Trunk port problem

Answered Question
Mar 6th, 2010

Hi there

I have a nomadix box connected over a trunk port on the core switch. following s the configuration.

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 132,150,151

switchport mode trunk

Nomadix box assigns the IP Addresses for the vlans 132, 150 and 151.

However, I find that for one other vlan (110), the Clients get IP Address from the Nomadix box vlan 150 scope.(this scope is marked as default in the nomadix box). when i shut the trunk port, clients in vlan 110 get ip from the DHCP server placed in the DMZ (which is the intended behaviour) however when the trunk port is up, again the clients get IP from the nomadix box.

can anybosdy help on this?    

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 6 years 9 months ago

Hello Mohammed,

I would suggest to try to find out is somewhere in the network one of the permitted vlans (probably vlan 150) is joined to vlan 110 for example by connecting two access ports one in vlan 150 and one in vlan 110.

if so the broadcast DHCP request could reach the nomadix

it may be also a server bridging between two NICs

Edit:

to find out where the L2 path between Vlans is I would do the following:

put a PC in vlan 110 and boot it as soon as it gets an ip address from Nomadix look for nomadix MAC address in CAM table in vlan 110 following that MAC address will lead to the port that connects the two vlans.

if you use a laptop with wireshark/ethereal on it you can capture the DHCP answer and you can check the source MAC address

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Sat, 03/06/2010 - 02:52

Hello Mohammed,

you should check the configuration of the L3 device that acts as default gateway for Vlan 110.

if you find two helper-address commands under the interface configuration you should remove the one referring to the nomadix box.

The router or multilayer switch uses both ip helper address and forwards the DHCP request to both the nomadix box and the DHCP server in DMZ.

Unfortunately the nomadix is faster in answering.

When you shut the trunk port only  the DMZ DHCP server answers that is the desired behaviour.

Hope to help

Giuseppe

mohammed.naviwala Sat, 03/06/2010 - 03:40

Hi

thanks for reply. however,I just have one helpwe address configured. also when the trunk is allowed only for the 3 specific vlans, shouldn't it discard the DHCP request for the vlan 110?? i think the request should not be even forwarded to the nomadix box if the trunk is not carryig the vlan 110.

whats your call on this?

Giuseppe Larosa Sat, 03/06/2010 - 04:10

Hello Mohammed,

>>  think the request should not be even forwarded to the nomadix box if  the trunk is not carryig the vlan 110.

ip helper-address instructs the router to convert a non routable DHCP request with broardacast destination 255.255.255.255 in a routable packet with destination = helper-address argument.

By  doing so it allows the DHCP message to go over multiple Vlans/IP subnets.

So there is no strict need for vlan 110 to be permitted on the trunk.

if the message arrives on the trunk it arrives with a vlan-id that is the one associated with the ip subnet of the server not that of the requesting client.

So my first thought has been that there may be an unwanted ip helper-address in the network.

>> I just have one helpwe address configured.

to what server the helper address is pointing to nomadix or to the DMZ DHCP server?

show interface gi0/x switchport

what is the list of permitted vlans and in STP forwarding state?

Hope to help

Giuseppe

mohammed.naviwala Sat, 03/06/2010 - 04:19

Hi

ip helper-address is for the server in DMZ

sh int gix/x swi

SWC-GU-01#sh int gi 2/1 switchport
Name: Gi2/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Operational Native VLAN tagging: disabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: 132,150,151
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

sh int tru

Port                Mode         Encapsulation  Status        Native vlan
Gi2/1               on           802.1q         trunking      1
Gi2/5               on           802.1q         trunk-inbndl  999
                                      (Po11)
Gi2/6               on           802.1q         trunk-inbndl  999
                                      (Po11)

Port                Vlans allowed on trunk
Gi2/1               132,150-151
Gi2/5               1-4094
Gi2/6               1-4094

Port                Vlans allowed and active in management domain
Gi2/1               132,150-151

Port                Vlans in spanning tree forwarding state and not pruned
Gi2/1               132,150-151

Correct Answer
Giuseppe Larosa Sat, 03/06/2010 - 04:27

Hello Mohammed,

I would suggest to try to find out is somewhere in the network one of the permitted vlans (probably vlan 150) is joined to vlan 110 for example by connecting two access ports one in vlan 150 and one in vlan 110.

if so the broadcast DHCP request could reach the nomadix

it may be also a server bridging between two NICs

Edit:

to find out where the L2 path between Vlans is I would do the following:

put a PC in vlan 110 and boot it as soon as it gets an ip address from Nomadix look for nomadix MAC address in CAM table in vlan 110 following that MAC address will lead to the port that connects the two vlans.

if you use a laptop with wireshark/ethereal on it you can capture the DHCP answer and you can check the source MAC address

Hope to help

Giuseppe

Actions

This Discussion