:47 EDT

dpocoroba posted : Basicly the two commands you have in bold are defaults. As we pointed out before the native vlan is 1. As for the allowed vlan's, all vlans are allowed by default on a trunk port. The only commands you will need to form a trunk is to set the encapsulation then set it to trunk.

switchport mode trunk
switchport trunk encapsulation dot1q

Should be just fine

For the router interface, im not 100% sure but I would only worry about setting the speed and duplex on the main interface. However if your using nat you will need to use "ip nat inside" on the subinterface.HTH

DP

--
"Knowledge is contagious, infect"

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 13:23:10 EDT

astamand posted : The support just keeps rolling in. You guys are a great asset to the community!

I am writing my outline for the new config now which I will be testing tonight. I see a couple of things different between these last two examples of the proposed switch and router configurations.

On the switch config, there are two different examples of some vlan config lines:

Dan_D, you gave us this example:

interface FastEthernet0/1
description Uplink
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 1

and ChitownSVT, you gave this example:

interface FastEthernet0/1
description Uplink
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all

I am questioning the line in bold. Should I have both, or one or the other?

On the router config, I have the following configuration lines as part of my FastEthernet0/0:

no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
duplex full
speed 100

Do I need to have these lines on ALL of the virtual FastEthernet0/0.x interfaces or just the PRIMARY FastEthernet0/0 as it is now?

Thanks again,

-=Alex

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 12:14:53 EDT

ChitownSVT5 posted : yes it should still work, i experimented with that on my 2610 router and 2900xl switch, it worked fine except for some reason i could not get any information to go through vlan 1 but all others worked fine. All you need to do is make one of the interfaces on the switch a trunk going to the router carrying all vlans. Then set up subinterfaces on the router and and give them separate network IPs such as
VLAN 10 = 192.168.10.0
VLAN 20 = 192.168.20.0

Another thing, get rid of the "switchport trunk native vlan" cmd from all ur interfaces on the switch

SWITCH CONFIG
Interface fast-ethernet 0/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all

Interface fastethernet 0/?
switchport mode access
switchport access vlan ?

ROUTER CONFIG

interface ethernet 0/0
no ip address
no shutdown

interfacece ethernet 0/0.10
encapsulation dot1q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside

interfacece ethernet 0/0.20
encapsulation dot1q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside

im pretty sure this is all u need
you might also need to set VTP mode to transparent

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 11:38:52 EDT

astamand posted : So will my plan still work? Is it just that they will stay listed as "shutdown"?

I too am coming from a different environment. I am used to Layer three switches.

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 11:29:03 EDT

Dan_D posted : Did not even consider that.........I have a similar implementation at about 700 remote sites but my routers connect to 6500's. I guess you do get somewhat used to a specific environment.
--
^^There's no place like 127.0.0.1 ^^

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 11:18:45 EDT

dpocoroba posted : Ahh peaches28 great point. It totally skipped my mind about having only one mangement vlan. :) I guess you get used to EMI 3550's
--
"Knowledge is contagious, infect"

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 11:14:50 EDT

peaches28 posted : In case you guys were wondering why the Vlan interfaces on the switch stayed shutdown, think about it. It is a switch, it can have only one layer 3 interface up at a time. The Vlan interface on a switch is called the SVI, Switch VLAN interface.(At least I think so, acronym soup you know.) That interface can affix to any ONE VLAN. If it could have more than one interface well we call those Layer3 swtiches AKA routers.

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 10:45:22 EDT

astamand posted : OIC now! It's because I am now going to have to add the sub interfaces and they too will needs addresses. I did not understand since I had not done it yet. I will do as you recommend, it sounds like good practice.

Thanks!

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 10:40:11 EDT

dpocoroba posted : It doesnt matter what physical interface you will use. f0/0 or f1/0/0 etc. The latest router config you posted will work for setting up the subinterfaces. What I mean about the IP addressing is what Dan_D pointed out, if you make the ip addy of vlan 2 say 172.25.20.1 and the subinteface on the router 172.25.20.1 its an adressing conflict. For personal choice in picking ip address for this case is to set all of the router interfaces to x.x.x.1 and the ip of the vlans to x.x.x.254 HTH

DP
--
"Knowledge is contagious, infect"

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 10:13:57 EDT

Dan_D posted : First off rizacerx is correct i overlooked the addressing conflict, I apologize. The easiest option as pointed out is to change the addresses assigned to the Vlans on the switch......Make them .2 in their respective subnets

The Vlan native not being shown is normal......The intention was to insure that there was a known base to work from........As rizacerx pointed out since Vlan 1 is the default native it will not show.

As far as the interfaces being shutdown, once again i concur with rizacerx, do a no shut on all interfaces, incl. Vlan and attach devices.

Finally, when using sub-interfaces, the respective main interface is only used to set speed, duplex, etc. All addresses, access-list application, etc is done via the sub. You can change the configs for the sub-interfaces to fa0/0.1, fa0/0.10, fa0/0.20, etc to suit your needs and/or wants.

I hope this helps
--
^^There's no place like 127.0.0.1 ^^

Re: [HELP] Using VLANS on a 2900 Series switch.

Tue, 18 May 2004 09:56:30 EDT

astamand posted :

said by dpocoroba:
Ok, the reason you dont see "native vlan 1" in the config is becuase that vlan1 is the native for all cisco switches.

Makes sense.

said by dpocoroba:
When you talk about removing "shutdown"? is that from the port or interface vlan?. Big difference between the two. You may have to have something connected to that vlan( not 100% on this I have seen that kind of problem before). Like one of your pc's maybe.

I tried it on the VLAN interfaces. But what you said makes sense that it would be shutdown if nothing was attached. I'll prove that tonight.

said by dpocoroba:
Glancing over the config you have posted and the config for the router. You gave the sub interface of the router ethernet the same IP's as the layer 3 address of the vlans, nothing but headaches I would just change the IP addy of the vlans.

Do you mean somthing other than 172.25.x.x?

said by dpocoroba:
As for your question about haveing a IP on the main interface. That most certinaly should not be there.

Since I have a physical FastEthernet0/1 shouldn't I build all of my virtual interfaces off of 0/0 like this (instead of 0/1?):

 
(ROUTER)
 
interface FastEthernet0/0
no ip address
load-interval 30
speed 100
full-duplex
!
interface FastEthernet0/0.1
description FE interface for VLAN 1 (default)
encapsulation dot1Q 1 native
ip address 172.25.1.1 255.255.255.0
!
interface FastEthernet0/0.10
description FE interface for VLAN 2 (Office Vlan)
encapsulation dot1Q 10
ip address 172.25.10.1 255.255.255.0
!
interface FastEthernet0/0.20
description FE interface for VLAN 2 (Home Vlan)
encapsulation dot1Q 20
ip address 172.25.20.1 255.255.255.0
!
interface FastEthernet0/0.30
description FE interface for VLAN 2 (Wireless Vlan)
encapsulation dot1Q 30
ip address 172.25.30.1 255.255.255.0

said by dpocoroba:
Think of ethernet subinterfaces like frame-relay and ATM.

Got it. (that's also why I questioned it above).

said by dpocoroba:
I did a quick test of a config like this in my lab here and every vlan pulled from the correct ip pool. I dont have a 2900 to test this on though.

Great, then I am confident I'll have it working soon!

Thanks for taking the time to help me.

-=Alex

Re: [HELP] Using VLANS on a 2900 Series switch.

Mon, 17 May 2004 23:40:52 EDT

dpocoroba posted : Ok, the reason you dont see "native vlan 1" in the config is becuase that vlan1 is the native for all cisco switches. When you talk about removing "shutdown"? is that from the port or interface vlan?. Big difference between the two. You may have to have something connected to that vlan( not 100% on this I have seen that kind of problem before). Like one of your pc's maybe. Glancing over the config you have posted and the config for the router. You gave the sub interface of the router ethernet the same IP's as the layer 3 address of the vlans, nothing but headaches I would just change the IP addy of the vlans. As for your question about haveing a IP on the main interface. That most certinaly should not be there. Think of ethernet subinterfaces like frame-relay and ATM. I did a quick test of a config like this in my lab here and every vlan pulled from the correct ip pool. I dont have a 2900 to test this on though. HTH

DP
--
"Knowledge is contagious, infect"

Re: [HELP] Using VLANS on a 2900 Series switch.

Mon, 17 May 2004 22:49:07 EDT

astamand posted : OK (Dan) here's what's going on with the switch config.

I have added two out of the three lines you suggested to the switch config. The third line, "switchport trunk native vlan 1", gets accepted, but after saving the config, it's not there.

Similarly, I removed the statement "switchport trunk native vlan XX" on all of the other interfaces, but I am not able to remove the "shutdown" even if I enter "no shut" to each interface. They just want to stay shutdown.

On the router side I have a question now that I have looked at it more closely.

My current router interface connecting to the switch is FastEthernet0/0, you show it as being given no IP address. Also, I have a FastEthernet0/1 which is currently not being used. I was planning on making that a DMZ someday.

Does this change you recommendation on the settings at all?

I have attached a copy of the router config with this post.

I think were almost there!

Thanks, I appreciate your help.

-=Alex

config.zip
2,906 bytes

Re: [HELP] Using VLANS on a 2900 Series switch.

Mon, 17 May 2004 15:15:08 EDT

astamand posted : Thanks Dan_D, HawkRdr, and Army Dude!

you have been a lot of help. I'll try these changes tonight and let you know how it worked.

Thanks again.

-=Alex

Re: [HELP] Using VLANS on a 2900 Series switch.

Mon, 17 May 2004 11:58:45 EDT

Dan_D posted : Try This!!

!!!!!!!!!!!ROUTER CONFIGURATION!!!!!!!!!!!!!!

interface FastEthernet0/0
no ip address
load-interval 30
speed 100
full-duplex
!
interface FastEthernet0/1.1
description FE interface for VLAN 1 (default)
encapsulation dot1Q 1 native
ip address 172.25.1.1 255.255.255.0
!
interface FastEthernet0/1.10
description FE interface for VLAN 2 (Office Vlan)
encapsulation dot1Q 10
ip address 172.25.10.1 255.255.255.0
!
interface FastEthernet0/1.20
description FE interface for VLAN 2 (Home Vlan)
encapsulation dot1Q 20
ip address 172.25.20.1 255.255.255.0
!
interface FastEthernet0/1.30
description FE interface for VLAN 2 (Wireless Vlan)
encapsulation dot1Q 30
ip address 172.25.30.1 255.255.255.0
!

ip dhcp pool Office
network 172.25.10.0 255.255.255.0
dns-server 151.203.0.84 151.203.0.85
default-router 172.25.10.1
!
ip dhcp pool Home
network 172.25.20.0 255.255.255.0
dns-server 151.203.0.84 151.203.0.85
default-router 172.25.20.1
!
ip dhcp pool Wireless
network 172.25.30.0 255.255.255.0
dns-server 151.203.0.84 151.203.0.85
default-router 172.25.30.1

!!!!!!!!!!!!!!!SWITCH CONFIGURATION!!!!!!!!!!!!!!!!!!!

interface FastEthernet0/1
description Uplink
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 1

Remove ip helper-address 172.25.1.1 from all Vlan configuration

Remove the statement "switchport trunk native vlan XX" on all other interfaces

No Shut on all vlan interfaces

That should do it

Best of Luck
--
^^There's no place like 127.0.0.1 ^^

Re: [HELP] Using VLANS on a 2900 Series switch.

Mon, 17 May 2004 11:44:07 EDT

HawkRdr posted : Your VLANs need to be defined on the router as well, * i think*
been awhile since I have had to do it so...

Re: [HELP] Using VLANS on a 2900 Series switch.

Mon, 17 May 2004 09:35:02 EDT

astamand posted : Thanks for taking the time to research it Army Dude.

I think I understand what you are saying. In the case of my foundry switch, it was layer three, so it could do some basic routing. As I understand it, this switch is only layer two, so just having a default gateway set on it is not enough.

I understand I'll have to trunk the uplink port so that all the VLAN traffic can pass to the router. That makes sense. I'll disable trunking on the other ports as well.

So now the question is, do I need to create the VLANS on the router or is simply just having the DHCP scopes enough?

I just need a pointer to some examples or instructions on configuring the router to talk to a layer 2 switch with VLANS.

Thanks again.

Re: [HELP] Using VLANS on a 2900 Series switch.

Mon, 17 May 2004 07:13:29 EDT

army dude posted : After a little research, it looks like your problem is with trunking. All of your interfaces, except for E0/1 are set as trunk ports. I think the opposite is what needs to be done...set E0/1 as a trunk port to the router. A trunk port will carry traffic from ALL vlans. Since you are using just one port (one connection) to the router, you will need to set up sub-interfaces on E0/1 and also on the router interface that connects to E0/1. You will need to set up a sub-interface for each vlan.
This will enable routing to take place between your different vlans.
I am pretty sure this is why you can't get the interfaces to come up. Maybe someone who knows vlans and trunking on cisco switches real well can offer some more advice here.

Re: [HELP] Using VLANS on a 2900 Series switch.

Sun, 16 May 2004 16:28:59 EDT

astamand posted : Thanks, I forgot to mention they were listed as "shutdown" which you obviously saw by the show run above.

When I try that the command completes OK, but VLANS stay as "shutdown".

I'm sure that's what's wrong but I can't get them to budge.

Thanks,

Alex

Re: [HELP] Using VLANS on a 2900 Series switch.

Sun, 16 May 2004 16:14:11 EDT

army dude posted : Try this:

c2912# config t
c2912(config)# int VLAN10
c2912(config-if)# no shut

repeat for the other 2 vlan interfaces....

[HELP] Using VLANS on a 2900 Series switch.

Sun, 16 May 2004 15:29:47 EDT

astamand posted : I was wondering is if someone would mind looking at my switch config for my 2912.

I am trying to create three VLANS on the switch. One VLAN for the HOME Network, one for the OFFICE network, and one for the WIRELESS network.

I believe I have the VLANS created correctly, but when I connect a client into one of the ports it can not get an IP address from the DHCP server (which is a Cisco router configured with DHCP scopes for all three VLANS as well as the default VLAN).

The IP address of the IP Helper is the address of the Cisco router giving out DHCP. I have configured an IP Helper address for each VLAN since that was required when I run the same scenario on a Foundry switch. On that switch, this configuration works (so the router is configured for DHCP correctly).

The switch is running IOS Version 12.0(5)WC9a (c2900xl-c3h2s-mz.120-5.WC9a.bin)

Any idea what I am missing?

Thanks in advance for your help.

c2912#sh run
Building configuration...
 
Current configuration:
!
! Last configuration change at 03:36:24 UTC Sun May 16 2004
! NVRAM config last updated at 03:36:25 UTC Sun May 16 2004
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname c2912
!
enable secret 5 
!
username astamand password 7 
!
!
!
!
!
ip subnet-zero
ip domain-name verizon.net
ip name-server 151.203.0.84
ip name-server 151.203.0.85
ip name-server 151.202.0.84
!
!
!
interface FastEthernet0/1
 description Uplink
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport trunk native vlan 10
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport trunk native vlan 10
!
interface FastEthernet0/4
 switchport access vlan 10
 switchport trunk native vlan 10
!
interface FastEthernet0/5
 switchport access vlan 20
 switchport trunk native vlan 20
!
interface FastEthernet0/6
 switchport access vlan 20
 switchport trunk native vlan 20
!
interface FastEthernet0/7
 switchport access vlan 20
 switchport trunk native vlan 20
!
interface FastEthernet0/8
 switchport access vlan 20
 switchport trunk native vlan 20
!
interface FastEthernet0/9
 switchport access vlan 30
 switchport trunk native vlan 30
!
interface FastEthernet0/10
 switchport access vlan 30
 switchport trunk native vlan 30
!
interface FastEthernet0/11
 switchport access vlan 30
 switchport trunk native vlan 30
!
interface FastEthernet0/12
 switchport access vlan 30
 switchport trunk native vlan 30
!
interface VLAN1
 description DEFAULT
 ip address 172.25.1.5 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!
interface VLAN10
 description OFFICE
 ip address 172.25.10.1 255.255.255.0
 ip helper-address 172.25.1.1
 no ip directed-broadcast
 no ip route-cache
 shutdown
!
interface VLAN20
 description HOME
 ip address 172.25.20.1 255.255.255.0
 ip helper-address 172.25.1.1
 no ip directed-broadcast
 no ip route-cache
 shutdown
!
interface VLAN30
 description WIRELESS
 ip address 172.25.30.1 255.255.255.0
 ip helper-address 172.25.1.1
 no ip directed-broadcast
 no ip route-cache
 shutdown
!
ip default-gateway 172.25.1.1
!
line con 0
 logging synchronous
 transport input none
 stopbits 1
line vty 0 4
 logging synchronous
 login local
 transport input telnet
!
ntp clock-period 22518299
ntp server 172.25.1.1
end
 
c2912#

Here is the output of a Show VLAN Brief:

c2912#show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1
10   OFFICE                           active    Fa0/2, Fa0/3, Fa0/4
20   HOME                             active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
30   WIRELESS                         active    Fa0/9, Fa0/10, Fa0/11, Fa0/12
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active
c2912#