- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: DHCP Snooping per VLAN
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-09-2007 07:21 AM
тАО01-09-2007 07:21 AM
DHCP Snooping per VLAN
1) Background:
VLAN 1 = 192.168.x.y/16, switches IP=192.168.20.y/16 (5412) and 192.168.20.z/16 (5406). Firmware = 11.63
VLAN 2 = 10.100.x.y/22, VLAN if = 10.100.1.10/22
DHCP server on VLAN1 that serves PC's, all OK
Mitel VOIP switch on VLAN2 (that hosts all the VOIP phones), and that has DHCP enabled. IP=10.100.1.1, DHP range =10.100.1.150-250
IProuting is enabled on switches.
2) Problem:
Sometimes PC's are getting VOIP addresses assigned.... I have tested this by switching off DHCP on the windows DHCP server and renewing DHCP address from workstation.
I was under the impression DHCP broadcast would stay in the VLAN and not cross??
3) What I have done so far:
* Enabled DHCP snooping global and for VLAN 1-2
* I know snooping is working because:
-> Did not work until I specified the relevant trusted if
-> Did not work until I added the authorized DHCP servers.
* I *have* to add the Mitel as an authorized server otherwise the phones do not get their IP range. In this regard, it seems you cannot specify a DHCP host *per VLAN*, only globally? The same goes for the trusted interface?
* I double checked, the ports on VLAN1 has "NO" for VLAN2.
Am I missing something obvious? I can see 2 options here:
1) Solve this riddle...so DHCP broadcasts will not travel across VLANS
2) Chuck DHCP on the Mitel, and assign that scope to the windows DHCP server. If this is the case I need:
a. The correct Options for the scope (This also assumes that I can do all through the Windows box and no need for DHCP on Mitel...)
b. That DHCP on Windows will in fact assign addresses in the correct scope to the VOIP phones.
Any help or suggestions will be *greatly* appreciated!
Eugene
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-09-2007 12:12 PM
тАО01-09-2007 12:12 PM
Re: DHCP Snooping per VLAN
It seems like there is some path on the network where VLAN1 and 2 have joined.
What I would look for in VLAN1 is the mac-address of the Mitel DHCP server.
'show mac-address vlan 1'
If you can find the mac-address of the Mitel DHCP server, then you know that it's definitely in the wrong VLAN. From there, keep tracking down the port from switch to switch until you find where it's being leaked from.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-09-2007 03:01 PM
тАО01-09-2007 03:01 PM
Re: DHCP Snooping per VLAN
Blond moment here...I actually *do* have IP-helper set up, forgot to mention it. So on each switch I have set up:
VLAN1 IP-Helper = Windows DHCP server
VLAN2 IP-Helper = Mitel Switch
1) I thought I was doing the right thing, since an interface connected to a port assigned *only* (Untagged) to VLAN1 would then instead of broadcasting, just send the unicast ticket directly on to the DHCP server, and the same for VLAN2's IP Helper. Should I not be doing this?
2) I will go check on where the "leak" is, will sniff as well. If the issue then is because of the helper address, I suppose I can remove the helper address for VLAN2 altogether?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-09-2007 03:22 PM
тАО01-09-2007 03:22 PM
Re: DHCP Snooping per VLAN
Try without the helper-addresses first, if the problem still occurs, try and find that Mitel mac-address and if all else fails get the sniffer out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-09-2007 08:13 PM
тАО01-09-2007 08:13 PM
Re: DHCP Snooping per VLAN
* Took away the IP helper addresses altogether.
* Tested that DHCP for phones & PC's are working, all seems OK.
* Now: when I shut down DHCP on VLAN1 (Windows), and then from a PC request an address, I get a VOIP IP from the DHCP server on VLAN 2.
* I then did a sh mac VLAN1 and it showed the MAC address of the Mitel switch...
I cannot set the VLAN1 Mitel port to "No", as I need to set VLAN2 to "Tagged".
I'm lost here, any ideas??? Please see config of the swith attached. (Note, for this test I am not even using another switch).