The 6248 has no default gateway. It will not let me put 192.168.1.1 because it does not reside in the same subnet as the 6248 (192.168.99.1)
The 2708 has 192.168.1.1 listed as its default gateway.
At this point, the network has too many complexities for me to untangle. I'm very glad that at the least I have DHCP resolved for when we finally migrate our server to the new location.
Once the server is in place, and the gateway/firewall are plugged directly into the 6248; I will revisit the proper configuration of this network.
Some tips to anyone who might have a similar issue: Check your management VLAN. It cannot be the same as VLAN 1 if you expect routing to work from VLAN 1 to anywhere else because the management VLAN cannot be routed. Also check static routing from your gateway, make sure the gateway has a return to the ips of your VLANS ie: 192.168.2.0 255.255.255.0 gateway_ip
Thats all for now. Thank you everyone who has contributed
Since you have ip routing enabled you don’t need dhcp l2relay. It is for layer 2 only. Page 461 ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_networking/esuprt_net_fxd_prt_swtchs/powerconnect-6224_User%27s%20Guide_en-us.pdf
You should be able to use the ip helper-address command pointing to the DHCP server.
OK. I'll reset the running config and get rid of l2relay. I thought since the powerconnect 2708 is only layer 2, that might have been the reason it won't work. In the meantime:
console#show ip helper-a
IP helper is enabled
Interface UDP Port Discard Hit Count Server Address
If the client has a static IP can it ping the DHCP server? Can the server ping the VLAN ip addresses? It looks like the helper is receiving and relaying packets from the client but isn’t getting anything from the server. I had the configuration double checked to make sure we were not missing anything and it is set correctly on the 6224. What does the DHCP server configuration look like? Are the clients on VLAN 20 and 30 pointing to the VLAN IP as their default gateway?
Q: If the client has a static IP can it ping the DHCP server?
A: Assigned 192.168.2.2 to a PC plugged into VLAN 20. Pinging the DHCP server results in a "request timed out."
Q: Can the server ping the VLAN ip addresses?
A: Server cannot ping 192.168.2.1 or 192.168.2.2
Q: What does the DHCP server configuration look like?
A: Three scopes are active. 192.168.1.0 (Corp), 192.168.2.0 (PUBLIC), and 192.168.3.0 (VOIP). PUBLIC has a range of 192.168.2.1-254. Options are 003 Router (192.168.1.1), 006 DNS Servers (192.168.1.150), and 015 DNS Domain Name (corp.local)
Q: Are the clients on VLAN 20 and 30 pointing to the VLAN IP as their default gateway?
A: I statically changed the gateway of the PC connected to VLAN 20 to 192.168.2.1. Still cannot ping DHCP. Is this what you are asking?
VLAN 20 should not be able to communicate with VLAN 1 or VLAN 30 anyway right? We added "Ip helper-address 192.168.1.150 dhcp" to VLANs 20 and 30. Only DHCP requests should be passed?
VLAN 20 should only have internet access. No access to the file server or other VLAN 1 traffic. We can achieve this even with routing enabled, right?
6248p is updated: 3.3.10.3
2708 is surprisingly updated too: 1.0.1.05
VLAN 20 and 30 are tagged on both the point to point connection and the DHCP connection (port 2 and 6) on the 2708.
Thank you so much for your suggestions so far. I hope we are able to help someone else with this same issue too.
On the configuration that you posted earlier, ip routing was enabled, which would allow all VLANs to communicate with each other, the 6224 would route between the VLANs. To block the traffic you would ACLs to deny traffic from VLAN 20 to VLAN 1. The statically set PC should be able to ping 192.168.3.1
Ip helper address is just for forwarding the bootp packets to the DHCP server on a different subnet. Since the client request for an ip address is a broadcast it would normally be dropped and not routed.
A ping since it is a unicast packet should be routed with ip routing enabled.
When you have a client come on the network on VLAN 20 it broadcasts a request for DHCP, the switch is receiving it, your statistics showed that, and then the switch should forward that request 192.168.1.150 with the switch’s information, get the reply from the server and send it back to the client. However the part where it goes from the switch to the server is where the process is breaking.
Interface 1/g11 is going to the 2708 from the 6224 right?
Thanks, it seems like it is not routing to VLAN 1, if it was routing and the problem was with ip helper it would be able to ping with a static address. Is the firmware up to date?
I tried connecting the point to point to our DHCP server to see if the issue would be resolved. In theory this would be like connecting the 6248 directly to our server.
The PC on VLAN 20 still could not communicate with DHCP.
At this point I can remove the 2708 as an issue, since it still will not function even without it. Something must be wrong with the 6248's configuration.
pc 2 cannot ping pc 3. Neither can ping anything from VLAN 1
Obviously I am missing something fundamental here. In the end, all I need to to have
192.168.1.x (local company network traffic)
192.168.2.x (public accessible wifi)
192.168.3.x (voip traffic)
I want all three to remain separate. The only thing accessible to any of them should be the DHCP to dish out IPs. Am I going about this completely wrong?
jhartsou
18 Posts
0
June 19th, 2014 12:00
The 6248 has no default gateway. It will not let me put 192.168.1.1 because it does not reside in the same subnet as the 6248 (192.168.99.1)
The 2708 has 192.168.1.1 listed as its default gateway.
At this point, the network has too many complexities for me to untangle. I'm very glad that at the least I have DHCP resolved for when we finally migrate our server to the new location.
Once the server is in place, and the gateway/firewall are plugged directly into the 6248; I will revisit the proper configuration of this network.
Some tips to anyone who might have a similar issue: Check your management VLAN. It cannot be the same as VLAN 1 if you expect routing to work from VLAN 1 to anywhere else because the management VLAN cannot be routed. Also check static routing from your gateway, make sure the gateway has a return to the ips of your VLANS ie: 192.168.2.0 255.255.255.0 gateway_ip
Thats all for now. Thank you everyone who has contributed
DELL-Josh Cr
Moderator
•
9.5K Posts
0
June 12th, 2014 15:00
Hi jhartsou,
Since you have ip routing enabled you don’t need dhcp l2relay. It is for layer 2 only. Page 461 ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_networking/esuprt_net_fxd_prt_swtchs/powerconnect-6224_User%27s%20Guide_en-us.pdf
You should be able to use the ip helper-address command pointing to the DHCP server.
Ip helper-address 192.168.2.x dhcp
With x being the IP address of the DHCP server.
Page 712 ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-6248_Reference%20Guide_en-us.pdf
What does the command return? show ip helper-a
DELL-Josh Cr
Moderator
•
9.5K Posts
0
June 13th, 2014 08:00
That looks fine, port 2 can pass all of the VLANs.
jhartsou
18 Posts
0
June 13th, 2014 08:00
I reconfigured everything to use only ip helper, and removed dhcp l2relay
IP Helper configuration:
UDP Destination Port Server Address IsDiscard Hit Count
67 192.168.1.150 False 9
IP Helper statistics:
DHCP Client Messages Received 9
DHCP Client Messages Relayed 9
DHCP Server Messages Received 0
DHCP Server Messages Relayed 0
UDP Client Messages Received 9
UDP Client Messages Relayed 9
DHCP Client Messages Hop Count Exceeded Max 0
DHCP Pkts Rcvd Too Early 0
Received DHCP Client Messages With Giaddr As Local Address 0
UDP Pkts With Expired TTL 0
UDP Pkts Discarded 0
Something is being pointed to the DHCP server, but again no IPs are being assigned from the new pools. Is there anything else I should check for?
Thank you,
jhartsou
18 Posts
0
June 13th, 2014 08:00
2708 vlan membership: ports:
VLAN ID 1------------------------------
1 2 3 4 5 6 7 8
U U U U U U U U
VLAN ID 20----------------------------
1 2 3 4 5 6 7 8
T T
VLAN ID 30----------------------------
1 2 3 4 5 6 7 8
T T
Port 2 connects the point to point to the 6248P
Port 6 connection to DHCP server
Thank you for the tips Josh. Should the above config pass the traffic?
jhartsou
18 Posts
0
June 13th, 2014 08:00
OK. I'll reset the running config and get rid of l2relay. I thought since the powerconnect 2708 is only layer 2, that might have been the reason it won't work. In the meantime:
console#show ip helper-a
IP helper is enabled
Interface UDP Port Discard Hit Count Server Address
-------------------- ----------- ---------- ---------- ------------------
vlan 20 Default No 738 192.168.1.150
vlan 30 Default No 0 192.168.1.150
DELL-Josh Cr
Moderator
•
9.5K Posts
0
June 13th, 2014 08:00
The 2708 shouldn’t be causing any issues, it should just pass traffic right through as long as the ports are set to handle the needed VLANs.
DELL-Josh Cr
Moderator
•
9.5K Posts
0
June 13th, 2014 10:00
If the client has a static IP can it ping the DHCP server? Can the server ping the VLAN ip addresses? It looks like the helper is receiving and relaying packets from the client but isn’t getting anything from the server. I had the configuration double checked to make sure we were not missing anything and it is set correctly on the 6224. What does the DHCP server configuration look like? Are the clients on VLAN 20 and 30 pointing to the VLAN IP as their default gateway?
jhartsou
18 Posts
0
June 13th, 2014 13:00
Q: If the client has a static IP can it ping the DHCP server?
A: Assigned 192.168.2.2 to a PC plugged into VLAN 20. Pinging the DHCP server results in a "request timed out."
Q: Can the server ping the VLAN ip addresses?
A: Server cannot ping 192.168.2.1 or 192.168.2.2
Q: What does the DHCP server configuration look like?
A: Three scopes are active. 192.168.1.0 (Corp), 192.168.2.0 (PUBLIC), and 192.168.3.0 (VOIP). PUBLIC has a range of 192.168.2.1-254. Options are 003 Router (192.168.1.1), 006 DNS Servers (192.168.1.150), and 015 DNS Domain Name (corp.local)
Q: Are the clients on VLAN 20 and 30 pointing to the VLAN IP as their default gateway?
A: I statically changed the gateway of the PC connected to VLAN 20 to 192.168.2.1. Still cannot ping DHCP. Is this what you are asking?
jhartsou
18 Posts
0
June 13th, 2014 14:00
VLAN 20 should not be able to communicate with VLAN 1 or VLAN 30 anyway right? We added "Ip helper-address 192.168.1.150 dhcp" to VLANs 20 and 30. Only DHCP requests should be passed?
VLAN 20 should only have internet access. No access to the file server or other VLAN 1 traffic. We can achieve this even with routing enabled, right?
6248p is updated: 3.3.10.3
2708 is surprisingly updated too: 1.0.1.05
VLAN 20 and 30 are tagged on both the point to point connection and the DHCP connection (port 2 and 6) on the 2708.
Thank you so much for your suggestions so far. I hope we are able to help someone else with this same issue too.
DELL-Josh Cr
Moderator
•
9.5K Posts
0
June 13th, 2014 14:00
On the configuration that you posted earlier, ip routing was enabled, which would allow all VLANs to communicate with each other, the 6224 would route between the VLANs. To block the traffic you would ACLs to deny traffic from VLAN 20 to VLAN 1. The statically set PC should be able to ping 192.168.3.1
Ip helper address is just for forwarding the bootp packets to the DHCP server on a different subnet. Since the client request for an ip address is a broadcast it would normally be dropped and not routed.
A ping since it is a unicast packet should be routed with ip routing enabled.
When you have a client come on the network on VLAN 20 it broadcasts a request for DHCP, the switch is receiving it, your statistics showed that, and then the switch should forward that request 192.168.1.150 with the switch’s information, get the reply from the server and send it back to the client. However the part where it goes from the switch to the server is where the process is breaking.
Interface 1/g11 is going to the 2708 from the 6224 right?
What does show?
show ip route
DELL-Josh Cr
Moderator
•
9.5K Posts
0
June 13th, 2014 14:00
Thanks, it seems like it is not routing to VLAN 1, if it was routing and the problem was with ip helper it would be able to ping with a static address. Is the firmware up to date?
6200 series firmware: http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=Y7YJ9&fileId=3354403342&osCode=NAA&productCode=powerconnect-6224&languageCode=EN&categoryId=NI
2708: http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=R112896&fileId=2731111725&osCode=NAA&productCode=powerconnect-2708&languageCode=EN&categoryId=NI
You may also want to try adding tagged VLAN 20 and 30 to port 6 on the 2708 and see if that helps.
jhartsou
18 Posts
0
June 13th, 2014 15:00
I tried connecting the point to point to our DHCP server to see if the issue would be resolved. In theory this would be like connecting the 6248 directly to our server.
The PC on VLAN 20 still could not communicate with DHCP.
At this point I can remove the 2708 as an issue, since it still will not function even without it. Something must be wrong with the 6248's configuration.
Will continue with other options Monday morning.
thank you everyone. Have a great weekend.
jhartsou
18 Posts
0
June 16th, 2014 10:00
Here is my running-config. Why are vlans not routing to the DHCP server?
console#show running-config
!Current Configuration:
!System Description "PowerConnect 6248P, 3.3.10.3, VxWorks 6.5"
!System Software Version 3.3.10.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 20,30
vlan routing 20 1
vlan routing 30 2
exit
stack
member 1 5
exit
ip address 192.168.1.180 255.255.255.0
ip default-gateway 192.168.1.1
ip routing
interface vlan 20
name "PUBLIC"
routing
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.150 dhcp
exit
interface vlan 30
name "VOIP"
routing
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.150 dhcp
exit
!
interface ethernet 1/g1
switchport mode general
switchport general pvid 20
switchport general allowed vlan add 20
switchport general allowed vlan remove 1
exit
!
interface ethernet 1/g2
switchport mode general
switchport general pvid 20
switchport general allowed vlan add 20
switchport general allowed vlan remove 1
exit
!
interface ethernet 1/g3
switchport mode general
switchport general pvid 30
switchport general allowed vlan add 30
switchport general allowed vlan remove 1
exit
!
interface ethernet 1/g4
switchport mode general
switchport general pvid 30
switchport general allowed vlan add 30
switchport general allowed vlan remove 1
exit
!
interface ethernet 1/g5
switchport mode general
switchport general pvid 30
switchport general allowed vlan add 30
switchport general allowed vlan remove 1
exit
!
interface ethernet 1/g6
switchport mode general
switchport general pvid 30
switchport general allowed vlan add 30
switchport general allowed vlan remove 1
exit
!
interface ethernet 1/g11
switchport mode general
switchport general allowed vlan add 20,30 tagged
exit
jhartsou
18 Posts
0
June 16th, 2014 13:00
Daniel,
I tried your experiment and:
gave 192.168.2.2 to PC #1 in VLAN 20
gave 192.168.3.2 to PC#2 in VLAN 30
pc 2 cannot ping pc 3. Neither can ping anything from VLAN 1
Obviously I am missing something fundamental here. In the end, all I need to to have
192.168.1.x (local company network traffic)
192.168.2.x (public accessible wifi)
192.168.3.x (voip traffic)
I want all three to remain separate. The only thing accessible to any of them should be the DHCP to dish out IPs. Am I going about this completely wrong?