Solved

DHCP request on Procurve 5412zl through VLAN

Posted on 2011-03-13
12
2,624 Views
Last Modified: 2012-05-11
We have a HP Procurve 5412zl as our core switch.

core ip: 192.168.10.79
gateway 192.168.10.1 (firewall)
IP routing enabled
DHCP relay enabled

we have 2x DHCP servers on the default vlan which has the VLAN scopes setup.
DHCP 192.168.10.3, 192.168.10.4

VLAN2 - 192.168.20.0/23
gateway 192.168.20.1

VLAN3 - 192.168.30.0/23
gateway 192.168.30.1

on the core we have setup a port (F1) and set the port as untagged on VLAN2, no on default vlan.

the core has vlan2 setup with ip helper as 192.168.10.3 and 192.168.10.4

now, on that port F1, we have a switch attached with IP 192.168.10.28, Gateway of 192.168.10.79

i have a PC trying to get a DHCP address, which isnt working, it errors out.

if i setup the PC to have a manual IP address
192.168.20.50
gateway 192.168.20.1

then i can ping the gateway and the core switch IP.

cannot ping anything else... which i am thinking is what i should find.

so, our routing is done in the core, DHCP is a 2003 server.

firewall is 192.168.10.1
DHCP's 192.168.10.3, 192.168.10.4
CORE 192.168.10.79
VLAN2 192.168.20.0/23
VLAN3 192.168.30.0/23

CORE SHOW CONFIG:

; J8698A Configuration Editor; Created on release #K.13.63

hostname "ProCurve Switch 5412zl"
snmp-server contact ""
module 1 type J8702A
module 2 type J8705A
module 3 type J8702A
module 4 type J8705A
module 5 type J8702A
module 6 type J8705A
module 7 type J8702A
module 8 type J8705A
module 9 type J8702A
module 10 type J8705A
exit 1 type J8702A
module 12 type J8702A
interface F20
speed-duplex auto-1000
exit
interface A12
no power-over-ethernet
exit
interface A19
speed-duplex auto-1000
exit
interface B7
speed-duplex auto-1000
exit
interface I18
no power-over-ethernet
exit
ip default-gateway 192.168.10.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A13-A24,B1-B24,C1-C24,D1-D24,E1-E24,F2-F24,G1-G24,H1-H24,I1-I24,J1-J
24,K1-K24,L1-L24
ip address 192.168.10.79 255.255.254.0
no tagged F1
vlan 2
name "Vlan2_infra_scope_a"
untagged F1
ip helper-address 192.168.10.3
ip helper-address 192.168.10.4
ip address 192.168.20.1 255.255.254.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
no dhcp-relay hop-count-increment
ip route 0.0.0.0 0.0.0.0 192.168.10.1
0
Comment
Question by:jcmurphy777
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 35127517
>i have a PC trying to get a DHCP address, which isnt working, it errors out.

Where's the PC. On which switch? Which port?

Do you have routing enabled on the switch(es)?
0
 
LVL 6

Accepted Solution

by:
RKinsp earned 167 total points
ID: 35128567
What is the gateway on your DHCP? Can your DHCP server ping interface vlan 2 on your 5400 (192.168.20.1) ?

Since you have routing enable on the 5400 (ip routing) and both VLANs are directly connected, the problem might be that the DHCP Server and your Firewall do not know how to get to VLAN 2. Make sure they can both ping 192.168.20.1. If not, add the appropriate route to the Firewall.

Good luck

-RK
0
 

Expert Comment

by:drnfx
ID: 35128829
What is your config for the other switch? Also, is the PC connected to that second switch?

RKinsp is right, it is key to make sure you can ping throughout your network before tackling the DHCP issue.
0
 

Author Comment

by:jcmurphy777
ID: 35134145
will try and answer everyone's questions,

the end scenario is that from the core, there are outlying switches in the school blocks, and the PC's connected to them.

as such, i am testing it this way.

Core port F1 connects to the outlying switch, and PC attached to the outlying switch.
Routing is enabled on the core.
Core does all switching, we dont want the firewall involved at all.

the outlying switch has IP of 10.28, gateway of 10.79

we set the DHCP to have a gateway of 10.79 and then we could ping the DHCP using a static IP etc, however no IP automatically assigned.

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 35134249
So just to make sure I've got this right.

PC connected to the outlying switch if it has a statically assigned IP address/mask/default-gateway, it works fine. And it can ping the DHCP servers?

But if you set the PC to get it's address from a DHCP server it won't get an address?

If that's the case, then I would look at the configuration of the DHCP server.
0
 

Author Comment

by:jcmurphy777
ID: 35134436
we know that we need to change the gateway of the DHCP to 10.79, as we cannot ping the DHCP in its current state.

we tested one DHCP by changing its gateway to 10.79 last night, and could ping the DHCP, but still no DHCP IP assigned.


we will be testing the system again this afternoon after school, so will be changing the DHCP's gateway again to 10.79 from 10.1 (its current setting), so we want to get some things ready to try.

a quick question re tagging, on the core for port F1, on the default VLAN, i need to set the tagging to no, and on the VLAN2 to untagged?

we are currently planning, (until told otherwise,) to put the IP helpers back into the VLAN2 config
we took them out after reading in one setup that we didnt need them, because our routing is done in the core, not the firewall...
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Assisted Solution

by:drnfx
drnfx earned 166 total points
ID: 35134539
Okay, I think you need to tag F1 on the core switch and the subsequently port on the connecting switch. Then whatever port the PC is connected to untag that port

HTH
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 167 total points
ID: 35134540
If the DHCP server isn't configured correctly or the scope isn't correctly defined, then that needs to be corrected first.

If all the devices connected to the outlying switch are VLAN2 devices then you don't need to tag the traffic to that switch.

IP helper addresses are needed if the DHCP server is on a different network than the clients.
0
 

Expert Comment

by:drnfx
ID: 35134553
I had a similiar issue on my HP2910 I had to update the firmware because the returning DHCP packets were not properly being forwarded back to the client.

You can test this by running wireshark on the DHCP server and filter by the vlan ip address (this should be the same ip address that you configure as the router ip in your scope options)

HTH
0
 

Author Comment

by:jcmurphy777
ID: 35152851
we did some tests, and have things working,

we have scheduled the changeover for tonight.

basically, we had most of the setup fine, we just needed the DHCP's and all servers to have a gateway of 10.79, that way the switch knew where they were on the vlan (or something like that)
once the gateways were changed, i could ping the DHCP from the other vlan, and get a DHCP IP address.

we had to add IP helper address's to the vlans as well.
thanks everyone for your input, come tomorrow i will post again with any fun things.
0
 

Author Comment

by:jcmurphy777
ID: 35186018
all working,

just ironing out some issues with our Altiris DS over the VLAN, but will open another ticket for that.

thanks everyone for your help.
0
 

Author Closing Comment

by:jcmurphy777
ID: 35186045
was a great joint effort, thanks everyone.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now