Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

3500yl VLANs (lack of) DHCP function

pilcheck
Occasional Visitor

3500yl VLANs (lack of) DHCP function

Hello ITRC!

I'm sure this is a well beaten and dead horse by now, but I'm at a loss as to why the dhcp isn't being relayed across VLANs.

The config is as follows:
; J8693A Configuration Editor; Created on release #K.14.47

hostname "IT-2"
module 1 type J86yyA
module 2 type J86xxA
ip default-gateway 10.0.10.11
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 1-19,25-48
ip address 10.0.10.2 255.255.255.0
no untagged 20-24
exit
vlan 2
name "tvlan"
untagged 20-24
ip helper-address 10.0.10.20
ip address 10.0.11.1 255.255.255.0
exit
dhcp-relay option 82 append
no dhcp-relay hop-count-increment
dhcp-snooping
dhcp-snooping authorized-server 10.0.10.20
dhcp-snooping vlan 1-2
interface 10
dhcp-snooping trust
exit
no autorun
password manager
password operator

I've been through a number of alterations with no luck. I read somewhere within the ITRC that a reboot of the switch helped, but not for me.

Our network is currently flat, and for obvious reasons, that should change.

I have a proper scope setup on the DHCP server:

subnet 10.0.11.0 netmask 255.255.255.0
{
range 10.0.11.2 10.0.11.40;
option subnet-mask 255.255.255.0;
# option routers 10.0.11.1;
# option broadcast-address 10.0.11.255;
option domain-name-servers 10.0.10.33;
}

Also, here's an excerpt form the the DHCP server log:
Mar 9 15:06:51 the-Q dhcpd: DHCPDISCOVER from 00:04:23:00:00:00 (testpod2) via 10.0.11.1
Mar 9 15:06:51 the-Q dhcpd: DHCPOFFER on 10.0.11.40 to 00:04:23:00:00:00 (testpod2) via 10.0.11.1

...and repeat. It's as though the the packets are being dropped without crossing backover into VLAN 2 (tvlan)

The routes appear correct in the 3500's routing table.

Yes, the dhcp server is on port 10.
The DHCP servers NIC is 802.1q enabled.
dhcp-relay shows client requests at 361 and server responses at 349.

Any direction would be much appreciated, I've been racking my brain for a number days now.

Thanks! -Pilcheck
7 REPLIES
Jeff Carrell
Honored Contributor

Re: 3500yl VLANs (lack of) DHCP function

Does DHCP relaying work if you disable DHCP Snooping?
pilcheck
Occasional Visitor

Re: 3500yl VLANs (lack of) DHCP function

Hey Jeff, unfortunately that did not help the issue.

On the routing side, I COULD add a route on our router, or even on our dhcp server, but from what I know that shouldn't be necessary, since everything is handled in the 3500.
Jeff Carrell
Honored Contributor

Re: 3500yl VLANs (lack of) DHCP function

You say that your DHCP server NIC is 802.1Q enabled, that would mean port 10 on the switch would need to be "tagged" in vlan 1 as well, otherwise the server is speaking frames that the switch port can't understand.

Per your config above, port 10 is untagged in vlan 1.

Try: switch(config)# vlan 1 tag 10

All that said, Im not sure how your DHCP server is getting the requests and acting on them if its NIC is set to 802.1Q (tagged)...hmmm...

Final thought, if you static assign a pc a 10.0.11.x address, can the DHCP ping it?

hth...Jeff
pilcheck
Occasional Visitor

Re: 3500yl VLANs (lack of) DHCP function

The Server is a Dell 2850. The specs say its 802.1q capable.
Although, I did not look into the BIOS.
I'm just short of 1yr uptime with that server and don't want to ruin that if I dont have to!

I lose connectivity to port 10 when tagged under vlan 1. I can however mark port 10 as tagged in vlan2 without interruption; But that doesn't solve the issue either.

Jeff Carrell
Honored Contributor

Re: 3500yl VLANs (lack of) DHCP function

Pilcheck said:
The Server is a Dell 2850. The specs say its 802.1q capable.
Although, I did not look into the BIOS.
I'm just short of 1yr uptime with that server and don't want to ruin that if I dont have to!

I lose connectivity to port 10 when tagged under vlan 1. I can however mark port 10 as tagged in vlan2 without interruption; But that doesn't solve the issue either.
---

ah, so the server is not really configured for 802.1Q, that's good to know.

No need to change it at all.

Did you try a ping from the DHCP server to a device on the other vlan to ensure routing is properly working from the server?

pilcheck
Occasional Visitor

Re: 3500yl VLANs (lack of) DHCP function

Aha! Thanks for the lightbulb Jeff.

I was definitely over thinking the problem.

I needed to add a a static route to the DHCP server.
DHCPPACK was successful after the addition.

I can now ping from the DHCP server successfully to the vlan and ips within it.

However I can not ping from any other machine on the .10.0 to the .11.0 net.
I'll have to configure that route on our internal router soon.
(routes added manually are a-ok)

I also can not ping from .11.0 to anywhere. I assume this is becasue the gateway is misconfigured or the route isnt specified somewhere.

Just to confirm, the .11.0 subnet's option-router should be set
to 10.0.11.1 (the vlan ip/next hop), correct?
Becasue as of now, the 11.0 net can not reach the .10.0 net nor the internet.

Does the 3500 automatically know the hop from .11.1 to .10.2?

The battles half-done!
Jeff Carrell
Honored Contributor

Re: 3500yl VLANs (lack of) DHCP function

glad to hear you are making progress :-)

Pilcheck said:
However I can not ping from any other machine on the .10.0 to the .11.0 net.
I'll have to configure that route on our internal router soon.
(routes added manually are a-ok)

I also can not ping from .11.0 to anywhere. I assume this is becasue the gateway is misconfigured or the route isnt specified somewhere.

Just to confirm, the .11.0 subnet's option-router should be set
to 10.0.11.1 (the vlan ip/next hop), correct?
Becasue as of now, the 11.0 net can not reach the .10.0 net nor the internet.

Does the 3500 automatically know the hop from .11.1 to .10.2?
-----

It sounds as if your .10.0 devices use a default g/w not being this 3500 at .10.2, so they are maybe using the "internal router" being .10.1 ?? If so, then that's why the pings don't get returned, because as you say that internal router doesn't know how to get to the .11.0 network.

So a couple of options:
1) for devices connected thru the 3500 on the .10.0 net, let their def g/w be the .10.2 addr

-or-

2) must put a static route on the internal router pointing access to the .11.0 net being the .10.2 interface

regardless, for the .11.0's to get "out", you will need a static route on the 3500 for all traffic not destined to it to goto the internal router: 'ip route 0.0.0.0/0 10.0.10.1 (if that is the internal router's ip)


since you have local routing enabled on the 3500, access between the .10.0 and .11.0 will work -if- the devices on the .10.0 know how to get to the .11.0 (which is what you are resolving above).

---

You could also perhaps make life a bit easier if you enabled a routing protocol such as RIP or OSPF between the 3500 and the internal router.

That way, as you add subnets to either router, the 2 routers share their knowledge, and traffic flow between, thru and beyond is much simpler, as its "automatic".

hth...Jeff