I'm trying to configure a new subnet for my users. DHCP is configured on the switch SW1.
The topology looks like this :
SW1 <===> SW2 <===> PC
There is an etherchannel + trunk link between SW1 and SW2.
For whatever reasons, I cannot ping the PC. It gets an IP just fine.
Here is my configuration on SW1:
ip dhcp class rangeuser
ip dhcp pool UsersLAN
network 10.239.146.0 255.255.255.0
domain-anme xx.com
dns-server 172.30.184.5 172.30.184.4
default-router 10.239.146.1
lease 0 2
class rangeuser
address range 10.239.146.10 10.239.146.250
address 10.239.146.82 client-id 0114.b31f.17c5.a7
int po24
switchport mode trunk
int vlan11
ip address 10.239.146.5 255.255.255.0
And on SW2:
int po24
switchport mode trunk
int gi2/0/41
switchport access vlan 11
switchport mode access
switchport voice vlan 30
spanning-tree portfast
spanning-tree bpduguard enable
Show ip dhcp binding displays the lease. But when I try to ping using source interface vlan 11, it simply does not work. If I put back the access port into the old user vlan (vlan 10), then I can ping just fine with my switch.
What's going on here ?
Best Answer
I figured it out eventually.
When a computer has joined a domain, it tries to contact its domain controller after getting an IP. In Vlan 10, it was able to do so successfully, and would categorize the network as a "Domain network". The Windows Firewall was disabled for domain networks.
When in Vlan11, the subnet was not allowed to contact the domain controller because it was dropped on a Firewall along the way. This resulted in the network being categorized as a "Public network", where the Windows firewall was enabled.
After opening the network flows, it started working.