This post is more than 5 years old
18 Posts
0
154466
June 12th, 2014 14:00
6248 VLAN not getting DHCP scope
I have created two new DHCP scopes in my windows server 2003:
192.168.2.0 - Public, and
192.168.3.0 - VOIP.
This DHCP server is connected to a Dell powerconnect 2708, which is connected to our new powerconnect 6248P via fiber point to point.
In the new network computers on the default VLAN 1 are correctly being assigned IPs as they connect.
I have issued the following commands to the 6248's CLI:
enable
configure
vlan database
vlan 20
vlan 30
exit
configure
interface range ethernet 1/g1-1/g2
switchport mode general
switchport general allowed vlan add 20
switchport general pvid 20
dhcp l2relay
exit
configure
interface range ethernet 1/g3-1/g6
switchport mode general
switchport general allowed vlan add 30
switchport general pvid 30
dhcp l2relay
exit
interface ethernet 1/g11
switchport mode general
switchport general allowed vlan add 20
switchport general allowed vlan add 30
dhcp l2relay
exit
configure
interface vlan 20
name "PUBLIC"
routing
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.150
exit
configure
interface vlan 30
name "VOIP"
routing
ip address 192.168.3.1 255.255.255
ip helper-address 192.168.1.150
exit
ip routing
I have also tagged all traffic on VLAN 20 and VLAN 30 on ports 1/g11 (6248) and port 2 (2708). VLAN 1 access has been removed from ports 1/g1 - 1/g6 (6248)
Everything appears to have been set correctly, but I am unable to get any answer from the DHCP server on any ports attached to VLAN 20. Is the powerconnect 2708 unable to pass the relay to the server? Is it possible something is getting dropped in the point to point?
I'd greatly appreciate any comments or suggestions, thanks!
0 events found
jhartsou
18 Posts
0
June 16th, 2014 14:00
PC 1
XP
plugged into 1/g2 on 6248
gateway: 192.168.2.1
static ip: 192.168.2.3
access mode: yes
VLAN: 20
PVID: 20
PC 2
win7
plugged into 1/g3 on 6248
gateway: 192.168.3.1
static ip: 192.168.3.3
access mode: yes
VLAN: 30
PVID: 30
Before my ports were all set in general mode with admit all frames. I have now changed them to access mode. PVID is still set as 20 and 30 respectively.
jhartsou
18 Posts
0
June 16th, 2014 15:00
OK. went back over that last past because the results made no sense... Mistake on my part.
PC 1
XP
plugged into 1/g2 on 6248
gateway: 192.168.2.1
static ip: 192.168.2.3
access mode: yes
VLAN: 20
PVID: 20
PC 2
win7
plugged into 1/g3 on 6248
gateway: 192.168.3.1
static ip: 192.168.3.3
access mode: yes
VLAN: 30
PVID: 30
pc 1 can ping pc 2 now. On to DHCP...
jhartsou
18 Posts
0
June 17th, 2014 09:00
That is correct. I understand now what you are saying about the management vlan not supporting routing.
In order to change the IP address of the 6248, I needed to issue the command: "console (config)# no ip default-gateway." Otherwise I have "IP address and gateway do not reside on the same subnet!" error.
The 6248 is now IP 192.168.99.1 with no dg. Management vlan is set to 99. I have no ports set for 99, so I no longer have access to the http management.
When I allow PC#1 or PC#2 to obtain an IP address automatically, the 6248 outputs the following error:
<188> APR XX XX:XX:XX 192.168.99.1-1 IP_HELPER[163914592]: relay_main.c(356) 515 %% Failed to send packet to DHCP server at 192.168.1.150. errno is S_errno_ENETUNREACH
How can I give it a gateway so that it will resolve if the gateway exists on a different subnet?
jhartsou
18 Posts
0
June 17th, 2014 12:00
I assigned 192.168.1.180 to VLAN 1. 6248 is now assigned IP of 192.168.99.1. Noticed that I could ping the server (192.168.1.150) and both VLAN 20 and VLAN 30, but was still not getting IPs from DHCP.
Added static routes in my gateway pointing 192.168.2.0 and 192.168.3.0 to 192.168.1.1. DHCP is now working. Automatically assigned addresses 192.168.2.10 and 192.168.3.10 to each PC.
Since the management vlan is 99 and cannot have routing enabled, how would http management be possible through vlan 1, 20, or 30?
Also, a different issue I'm sure, any ideas why a remote desktop connection from VLAN 1 to either VLAN 20 or 30 would drop after 1 minute?
Thank you so much for all your help Daniel and Josh!
jhartsou
18 Posts
0
June 18th, 2014 09:00
Exactly! Static routes... duh!
The dropped rdp connection might be stemming from a different issue. The computers attached to either vlan 20 or 30 cannot access the internet or any windows network shares. They can ping the gateway, the dhcp server, the vlan ips, etc.
Do I need to set up an ip route from 192.168.20.0 255.255.255.0 to somewhere?
Entering 192.168.2.1 or 192.168.3.1 actually does connect to http interface. What happens when I have many identical switches? I would have thought entering 192.168.99.1 would take me there, or whatever IP I set as the ip for the switch
jhartsou
18 Posts
0
June 18th, 2014 13:00
Added 0.0.0.0 0.0.0.0 192.168.1.1 (firewall / gateway). still unable to get online
firewall/gateway has had two static routes:
192.168.2.0 255.255.255.0 192.168.1.1
192.1683.0 255.255.255.0 192.168.1.1
adding these had allowed PCs to get IPs from DHCP server
Is there something else I need to get internet access? Here is my running-config
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6248P, 3.3.10.3, VxWorks 6.5"
!System Software Version 3.3.10.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 20,30,99
vlan routing 20 1
vlan routing 30 2
vlan routing 1 3
exit
stack
member 1 5
exit
ip address 192.168.99.1 255.255.255.0
ip address vlan 99
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.1.1
interface vlan 1
routing
ip address 192.168.1.180 255.255.255.0
exit
interface vlan 20
name "PUBLIC"
routing
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.150 dhcp
exit
interface vlan 30
name "VOIP"
routing
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.150 dhcp
exit
interface vlan 99
name "MGMT"
exit
username "jhartsou" password 571c1977d10e5d4f2e4641c993718e21 level 15 encrypted
!
interface ethernet 1/g1
switchport access vlan 20
exit
!
interface ethernet 1/g2
switchport access vlan 20
exit
!
interface ethernet 1/g3
switchport access vlan 30
exit
!
interface ethernet 1/g4
switchport access vlan 30
exit
!
interface ethernet 1/g5
switchport access vlan 30
exit
!
interface ethernet 1/g6
switchport access vlan 30
exit
!
interface ethernet 1/g11
switchport mode general
switchport general allowed vlan add 20,30 tagged
exit
thanks,
jhartsou
18 Posts
0
June 18th, 2014 14:00
Firewall is plugged into a powerconnect 2708, port 5. VLAN 1 on port 5 is Untagged. VLAN 20, 30, 99 on port 5 is Tagged
the 2708 port 2 is plugged into the 6248 port 11
jhartsou
18 Posts
0
June 19th, 2014 06:00
Port 2 of 2708 is the same as port 5: VLAN 20, 30, 99 on port 2 is Tagged. VLAN 1 is Untagged.
I know it isn't common practice, we are migrating all equipment to a new facility. The gateway / firewall is still in the same building as the DHCP server.
I've come across many posts about people having the exact problem as me. They describe NAT or static routes as the issue. I'm trying to configure my gateway correctly to accommodate the VLANs. Do you think the problem lies within the 2708 and not the gateway?
If the server can ping everything, and the clients can ping everything.. Clients are getting IPs from DHCP, why couldn't I connect to network resources or get online from VLAN 20 or 30?
thanks for all of your input!