drnfx
asked on
Creating DHCP Scopes for multiple VLANs on a HP 2910al
Hello All,
To be Short, my company has expanded and thus ran out of IP addresses for the current DHCP Scope. I have created a VLAN on the 2910 with a new IP address, I am trying to configure the windows 2003 DHCP server to dish out IPs in the new scope for the VLAN.
This is my current configuration:
DHCP Server: 192.168.123.6
VLAN IP: 192.168.126.253
new DHCP Scope: 192.168.126.0-254
Below is the config for my HP 2910:
Running configuration:
; J9145A Configuration Editor; Created on release #W.14.38
module 1 type J9145A
ip default-gateway 192.168.123.254
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 1-2,4-11,13-24
ip address 192.168.123.253 255.255.255.0
no untagged 3,12
exit
vlan 6
name "VLAN6_West"
untagged 12
ip helper-address 192.168.123.6
ip address 192.168.126.253 255.255.255.0
exit
dhcp-relay option 82 append
dhcp-snooping
dhcp-snooping authorized-server 192.168.123.6
dhcp-snooping vlan 1-100
NOTE: I have excluded some data, if you require more please let me know
Please let me know what I am missing in order to have the new DHCP scope kick IPs out on port 12.
Thank you in Advance.
To be Short, my company has expanded and thus ran out of IP addresses for the current DHCP Scope. I have created a VLAN on the 2910 with a new IP address, I am trying to configure the windows 2003 DHCP server to dish out IPs in the new scope for the VLAN.
This is my current configuration:
DHCP Server: 192.168.123.6
VLAN IP: 192.168.126.253
new DHCP Scope: 192.168.126.0-254
Below is the config for my HP 2910:
Running configuration:
; J9145A Configuration Editor; Created on release #W.14.38
module 1 type J9145A
ip default-gateway 192.168.123.254
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged 1-2,4-11,13-24
ip address 192.168.123.253 255.255.255.0
no untagged 3,12
exit
vlan 6
name "VLAN6_West"
untagged 12
ip helper-address 192.168.123.6
ip address 192.168.126.253 255.255.255.0
exit
dhcp-relay option 82 append
dhcp-snooping
dhcp-snooping authorized-server 192.168.123.6
dhcp-snooping vlan 1-100
NOTE: I have excluded some data, if you require more please let me know
Please let me know what I am missing in order to have the new DHCP scope kick IPs out on port 12.
Thank you in Advance.
Your new vlan6 does not require any dhcp help addresses as the DHCP server is on the same broadcast domain as the DHCP clients. Is there something that is not working, or are you requesting confirmation prior to deployment?
using subnet mask 255.255.255.0 for 192.168.123.254 and same for 192.168.123.6 makes them in different subnets. - for this to work you have to enable some kind of routing protocol (RIP)
Where is your sh ip int?
Jan MA CCNA
Where is your sh ip int?
Jan MA CCNA
seccond addres should be 192.168.126.0-254
ASKER
What is not working is I am not getting IPs from the DHCP of scope 192.168.126.0
the two vlans are on seperate subnets thus different broadcast domains ergo i need the ip-helper.
From my PC (.123.xxx) I am able to ping .126.253. I have an open route and ip routing enabled on the switch.
the two vlans are on seperate subnets thus different broadcast domains ergo i need the ip-helper.
From my PC (.123.xxx) I am able to ping .126.253. I have an open route and ip routing enabled on the switch.
did you crate new DHCP Scope under sites and services?
ASKER
Yes I did, under scope options i have the following:
Router - 192.168.126.253 (VLAN 6 IP)
DNS - internal DNS serve
WINS - internal DNS server
Router - 192.168.126.253 (VLAN 6 IP)
DNS - internal DNS serve
WINS - internal DNS server
ASKER
Will this work for HP ProCurve 2910?
ios is similar- give it a go
ASKER
Unfortunately, the commands do not transfer. :(
>the two vlans are on seperate subnets thus different broadcast domains ergo i need the ip-helper.
K, just wanted to make sure this was the case; you have dhcp-relay option 82 append with ip routing enabled, so your config is pretty much complete. Maybe a wireshark capture at the server to see what is happening.
K, just wanted to make sure this was the case; you have dhcp-relay option 82 append with ip routing enabled, so your config is pretty much complete. Maybe a wireshark capture at the server to see what is happening.
Also, one thing to rememebr, If the DHCP server is not configured to handle the packets with option 82, it ceases to allocate the address to that request.
ASKER
what should I set the Remore ID on the dhcp-relay option 82 ? right now it is set to mac, should I change that?
ASKER
I am running Windows Server 2003, how do I configure that to handle option 82
dunno, not a windows guys, but I am sure the links would help; did you review the links?
ASKER
I did, that didn't make a difference. I have pin pointed the problem I think to a routing problem:
I placed my laptop directly connected to port 12 and assigned it a static 192.168.126.2 IP
I am able to ping 192.168.126.253 but I am unable to ping anything on the 123.x network
from my desktop (123.x) I am able to ping 192.168.126.253 but not 126.2
From the switch I am able to ping everything (thank fully)
So far this is where my troubleshooting has left me.
I placed my laptop directly connected to port 12 and assigned it a static 192.168.126.2 IP
I am able to ping 192.168.126.253 but I am unable to ping anything on the 123.x network
from my desktop (123.x) I am able to ping 192.168.126.253 but not 126.2
From the switch I am able to ping everything (thank fully)
So far this is where my troubleshooting has left me.
IP helper address is a one line config and it seems right.
Can you post your whole config file? When you set the laptop with a static IP do you put the gateway as the local IP VLAN (126.254)?
Also, try the tracert command from your desktop and see where the packet goes.
Your routing table (show ip route) should display both the 192.168.126.0 and 192.168.123.0 networks.
-RK
Can you post your whole config file? When you set the laptop with a static IP do you put the gateway as the local IP VLAN (126.254)?
Also, try the tracert command from your desktop and see where the packet goes.
Your routing table (show ip route) should display both the 192.168.126.0 and 192.168.123.0 networks.
-RK
sorry, the gateway should read 126.253.
ASKER
If i do a tracert from my desktop it only shows the one hop to .126.253.
The static gateway is set as 192.168.126.253 as it should be.
when i get in tomorrow I will check the routing table on the switch... if i recall it wasnt in there,
I am new to HP switches, how do I add a route... i have an idea but what should be the route...
if i do a :
Switch(config)# ip route etc? or do i have to add a network 192.168.126.0 somewhere??
The static gateway is set as 192.168.126.253 as it should be.
when i get in tomorrow I will check the routing table on the switch... if i recall it wasnt in there,
I am new to HP switches, how do I add a route... i have an idea but what should be the route...
if i do a :
Switch(config)# ip route etc? or do i have to add a network 192.168.126.0 somewhere??
ASKER
And to add; there are two routes shown below:
ip route 0.0.0.0 0.0.0.0 192.168.123.254
ip route 192.168.123.0 255.255.255.248
.248 is another switch on the network.
ip route 0.0.0.0 0.0.0.0 192.168.123.254
ip route 192.168.123.0 255.255.255.248
.248 is another switch on the network.
it should be "ip route Address/mask nexthop"
Here is an example straight from the manual:
Default Route:
ProCurve(config)# ip route 0.0.0.0/0 208.45.228.35
Static Route:
ProCurve(config)# ip route 207.95.7.0/24 207.95.6.157
are you sure about the 255.255.255.248 address you sent? Because 255.255.255.x is not a valid IP afaik.
Here is an example straight from the manual:
Default Route:
ProCurve(config)# ip route 0.0.0.0/0 208.45.228.35
Static Route:
ProCurve(config)# ip route 207.95.7.0/24 207.95.6.157
are you sure about the 255.255.255.248 address you sent? Because 255.255.255.x is not a valid IP afaik.
ASKER
Here is the bottom portion of the config.
dhcp-snooping
dhcp-snooping authorized-server 192.168.123.6
dhcp-snooping vlan 1-100
timesync sntp
ip route 0.0.0.0 0.0.0.0 192.168.123.254
ip route 192.168.123.0 255.255.255.0 192.168.123.246
interface 3
dhcp-snooping trust
exit
interface 12
dhcp-snooping trust
exit
dhcp-snooping
dhcp-snooping authorized-server 192.168.123.6
dhcp-snooping vlan 1-100
timesync sntp
ip route 0.0.0.0 0.0.0.0 192.168.123.254
ip route 192.168.123.0 255.255.255.0 192.168.123.246
interface 3
dhcp-snooping trust
exit
interface 12
dhcp-snooping trust
exit
you should remove the "ip route 192.168.123.0 255.255.255.0 192.168.123.246" line.
Since 192.168.123.0 is directly connected through VLAN 1, that line is unnecessary and probably does not go into your routing table.
Since 192.168.123.0 is directly connected through VLAN 1, that line is unnecessary and probably does not go into your routing table.
ASKER
Man, I am blowing up this post... but I think i realized whats the problem...
The DHCP server is not on the same switch, its connected in the other IDF.
I am unable to ping 192.168.126.253 from that switch. I am unfamiliar with HP switches and all I have done is enabled ip routing.
How do I add a network to the route table?
i know i need to add somthing like: network 192.168.126.0
The DHCP server is not on the same switch, its connected in the other IDF.
I am unable to ping 192.168.126.253 from that switch. I am unfamiliar with HP switches and all I have done is enabled ip routing.
How do I add a network to the route table?
i know i need to add somthing like: network 192.168.126.0
ASKER
West Switch:
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 192.168.123.254 1 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.123.0/24 DEFAULT_VLAN 1 connected 1 0
192.168.126.0/24 TEST 3 connected 1 0
East Switch:
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
192.168.123.0/24 DEFAULT_VLAN 1 connected 0 0
on the east switch do i add:
ip route 192.168.126.0 255.255.255.0 192.168.126.253 ?
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 192.168.123.254 1 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.123.0/24 DEFAULT_VLAN 1 connected 1 0
192.168.126.0/24 TEST 3 connected 1 0
East Switch:
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
192.168.123.0/24 DEFAULT_VLAN 1 connected 0 0
on the east switch do i add:
ip route 192.168.126.0 255.255.255.0 192.168.126.253 ?
Since 192.168.126.0 is a VLAN on that switch, you don't need to add a the network, you just need to add the VLAN to the correct port, in your case VLAN 6:
vlan 6
untagged port X, Y
where X and Y are ports that need to talk to that IP range.
vlan 6
untagged port X, Y
where X and Y are ports that need to talk to that IP range.
On the east switch add the following route:
ip route 192.168.126.0/24 192.168.123.254
ip route 192.168.126.0/24 192.168.123.254
ASKER
So i have to create the vlan on the East Switch?
I think i just confused everyone.
I think i just confused everyone.
(since VLAN 6 is not on the east switch, you have to point it to VLAN 3 on the West switch, because West knows where VLAN 3 and VLAN 6 are....)
Hehe, I am a little confused, but to avoid adding the VLAN on East, just put up the route i mentioned and it should work.
ASKER
I modified the command for:
ip route 192.168.126.0/24 192.168.123.253 and I was able to ping 192.168.126.253 from the East Switch.
I am going to see if I can pull a DHCP from the new scope now.
ip route 192.168.126.0/24 192.168.123.253 and I was able to ping 192.168.126.253 from the East Switch.
I am going to see if I can pull a DHCP from the new scope now.
ASKER
I am able to ping 192.168.126.2 when it is statically assigned everywhere on the network... However i cannot obtain a DHCP from the server..
My laptop is running ubuntu and when i use the sudo dhcpclient command this is what i see :
DHCPDISCOVER sent on eth0 to 255.255.255.255
packet_send: Network is down
My laptop is running ubuntu and when i use the sudo dhcpclient command this is what i see :
DHCPDISCOVER sent on eth0 to 255.255.255.255
packet_send: Network is down
try disabling dhcp snooping and option 82 append. If it works, we can figure out what is wrong with those commands.
ASKER
I have DHCP-relay option 82 disabled currently.
West_GB_2910# sh dhcp-relay
DHCP Relay Agent : Enabled
Option 82 : Disabled
Response validation : Disabled
Option 82 handle policy : append
Remote ID : mac
Client Requests Server Responses
Valid Dropped Valid Dropped
---------- ---------- ---------- ----------
46267 0 0 0
gonna disable snooping and see
West_GB_2910# sh dhcp-relay
DHCP Relay Agent : Enabled
Option 82 : Disabled
Response validation : Disabled
Option 82 handle policy : append
Remote ID : mac
Client Requests Server Responses
Valid Dropped Valid Dropped
---------- ---------- ---------- ----------
46267 0 0 0
gonna disable snooping and see
The switch did not receive a single response from the server. Can you send screenshots of you Windows DHCP configuration?
ASKER
I have attached the scope options i have in place for the 192.168.126.0 scope.
dhcp.jpg
dhcp.jpg
Can you send the address pool as well? and at the top (blacked out), is the server active/authorized (green)?
And check the windows 2003 event viewer, see if it is getting the requests
To open Event Viewer, click Start, click Control Panel, double-click Administrative Tools, and then double-click Event Viewer.
http://technet.microsoft.com/en-us/library/cc737766(WS.10).aspx
To open Event Viewer, click Start, click Control Panel, double-click Administrative Tools, and then double-click Event Viewer.
http://technet.microsoft.com/en-us/library/cc737766(WS.10).aspx
ASKER
Yeah, I blacked it out because the active scope was on there of 192.168.123.0 and if I plug the laptop in a vlan 1 port i am able to pull an 123.x IP from the DHCP server.
It should work with both scopes. Windows sees from the IP it is receiving and uses the same for the specific scope. Event log might show if it received the requests and what it did to them....
ASKER
Do I need to enable option 82 for this to work? or standard dhcp-relay should be enough?
standard dhcp is enough, option 82 is for further auditing. If the command "dhcp-relay option 82 append" is still in there, please remove it for now
ASKER
I have wireshark running on the DHCP server and I am filtering my Laptop's Mac address.
I also have wireshark running on my laptop. It send out the DHCPdiscover packet but thats it nothing else, and the server is not receiving anything from the laptop.
our gateway .254 is an astaro firewall... could that be preventing something?
I also have wireshark running on my laptop. It send out the DHCPdiscover packet but thats it nothing else, and the server is not receiving anything from the laptop.
our gateway .254 is an astaro firewall... could that be preventing something?
Is the firewall between East and West? Also, don't filter with the MAC address, capture anything coming from the server IP. The relay will be sent from the Switch MAC if im not mistaken.
ASKER
can i filter with the ip of the vlan? 192.168.126.253 ?
ASKER
Okay I have included a .pcap from the DHCP server, i filtered by the IP address of the VLAN
ASKER
okay it didnt post.
But the server is sending out an DHCP offer, but it is not being received by the laptop.
But the server is sending out an DHCP offer, but it is not being received by the laptop.
I think you forgot the file :-p
ASKER
I changed the extension to .h change it back to .pcap to view.
DHCP.h
DHCP.h
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay, I am going to update the firmware tonight and post as soon as it is finished.
I want to thank you in advance if this works :)
I want to thank you in advance if this works :)
ASKER
It works!! I also disabled dhcp-snooping... I realized that the DHCP server was receiving acks but nothing else, and as soon as i disabled dhcp-snooping everything worked.
THank you for your assistance roger_karam.
THank you for your assistance roger_karam.
No problem! Thanks for the points!
You could also enable DHCP snooping, just make sure to follow the manual:
enable dhcp snooping:
dhcp-snooping
dhcp-snooping authorized-server 192.168.123.6
dhcp-snooping vlan 1-100
dhcp-snooping trust X (where X is the port list where the DHCP server is coming in from)
no dhcp-snooping verify mac
and you can check if it is dropping packets by:
show dhcp-snooping stats
http://cdn.procurve.com/training/Manuals/2910-ASG-Feb09-W_14_03.pdf
best of luck!
-RK
You could also enable DHCP snooping, just make sure to follow the manual:
enable dhcp snooping:
dhcp-snooping
dhcp-snooping authorized-server 192.168.123.6
dhcp-snooping vlan 1-100
dhcp-snooping trust X (where X is the port list where the DHCP server is coming in from)
no dhcp-snooping verify mac
and you can check if it is dropping packets by:
show dhcp-snooping stats
http://cdn.procurve.com/training/Manuals/2910-ASG-Feb09-W_14_03.pdf
best of luck!
-RK
ASKER
Ahh! I had everything configured except for no dhcp-snooping verify mac