Solved

DHCP request on Procurve 5412zl through VLAN

Posted on 2011-03-13
12
2,632 Views
Last Modified: 2012-05-11
We have a HP Procurve 5412zl as our core switch.

core ip: 192.168.10.79
gateway 192.168.10.1 (firewall)
IP routing enabled
DHCP relay enabled

we have 2x DHCP servers on the default vlan which has the VLAN scopes setup.
DHCP 192.168.10.3, 192.168.10.4

VLAN2 - 192.168.20.0/23
gateway 192.168.20.1

VLAN3 - 192.168.30.0/23
gateway 192.168.30.1

on the core we have setup a port (F1) and set the port as untagged on VLAN2, no on default vlan.

the core has vlan2 setup with ip helper as 192.168.10.3 and 192.168.10.4

now, on that port F1, we have a switch attached with IP 192.168.10.28, Gateway of 192.168.10.79

i have a PC trying to get a DHCP address, which isnt working, it errors out.

if i setup the PC to have a manual IP address
192.168.20.50
gateway 192.168.20.1

then i can ping the gateway and the core switch IP.

cannot ping anything else... which i am thinking is what i should find.

so, our routing is done in the core, DHCP is a 2003 server.

firewall is 192.168.10.1
DHCP's 192.168.10.3, 192.168.10.4
CORE 192.168.10.79
VLAN2 192.168.20.0/23
VLAN3 192.168.30.0/23

CORE SHOW CONFIG:

; J8698A Configuration Editor; Created on release #K.13.63

hostname "ProCurve Switch 5412zl"
snmp-server contact ""
module 1 type J8702A
module 2 type J8705A
module 3 type J8702A
module 4 type J8705A
module 5 type J8702A
module 6 type J8705A
module 7 type J8702A
module 8 type J8705A
module 9 type J8702A
module 10 type J8705A
exit 1 type J8702A
module 12 type J8702A
interface F20
speed-duplex auto-1000
exit
interface A12
no power-over-ethernet
exit
interface A19
speed-duplex auto-1000
exit
interface B7
speed-duplex auto-1000
exit
interface I18
no power-over-ethernet
exit
ip default-gateway 192.168.10.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A13-A24,B1-B24,C1-C24,D1-D24,E1-E24,F2-F24,G1-G24,H1-H24,I1-I24,J1-J
24,K1-K24,L1-L24
ip address 192.168.10.79 255.255.254.0
no tagged F1
vlan 2
name "Vlan2_infra_scope_a"
untagged F1
ip helper-address 192.168.10.3
ip helper-address 192.168.10.4
ip address 192.168.20.1 255.255.254.0
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
no dhcp-relay hop-count-increment
ip route 0.0.0.0 0.0.0.0 192.168.10.1
0
Comment
Question by:jcmurphy777
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 35127517
>i have a PC trying to get a DHCP address, which isnt working, it errors out.

Where's the PC. On which switch? Which port?

Do you have routing enabled on the switch(es)?
0
 
LVL 6

Accepted Solution

by:
RKinsp earned 167 total points
ID: 35128567
What is the gateway on your DHCP? Can your DHCP server ping interface vlan 2 on your 5400 (192.168.20.1) ?

Since you have routing enable on the 5400 (ip routing) and both VLANs are directly connected, the problem might be that the DHCP Server and your Firewall do not know how to get to VLAN 2. Make sure they can both ping 192.168.20.1. If not, add the appropriate route to the Firewall.

Good luck

-RK
0
 

Expert Comment

by:drnfx
ID: 35128829
What is your config for the other switch? Also, is the PC connected to that second switch?

RKinsp is right, it is key to make sure you can ping throughout your network before tackling the DHCP issue.
0
 

Author Comment

by:jcmurphy777
ID: 35134145
will try and answer everyone's questions,

the end scenario is that from the core, there are outlying switches in the school blocks, and the PC's connected to them.

as such, i am testing it this way.

Core port F1 connects to the outlying switch, and PC attached to the outlying switch.
Routing is enabled on the core.
Core does all switching, we dont want the firewall involved at all.

the outlying switch has IP of 10.28, gateway of 10.79

we set the DHCP to have a gateway of 10.79 and then we could ping the DHCP using a static IP etc, however no IP automatically assigned.

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 35134249
So just to make sure I've got this right.

PC connected to the outlying switch if it has a statically assigned IP address/mask/default-gateway, it works fine. And it can ping the DHCP servers?

But if you set the PC to get it's address from a DHCP server it won't get an address?

If that's the case, then I would look at the configuration of the DHCP server.
0
 

Author Comment

by:jcmurphy777
ID: 35134436
we know that we need to change the gateway of the DHCP to 10.79, as we cannot ping the DHCP in its current state.

we tested one DHCP by changing its gateway to 10.79 last night, and could ping the DHCP, but still no DHCP IP assigned.


we will be testing the system again this afternoon after school, so will be changing the DHCP's gateway again to 10.79 from 10.1 (its current setting), so we want to get some things ready to try.

a quick question re tagging, on the core for port F1, on the default VLAN, i need to set the tagging to no, and on the VLAN2 to untagged?

we are currently planning, (until told otherwise,) to put the IP helpers back into the VLAN2 config
we took them out after reading in one setup that we didnt need them, because our routing is done in the core, not the firewall...
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Assisted Solution

by:drnfx
drnfx earned 166 total points
ID: 35134539
Okay, I think you need to tag F1 on the core switch and the subsequently port on the connecting switch. Then whatever port the PC is connected to untag that port

HTH
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 167 total points
ID: 35134540
If the DHCP server isn't configured correctly or the scope isn't correctly defined, then that needs to be corrected first.

If all the devices connected to the outlying switch are VLAN2 devices then you don't need to tag the traffic to that switch.

IP helper addresses are needed if the DHCP server is on a different network than the clients.
0
 

Expert Comment

by:drnfx
ID: 35134553
I had a similiar issue on my HP2910 I had to update the firmware because the returning DHCP packets were not properly being forwarded back to the client.

You can test this by running wireshark on the DHCP server and filter by the vlan ip address (this should be the same ip address that you configure as the router ip in your scope options)

HTH
0
 

Author Comment

by:jcmurphy777
ID: 35152851
we did some tests, and have things working,

we have scheduled the changeover for tonight.

basically, we had most of the setup fine, we just needed the DHCP's and all servers to have a gateway of 10.79, that way the switch knew where they were on the vlan (or something like that)
once the gateways were changed, i could ping the DHCP from the other vlan, and get a DHCP IP address.

we had to add IP helper address's to the vlans as well.
thanks everyone for your input, come tomorrow i will post again with any fun things.
0
 

Author Comment

by:jcmurphy777
ID: 35186018
all working,

just ironing out some issues with our Altiris DS over the VLAN, but will open another ticket for that.

thanks everyone for your help.
0
 

Author Closing Comment

by:jcmurphy777
ID: 35186045
was a great joint effort, thanks everyone.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Interface Vlan and No Switchport 7 57
Network Config 9 71
Network Switches Keep Failing 8 69
fibre channel switch - sfp needed? 2 15
Ever wondered why you had to use DHCP options (dhcp opt 60, 66 or 67) in order to use PXE? Well, you don't!
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now