Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN's and IP Helper

Jonathan de Beere
Occasional Contributor

VLAN's and IP Helper

Hi Everyone,

I am trying to get the IP helper-address command working.

My equipment is 1 x 4204vl and 1 x 2610-24. I've included the configs of both below.

I have 2 VLAN’s, VLAN 1 = Default_VLAN and VLAN 2 = VOIP
VLAN 1 = 192.192.10.x
VLAN 2 = 192.192.14.x

The device that performs L3 routing is a Sonicwall 3060 firewall. I am happy that my VLAN’s are working. I am able to configure a device with a static IP of 192.192.14.x on VLAN 2 and communicate with the switches, the firewall and other devices on the 192.192.14.x and 192.192.10.x subnets.

I want my DHCP server to assign IP addresses to both VLAN’s and therefore I have configured 2 x DHCP scopes on the server:
DHCP server = 192.192.10.7 (plugged into A15 on the 4204 and tagged on VLAN 2)

Scope 1 Name = Default_VLAN
Range 192.192.10.50 to 192.192.10.100
Default Gateway 192.192.10.11 (Sonicwall)

Scope 2 Name = VOIP
Range 192.192.14.50 to 192.192.14.100
Default Gateway 192.192.14.1 (The IP address of the 4204 on VLAN 2) – Is this correct?

I have enabled the IP Helper-Address on VLAN 2. The DHCP server does not give out any addresses to devices on VLAN 2. Can anyone tell me why it isn't working? I've spent so long looking at the configuration that I'm sure the answer is staring me in the face.


; J8770A Configuration Editor; Created on release #L.11.20

hostname "ProCurve Switch 4204vl"
module 1 type J8768A
module 2 type J9033A
interface A12
lacp Passive
exit
interface A13
lacp Passive
exit
interface A14
lacp Passive
exit
interface A15
lacp Passive
exit
interface A16
lacp Passive
exit
interface A17
lacp Passive
exit
interface A18
lacp Passive
exit
trunk A1 Trk1 Trunk
ip default-gateway 192.192.14.11
sntp server 192.192.10.7
ip routing
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
snmp-server host 192.192.10.70 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A2-A20,B1-B24,Trk1
ip address 192.192.10.253 255.255.255.0
no untagged A21-A24
ip igmp
exit
vlan 2
name "VOIP"
untagged A23-A24
ip address 192.192.14.1 255.255.255.0
qos priority 6
ip helper-address 192.192.10.7
tagged A12,A15,A21-A22,Trk1
voice
exit
ip route 0.0.0.0 0.0.0.0 192.192.14.11
no stack
spanning-tree
spanning-tree Trk1 priority 4

; J9085A
Configuration Editor; Created on release #R.11.30

hostname "ProCurve Switch 2610-24"
trunk 26 Trk1 Trunk
ip default-gateway 192.192.14.11
sntp server 192.192.10.7
ip routing
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
snmp-server host 192.192.10.70 "public"
vlan 1
name "DEFAULT_VLAN"
untagged 7-25,27-28,Trk1
ip address 192.192.10.252 255.255.255.0
no untagged 1-6
exit
vlan 2
name "VOIP"
untagged 1-2
ip address 192.192.14.2 255.255.255.0
qos priority 6
tagged 3-6,Trk1
voice
exit
spanning-tree Trk1 priority 4


Many Thanks

Jonathan
5 REPLIES
Natasha Samoylenko
Trusted Contributor

Re: VLAN's and IP Helper

Hi, Jonathan

If L3 routing performs a Sonicwall, then why you enable ip routing on both switches?

Did you configure a tagged link (or trunk) between switch and Sonicwall?
Sonicwall has ip addresses in both VLANs?

Then you test network with a static IP addresses that default gateway you use on host?
That default gateway you use for DHCP server?

I think that the DHCP server does not give out any addresses to devices on VLAN 2 because of routing misconfiguration.

And, also, DHCP server don't need to be tagged in VLAN 2 to assign addresses to hosts in that VLAN.
I attach topology like I understand it from your configs.

I think you have some unnecessary commands on switches. But to say that for sure I need some clarification about your exact topology
Natasha Samoylenko
Trusted Contributor

Re: VLAN's and IP Helper

sorry, wrong topology :)
Natasha Samoylenko
Trusted Contributor

Re: VLAN's and IP Helper

If SonicWall perform L3 routing, then DHCP scope must be:
Scope 1 Name = Default_VLAN
Range 192.192.10.50 to 192.192.10.100
Default Gateway 192.192.10.11 (Sonicwall)

Scope 2 Name = VOIP
Range 192.192.14.50 to 192.192.14.100
Default Gateway 192.192.14.11 (Sonicwall)
Natasha Samoylenko
Trusted Contributor

Re: VLAN's and IP Helper

Different way to do the same thing (topology)

You can route between VLANs on switch, for example, on 4204. And assign Sonicwall as a default gateway to let switches know how to go to other networks.

On sonicwall you will need to add route to 192.192.14.0/24 subnet if L3 routing will perform 4204 switch ("ip route 192.192.14.0/24 192.192.10.253" or somethig like this)

If 4204 perform L3 routing, then DHCP scope must be:
Scope 1 Name = Default_VLAN
Range 192.192.10.50 to 192.192.10.100
Default Gateway 192.192.10.253 (4204)

Scope 2 Name = VOIP
Range 192.192.14.50 to 192.192.14.100
Default Gateway 192.192.14.1 (4204)

I delete some command (sntp, snmp...) for simplification

======
hostname "ProCurve Switch 4204vl"
trunk A1 Trk1 Trunk
#delete ip default-gateway command
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A2-A20,B1-B24,Trk1
ip address 192.192.10.253 255.255.255.0
no untagged A21-A24
ip igmp
exit
vlan 2
name "VOIP"
untagged A23-A24
ip address 192.192.14.1 255.255.255.0
qos priority 6
ip helper-address 192.192.10.7
#delete a12 (sonicwall) and a15 (DHCP) from vlan2
tagged A12,A21-A22,Trk1
voice
exit
#change DG
ip route 0.0.0.0 0.0.0.0 192.192.10.11
=========
hostname "ProCurve Switch 2610-24"
trunk 26 Trk1 Trunk
ip default-gateway 192.192.10.11
vlan 1
name "DEFAULT_VLAN"
untagged 7-25,27-28,Trk1
ip address 192.192.10.252 255.255.255.0
no untagged 1-6
exit
vlan 2
name "VOIP"
untagged 1-2
qos priority 6
tagged 3-6,Trk1
voice
exit

Re: VLAN's and IP Helper

Hello Jonatan,

Turn off Routing on the smaler Switch.
If possible, connect the Sonicwall with a small transfer Network to the routing switch and make the routingswitch to your only gateway for the Subnets.
Set dhcp helper address on the routing switch.

More than one Gateway in Client Networks con cause Problems that are haevy to understand. Specially when one off the Gateways is a Firewall.
The Firewall should be the last hop in you network. It must not be the default Gateway if there is a second Gateway in the same Network.

If you don't configure the second Switch as Gateway on any Clients, there ist absolutly no reason to turn on ip-routing.

If you want - whyever - the Firewall as default Gateway for any hosts, turn off ip-routing on BOTH switches. Otherwise you will cause stateless connections.