1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New VLAN isnt getting to my DHCP Server

Discussion in 'Networking' started by NateRD82, Jun 14, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    29
    We are implementing a new WiFi system here at work and I am having issues creating a new VLAN on my router that goes to my onprem DHCP server. I have verified already that my new Meraki APs are working with my RADIUS server when I tag the SSID with my current VLAN that works. I have attached my router config as well as 1 of my network closets. What is missing?

    I also have to work with a 3rd party because the router is managed by them. Any help would be appreciated. I believe the DHCP server is fine because I just added another IP range in the same subnet.
     

    Attached Files:

  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,993
    Do you have a network diagram? What's the new VLAN ID you're implementing? The DHCP server in question is a stand alone and not the router you've included the config for?

    DHCP is a layer 2 protcol. If the DHCP server does not have a direct connection to that VLAN or there is a router in between, DHCP will not work. On the router that has an interface on the new VLAN in question, you have configure a DHCP relay. What this does is on interfaces for the router with DHCP relay configured, the router will react to DHCP broadcasts from devices on that layer 2 network. The router will grab the DHCP broadcast for the DHCP server and encapsulates the DHCP frame as a packet forwards it on to the configured DHCP server. The encapsulation will also have the source address of the DHCP request as the router interface on that VLAN in question. If you have a scope created for that VLAN, the DHCP server uses the router's IP to match the DHCP scope. The DHCP server then reverses the process ultimately with the router receiving the reply from the DHCP server and it dropping the return reply to the broadcast request onto the layer 2 segment for the switch to forward on to the device matching the MAC address contained in the source header for the frame.

    I had this set up in a campus network I built out in an 8 story office building in one of my past jobs. Worked flawlessly.
     
  3. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    29
    hmm...Unfortunately I don't quite follow. I inherited this network and I am no network wiz. I will attach all networking closets, switches, and router configs.

    061318amphas - Is our Router
    AMP_STMary_SW16 - Network Closet
    HP8/HP9 - Switches that have trunking ports to our Router. These are the first switches the router goes to
    Fiber Switches - Fiber switch that plugs into our HP8 switch so we have fiber connected to our network closets

    We have 3 total network closets. I have only 1 listed.
    I also tried to untag the VLAN61 on the HP switch and plug in but it gives me a junk IP and unidentified network. If I change the untag to our VLAN20 network it works. I have VLAN61 using the same DHCP server as VLAN20.
     

    Attached Files:

  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,993
    Looking at your router config, it looks like this router is providing DHCP addresses for VLAN 20. Is this correct? Why are you creating a new VLAN (61) if you're going to grab the same addresses from VLAN 20?
     
  5. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    29
    No we have a DHCP Server setup on 10.16.2.3. The new VLAN61 should be grabbing 10.16.60.x /23 network. VLAN20 is 10.16.2.x /23
     
  6. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,993
    Is your main router a Cisco router? It appears so based on the config file you've posted. If so on the sub interface for VLAN 61, you need to add in this command:

    ip-helper address [IP address of your DHCP server]

    If you want to read more details about the IP Helper command and doing a DHCP relay, here is a good Cisco document discussing this:

    https://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html
     
  7. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    29
    So yes it is a Cisco Router. The ip-helper address is already there under the int gi 0/1/.61. For some reason there are 2 helpers. The DHCP server is 10.16.2.3
     
  8. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,993
    Yes. You're right the ip helper is there already. Not sure why there are to ip helpers set up but you can do that to send traffic to multiple DHCP servers.

    The question I have is why is the router's IP address in the middle of your subnet range? I usually follow the convention of having the router's IP at the beginning of any subnet range which would put the IP address of the router's interface at 10.16.60.1 and .2 (looks like there is another router some where on your network which is running as a backup router in HSRP mode). I would also change the VLAN ID to 60 from 61. As your subnet is 10.16.60.0/23 where .60.1 is the start of the range up to 61.254.

    I would also check the DHCP scope on your DHCP server for this subnet to make sure it is set up for 10.16.60.0/23. If it is, I would check to see if it is actually receiving DHCP requests from VLAN 61 by sniffing the network traffic with something like Wireshark.
     
  9. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    29
    I think I have narrowed down my issue to my HP ProCurve Switches. I have attached the HP ProCurve Switch that has my DHCP server configured on Port 6. I have it untagged to my VLAN20. I need to allow that port to allow traffic from VLAN61 to access the DHCP server. How do I do that? My work around would be setting up another DHCP server having that plug into a VLAN61 untagged port but I really don't want to do that.
     

    Attached Files:

  10. KKLC

    KKLC

    Joined:
    Nov 16, 2008
    Messages:
    225
    Vlan61's sub interface is having a 10.16.61.2 IP, it's not 10.16.60.x IP. and i don't see any 10.16.60.x IP configured in the other router interfaces. The router can't route the traffics to 10.16.60.x subnet. Not sure if this is the issue, hope it helps.


    interface GigabitEthernet0/1.61
    description Corporate Wireless
    encapsulation dot1Q 61
    ip address 10.16.61.2 255.255.254.0 <--------------
     
  11. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,993
    The relay feature should be working to get around the VLAN segregation issue. Unless you configure the DHCP server to accept tagged VLANs, you cannot get this to work as you have to configure port 6 to be a VLAN trunk port.

    The alternative is to configure the Cisco router to act as the DHCP server for VLAN 61.
     
  12. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,993
    Incorrect. The subnet mask for VLAN 61 is 255.255.254.0. As such the range of valid IPs is 10.16.60.1 through 10.16.61.254. And because all of these IPs are in the same subnet, there is NO routing needed between .60 and .61 addresses.
     
  13. KKLC

    KKLC

    Joined:
    Nov 16, 2008
    Messages:
    225
    ah.. you are right. i missed that mask. if it's /23, then .61.x is in the same subnet. i meant the routing between vlan61 and other vlans, not with vlan60.
     
  14. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,993
    And this is why I questioned the logic of having a router for the subnet having an IP in the middle of the range. It causes too much confusion and as you've just experienced easy mistakes on missing the subnet mask. I think part of the OP's work on this needs to be moving that IP to alleviate future confusion and headaches. But at least whoever set up the router didn't make the router's IP 10.16.61.0. While being a valid IP, it would cause people's heads to explode who are not used to working with supernetting.
     
    Last edited: Jun 22, 2018
  15. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    29
    Thanks for the responses. One thing that Im having a hard time grasping is your statement about the router for the subnet having an IP in the middle of the range? Looking through my VLANs on my router they all have the ip address 10.16.x.2 255.255.254.0 and then a standby 55 ip 10.16.x.1. What would that mean? Because on my VLAN61 it has ip address 10.16.60.1 255.255.254.0 and a standby 61 ip 10.16.61.1
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - VLAN isnt getting
  1. xpellex
    Replies:
    0
    Views:
    175
  2. ameemaisy
    Replies:
    1
    Views:
    178
  3. stef1808
    Replies:
    2
    Views:
    348
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1211583

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice