DHCP is not working 3560G

From: omar parihuana (omar.parihuana@gmail.com)
Date: Sat Jul 12 2008 - 14:06:10 ART

• Next message: A.G. Ananth Sarma (GMail): "Re: Passed #21395"
• Previous message: Jason Madsen: "Re: IAD 2431 w/ T1 ports and 12.4. Keep getting BERT messages"
• Next in thread: Marvin Greenlee: "RE: DHCP is not working 3560G"
• Maybe reply: Marvin Greenlee: "RE: DHCP is not working 3560G"
• Maybe reply: Jason Madsen: "Re: DHCP is not working 3560G"
• Maybe reply: Jason Madsen: "Re: DHCP is not working 3560G"
• Maybe reply: Hong Chan: "Re: DHCP is not working 3560G"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

I've configured a Switch 3560G with 3 SVIs in order to VLAN Routing:

!
interface Vlan10
 description VLAN 10
 ip address 10.53.0.253 255.255.255.0
!
interface Vlan20
 description VLAN 20
 ip address 10.53.5.1 255.255.255.0
!
interface Vlan30
 description VLAN 30
 ip address 10.53.8.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.53.0.1
!

After I've configured a DHCP Pool in order to assign IP address only to VLAN
30, the conf is:

!
!
ip dhcp excluded-address 10.53.8.1 10.53.8.199
ip dhcp pool DCHP
   network 10.53.8.0 255.255.255.0
   default-router 10.53.8.1
   dns-server 200.41.96.24 200.41.96.26
!

After that host in vlan 30 are assigned an IP Address correctly and the
intervlan routing working fine, but as I need that VLAN 30 only reach to
external networks (Internet) and not to other networks (VLAN 10 and VLAN20)
I've created an Access-list
!
ip access-list extended BLOCKING-VLAN
 permit ip 10.53.8.0 0.0.0.255 host 10.53.0.1
 deny ip 10.53.8.0 0.0.0.255 10.53.0.0 0.0.0.255 log
 deny ip 10.53.8.0 0.0.0.255 10.53.5.0 0.0.0.255 log
 permit ip 10.53.8.0 0.0.0.255 any
!

!
interface Vlan30
 description VLAN 30
 ip address 10.53.8.1 255.255.255.0
 ip access-group BLOCKING-VLAN in
!

The first sentence in ACL is necessary to reach the default gateway in
VLAN10 (see default route above). Apparently all is working well the host in
VLAN 30 don't reach to Servers in VLAN 10 and VLAN20, but DHCP IS NOT
WORKING! no assign IP address to hosts. After of check the debugs, I noticed
that when the access-list is applied to Int VLAN30 the Switch is not aware
about DHCP request. DHCPD: DHCPDISCOVER is never received by Switch. But
when I removed the access-list then DHCP working well, then how should I
configure the access-list in order to allow DHCP in VLAN30 and the hosts in
VLAN30 don't communicate the others VLANs? or maybe change the DHCP
Configuration but how?

Rgds.

-- 
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!

• Next message: A.G. Ananth Sarma (GMail): "Re: Passed #21395"
• Previous message: Jason Madsen: "Re: IAD 2431 w/ T1 ports and 12.4. Keep getting BERT messages"
• Next in thread: Marvin Greenlee: "RE: DHCP is not working 3560G"
• Maybe reply: Marvin Greenlee: "RE: DHCP is not working 3560G"
• Maybe reply: Jason Madsen: "Re: DHCP is not working 3560G"
• Maybe reply: Jason Madsen: "Re: DHCP is not working 3560G"
• Maybe reply: Hong Chan: "Re: DHCP is not working 3560G"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART