04-05-202011:51 PM - last edited on 04-12-202007:46 AM by Parvez_Admin
04-05-202011:51 PM - last edited on 04-12-202007:46 AM by Parvez_Admin
DHCP relay not working on HPE 5130 EI - Clients cannot receive IP from DHCP server
Hello,
We have a HPE 5130-24G-4SFP+ EI switch configured with three vLANs and vLAN interfaces respectively. All the devices can communicate with each other across the different vLANs.
Now, when I add another client, Client 2 in vLAN 20 port set and set the network adapter of client to obtain an IP address automatically, it fails to receive IP from the DHCP server. I have added "dhcp select relay" and "dhcp relay server-address <dhcp_ip>" settings in the vLAN 20 interface.
When I move the Client 2 to vLAN 30 set, it can obtain the IP address automatically, so I'm certain the DHCP server is handing out IPs successfully.
I'm not sure if I have missed any setting in the switch configuration that might be causing the dhcp relay agent not to forward DHCP IPs to Client 2. I have copied my switch configuration below to help in identifying the problem.
============================================================================== Line aux0 is available.
dis c<HPE> <HPE>dis c%Jan 1 04:09:25:985 2013 HPE SHELL/5/SHELL_LOGIN: TTY logged in from aux0. ur # version 7.1.045, Release 3111P02 # sysname HPE # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # udp-helper enable udp-helper port tftp # dhcp enable # lldp global enable # password-recovery enable # vlan 1 # vlan 20 name DATA # vlan 30 name DHCP # vlan 40 name TFTP # stp global enable # interface NULL0 # interface Vlan-interface20 ip address 10.25.6.254 255.255.255.0 ip forward-broadcast dhcp select relay dhcp relay server-address 10.24.60.36 udp-helper server 10.24.44.67 # interface Vlan-interface30 ip address 10.24.60.1 255.255.255.0 ip forward-broadcast # interface Vlan-interface40 ip address 10.24.44.1 255.255.255.0 ip forward-broadcast # interface GigabitEthernet1/0/1 port access vlan 20 # interface GigabitEthernet1/0/2 port access vlan 20 # interface GigabitEthernet1/0/3 port access vlan 20 # interface GigabitEthernet1/0/4 port access vlan 20 # interface GigabitEthernet1/0/5 port access vlan 20 # interface GigabitEthernet1/0/6 port access vlan 20 # interface GigabitEthernet1/0/7 port access vlan 20 # interface GigabitEthernet1/0/8 port access vlan 20 # interface GigabitEthernet1/0/9 port access vlan 20 # interface GigabitEthernet1/0/10 port access vlan 20 # interface GigabitEthernet1/0/11 # interface GigabitEthernet1/0/12 # interface GigabitEthernet1/0/13 # interface GigabitEthernet1/0/14 # interface GigabitEthernet1/0/15 # interface GigabitEthernet1/0/16 # interface GigabitEthernet1/0/17 # interface GigabitEthernet1/0/18 # interface GigabitEthernet1/0/19 # interface GigabitEthernet1/0/20 port access vlan 30 # interface GigabitEthernet1/0/21 port access vlan 30 # interface GigabitEthernet1/0/22 port access vlan 30 # interface GigabitEthernet1/0/23 port access vlan 40 # interface GigabitEthernet1/0/24 port access vlan 40 # interface Ten-GigabitEthernet1/0/25 # interface Ten-GigabitEthernet1/0/26 # interface Ten-GigabitEthernet1/0/27 # interface Ten-GigabitEthernet1/0/28 # scheduler logfile size 16 # line class aux user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 63 user-role network-operator # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$aXysCzj8Acuv2wXQ$PHb3DcvNirP08XWAI8uupf9kjI8y4MFl3RMle7chHUe+pu2simIZv9WPgGS5qlnH0P5bQKoWZCwksMs6qEuFRQ== service-type http https authorization-attribute user-role netwrok-admin authorization-attribute user-role network-operator # local-user user-role class manage # ip http enable ip https enable # return <HPE>
Re: DHCP relay not working on HPE 5130 EI - Clients cannot receive IP from DHCP server
Hello!
"When I move the Client 2 to vLAN 30 set, it can obtain the IP address automatically, so I'm certain the DHCP server is handing out IPs successfully." In fact this test only proves that the DHCP server in vlan 30 gives out IP addresses to the hosts in the same vlan. I would run a Wireshark on the DHCP server to see if it receives relayed requests from other vlans and if it replies at all. Chances are the server is not configured properly to handle requests from 10.25.6.0/24 subnet.
Re: DHCP relay not working on HPE 5130 EI - Clients cannot receive IP from DHCP server
Hi,
I ran wireshark on the DHCP server after connecting the client to a different vLAN port than the one the DCHP server is on. I found that there are multiple DHCP DISCOVER requests sent by the switch's vLAN interface 20, but no discover packets are sent by the client. This maybe the reason why the IP assignment fails. Please see wireshark's DHCP protocol specific screen capture below.
"Chances are the server is not configured properly to handle requests from 10.25.6.0/24 subnet." - I'm assuming I need to add scope options to handle client requests from different subnets, unless I'm wrong.
Re: DHCP relay not working on HPE 5130 EI - Clients cannot receive IP from DHCP server
Hello!
"I found that there are multiple DHCP DISCOVER requests sent by the switch's vLAN interface 20, but no discover packets are sent by the client." - that's exactly how a DHCP relay works, you cannot see any message from the client directly as those messages are L2 broadcasts and never cross Vlan boundary. That's the job of DHCP Relay - to get such broadcast message from local client, encapsulate it to its own DHCP message and send it as a unicast from the Vlan-interface where the client resides as a unicast packet to the DHCP server. By the way, if you expand the details of the relayed DHCP Discovers, you will see that original Discover sent by the client, it's encapsulated there.
In your case everything points to your DHCP server as the root cause. I cannot advise you how to configure your particular server, just to note that in addition to the 10.25.6.0/24 DHCP Pool in the server's settings, the server needs to have a route to the 10.25.6.0/24 network - as a static route or through a default gateway, but it must know how to reach 10.25.6.254 address. Also, do not forget to exclude all statically assigned IPs from that pool, as 10.25.6.254 etc., otherwise you may hit a duplicated IP address issue. It's very unlikely, as most of DHCP servers check for duplicated IPs by ARP before IP assignment, but still it's a good practice to exclude statically assigned IPs from DHCP pool.
Re: DHCP relay not working on HPE 5130 EI - Clients cannot receive IP from DHCP server
Hello,
Yes, I can see the client's MAC address encapsulated in the relay agent's DHCP Discover packets. The article you shared is detailed and helped me to get a better undestanding of how the DHCP relay agent works.
Adding a static route in the DHCP server in the 10.25.6.X subnet got things going. I believe the problem was because the DHCP server's IP gateway is set to a 10.24.60.X vLAN interface, the routing was directed to the DHCP server's vLAN interface instead.
Thanks a lot for your help! Appreciate it, cheers!
