03-06-2010 02:41 AM - edited 03-06-2019 10:01 AM
Hi there
I have a nomadix box connected over a trunk port on the core switch. following s the configuration.
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 132,150,151
switchport mode trunk
Nomadix box assigns the IP Addresses for the vlans 132, 150 and 151.
However, I find that for one other vlan (110), the Clients get IP Address from the Nomadix box vlan 150 scope.(this scope is marked as default in the nomadix box). when i shut the trunk port, clients in vlan 110 get ip from the DHCP server placed in the DMZ (which is the intended behaviour) however when the trunk port is up, again the clients get IP from the nomadix box.
can anybosdy help on this?
Solved! Go to Solution.
03-06-2010 04:27 AM
Hello Mohammed,
I would suggest to try to find out is somewhere in the network one of the permitted vlans (probably vlan 150) is joined to vlan 110 for example by connecting two access ports one in vlan 150 and one in vlan 110.
if so the broadcast DHCP request could reach the nomadix
it may be also a server bridging between two NICs
Edit:
to find out where the L2 path between Vlans is I would do the following:
put a PC in vlan 110 and boot it as soon as it gets an ip address from Nomadix look for nomadix MAC address in CAM table in vlan 110 following that MAC address will lead to the port that connects the two vlans.
if you use a laptop with wireshark/ethereal on it you can capture the DHCP answer and you can check the source MAC address
Hope to help
Giuseppe
03-06-2010 02:52 AM
Hello Mohammed,
you should check the configuration of the L3 device that acts as default gateway for Vlan 110.
if you find two helper-address commands under the interface configuration you should remove the one referring to the nomadix box.
The router or multilayer switch uses both ip helper address and forwards the DHCP request to both the nomadix box and the DHCP server in DMZ.
Unfortunately the nomadix is faster in answering.
When you shut the trunk port only the DMZ DHCP server answers that is the desired behaviour.
Hope to help
Giuseppe
03-06-2010 03:40 AM
Hi
thanks for reply. however,I just have one helpwe address configured. also when the trunk is allowed only for the 3 specific vlans, shouldn't it discard the DHCP request for the vlan 110?? i think the request should not be even forwarded to the nomadix box if the trunk is not carryig the vlan 110.
whats your call on this?
03-06-2010 04:10 AM
Hello Mohammed,
>> think the request should not be even forwarded to the nomadix box if the trunk is not carryig the vlan 110.
ip helper-address instructs the router to convert a non routable DHCP request with broardacast destination 255.255.255.255 in a routable packet with destination = helper-address argument.
By doing so it allows the DHCP message to go over multiple Vlans/IP subnets.
So there is no strict need for vlan 110 to be permitted on the trunk.
if the message arrives on the trunk it arrives with a vlan-id that is the one associated with the ip subnet of the server not that of the requesting client.
So my first thought has been that there may be an unwanted ip helper-address in the network.
>> I just have one helpwe address configured.
to what server the helper address is pointing to nomadix or to the DMZ DHCP server?
show interface gi0/x switchport
what is the list of permitted vlans and in STP forwarding state?
Hope to help
Giuseppe
03-06-2010 04:19 AM
Hi
ip helper-address is for the server in DMZ
sh int gix/x swi
SWC-GU-01#sh int gi 2/1 switchport
Name: Gi2/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Operational Native VLAN tagging: disabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: 132,150,151
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
sh int tru
Port Mode Encapsulation Status Native vlan
Gi2/1 on 802.1q trunking 1
Gi2/5 on 802.1q trunk-inbndl 999
(Po11)
Gi2/6 on 802.1q trunk-inbndl 999
(Po11)
Port Vlans allowed on trunk
Gi2/1 132,150-151
Gi2/5 1-4094
Gi2/6 1-4094
Port Vlans allowed and active in management domain
Gi2/1 132,150-151
Port Vlans in spanning tree forwarding state and not pruned
Gi2/1 132,150-151
03-06-2010 04:27 AM
Hello Mohammed,
I would suggest to try to find out is somewhere in the network one of the permitted vlans (probably vlan 150) is joined to vlan 110 for example by connecting two access ports one in vlan 150 and one in vlan 110.
if so the broadcast DHCP request could reach the nomadix
it may be also a server bridging between two NICs
Edit:
to find out where the L2 path between Vlans is I would do the following:
put a PC in vlan 110 and boot it as soon as it gets an ip address from Nomadix look for nomadix MAC address in CAM table in vlan 110 following that MAC address will lead to the port that connects the two vlans.
if you use a laptop with wireshark/ethereal on it you can capture the DHCP answer and you can check the source MAC address
Hope to help
Giuseppe
03-07-2010 03:02 AM
Thanks buddy
this was helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide