MS130-48P: Configured with Static IP but now uses DHCP IP

mcoomber
Getting noticed

MS130-48P: Configured with Static IP but now uses DHCP IP

I've got a troublesome switch that recent rebooted itself. After the reboot, the static IP that it is configured to use it not what is presently active. Instead its a DHCP issued IP. I've done several reboots and whenever its powered on it gets a new DHCP issued IP.

  1. What might be the cause
  2. How do I get the static issued IP address to work. 

This is the same switch that I recently reported as not properly powering on the Access Points attached to it. This issue is still pending. 

 

Thanks

 

28 Replies 28
RWelch
A model citizen

Screenshot 2024-10-24 at 08.28.33.png

 

Screenshot 2024-10-24 at 08.23.27.png

 

 

First thing I would check is the TRUNK uplink.  If you have "modified" the native VLAN as many do, be sure it's also set that change accordingly under Switching > Switch Settings as pictured above where is shows VLAN configuration (Management VLAN) at the top of the page.

mcoomber
Getting noticed

My Native VLAN is  still set to the default.

RWelch
A model citizen

What is the switch connected to?  Can you show screenshots of your uplink settings that might help us see how it's configured.  Your initial post doesn't have a lot of info/details for us to go off of without seeing how it's configured.

mcoomber
Getting noticed

The switch is connected to a 3850 Catalyst switch that has been configured to run MSTP. Screenshot 2024-10-24 170252.pngScreenshot 2024-10-24 170351.png

RWelch
A model citizen

Does turning OFF trusted DAI fix the issue or have you tested that idea/suggestion?

RWelch
A model citizen

And I would turn OFF PoE on the UPLINK as well.

mcoomber
Getting noticed

Turning off Trusted DAI blocks certain devices especially the Cisco deskphones from connecting and getting IP address

RWelch
A model citizen

Is your static IP setup have the VLAN field set or is it empty?

mcoomber
Getting noticed

The static IP setup has The VLAN ID set to the data VLAN. 
I've got only two VLANS (Data and Voice)Configured Static SettingsConfigured Static SettingsPresent DHCP SettingPresent DHCP Setting

RWelch
A model citizen

The static VLAN should reflect the NATIVE VLAN (1) to talk to the cloud - not for your data/voice VLANs.

mcoomber
Getting noticed

I changed the static VLAN to Native VLAN 1 and after rebooting the static IP Address Appeared. 

So thinking that this is the solution, I went ahead to change the static VLAN on the other switch that also had VLAN 10 to reflect this change. However, after changing to the NATIVE VLAN and rebooting the switch, I now have this switch being issued with  DHCP IP address and the static IP that was present is not any more. 

RWelch
A model citizen

What subnets are you using?
Example
VLAN 1 is 10.10.10.0/24
VLAN 5 is 172.16.5.0/24
VLAN10 is 172.16.10.0/24

When you set the static IP address of the MS130 switch it should also fall within the VLAN1 subnet.

The screenshot you have above shows DHCP using VLAN 1 however it looks like you are manually setting it to VLAN10 on the Data VLAN.

Do you have two or three subnets?  Is your 3850 Catalyst using Native VLAN1 subnet for a static IP address as well or using VLAN10 data subnet?  

mcoomber
Getting noticed

VLAN 5 (Voice) - 192.168.20.0/24 (DHCP from a Cisco 3945 ISR)

VLAN 10 (Data) - 172.16.0.0/23 (DHCP from Windows Server 2016)

3850 Catalyst using Native VLAN 1

 

Originally I had configured the static VLAN to 10 but you have advised to change to Native VLAN 1. Changing to Native VLAN 1 solved my initial issue but then changing it to Native VLAN 1 on the other switch transfers the problem.

 

RWelch
A model citizen

What is the VLAN1 subnet?  Have you defined or added a VLAN1 subnet?

The reason VLAN1 fails on the MS130 is likely because it's not defined just showing what the default is as native VLAN 1.  It needs to be listed for it to work and be used.  I don't see what IP/subnet range VLAN 1 is.

mcoomber
Getting noticed

VLAN 1 is not defined within the network. It is just listed as the Native VLAN for the uplink between the switches.

VLAN 30 is mainly not in use

VLANs configured on the MXVLANs configured on the MX

Nibss
New here

Hey, I had lots of these types of issues when deploying large Meraki networks across the UK & Kenya. First check the port your device is connected to & make sure uplink port config matches the IP subnet you are trying to set as static. 

 

Check your DHCP server hasn't reserved IP addresses on different scopes for your device. Some of my switches were reserving 5+ IP addresses across different vlans & I could see reservations on different scopes against the MAC of my switch in the DHCP server. 

 

To fix this I created a DHCP reservation against the mac address of the device I am setting a static on, checked the static information is correct in the dashboard, checked the uplink config is correct, deleted the incorrect DHCP scope reservations then forced a reset of the switch via the reset button.

 

May not be the same issue you are facing but helped for me, goodluck 🙂 

mcoomber
Getting noticed

Hey,

My DHCP Server has a reserved range of 172.16.1.1 - 30 and from within it the static IP Address is used for the switches and Access Points. DHCP is disabled on the switches.

RWelch
A model citizen

Native VLAN for your switch is VLAN1
Data VLAN should be something other than VLAN1

Voice VLAN should be something other than VLAN1 and the Data VLAN.

Setting your static IP VLAN field should be 1 (separate subnet).

mcoomber
Getting noticed

Native VLAN is default 1. Data VLAN is 10 and Voice is 5

RWelch
A model citizen

Does the static IP address you are attempting to assign to the MS130 switch fall into the VLAN1 subnet or VLAN10 data subnet?

mcoomber
Getting noticed

Within the VLAN 10 subnet

RWelch
A model citizen

You will need to define (create/add) VLAN1 within your network for the MS130 to use the non-existent NATIVE 1 VLAN as you've told the switch to use.  The 3850 fails as well because it remains undefined (non-existent).  VLAN1 doesn't seem to exist anywhere in the network.

Or you could make VLAN10 the native VLAN (untagged) - could be the easier solution.  Both the 3850 and MS130 ports that connect to one another need to be identical. 

VLAN 1 (non-existent) - ???.???.??.0/?? (it doesn't exist)

VLAN 5 (Voice) - 192.168.20.0/24 (DHCP from a Cisco 3945 ISR)

VLAN 10 (Data) - 172.16.0.0/23 (DHCP from Windows Server 2016)

mcoomber
Getting noticed

I think I will go with the option of using VLAN 10 as the native VLAN (untagged) since that's what's already configured the other switches that are working and showing that the IPs are statically assigned. 

Only VLAN 5 & 10 are configured within the 3850 Catalyst switch.

RWelch
A model citizen

IMG_6801.png If you have "modified" the native VLAN as many do, be sure it's also set that change accordingly under Switching > Switch Settings as pictured above where is shows VLAN configuration (Management VLAN) at the top of the page.

mcoomber
Getting noticed

Hi RWelch,

I've been replying to this post but something is not working properly as it is not appearing within the feed. 

 

I have changed a few configurations. 

  • I have transferred DHCP services from the 3945 ISR (VLAN 5 - Voice) and the Windows Server (VLAN 10 - Data) to the MX84 Security Appliance.
  • I have connected the troubleshoot MS130-48P switch directly to the MX 84. However still having the problem of it using DHCP rather that the statically assigned address.  

Based on the config below of the 3850, can I simply connect all the MS130-48P switches to the MX84 and then cut out the 3850 switch? 

BACKBONE-SW#sh config
Using 2684 out of 2097152 bytes, uncompressed size = 5832 bytes
!
! Last configuration change at 18:24:23 UTC Mon Oct 14 2024 by admin
! NVRAM config last updated at 12:02:19 UTC Fri Oct 25 2024 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname BACKBONE-SW
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5
!
username admin privilege 15 password 7
aaa new-model
!
!
aaa session-id common
switch 1 provision ws-c3850-24t
!
!
ip name-server 172.16.0.2
ip name-server 172.16.0.3
!
!
qos queue-softmax-multiplier 100
vtp mode transparent
!
crypto pki trustpoint TP-self-signed-311815890
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-311815890
revocation-check none
rsakeypair TP-self-signed-311815890
!
!
crypto pki certificate chain TP-self-signed-311815890
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
diagnostic bootup level minimal
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name OfficeHQ
revision 1
instance 1 vlan 1-30
!
spanning-tree mst 0-2 priority 16384
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
vlan 5
name VOICEVLAN
!
vlan 10
name DATAVLAN
!
vlan 15
!
!
class-map match-any non-client-nrt-class
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
description "SERVER ACCESS PORT"
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/14
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/16
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/17
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/18
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/19
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/20
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/21
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/22
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/23
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/24
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
ip address dhcp
!
interface Vlan10
ip address 172.16.0.10 255.255.254.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
line con 0
password 7
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
ntp server 172.16.0.1
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end

Uplink port on the MS130-48PUplink port on the MS130-48PConfigured Static SettingsConfigured Static SettingsScreenshot 2024-10-26 095421.pngConfigured VLAN for DHCP on the MXConfigured VLAN for DHCP on the MX

mcoomber
Getting noticed

Hi RWelch,

So I've done some configuration changes.

  • I have transferred all DHCP services for both the Voice and Data VLANs from the 3945 switch and the Windows Server 2016 to the MX84 Security Appliance. 
  • Native VLAN 1 is only used as the Trunk Port for the Uplink between the MS130-48P switches and the 3850 Catalyst Switch. 

 

DHCP Configured on MX84DHCP Configured on MX84

 

I think this issue of the MS130-49P using DHCP instead the reason why I am having the problems of the APs going down when connected to that switch.

 

Below is the config for the 3850 switch.

 

BACKBONE-SW#sh config
Using 2684 out of 2097152 bytes, uncompressed size = 5832 bytes
!
! Last configuration change at 18:24:23 UTC Mon Oct 14 2024 by admin
! NVRAM config last updated at 12:02:19 UTC Fri Oct 25 2024 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname BACKBONE-SW
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5
!
username admin privilege 15 password 7
aaa new-model
!
!
aaa session-id common
switch 1 provision ws-c3850-24t
!
!
ip name-server 172.16.0.2
ip name-server 172.16.0.3
!
!
qos queue-softmax-multiplier 100
vtp mode transparent
!
crypto pki trustpoint TP-self-signed-311815890
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-311815890
revocation-check none
rsakeypair TP-self-signed-311815890
!
!
crypto pki certificate chain TP-self-signed-311815890
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
diagnostic bootup level minimal
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name OfficeHQ
revision 1
instance 1 vlan 1-30
!
spanning-tree mst 0-2 priority 16384
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
vlan 5
name VOICEVLAN
!
vlan 10
name DATAVLAN
!
vlan 15
!
!
class-map match-any non-client-nrt-class
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
description "SERVER ACCESS PORT"
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/14
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/16
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/17
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/18
description "SERVER ACCESS PORT"
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/19
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/20
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/21
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/22
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/23
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/0/24
description "UPLINK TO ACCESS SW"
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
ip address dhcp
!
interface Vlan10
ip address 172.16.0.10 255.255.254.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
line con 0
password 7
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
ntp server 172.16.0.1
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end

 

CarolineS
Community Manager
Community Manager

Hi @mcoomber -

Community moderator here. I have just restored the several posts that you made that were picked up by our spam detector (not sure why, sometimes it’s just over-active 😞 ). Apologies for the inconvenience!

 

LMK if any of the posts should be removed or edited.

 

Cheers!

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
mcoomber
Getting noticed

Thanks for letting me know what happened. Here I was thinking I might have been doing wrong.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels