Swift
asked on
Troubleshooting IP helper configuration on an L3 switch
So having struggled for a fortnight on an otherwise (persumably) simple problem, here I am, seeking experts advise!
In a nutshell..the network is simple. To explain in words might seem a bit lengthy.
Two VLANS on L2 Switch 1. We will call them VLAN 220 and VLAN 222.
VLAN10 serves IP subnet 10.20.220.0/23, giving an IP broadcast address of 10.20.221.255
DNS/DHCP/Default gateway to outside public network...all reside here.
DHCP address is 10.20.220.30 (it's a Netware Server) and DG is 10.20.220.50 which is the inside interface of a PIX doing a PAT on the outside. From within VLAN 220, everything is just perfect. Clients are getting leases and accessing internet.
I want to configure another VLAN222 which would limit broadcasts of IP subnet of 10.20.222.1/24
The clients here will recieve a subnet IP range of 10.20.222.50-255 from DHCP at 10.20.220.30/23.
I am using two interfaces on my Foundry's L3 switch 2, to serve as intervlan routing interfaces:
One cross cable from 'interface e1 (10.20.220.1/23)' of Switch 2 is connected to VLAN220 port of Switch1
One cross cable from 'interface e2 (10.20.222.1/24)' of switch 2 is connected to VLAN 222 of Switch 1.
The respective LED's are up on both the switches.
Ip Helper address is configured on 'Interface e2' of switch 2 pointing towards DHCP on VLAN220.
Problem:
Yes..Clients connected to VLAN 222 on Switch 1 are not getting an IP lease.
I manually assign an IP to a Client connected to a port on VLAN 222, in the range of 10.20.222.x with gateway set to 10.20.222.1, and I can ping 10.20.220.1 (interface e1) but cannot ping beyond to other hosts on my 10.20.220.x/23 network.
From within the console terminal of my L3 Switch 2, I can ping my DHCP server @ 10.20.220.30 and also the DG @ 10.20.30.50). I can also ping my client where I manually gave an IP address of the 10.20.222.x range.
Foundry's manual informs me that IP Routing is enabled by default on all it's Layer 3 switches. I have added 'ip forward-protocol udp echo', command in order to facilitate troubleshooting.
I also relate the details of Subnet configured to serve new VLAN222 on Netware DHCP server (just in case someone feels that here might lie the problem), though Netware configuration has no gotchas and is supposed to be straightforward.
A subnet by the name of vlan222 is configured and residing within an OU (abc.edu)
Address: 10.20.222.0
Mask: 255.255.255.0
Type: LAN
Start Address:10.20.222.10
End Address: 10.20.222.255
Range Type: Dynamic BOOTP and DHCP
Default gateway: 10.20.222.1
Below is the [sh run] and [sh ip route] on Switch 2.
--------------------------
abc-net2#sh run
Current configuration:
!
ver 07.1.26mT13
global-stp
global-protocol-vlan
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
hostname abc-net2
ip forward-protocol udp echo
ip route 10.20.220.0 255.255.254.0 ethernet 1
ip route 10.20.222.0 255.255.255.0 ethernet 2
ip route 0.0.0.0 0.0.0.0 10.20.220.50
snmp-server community ..... rw
router rip
!
interface e 1
ip address 10.20.220.1 255.255.254.0
!
interface e 2
ip address 10.20.222.1 255.255.255.0
ip helper-address 1 10.20.220.30
!
interface e 3
!
interface e 4
!
interface e 5
!
interface e 6
!
interface e 7
!
interface e 8
!
interface e 9
!
interface e 10
!
interface e 11
!
interface e 12
!
interface e 13
!
interface e 14
!
interface e 15
!
interface e 16
!
!
!
!
end
abc-net2#
euc-net2#sh ip route
Total number of IP routes: 2
Start index: 1 D:Connected R:RIP S:Static O:OSPF *:Candidate default
Destination NetMask Gateway Port Cost Type
1 10.20.220.0 255.255.254.0 0.0.0.0 1 1 D
2 10.20.222.0 255.255.255.0 0.0.0.0 2 1 D
3 0.0.0.0 0.0.0.0 10.20.220.50 1 1 D
abc-net2#
--------------------------
In a nutshell..the network is simple. To explain in words might seem a bit lengthy.
Two VLANS on L2 Switch 1. We will call them VLAN 220 and VLAN 222.
VLAN10 serves IP subnet 10.20.220.0/23, giving an IP broadcast address of 10.20.221.255
DNS/DHCP/Default gateway to outside public network...all reside here.
DHCP address is 10.20.220.30 (it's a Netware Server) and DG is 10.20.220.50 which is the inside interface of a PIX doing a PAT on the outside. From within VLAN 220, everything is just perfect. Clients are getting leases and accessing internet.
I want to configure another VLAN222 which would limit broadcasts of IP subnet of 10.20.222.1/24
The clients here will recieve a subnet IP range of 10.20.222.50-255 from DHCP at 10.20.220.30/23.
I am using two interfaces on my Foundry's L3 switch 2, to serve as intervlan routing interfaces:
One cross cable from 'interface e1 (10.20.220.1/23)' of Switch 2 is connected to VLAN220 port of Switch1
One cross cable from 'interface e2 (10.20.222.1/24)' of switch 2 is connected to VLAN 222 of Switch 1.
The respective LED's are up on both the switches.
Ip Helper address is configured on 'Interface e2' of switch 2 pointing towards DHCP on VLAN220.
Problem:
Yes..Clients connected to VLAN 222 on Switch 1 are not getting an IP lease.
I manually assign an IP to a Client connected to a port on VLAN 222, in the range of 10.20.222.x with gateway set to 10.20.222.1, and I can ping 10.20.220.1 (interface e1) but cannot ping beyond to other hosts on my 10.20.220.x/23 network.
From within the console terminal of my L3 Switch 2, I can ping my DHCP server @ 10.20.220.30 and also the DG @ 10.20.30.50). I can also ping my client where I manually gave an IP address of the 10.20.222.x range.
Foundry's manual informs me that IP Routing is enabled by default on all it's Layer 3 switches. I have added 'ip forward-protocol udp echo', command in order to facilitate troubleshooting.
I also relate the details of Subnet configured to serve new VLAN222 on Netware DHCP server (just in case someone feels that here might lie the problem), though Netware configuration has no gotchas and is supposed to be straightforward.
A subnet by the name of vlan222 is configured and residing within an OU (abc.edu)
Address: 10.20.222.0
Mask: 255.255.255.0
Type: LAN
Start Address:10.20.222.10
End Address: 10.20.222.255
Range Type: Dynamic BOOTP and DHCP
Default gateway: 10.20.222.1
Below is the [sh run] and [sh ip route] on Switch 2.
--------------------------
abc-net2#sh run
Current configuration:
!
ver 07.1.26mT13
global-stp
global-protocol-vlan
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
hostname abc-net2
ip forward-protocol udp echo
ip route 10.20.220.0 255.255.254.0 ethernet 1
ip route 10.20.222.0 255.255.255.0 ethernet 2
ip route 0.0.0.0 0.0.0.0 10.20.220.50
snmp-server community ..... rw
router rip
!
interface e 1
ip address 10.20.220.1 255.255.254.0
!
interface e 2
ip address 10.20.222.1 255.255.255.0
ip helper-address 1 10.20.220.30
!
interface e 3
!
interface e 4
!
interface e 5
!
interface e 6
!
interface e 7
!
interface e 8
!
interface e 9
!
interface e 10
!
interface e 11
!
interface e 12
!
interface e 13
!
interface e 14
!
interface e 15
!
interface e 16
!
!
!
!
end
abc-net2#
euc-net2#sh ip route
Total number of IP routes: 2
Start index: 1 D:Connected R:RIP S:Static O:OSPF *:Candidate default
Destination NetMask Gateway Port Cost Type
1 10.20.220.0 255.255.254.0 0.0.0.0 1 1 D
2 10.20.222.0 255.255.255.0 0.0.0.0 2 1 D
3 0.0.0.0 0.0.0.0 10.20.220.50 1 1 D
abc-net2#
--------------------------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No problem, thanks for the points.
Steve
Steve
ASKER
Also did the same on PIX and it all seems to work now.
Thanks
Points granted!