Cisco – Why Would one VLAN have no Communication on one Switch

cisconetworkingswitchvlan

So the problem is we have a device or host that needs to communicate on a specific VLAN. This VLAN is not new, it is running all throughout our environment and works fine. But the VLAN was recently configured on the switch in question, a Cisco 3750. The DHCP server is handing out addresses on that VLAN with no problem.

I have verified the cable between the host and switch and tried multiple hosts, but none of them can communicate or get an address. I plugged my laptop into an empty port which had a different VLAN assigned and immediately got a DHCP address. When I changed that port to the same VLAN I'm having issues with I got the same problem. The laptop just sits there and tries to DHCP an address but nothing happens.

I double checked the cores and their Layer 3 VLAN config and its fine too. Plus I figured the issue couldn't be with them because the VLAN works fine everywhere else it exists.

So the only other thing I can think of is the switch, but the VLAN exists on the switch and seems to be configured correctly. The trunks appear to be configured just fine as well too.

Anyone have any ideas? I'm lost on this one.

Best Answer

Problems like these can eat up a lot of time.

(I noticed after I wrote this I was assuming you have one DHCP server on a separate subnet, and therefore DHCP requests are forwarded across a router. Troubleshooting will be simpler if the DHCP server is directly on the new VLAN.)

Off the top of my head, from most- to least-likely:

  • the tagging isn't correct through the switch network
  • the router that connects the VLANs in question doesn't have an IP interface on the new VLAN and/or isn't configured to route packets between them
  • whatever is acting as the router between the dhcp server and the dhcp client doesn't have the 'ip helper-address' or 'udp-helper' parameter set correctly so dhcp requests never make it to the dhcp server
  • the dhcp server doesn't have a route back to the router that acts as the gateway to the VLAN in question, possibly because the dhcp server's default gateway doesn't know how to get to the gateway
  • the dhcp server's configuration file(s) has/have been updated to serve the new VLAN, but the dhcp server wasn't restarted (if you have an ISC (ie linux) dhcpd)
  • something in between the dhcp server and the client on the new VLAN has an ACL which is preventing connectivity

In your case, I would back up a couple of steps:

  • Make an itemized list of all ports on all switches that should be involved in this new VLAN. They are probably mostly trunk ports going switch to switch. Now check the VLAN association and state (tagging, default-VLAN if appropriate) of each of them. Yes I know they are all right but humor me.
  • anything interesting in the dhcp server's logs?
  • plug in a computer on the new VLAN with a static IP address. Can it ping the router? Can it ping the dhcp server? (If you can't -- is the dhcp server firewalled to drop icmp packets?)
  • plug in a dhcp computer on the new VLAN. Snoop the traffic (wireshark or equiv). What does the dhcp conversation look like? Are you seeing any replies back from the dhcp server?
  • snoop the traffic on the dhcp server. What does the conversation look like?

Hopefully while working through a list like this you might trip over what's really wrong.

Related Topic