0

I have a basic remote site with a Cisco Catalyst 2924XL switch. There are 2 VLAN's at the site:

1 Default
2 Wireless

There is a single server connected via a single ethernet cable, VLAN 1 is native/untagged and VLAN 10 is tagged. The is CentOS based, and I'm seeing strange behavior from DHCP that suggests the VLAN tagging is not working correctly.

Note the 2 DHCPREQUEST packets at the same time, but via both VLANS:

Jan  6 17:19:25 gateway dhcpd: DHCPREQUEST for 192.168.100.206 from 0c:77:1a:10:f3:1e (iPhone) via eth0.10
Jan  6 17:19:25 gateway dhcpd: DHCPACK on 192.168.100.206 to 0c:77:1a:10:f3:1e (iPhone) via eth0.10
Jan  6 17:19:25 gateway dhcpd: DHCPREQUEST for 192.168.100.206 from 0c:77:1a:10:f3:1e (iPhone) via eth0: wrong network.
Jan  6 17:19:25 gateway dhcpd: DHCPNAK on 192.168.100.206 to 0c:77:1a:10:f3:1e via eth0

It happens with all devices on the wireless VLAN, the above is just an example.

The WAP is connected to port 17 on the switch. The server is on port 24.

cisco-sw#sh ru
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco-sw
!
enable secret 5 $1$KINg$5KgS(censored)
!
!
!
!
!
!
spanning-tree vlan 1 forward-time 5
no spanning-tree vlan 10
ip subnet-zero
!
!
!         
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
 switchport access vlan 10
!
interface FastEthernet0/18
 switchport access vlan 10
!
interface FastEthernet0/19
 switchport access vlan 10
!
interface FastEthernet0/20
 switchport access vlan 10
!
interface FastEthernet0/21
 switchport access vlan 10
!
interface FastEthernet0/22
 switchport access vlan 10
!
interface FastEthernet0/23
 switchport access vlan 10
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface VLAN1
 ip address 192.168.100.99 255.255.255.128
 no ip directed-broadcast
 no ip route-cache
!
ip default-gateway 192.168.100.100
no cdp run
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 login
line vty 5 15
 login
!
end

I'm pretty sure I'm buggered something in the Cisco config, but I can't see what.

Any ideas how to make it behave as expected (each VLAN separated correctly) would be great.

EDIT 23/01/13

cisco-sw#show int f0/17 switchport 
Name: Fa0/17
Switchport: Enabled
Administrative mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 10 (WLS)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: NONE

Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
Self Loopback: No
fukawi2
  • 5,396
  • 3
  • 32
  • 51
  • Can we see results from "Show int trunk" - I suspect the WAP is trunking. Your config looks fine, just understand you'd want "switchport mode access" to force access mode. – Jason Seemann Jan 12 '13 at 07:23
  • "show int trunk" gives "Invalid input detected". The WAP is a basic consumer AP that has no trunking/VLAN capabilities. – fukawi2 Jan 13 '13 at 00:28
  • Try 'show int f0/17 switchport'. You also always want to set an administrative mode on switchports - either 'switchport mode trunk' or 'switchport mode access' depending on what you want. Never trust dynamic switchports. – Aaron Jan 22 '13 at 18:32
  • I've added the output of that to the OP. It looks correct? Admin Mode == "static access" and Access Mode VLAN == 10. – fukawi2 Jan 22 '13 at 22:24

2 Answers2

0

OK, I have replaced the Cisco switch with a HP switch and the problem persists. My best guess is that the NIC doesn't support 802.1q tagging, so this was never a problem with the switch or it's configuration.

fukawi2
  • 5,396
  • 3
  • 32
  • 51
0

For future reference should someone come this way again: I haven't been able to do DHCP on both untagged and tagged VLANs on the same interface for some time, at least on Cent OS with ISC DHCP on HP servers. At one point years ago it was my standard setup & was working fine, but then it stopped working. I'm not sure if it's the OS, the DHCP server, or the network cards.

My practical solution is to never run untagged & tagged VLANs on the same iface. Instead, I create a dummy untagged net on the server, and route all production data over tagged nets. It's cheap, but it seems to work. Good luck.

Anon
  • 1
  • Thanks for the input; I do run other similar environments (CentOS, HP Switches, Tagged and Untagged VLANs, ISC DHCPD) that work fine. The only difference being the hardware (both HP, but very dissimilar models) – fukawi2 Jun 02 '13 at 23:28