W2K/DHCP/VLAN and NIC config question.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › W2K/DHCP/VLAN and NIC config question.

estebaan

15 posts

Geek

#127174 1-Aug-2013 15:08

Hi, hopefully someone will read this and go 'Ah ha, you are missing something obvious - do this..' and I'll be on my way. :)

I have an issue whereby a Win 2K server running DHCP which resides on a 192.168.10.x network will issue DHCP to any hosts on the same subnet, but not on any other routed VLAN subnets. Eg. 192.168.0.x or 192.168.20.x networks.

The L3 switch I have is set up for inter-VLAN routing with virtual interfaces set - and hosts can reach each other on any of the VLANs to any of the other VLANs currently. They all can access the firewall and and onwards to the net. Outside of the 192.168.10.x network the other hosts work when I set static IP details.

Interestingly, if I have a host on the same subnet as the DHCP server (eg with 192.168.10.10 address) it is pingable from any other VLAN (eg from a host at 192.168.20.10) BUT my W2K DHCP server (at 192.168.10.1 for example) is not able to be pinged from that 20.10 machine. The server can be pinged on the same subnet though.

This is in a home network lab that I've set up for testing / learning and the 'Server' is actually an old desktop with an old Realtek GB NIC installed and I'm wondering if the issues I'm having come down to the NIC somehow dropping the frames from other VLANs or something like that? I'm no expert so I am sure I am overlooking something really basic here.

By the way, the switch is set up to relay the DHCP using IP Helper addresses on each of the VE's, so I'm fairly certain that config is OK (famous last words). Also, I've tried doing the relay through the firewall (placing the server on a DMZ and setting rules between that and the internal lan) - all things point to being a communication problem from 1 VLAN to the specific server address when on another.

The only problem is, I don't currently have any other network cards to test in the machine - but if it would solve the issue (assuming that is the issue) then I will buy a new NIC. Can't stretch to a proper server just yet :)

Obviously looking for any hints or tips or things to try. Its not a production network obviously so I can break or reconfig anything to solve.

TIA.

Inphinity

2780 posts

Uber Geek

#870037 1-Aug-2013 15:13

If the DHCP servier is on a different VLAN it won't allocate IPs. Until a device within the VLAN has an IP and a valid local gateway to allow routing out to the other VLANs, it has no connectivity to them. Your best bet is to set up DHCP relay on the other VLAN(s) to forward DHCP requests to your DHCP server, with a different scope set up for each VLAN.

wasabi2k

2096 posts

Uber Geek

#870040 1-Aug-2013 15:15

DHCP Helpers (or ip helper, or dhcp relay) is usually configured on each VLAN that has devices you wish to receive leases on, and points to the IP of your DHCP server.

Your DHCP server must have individual scopes for each network, with the router/gateway set to the ip of the VLAN interface on your switch.

If that is done, it will work.

Edit: Sorry, just reread your post, what is your routing setup? Everything needs to point to a central point for it to work - sounds like that should be your switch. What is the default gateway on your server?

2nd Edit: Your server has no visibility of VLANs, it sees a single piece of Ethernet. Unless you are running higher end NICs that are VLAN aware (and configured appropriately) packets from other VLANs are just routed and look the same as other packets

3rd Edit: Not happy with the last two, what your network should look like e.g.

192.168.10.1 - Interface on your Layer 3 Switch
192.168.10.10 - Your Server

Your server should have 192.168.10.1 as the gateway
Your DHCP Scopes should include a scope for 192.168.20.0/24 with 192.168.20.1 as the Router/Gateway

192.168.20.1 - Interface on your Layer 3 Switch - IP Helper configured here pointing to 192.168.10.1
192.168.20.10 - Random Device

Device should have 192.168.20.1 as the gateway

estebaan

15 posts

Geek

#870041 1-Aug-2013 15:19

Thanks for the reply. I have set up the DHCP to be relayed between VLANs - each of the VLAN's have their own virtual interface address (eg for the 192.168.10.0 network, the VE address is 192.168.10.254 for example - with an IP Helper (relay) address on that VE for the DHCP server - eg 192.168.10.1). From what I understand so far, the relay will take the DHCP discovery from the subnet the device looking for DHCP is attached to, and forward it between VLAN to the subnet that the DHCP server resides on. I could be wrong through.

The curiosity comes in the fact that the only host on that subnet that cannot be 'pinged' from other VLANs is the DHCP server.

Maybe I've set the relay up incorrectly?

wasabi2k

2096 posts

Uber Geek

#870043 1-Aug-2013 15:21

What is the default gateway on your server.

estebaan

15 posts

Geek

#870045 1-Aug-2013 15:25

wasabi2k: What is the default gateway on your server.

On the server, the default gateway is the VE address - my static entry on the server NIC reads
IP - 192.168.10.1
Subnet 255.255.255.0
DG 192.168.10.254

Inphinity

2780 posts

Uber Geek

#870062 1-Aug-2013 15:28

Can the DHCP server ping devices on other VLANs? Are you doing any sort of VLAN tagging on the DHCP server NICs?

estebaan

15 posts

Geek

#870067 1-Aug-2013 15:32

3rd Edit: Not happy with the last two, what your network should look like e.g.

192.168.10.1 - Interface on your Layer 3 Switch
192.168.10.10 - Your Server

Your server should have 192.168.10.1 as the gateway
Your DHCP Scopes should include a scope for 192.168.20.0/24 with 192.168.20.1 as the Router/Gateway

192.168.20.1 - Interface on your Layer 3 Switch - IP Helper configured here pointing to 192.168.10.1
192.168.20.10 - Random Device

Device should have 192.168.20.1 as the gateway

Sorry - just noticed your edits - and appreciate your input.

I *think* I'm set up as you suggested here - each of the VLANs I set up have a virtual ethernet address (set as .254 on each range). Each of the hosts within that subnet (when set up statically) have the default gateway pointing to the .254 address which is the VE.

The scopes I have set up under DHCP are separate for each VLAN subnet and have the GW pointing to the VE on each subnet (eg scope 192.168.20.0/24 gateway address is 192.168.20.254) and the routing table on the switch is set so that inter VLAN switching 'works' between subnets, fine.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

Inphinity

2780 posts

Uber Geek

#870073 1-Aug-2013 15:39

Ok, so you've got something like
VLAN10 - 192.168.10.0/24
Gateway 192.168.10.254
DHCP Server 192.168.10.1
VLAN20 - 192.168.20.0/24
Gateway 192.168.20.254
DHCP Relay -> 192.168.10.1 scope 192.168.20.0/24

What is doing your DHCP relaying, presumably your switch?

estebaan

15 posts

Geek

#870083 1-Aug-2013 15:47

Inphinity: Ok, so you've got something like
VLAN10 - 192.168.10.0/24
Gateway 192.168.10.254
DHCP Server 192.168.10.1
VLAN20 - 192.168.20.0/24
Gateway 192.168.20.254
DHCP Relay -> 192.168.10.1 scope 192.168.20.0/24

What is doing your DHCP relaying, presumably your switch?

Yep that's correct. The switch is doing the relaying. The config is as you have put it above. The relay address I'm pointing to on each VLAN gateway is the server address of 192.168.10.1.

estebaan

15 posts

Geek

#870094 1-Aug-2013 15:59

AAARGH.

Really sorry guys, but everything is working as it should now. Rookie mistake - I hadn't written the config changes to flash on the switch and it had some old ACL stuff that I was playing with causing the problems. I feel like a dolt. Sorry, but thanks a lot for the replies in any event!