HPE Community
Switches, Hubs, and Modems
1752480 Members
5569 Online
108788 Solutions
New Discussion юеВ

Re: DHCP and vlan membership change

 
SOLVED
Go to solution
Tim Pieters
New Member

тАО06-06-2008 06:19 AM

тАО06-06-2008 06:19 AM

DHCP and vlan membership change

Hi folks,

The setup: hp Procurve 3400cl with ip routing enabled, 3 static vlans (ids 1, 11, 11), dhcp-relay agent enabled on the 3400cl (relaying to 10.0.1.10 on vlan 1), win 2003 dhcp configured (1 scope per vlan: 10.0.x.100-10.0.x.200 where x is the vlan id).

The question: dhcp-relaying seems to be working fine as long as the vlan membership does not change. However, when the vlan membership of a workstation changes (f.e. when a laptop is plugged into another switchport on a different vlan), i expect it to be assigned another ip address from the dhcp which unfortunately is not the case (even after a manual dhcprelease): the dhcp server keeps assigning the ip address the workstation had on the previous vlan...

Verified the content of the incoming packets on the dhcp server with wireshark, and it seems to be containing the correct ip of the source vlan (used for determining the right scope...

Anybody have a clue on a possible fix for this?

Thanx
Tim
0 Kudos
10 REPLIES 10
Mohieddin Kharnoub
Honored Contributor

тАО06-06-2008 10:40 PM

тАО06-06-2008 10:40 PM

Re: DHCP and vlan membership change

Hi

There was a bug fix for such a problem in earlier versions, so be sure to update your switch firmware to latest release:

http://www.hp.com/rnd/software/switches.htm#3400cl

If not, then attach the running config. on this pretty switch so all the people here can check it up.

Good Luck !!!
Science for Everyone
0 Kudos
Pieter 't Hart
Honored Contributor

тАО06-09-2008 12:11 AM

тАО06-09-2008 12:11 AM

Re: DHCP and vlan membership change

From your info it's not clear if/how the DHCPserver answers the request.

A DHCP server can only service requests for a scope that has a network ID that is the same as the network ID of its IP address.

Make sure that the DHCP server IP address falls in the same network range as the scope it is servicing. For example, a server with an IP address in the 192.168.0.0 network cannot assign addresses from scope 10.0.0.0 unless superscopes are used.

0 Kudos
Tim Pieters
New Member

тАО06-09-2008 01:47 AM

тАО06-09-2008 01:47 AM

Re: DHCP and vlan membership change

Mohieddin,

tried with the firmware upgrade, no obvious change in behaviour. Attached the config, feel free to have a look...

Some additional remarks: you will notice that the 3400cl has been assigned an ip address 130.30.2.21/24 on vlan 1. I know vlan 1 is using a public range, but this whole config is something i inherited and which i am now trying to get rid of... Anyway, to the switch that shouldn't matter and to the outside world these addresses are NAT-ed, so i don't see any problem there. 130.30.2.175 is the ip address of the dhcp server on vlan 1 and 130.30.2.121 is the default gateway (also on vlan 1).

Pieter,

no quite sure i'm following on this: "A DHCP server can only service requests for a scope that has a network ID that is the same as the network ID of its IP address"... Am I wrong thinking that forwarding dhcp messages to a server off-subnet is one of the keypoints of dhcp-relay?

Anyway, referring to the configuration of the dhcp: i have 1 superscope setup with 3 scopes handing out ip addresses in 10.0.11.0/24 (vlan 111), 10.0.13.0/24 (vlan 113) and 130.30.2.0/24 (vlan 1); dhcp server's ip is 130.30.2.175 and physically resides on vlan 1.

Thanks for your replies already!
0 Kudos
Tim Pieters
New Member

тАО06-09-2008 01:50 AM

тАО06-09-2008 01:50 AM

Re: DHCP and vlan membership change

Sorry folks! Forgot the attachment...
Here you go.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО06-09-2008 02:33 AM

тАО06-09-2008 02:33 AM

Re: DHCP and vlan membership change

The text comes literally from the MS-documentation about DHCP-troubleshooting.

From your switch config may i conclude you have the router (130.30.2.121) connected to port-3?
This router must send the answer of the dhcp server back to the correct subnet/vlan,

If the switch is not also functioning as a router the dhcpoffer is returned to the switch at 130.30.3.21 wich can only send it to the default gateway 130.30.2.121 where it disappears.

I would suggest configuring the ip-helper address at the router interface of these vlan's, not at the switch interface on a vlan.

0 Kudos
Tim Pieters
New Member

тАО06-09-2008 02:51 AM

тАО06-09-2008 02:51 AM

Re: DHCP and vlan membership change

Hi Pieter,

actually, the 3400cl switch is configured for ip routing (between directly-attached subnets) and the router at 130.30.2.121 is the gateway for internet access (basically anything that is not destined for a subnet directly connected to the 3400cl). I agree with you that if this were not the case, the dhcp offers would never reach the requesting dhcp client, but that is not the case...

Dhcp hosts receive the address of the 3400cl switch on their particular subnet as the default router address.

BTW, port 3 is a trunk port to another switch
but it is currently not physically connected yet (all testing i am doing is local to the 3400cl), the 130.30.2.121 is on a port untagged in vlan 1.

Thanx for your reply, very much appreciated...

Tim
0 Kudos
Pieter 't Hart
Honored Contributor

тАО06-09-2008 03:23 AM

тАО06-09-2008 03:23 AM

Solution

Re: DHCP and vlan membership change

maybe this is where it goes wrong :
"i have 1 superscope setup with 3 scopes handing out ip addresses in 10.0.11.0/24 (vlan 111), 10.0.13.0/24 (vlan 113) and 130.30.2.0/24 (vlan 1); dhcp server's ip is 130.30.2.175 and physically resides on vlan1."

This is for a network with one "physical" segment with multiple subnets (multinet).

As you separate the subnets by vlan's connected by a router, the scopes behind a router must NOT reside in the same superscope as the local network.

this is the dutch page with MS-info
http://technet2.microsoft.com/windowsserver/nl/library/3967ddab-0b28-4959-8b4d-3052c178731b1043.mspx?mfr=true
Pieter 't Hart
Honored Contributor

тАО06-09-2008 03:29 AM

тАО06-09-2008 03:29 AM

Re: DHCP and vlan membership change

in english
http://technet2.microsoft.com/windowsserver/en/library/3967ddab-0b28-4959-8b4d-3052c178731b1033.mspx?mfr=true
0 Kudos
Tim Pieters
New Member

тАО06-09-2008 04:25 AM

тАО06-09-2008 04:25 AM

Re: DHCP and vlan membership change

Hi Pieter,

that fixed it! I moved all of the scopes out of the superscope (dhcp server now does not have any superscopes configured) and now it works like a charm! A new address is assigned within 2 seconds if i physically change a workstation's vlan membership...

Thanks again for your help, you'll get the points...

Tim
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.