DHCP request on Procurve 5412zl through VLAN

We have a HP Procurve 5412zl as our core switch.

core ip:
gateway (firewall)
IP routing enabled
DHCP relay enabled

we have 2x DHCP servers on the default vlan which has the VLAN scopes setup.



on the core we have setup a port (F1) and set the port as untagged on VLAN2, no on default vlan.

the core has vlan2 setup with ip helper as and

now, on that port F1, we have a switch attached with IP, Gateway of

i have a PC trying to get a DHCP address, which isnt working, it errors out.

if i setup the PC to have a manual IP address

then i can ping the gateway and the core switch IP.

cannot ping anything else... which i am thinking is what i should find.

so, our routing is done in the core, DHCP is a 2003 server.

firewall is


; J8698A Configuration Editor; Created on release #K.13.63

hostname "ProCurve Switch 5412zl"
snmp-server contact ""
module 1 type J8702A
module 2 type J8705A
module 3 type J8702A
module 4 type J8705A
module 5 type J8702A
module 6 type J8705A
module 7 type J8702A
module 8 type J8705A
module 9 type J8702A
module 10 type J8705A
exit 1 type J8702A
module 12 type J8702A
interface F20
speed-duplex auto-1000
interface A12
no power-over-ethernet
interface A19
speed-duplex auto-1000
interface B7
speed-duplex auto-1000
interface I18
no power-over-ethernet
ip default-gateway
ip routing
snmp-server community "public" Unrestricted
vlan 1
untagged A13-A24,B1-B24,C1-C24,D1-D24,E1-E24,F2-F24,G1-G24,H1-H24,I1-I24,J1-J
ip address
no tagged F1
vlan 2
name "Vlan2_infra_scope_a"
untagged F1
ip helper-address
ip helper-address
ip address
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
no dhcp-relay hop-count-increment
ip route
Who is Participating?
What is the gateway on your DHCP? Can your DHCP server ping interface vlan 2 on your 5400 ( ?

Since you have routing enable on the 5400 (ip routing) and both VLANs are directly connected, the problem might be that the DHCP Server and your Firewall do not know how to get to VLAN 2. Make sure they can both ping If not, add the appropriate route to the Firewall.

Good luck

Don JohnstonInstructorCommented:
>i have a PC trying to get a DHCP address, which isnt working, it errors out.

Where's the PC. On which switch? Which port?

Do you have routing enabled on the switch(es)?
What is your config for the other switch? Also, is the PC connected to that second switch?

RKinsp is right, it is key to make sure you can ping throughout your network before tackling the DHCP issue.
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

jcmurphy777Author Commented:
will try and answer everyone's questions,

the end scenario is that from the core, there are outlying switches in the school blocks, and the PC's connected to them.

as such, i am testing it this way.

Core port F1 connects to the outlying switch, and PC attached to the outlying switch.
Routing is enabled on the core.
Core does all switching, we dont want the firewall involved at all.

the outlying switch has IP of 10.28, gateway of 10.79

we set the DHCP to have a gateway of 10.79 and then we could ping the DHCP using a static IP etc, however no IP automatically assigned.

Don JohnstonInstructorCommented:
So just to make sure I've got this right.

PC connected to the outlying switch if it has a statically assigned IP address/mask/default-gateway, it works fine. And it can ping the DHCP servers?

But if you set the PC to get it's address from a DHCP server it won't get an address?

If that's the case, then I would look at the configuration of the DHCP server.
jcmurphy777Author Commented:
we know that we need to change the gateway of the DHCP to 10.79, as we cannot ping the DHCP in its current state.

we tested one DHCP by changing its gateway to 10.79 last night, and could ping the DHCP, but still no DHCP IP assigned.

we will be testing the system again this afternoon after school, so will be changing the DHCP's gateway again to 10.79 from 10.1 (its current setting), so we want to get some things ready to try.

a quick question re tagging, on the core for port F1, on the default VLAN, i need to set the tagging to no, and on the VLAN2 to untagged?

we are currently planning, (until told otherwise,) to put the IP helpers back into the VLAN2 config
we took them out after reading in one setup that we didnt need them, because our routing is done in the core, not the firewall...
Okay, I think you need to tag F1 on the core switch and the subsequently port on the connecting switch. Then whatever port the PC is connected to untag that port

Don JohnstonInstructorCommented:
If the DHCP server isn't configured correctly or the scope isn't correctly defined, then that needs to be corrected first.

If all the devices connected to the outlying switch are VLAN2 devices then you don't need to tag the traffic to that switch.

IP helper addresses are needed if the DHCP server is on a different network than the clients.
I had a similiar issue on my HP2910 I had to update the firmware because the returning DHCP packets were not properly being forwarded back to the client.

You can test this by running wireshark on the DHCP server and filter by the vlan ip address (this should be the same ip address that you configure as the router ip in your scope options)

jcmurphy777Author Commented:
we did some tests, and have things working,

we have scheduled the changeover for tonight.

basically, we had most of the setup fine, we just needed the DHCP's and all servers to have a gateway of 10.79, that way the switch knew where they were on the vlan (or something like that)
once the gateways were changed, i could ping the DHCP from the other vlan, and get a DHCP IP address.

we had to add IP helper address's to the vlans as well.
thanks everyone for your input, come tomorrow i will post again with any fun things.
jcmurphy777Author Commented:
all working,

just ironing out some issues with our Altiris DS over the VLAN, but will open another ticket for that.

thanks everyone for your help.
jcmurphy777Author Commented:
was a great joint effort, thanks everyone.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.