DHCP request on Procurve 5412zl through VLAN

Posted on 2011-03-13
Last Modified: 2012-05-11
We have a HP Procurve 5412zl as our core switch.

core ip:
gateway (firewall)
IP routing enabled
DHCP relay enabled

we have 2x DHCP servers on the default vlan which has the VLAN scopes setup.



on the core we have setup a port (F1) and set the port as untagged on VLAN2, no on default vlan.

the core has vlan2 setup with ip helper as and

now, on that port F1, we have a switch attached with IP, Gateway of

i have a PC trying to get a DHCP address, which isnt working, it errors out.

if i setup the PC to have a manual IP address

then i can ping the gateway and the core switch IP.

cannot ping anything else... which i am thinking is what i should find.

so, our routing is done in the core, DHCP is a 2003 server.

firewall is


; J8698A Configuration Editor; Created on release #K.13.63

hostname "ProCurve Switch 5412zl"
snmp-server contact ""
module 1 type J8702A
module 2 type J8705A
module 3 type J8702A
module 4 type J8705A
module 5 type J8702A
module 6 type J8705A
module 7 type J8702A
module 8 type J8705A
module 9 type J8702A
module 10 type J8705A
exit 1 type J8702A
module 12 type J8702A
interface F20
speed-duplex auto-1000
interface A12
no power-over-ethernet
interface A19
speed-duplex auto-1000
interface B7
speed-duplex auto-1000
interface I18
no power-over-ethernet
ip default-gateway
ip routing
snmp-server community "public" Unrestricted
vlan 1
untagged A13-A24,B1-B24,C1-C24,D1-D24,E1-E24,F2-F24,G1-G24,H1-H24,I1-I24,J1-J
ip address
no tagged F1
vlan 2
name "Vlan2_infra_scope_a"
untagged F1
ip helper-address
ip helper-address
ip address
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
no dhcp-relay hop-count-increment
ip route
Question by:jcmurphy777
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1
LVL 50

Expert Comment

by:Don Johnston
ID: 35127517
>i have a PC trying to get a DHCP address, which isnt working, it errors out.

Where's the PC. On which switch? Which port?

Do you have routing enabled on the switch(es)?

Accepted Solution

RKinsp earned 167 total points
ID: 35128567
What is the gateway on your DHCP? Can your DHCP server ping interface vlan 2 on your 5400 ( ?

Since you have routing enable on the 5400 (ip routing) and both VLANs are directly connected, the problem might be that the DHCP Server and your Firewall do not know how to get to VLAN 2. Make sure they can both ping If not, add the appropriate route to the Firewall.

Good luck


Expert Comment

ID: 35128829
What is your config for the other switch? Also, is the PC connected to that second switch?

RKinsp is right, it is key to make sure you can ping throughout your network before tackling the DHCP issue.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 35134145
will try and answer everyone's questions,

the end scenario is that from the core, there are outlying switches in the school blocks, and the PC's connected to them.

as such, i am testing it this way.

Core port F1 connects to the outlying switch, and PC attached to the outlying switch.
Routing is enabled on the core.
Core does all switching, we dont want the firewall involved at all.

the outlying switch has IP of 10.28, gateway of 10.79

we set the DHCP to have a gateway of 10.79 and then we could ping the DHCP using a static IP etc, however no IP automatically assigned.

LVL 50

Expert Comment

by:Don Johnston
ID: 35134249
So just to make sure I've got this right.

PC connected to the outlying switch if it has a statically assigned IP address/mask/default-gateway, it works fine. And it can ping the DHCP servers?

But if you set the PC to get it's address from a DHCP server it won't get an address?

If that's the case, then I would look at the configuration of the DHCP server.

Author Comment

ID: 35134436
we know that we need to change the gateway of the DHCP to 10.79, as we cannot ping the DHCP in its current state.

we tested one DHCP by changing its gateway to 10.79 last night, and could ping the DHCP, but still no DHCP IP assigned.

we will be testing the system again this afternoon after school, so will be changing the DHCP's gateway again to 10.79 from 10.1 (its current setting), so we want to get some things ready to try.

a quick question re tagging, on the core for port F1, on the default VLAN, i need to set the tagging to no, and on the VLAN2 to untagged?

we are currently planning, (until told otherwise,) to put the IP helpers back into the VLAN2 config
we took them out after reading in one setup that we didnt need them, because our routing is done in the core, not the firewall...

Assisted Solution

drnfx earned 166 total points
ID: 35134539
Okay, I think you need to tag F1 on the core switch and the subsequently port on the connecting switch. Then whatever port the PC is connected to untag that port

LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 167 total points
ID: 35134540
If the DHCP server isn't configured correctly or the scope isn't correctly defined, then that needs to be corrected first.

If all the devices connected to the outlying switch are VLAN2 devices then you don't need to tag the traffic to that switch.

IP helper addresses are needed if the DHCP server is on a different network than the clients.

Expert Comment

ID: 35134553
I had a similiar issue on my HP2910 I had to update the firmware because the returning DHCP packets were not properly being forwarded back to the client.

You can test this by running wireshark on the DHCP server and filter by the vlan ip address (this should be the same ip address that you configure as the router ip in your scope options)


Author Comment

ID: 35152851
we did some tests, and have things working,

we have scheduled the changeover for tonight.

basically, we had most of the setup fine, we just needed the DHCP's and all servers to have a gateway of 10.79, that way the switch knew where they were on the vlan (or something like that)
once the gateways were changed, i could ping the DHCP from the other vlan, and get a DHCP IP address.

we had to add IP helper address's to the vlans as well.
thanks everyone for your input, come tomorrow i will post again with any fun things.

Author Comment

ID: 35186018
all working,

just ironing out some issues with our Altiris DS over the VLAN, but will open another ticket for that.

thanks everyone for your help.

Author Closing Comment

ID: 35186045
was a great joint effort, thanks everyone.

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Questions about DHCP migration 5 118
Automated backups of ASA's and Nexus (5k and 7K) 24 179
Unidentified Network 12 81
Voice QoS 3Com 5500G 5 59
Ever wondered why you had to use DHCP options (dhcp opt 60, 66 or 67) in order to use PXE? Well, you don't!
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question