HPE Community
Switches, Hubs, and Modems
1753691 Members
6149 Online
108799 Solutions
New Discussion юеВ

Re: DHCP request problem with VLAN/ACL

 
SOLVED
Go to solution
ProTest
Advisor

тАО07-03-2006 09:47 PM

тАО07-03-2006 09:47 PM

DHCP request problem with VLAN/ACL

I have a 5406 which I want to use in combination with VLANs. Windows network.

Port 1 is connected to a Cisco router with address 4.4.0.1/19. This router is configured to relay the subnets to the switch. Tagged to VLAN8, untagged for VLAN0

Port 2 is connected to a DHCP server, 4.4.0.20 with several scopes. One of the is VLAN8, 4.4.8.1-100/24 GW 4.4.8.251

Port 3 is a XP client, untagged to VLAN8

The switch itself has the following settings
MSTP,
ip routing
VLAN 8
ip address 4.4.8.251/24
ip helper-address 4.4.0.40/24
ACL allow access to VLAN0 (default vlan)


If I configure the client with static IP, like 4.4.8.34/24 GW 4.4.8.251, then I have access to the switch, DHCP server and router (and WAN).
If I use DHCP I get a "DHCP server unreachable", why?
0 Kudos
23 REPLIES 23
Mohieddin Kharnoub
Honored Contributor

тАО07-03-2006 10:00 PM

тАО07-03-2006 10:00 PM

Solution

Re: DHCP request problem with VLAN/ACL

Hi

The "ip helper-address 4.4.0.40/24" under vlan8 should be "ip helper-address 4.4.0.20/24" which is the DHCP server.

Be sure that ACL allow clients to get the DHCP server.

Don't forget to assign point for any posts.

Good Luck !!!
Science for Everyone
ProTest
Advisor

тАО07-03-2006 10:49 PM

тАО07-03-2006 10:49 PM

Re: DHCP request problem with VLAN/ACL

ip helper-address has been corrected but no positive results.

I've added the reduced config file of the core switch. Ignore the trunks, the problem also shows on the main switch.

0 Kudos
Matt Hobbs
Honored Contributor

тАО07-03-2006 11:09 PM

тАО07-03-2006 11:09 PM

Re: DHCP request problem with VLAN/ACL

If you haven't tried this already, remove the ACL entries on the VLANs. When you get back to this, it's generally recommended to only assign ACL's 'in'.

In your post you mention the XP client is on Port 3 (A3?) untagged in VLAN8. The configuration shows A3 is untagged in VLAN1.
0 Kudos
ProTest
Advisor

тАО07-03-2006 11:18 PM

тАО07-03-2006 11:18 PM

Re: DHCP request problem with VLAN/ACL

The problems remain with and without ACLs in/out.

Some sources say that MSTP is not the best protocol to be used. RSTP should be used, cause this is quicker.
Is this right?
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО07-03-2006 11:27 PM

тАО07-03-2006 11:27 PM

Re: DHCP request problem with VLAN/ACL

I have a solution for you.

Change the Scope on the DHCP server for Vlan8 which is : 4.4.8.1-100/24 GW 4.4.8.251, change the Gateway to 4.4.0.1 (the cisco router), in this case you need to add a static route on Cisco router for Vlan8 to point to Vlan1 ip address: ip route 4.4.8.0 0.0.0.255 4.4.0.40

Your problem not in ACL, since assgining static addresses are ok.

Good Luck !!!
Science for Everyone
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО07-03-2006 11:30 PM

тАО07-03-2006 11:30 PM

Re: DHCP request problem with VLAN/ACL

By the way

In the configuration:
interface A1
name "CLIENT"
exit

Change A1 to A3.

:)
Science for Everyone
0 Kudos
Matt Hobbs
Honored Contributor

тАО07-03-2006 11:51 PM

тАО07-03-2006 11:51 PM

Re: DHCP request problem with VLAN/ACL

I'm not sure how the suggestion to change the scope on the DHCP server would help. Doesn't make sense to me.

What DHCP server are you using?
0 Kudos
ProTest
Advisor

тАО07-04-2006 12:04 AM

тАО07-04-2006 12:04 AM

Re: DHCP request problem with VLAN/ACL

W2K3 DHCP server

Changing the GW of the DHCP server scope won't work since the switch itself takes care of the routing between VLANs.
The cisco router relays all subnet traffic to subnet 0 (VLAN1)
0 Kudos
Matt Hobbs
Honored Contributor

тАО07-04-2006 12:30 AM

тАО07-04-2006 12:30 AM

Re: DHCP request problem with VLAN/ACL

Is A3 meant to be untagged in VLAN8? Currently it isn't.

To start with you should verify that you can assign DHCP addresses in the same VLAN as your DHCP server (VLAN1). If it is unable to this you know the problem is with the DHCP server configuration.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.