DHCP
I have interface 1 (Vlan1) and interface 5 (Vlan99) and interface 8 (Vlan301) all connecting to the same LAN. I have DHCP scopes enabled on all three interfaces (for different routes and purposes). My cisco person indicated that the Vlan301 devices are showing up as Vlan1 devices and they are getting their IP Address from Vlan1. I created static entries associating their Ethernet address to use the IP Address in Vlan301 for said devices yet they still get an IP Address from Vlan1. I thought that if there are entries in the firewall with instructions that said Ethernet address, it would redirect send the Vlan301 IP Address but that is not the case. Is there a way to make the firewall to force the reserved IP Address to the device no matter which interface it tries to connect to?
Best Answer
-
TKWITS Community Legend ✭✭✭✭✭
ah yes, you failed to mention you had voip phones in your environment...
youll likely need to keep the switchport in question on VLAN1 but also tag VLAN301 on it (aka making the port a 'trunk'), and tell the phone to use VLAN301.
do some more reading on the concepts. also helps to provide as much information in the first post...
0
Answers
I did remove the devices from the current leases list and they show back up using the an IP Address from Vlan1.
Is there a way to make the firewall to force the reserved IP Address to the device no matter which interface it tries to connect to?
No. DHCP depends on the interface.
For clarity, are the interfaces you listed (1,5, & 8) subinterfaces of a physical interface, or each an individual physical interface?
Read up on 802.1Q / VLANing.
Physical ports on the firewall.
VLANs imply a single physical interface divided into logical subinterfaces. What does your topology look like? Multiple physical switchports to the multiple physical ports on the firewall? What does your switch config look like with regards to VLANs, trunks, and access ports?
Hi @itworks4me2
For resolving the above mentioned issue, You would have to tag the Firewall VLAN ID (vlan, Vlan99 & vlan301) in CISCO switch appropriate ports then only it will work as per your design.
All ports on CISCO switch are in VLAN1, which is default (untagged) and its called native VLAN.
It is but the Unifi switches identify the devices of which need to go to Vlan301 are identified as Vlan1 and Vlan301
Hi @itworks4me2
Follow the below unifi switch KB for tagging and untagging the VLAN ports.
Thank you. That is what Unifi said too but made the PC that needed to be on Vlan1 that is connected to the phone stop working because it forced everything to Vlan301.
I don't see why it mattered if my "devices" were phones or not.
Thats like saying to a math teacher "I dont see why X matters in math" when you are being taught algebra.
Everything matters in networking. It also helps those helping you to know what "devices" we are thinking about.
You're welcome.