Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

HP J4899B - DHCP problem

 
nikmag
Occasional Visitor

HP J4899B - DHCP problem

Hi,

I have a meraki MX firewall which forwards dhcp packet to another site and under this meraki MX i have two HP switches which connects clients and using dhcp it offers IP addresses to the same clients ( vlan 20).  The configuration on switch 1 looks like below:

interface 45
disable
exit
interface 50
no lacp
exit
trunk 50 Trk1 Trunk
ip default-gateway 10.16.205.1
vlan 1
name "DEFAULT_VLAN"
untagged 33,36,39,Trk1
no ip address
tagged 1,45-49
no untagged 2-32,34-35,37-38,40-44
exit
vlan 20
name "Clients"
untagged 34-35,40
tagged 1,45-49,Trk1
exit
vlan 100
name "MGT"
untagged 45
ip address 10.16.205.201 255.255.255.0
tagged 1,46-49,Trk1
exit
vlan 60
name "Support"
untagged 2-32,37-38,41-42,44
no ip address
tagged 1,43,45,47,49,Trk1
ip igmp
exit
vlan 80
name "AP"
tagged 1,45-49,Trk1
exit
vlan 90
name "AP_GUEST"
tagged 1,45-49,Trk1
exit
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree priority 2
ip ssh

The other sw02 has this config. below:

interface 50
no lacp
exit
trunk 50 Trk1 Trunk
ip default-gateway 10.16.205.1
vlan 1
name "SERVER"
no ip address
tagged 47-49,Trk1
no untagged 1-46
exit
vlan 20
name "CLIENT"
untagged 13
no ip address
tagged 47-49,Trk1
exit
vlan 100
name "MGT"
ip address 10.16.205.202 255.255.255.0
tagged 47-49,Trk1
exit
vlan 60
name "SUPPORT"
untagged 1-12,14-46
no ip address
tagged 47-49,Trk1
ip igmp
exit
vlan 80
name "AP"
tagged 47-49,Trk1
exit
vlan 90
name "AP_Guest"
tagged 47-49,Trk1
exit
spanning-tree
spanning-tree Trk1 priority 4
ip ssh

So the problem is this: one of the clients is connected on the sw02 port 13,  and everytime it broadcast for dhcp request on the switch i see a flood of broadcast packets as below:

---- Reverse event Log listing: Events Since Boot ----
I 07/03/19 12:46:46 mgr: SME SSH from 10.16.15.101 - MANAGER Mode
I 07/03/19 11:42:12 ports: port 13 is now off-line
I 07/03/19 06:22:46 ports: port 13 is now on-line
I 07/03/19 06:22:46 ports: port 13 is Blocked by STP
I 07/03/19 06:22:43 ports: port 13 is Blocked by LACP
I 07/03/19 06:22:40 ports: port 13 is now off-line
W 07/03/19 06:22:38 FFI: port 13-Excessive Broadcasts. See help.
W 07/03/19 06:22:38 FFI: port 13-Excessive CRC/alignment errors. See help.

Which means the port 13 gets blocked!

On sw01 we have port 34 connected to an unmanaged small switch (8 ports) with 8 clients connected to it but none of them is receiving IP address either.

These are some of the logs on sw01:

---- Reverse event Log listing: Events Since Boot ----
I 07/04/19 11:45:52 mgr: SME SSH from 10.16.15.101 - MANAGER Mode
I 07/04/19 10:02:56 mgr: SME TELNET from 192.168.15.209 - MANAGER Mode
I 07/03/19 16:13:03 ports: port 2 is now on-line
I 07/03/19 16:13:03 ports: port 2 is Blocked by STP
I 07/03/19 16:13:01 ports: port 2 is Blocked by LACP
I 07/03/19 16:12:59 ports: port 2 is now off-line
I 07/03/19 14:46:17 mgr: SME SSH from 192.168.15.101 - MANAGER Mode
I 07/02/19 07:51:02 ports: port 2 is now on-line
I 07/02/19 07:51:02 ports: port 2 is Blocked by STP
I 07/02/19 07:50:59 ports: port 2 is Blocked by LACP
I 07/02/19 07:50:57 ports: port 2 is now off-line
I 07/01/19 23:36:59 ports: port 2 is now on-line
I 07/01/19 23:36:59 ports: port 2 is Blocked by STP
I 07/01/19 23:36:57 ports: port 2 is Blocked by LACP
I 07/01/19 23:36:55 ports: port 2 is now off-line
I 07/01/19 10:59:47 mgr: SME SSH from 192.168.15.101 - MANAGER Mode
I 07/01/19 10:59:04 mgr: SME SSH from 192.168.15.101 - MANAGER Mode
I 07/01/19 10:50:48 ports: port 9 is now on-line
I 07/01/19 10:50:48 ports: port 9 is Blocked by STP
I 07/01/19 10:50:45 ports: port 9 is Blocked by LACP
I 06/28/19 14:11:44 ports: port 9 is now off-line
I 06/28/19 07:57:08 ports: port 15 is now off-line
W 06/28/19 07:56:58 FFI: port 15-Excessive Broadcasts. See help.

Can someone help me with this problem! I know it may be a problem with stp but I just dont understand how to fix it?

 

7 REPLIES 7
parnassus
Honored Contributor

Re: HP J4899B - DHCP problem

It's unclear the ports used (interface 50 of both Switches) to connect to your Meraki...in any case using trunk 50 trk1 trunk is incorrect...are you sure you want to aggregate just one port (50!) into a logical port (trk1) with non protocol (trunk trunking mode <-- HP ProCurve jargon, not Cisco here!) and then you apply tagged memberships (and untagged membership) to some VLANs for that logical port? I doubt.

If the topology is:

  • SW01 Interface 50 to Meraki Interface X
  • SW02 Interface 50 to Meraki Interface Y

then you should review your Switch configurations for both interfaces 50.

nikmag
Occasional Visitor

Re: HP J4899B - DHCP problem

Hi and thank you for you reply. 

I run lldp command and got this information:

LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------------- ------ --------- ----------------------
14 | e4 e7 49 47 8e b6 e4 ...
16 | e4 e7 49 47 94 35 e4 ...
19 | e4 e7 49 47 8e b7 e4 ...
29 | e4 e7 49 4d 68 51 e4 ...
31 | e4 e7 49 4d 6c 07 e4 ...
35 | 00 19 bb a6 33 e0 8 Port #8 PROCURVE J9029A
43 | e4 e7 49 4d 6c 13 e4 ...
43 | 50 2f a8 24 a1 00 e4 ...
47 | 00 15 60 19 26 80 50 50 SW02
48 | e0 cb bc 23 9d 5f 1 lan po... Meraki-FW01
50 | e0 55 3d f9 d1 9d 48 Port 48 SW03

Sw02 has only one uplink through port50 to sw01 on port 47, Then sw01 is connected to firewall through port 48 and then through port 50 is connected to sw03 on port 48 (this switch is a meraki switch). So does that mean that we have to tag these ports on each respective switch and just delete that logical port trk1?

Highlighted
parnassus
Honored Contributor

Re: HP J4899B - DHCP problem

Cheers,

from show lldp - executed on SW01 - what I understand is that:

  • SW01 interface 35 <---> interface 8 SW04 (J9029A HP ProCurve 1800)
  • SW01 interface 47 <---> interface 50 SW02
  • SW01 interface 48 <---> LAN Meraki Firewall
  • SW01 interface 50 <---> interface 48 SW03

so, in my opinion, you have all (and only) single link uplinks interconnecting SW01 to SW02, SW03, SW04 and the Meraki Firewall.  No aggregated links here (so no Port Trunking, trunks in HP jargon, at all).

You just need to set each interface of an uplink's pair to be a tagged member of each VLAN you need to transport between those peers (Switch to Switch or Switch to Meraki). Access ports remain untagged member of desired VLAN.

If the Meraki is responsible (and it is from what I saw) of IP Routing and Access between VLANs...permitting or denying inter-VLAN traffic...then, as example, the interface 48 it is already a tagged member of those VLANs:

  • VLAN 100
  • VLAN 90
  • VLAN 80
  • VLAN 60
  • VLAN 20
  • VLAN 1 (that's somewhat strange because, generally, an uplink interface would be leaved an untagged member of VLAN 1).

It's clear that if you need to transport (to permit) those VLANs to other downlinked switches (SW02, SW03 and so on) then on each downlink you should ensure that you use the same tagging/untagging schema applied on both interlink ends. So a first check is to understand if that's the case (SW01 47 <--> 50 SW02 and SW01 50 <--> 48 SW03, eventually SW01 35 <--> 8 SW04).

With regards to Spanning Tree I would set spanning-tree priority 0 (highest = root of Spanning Tree) on the topology center (SW01) and then an higher value - as example 8 (default) - on remaining Switches. I would also try to understand if you can use RSTP (Rapid STP) instead of just STP.

Given that, the Meraki is your core point, responsible for inter-VLANs routing/access.

nikmag
Occasional Visitor

Re: HP J4899B - DHCP problem

Hi Parnassus,

I checked the ports as you described (SW01 47 <--> 50 SW02 and SW01 50 <--> 48 SW03, eventually SW01 35 <--> 8 SW04). and they are all tagged on correct vlans. When it comes to Trk1 (agregated link) I too think that this is not needed if we are using only one port (port 50).  To be correct with you sw03 is the meraki switch, and I think that sw01 is the core switch which connects the firewall with the other switches. In the topology which I designed to have a better understanding how it looks in the reality I dont see any loop!

Link for viewing the topology is below:
The topology!

Anyway it seems that the sw01 is the root switch and rstp is configured on all the switches! I dont understand still why the port 13 on sw2 is getting blocked, or why the port 35 which is configured on vlan 20 is not working and none of the clients connected to sw04  (8 port switch) is getting IP adresses? 

If you need further logs on configuration command done on the switches in order to help me understand better this problem I can provide it!

parnassus
Honored Contributor

Re: HP J4899B - DHCP problem

Cheers, let we check one problem at time.

First: interfacev 13 on SW02.

What is connected to that interface? is it a Client aware or not aware of VLAN Tagging (IEEE 802.1Q)? I ask that because, generally, an edge device is unaware of the fact its traffic will be leave the switch tagged...so seeing that you untagged that port on VLAN 20 will make me think that, correctly, on that client NIC port there isn't any tagging reference.
nikmag
Occasional Visitor

Re: HP J4899B - DHCP problem

Hi,

Regarding port 13, I have to check it with the client and come back!

I have other information which I gathered today. I run show interfaces brief and got this information:

Status and Counters - Port Status

 | Intrusion MDI Flow
Port Type | Alert Enabled Status Mode Mode Ctrl
------- --------- + --------- ------- ------ ---------- ----- -----
........
35 10/100TX | No Yes Up 100FDx MDI off

I have emitted som of the information because it is this port that is of concern on sw01. So this switch is connected on port 35 with another switch (unmanaged, 8 ports switch) on port 8. Does this means that MDI (straight through cable) is used correctly? Should there be a cross-over cable (on the logs I do see a lot of CRC erroring).

Then on sw02 I got these information:


| Intrusion MDI Flow
Port Type | Alert Enabled Status Mode Mode Ctrl
..............
13 10/100TX | No Yes Down 100FDx MDIX off

On this switch on port 13 there is a computer connected to it! MDIX is for cross-over cable, and I mean there is straight-forward which it should be used! Do I have right assumption here! I know auto-negotiate should kick over here but it seems that there is a fishy thing going on!

Cheers and thank you mate for your time and help!

 

parnassus
Honored Contributor

Re: HP J4899B - DHCP problem

With regard to MDI mode the show interfaces brief command you used shows the MDI mode each port is currently using.

Try to (a) check the quality of cabling (straight is OK for both edge devices and also for uplinks since the usage of Auto-MDI mode) and try (b) on both switches to change the MDI mode setting for investigated ports to Auto (auto-mdix)...with the command interface X mdix-mode auto-mdix where X is the interface number (which should already be the default -> check with show interfaces config if it is before doing the change)...consider that in the case of ports configured for auto-mdix, the MDI mode appears as either MDI or MDIX, depending upon which option the considered port has negotiated with the device on the other end of the link.

With regard to SW01 port 35 and the Unmanaged Switch I suspect there is something related to untagged VLAN transported on that downlink (SW01 Port 35 is, correctly, only an untagged member of VLAN 20 which is not the Default VLAN 1...the Unmanaged Switch doesn't "understand" VLANs...I like this point of view "...simply put the unmanaged switch would not be able to know what VLANs it would or would not send over the link that might or might not be a trunk (this is CISCO terminology...in HP jargon such trunk is a port that has at least one tagged VLAN). Neither will it has knowledge of what VLAN is the native VLAN (the only one on the trunk that is not tagged <- so the untagged). So what would happen if one put it in on a trunk port? well in my mind either the native vlan would work and the switch would throw away all the others, or the unmanaged switch will drop all. but we do not know which since there are many different unmanaged switches and at least some of them would behave differently." so...even if you are passing VLAN 20 untagged to the Unmanaged Switch...this can't be sufficient to let it to work correctly...solution: use a Managed Switch (as all others are).