?
Solved

DHCP request on Procurve 5412zl through VLAN

Posted on 2011-03-13
12
Medium Priority
?
2,666 Views
Last Modified: 2012-05-11
We have a HP Procurve 5412zl as our core switch.

core ip: 192.168.10.79
gateway 192.168.10.1 (firewall)
IP routing enabled
DHCP relay enabled

we have 2x DHCP servers on the default vlan which has the VLAN scopes setup.
DHCP 192.168.10.3, 192.168.10.4

VLAN2 - 192.168.20.0/23
gateway 192.168.20.1

VLAN3 - 192.168.30.0/23
gateway 192.168.30.1

on the core we have setup a port (F1) and set the port as untagged on VLAN2, no on default vlan.

the core has vlan2 setup with ip helper as 192.168.10.3 and 192.168.10.4

now, on that port F1, we have a switch attached with IP 192.168.10.28, Gateway of 192.168.10.79

i have a PC trying to get a DHCP address, which isnt working, it errors out.

if i setup the PC to have a manual IP address
192.168.20.50
gateway 192.168.20.1

then i can ping the gateway and the core switch IP.

cannot ping anything else... which i am thinking is what i should find.

so, our routing is done in the core, DHCP is a 2003 server.

firewall is 192.168.10.1
DHCP's 192.168.10.3, 192.168.10.4
CORE 192.168.10.79
VLAN2 192.168.20.0/23
VLAN3 192.168.30.0/23

CORE SHOW CONFIG:

; J8698A Configuration Editor; Created on release #K.13.63

hostname "ProCurve Switch 5412zl"
snmp-server contact ""
module 1 type J8702A
module 2 type J8705A
module 3 type J8702A
module 4 type J8705A
module 5 type J8702A
module 6 type J8705A
module 7 type J8702A
module 8 type J8705A
module 9 type J8702A
module 10 type J8705A
exit 1 type J8702A
module 12 type J8702A
interface F20
speed-duplex auto-1000
exit
interface A12
no power-over-ethernet
exit
interface A19
speed-duplex auto-1000
exit
interface B7
speed-duplex auto-1000
exit
interface I18
no power-over-ethernet
exit
ip default-gateway 192.168.10.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A13-A24,B1-B24,C1-C24,D1-D24,E1-E24,F2-F24,G1-G24,H1-H24,I1-I24,J1-J
24,K1-K24,L1-L24
ip address 192.168.10.79 255.255.254.0
no tagged F1
vlan 2
name "Vlan2_infra_scope_a"
untagged F1
ip helper-address 192.168.10.3
ip helper-address 192.168.10.4
ip address 192.168.20.1 255.255.254.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
no dhcp-relay hop-count-increment
ip route 0.0.0.0 0.0.0.0 192.168.10.1
0
Comment
Question by:jcmurphy777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 35127517
>i have a PC trying to get a DHCP address, which isnt working, it errors out.

Where's the PC. On which switch? Which port?

Do you have routing enabled on the switch(es)?
0
 
LVL 6

Accepted Solution

by:
RKinsp earned 668 total points
ID: 35128567
What is the gateway on your DHCP? Can your DHCP server ping interface vlan 2 on your 5400 (192.168.20.1) ?

Since you have routing enable on the 5400 (ip routing) and both VLANs are directly connected, the problem might be that the DHCP Server and your Firewall do not know how to get to VLAN 2. Make sure they can both ping 192.168.20.1. If not, add the appropriate route to the Firewall.

Good luck

-RK
0
 

Expert Comment

by:drnfx
ID: 35128829
What is your config for the other switch? Also, is the PC connected to that second switch?

RKinsp is right, it is key to make sure you can ping throughout your network before tackling the DHCP issue.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:jcmurphy777
ID: 35134145
will try and answer everyone's questions,

the end scenario is that from the core, there are outlying switches in the school blocks, and the PC's connected to them.

as such, i am testing it this way.

Core port F1 connects to the outlying switch, and PC attached to the outlying switch.
Routing is enabled on the core.
Core does all switching, we dont want the firewall involved at all.

the outlying switch has IP of 10.28, gateway of 10.79

we set the DHCP to have a gateway of 10.79 and then we could ping the DHCP using a static IP etc, however no IP automatically assigned.

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 35134249
So just to make sure I've got this right.

PC connected to the outlying switch if it has a statically assigned IP address/mask/default-gateway, it works fine. And it can ping the DHCP servers?

But if you set the PC to get it's address from a DHCP server it won't get an address?

If that's the case, then I would look at the configuration of the DHCP server.
0
 

Author Comment

by:jcmurphy777
ID: 35134436
we know that we need to change the gateway of the DHCP to 10.79, as we cannot ping the DHCP in its current state.

we tested one DHCP by changing its gateway to 10.79 last night, and could ping the DHCP, but still no DHCP IP assigned.


we will be testing the system again this afternoon after school, so will be changing the DHCP's gateway again to 10.79 from 10.1 (its current setting), so we want to get some things ready to try.

a quick question re tagging, on the core for port F1, on the default VLAN, i need to set the tagging to no, and on the VLAN2 to untagged?

we are currently planning, (until told otherwise,) to put the IP helpers back into the VLAN2 config
we took them out after reading in one setup that we didnt need them, because our routing is done in the core, not the firewall...
0
 

Assisted Solution

by:drnfx
drnfx earned 664 total points
ID: 35134539
Okay, I think you need to tag F1 on the core switch and the subsequently port on the connecting switch. Then whatever port the PC is connected to untag that port

HTH
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 668 total points
ID: 35134540
If the DHCP server isn't configured correctly or the scope isn't correctly defined, then that needs to be corrected first.

If all the devices connected to the outlying switch are VLAN2 devices then you don't need to tag the traffic to that switch.

IP helper addresses are needed if the DHCP server is on a different network than the clients.
0
 

Expert Comment

by:drnfx
ID: 35134553
I had a similiar issue on my HP2910 I had to update the firmware because the returning DHCP packets were not properly being forwarded back to the client.

You can test this by running wireshark on the DHCP server and filter by the vlan ip address (this should be the same ip address that you configure as the router ip in your scope options)

HTH
0
 

Author Comment

by:jcmurphy777
ID: 35152851
we did some tests, and have things working,

we have scheduled the changeover for tonight.

basically, we had most of the setup fine, we just needed the DHCP's and all servers to have a gateway of 10.79, that way the switch knew where they were on the vlan (or something like that)
once the gateways were changed, i could ping the DHCP from the other vlan, and get a DHCP IP address.

we had to add IP helper address's to the vlans as well.
thanks everyone for your input, come tomorrow i will post again with any fun things.
0
 

Author Comment

by:jcmurphy777
ID: 35186018
all working,

just ironing out some issues with our Altiris DS over the VLAN, but will open another ticket for that.

thanks everyone for your help.
0
 

Author Closing Comment

by:jcmurphy777
ID: 35186045
was a great joint effort, thanks everyone.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question