ChrisgoCisco: Switched Network with an External DHCP Server (WinServer 2008) Part 2

Part 2 continues with the switch configurations along with PC- 1 & 2 getting their IP address from the external server….

PART II

Configure Switches
- Set DLS1 as VTP Server (all other switches should be clients) & vtp domain Chill
- Configure VLANS on DLS1 according to diagram. Enable routing. WinServer08 is on VLAN 150.
- Configure SVI’s on DLS1
- Configure trunking (dot1q) & EtherChannel’s between switches (Note: ALS1 to ALS2 & ALS2 to DLS2 in diagram shows only 1 connection (one line) but there are two connections between each switch)
- Set default gateway’s on ALS1 & ALS2; Assign VLAN1 ip addresses. Set access ports to portfast and place them into their respective vlan.
- Optional: enable debugging for dhcp on DLS1
- Bring PC-1 & PC-2 up, set them for dhcp, verify ip address & default gateway assignment for respective vlan (Note: windows firewall will need to be tuned or turned off for this to work. I disabled windows firewall on all virtual machines as were not working on firewall configuration – and this is a closed lab environment)
- Go to WinServer 2008 and verify the address leases for both scopes (both vlan pools)
- Verify PC-1 can ping PC-2

Upcoming:
PART III

Configure Security
- Enable Port-Security on ALS1 & 2: allow 1 MAC address to be learned dynamically on ports fa0/6 and make sure those addresses are saved in NVRAM.
- Enable DHCP Snooping
- ….More to come

Set DLS1 as VTP Server (all other switches should be clients)

DLS1(config)# vtp mode server
DLS1(config)# vtp domain Chill
Changing VTP domain name from NULL to Chill

DLS2(config)# vtp mode client
Setting device to VTP CLIENT mode.

ALS1(config)# vtp mode client
Setting device to VTP CLIENT mode.

ALS2(config)# vtp mode client
Setting device to VTP CLIENT mode.

Configure VLANS on DLS1 according to diagram. Enable routing. Bring up fa0/6 on DLS1 for server dhcp, set as access port and vlan 150.

DLS1(config)# vlan 10
DLS1(config-vlan)# name Area51
DLS1(config-vlan)# vlan 20
DLS1(config-vlan)# name Area78
DLS1(config-vlan)# vlan 150
DLS1(config-vlan)# name ServerDHCP
DLS1(config-vlan)# exit
DLS1(config)# ip routing
DLS1(config)# inter fa0/6
DLS1(config-if)# switchport mode access
DLS1(config-if)# switchport access vlan 150
DLS1(config-if)#spanning-tree portfast
DLS1(config-if)#exit

Configure SVI’s on DLS1

DLS1(config)# inter vlan 1
DLS1(config-if)# ip add 172.16.1.1 255.255.255.0
DLS1(config-if)# no shut
DLS1(config-if)# inter vlan 10
DLS1(config-if)# ip add
*Mar 1 04:42:33.918: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
DLS1(config-if)# ip add
*Mar 1 04:42:35.154: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
DLS1(config-if)# ip add 172.16.10.1 255.255.255.0
DLS1(config-if)# no shut
DLS1(config-if)# inter vlan 20
DLS1(config-if)# ip add 1
*Mar 1 04:42:52.782: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down
DLS1(config-if)# ip add 172.16.20.1 255.255.255.0
DLS1(config-if)# no shut
DLS1(config-if)# inter vlan 150
DLS1(config-if)# ip add
*Mar 1 04:43:07.866: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan150, changed state to down
DLS1(config-if)# ip add 172.16.150.1 255.255.255.0
DLS1(config-if)# no shut
DLS1(config-if)# exit
DLS1(config)#

Configure EtherChannel’s between switches

DLS1

DLS1(config)# inter range fa0/11 – 12
DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1

DLS1(config-if-range)# no shut
DLS1(config-if-range)# exit
DLS1(config)#

DLS2

DLS2(config)# inter range fa0/11 – 12
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk
DLS2(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1

DLS2(config-if-range)# no shut
DLS2(config-if-range)# exit
DLS2(config)# inter range fa0/7 – 8
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# switchport mode trunk
DLS2(config-if-range)# channel-group 2 mode desirable
Creating a port-channel interface Port-channel 2
DLS2(config-if-range)# no shut
DLS2(config-if-range)# exit

ALS1

ALS1(config-if-range)# switchport mode trunk
ALS1(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1
ALS1(config-if-range)# no shut
ALS1(config-if-range)# exit
ALS1(config)#

ALS2

ALS2(config)# inter range fa0/11 – 12
ALS2(config-if-range)# switchport mode trunk
ALS2(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1

ALS2(config-if-range)# no shut
ALS2(config-if-range)# inter range fa0/7 – 8
ALS2(config-if-range)# switchport mode trunk
ALS2(config-if-range)# channel-group 2 mode desirable
Creating a port-channel interface Port-channel 2

ALS2(config-if-range)# no shut
ALS2(config-if-range)# exit
ALS2(config)#

Verify VLANS and VTP on ALS1:

Verify trunking and EtherChannel on ALS2:

Set default gateway’s on ALS1 & ALS2 & assign VLAN 1 ip addresses. Assign access port vlans.

ALS1

ALS1(config)# inter vlan 1
ALS1(config-if)# ip add 172.16.1.11 255.255.255.0
ALS1(config-if)# no shut
ALS1(config-if)# exit
ALS1(config)#
05:25:22: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
05:25:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
ALS1(config)# ip default-gateway 172.16.1.1
ALS1(config)# inter fa0/6
ALS1(config-if)# switchport mode access
ALS1(config-if)# switchport access vlan 10
ALS1(config-if)# spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only
have effect when the interface is in a non-trunking mode.
ALS1(config-if)# no shut

ALS2

ALS2(config)# inter vlan 1
ALS2(config-if)# ip add 172.16.1.12 255.255.255.0
ALS2(config-if)# no shut
ALS2(config-if)# exit
ALS2(config)#
05:26:38: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
05:26:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
ALS2(config)# ip default-gateway 172.16.1.1
ALS2(config)# inter fa0/6
ALS2(config-if)# switchport mode access
ALS2(config-if)# switchport access vlan 20
ALS2(config-if)# spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only
have effect when the interface is in a non-trunking mode.
ALS2(config-if)# no shut
ALS2(config-if)#

Optional: enable debugging for dhcp on DLS1

DLS1#debug ip dhcp server events
DLS1#debug ip dhcp server packet
DLS1#

Bring PC-1 & PC-2 up, set them to obtain an IP address automatically, verify ip address & default gateway assignment for their respective vlan.

PC-1 (PC-2 is similar and not shown)

Bring up the cmd prompt (start > run > cmd) and verify by “ipconfig”. You may have to release and then renew (I shut down my fa0/6 on ALS1 & 2 while bringing up the XP vm’s (PC1 & PC2) so they defaulted to the generic IP address).

The response is no go. I couldn’t get the dhcp assignments to work. I spent several hours trying to figure out the problem; I knew that somehow I had to get DLS1 to point to the server (ip helper address) but couldn’t figure out where to put it. I know it needed to be placed on the incoming interface where the request is coming from but I couldn’t put it on the fa0/11 – 12 interfaces nor on the portchannel. Then it came to me:

DLS1(config)# inter vlan 10
DLS1(config-if)#ip h?
hello-interval helper-address hold-time

DLS1(config-if)# ip helper-address 172.16.150.5
DLS1(config-if)#

Now: