Wired Intelligent Edge

Hi everyone, I am new to VLAN's, so I am looking for some help, Below is my configuration

Hopefully this is in the correct forum this time :) 
Maybe this will help someone else out also....

I have setup a VLAN and cannot get an address from the DHCP Server on VLAN 100

My Switches: HP 2910al -24 poe (AP's are on them, I have one SSID set to Vlan 100 for Testing)

HP 2530-48

MY DC is on the HP 2530 ip 10.25.0.2. DHCP 10.25.0.0 /16,
New Scope 192.168.1.0 /24 (VLAN 100)
; J9146A Configuration Editor; Created on release #W.15.12.0011
; Ver #04:01.ff.35.05:ca
hostname "HP-2910al-24G-PoE"
module 1 type j9146a
module 2 type j9008a
module 3 type j9008a
timesync sntp
sntp unicast
sntp server priority 1 10.25.0.2
time daylight-time-rule continental-us-and-canada
time timezone -300
ip default-gateway 10.25.0.10
ip routing
snmp-server community "public" unrestricted
snmp-server location "Lan Room (Top Center)"
vlan 1
name "DEFAULT_VLAN"
untagged 1-24,A1-A2,B1-B2
ip address 10.25.6.1 255.255.0.0
exit
vlan 100
name "Wireless_Test"
tagged 1-24
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.25.0.2
exit
password manager
password operator

(Routing has been enabled)

HP 2530

Startup configuration: 32

; J9775A Configuration Editor; Created on release #YA.15.12.0010
; Ver #04:01.ff.37.27:ea
hostname "HP-2530-48G"
console idle-timeout 600
console idle-timeout serial-usb 600
timesync sntp
sntp unicast
sntp server priority 1 10.25.0.2
no stack
time daylight-time-rule continental-us-and-canada
time timezone -300
ip default-gateway 10.25.0.10
snmp-server community "public" unrestricted
snmp-server location "Lan Room (Center)"
vlan 1
name "DEFAULT_VLAN"
untagged 1-52
ip address 10.25.6.5 255.255.0.0
exit
vlan 100
name "Wireless_Test"
tagged 47
ip address 192.168.1.5 255.255.255.0
exit
no dhcp config-file-update
password manager
password operator

Since I could not get an DHCP address, I added a static IP to a laptop attached to
Vlan 100 (192.168.1.22), I could ping 192.168.1.1, 192.168.1.5, 10.25.6.1, 10.25.6.5.
However I could not ping my DC 10.25.0.2.

Could this be a routing issue??, or do I have to put the DC on VLAN 100 also??
Here is the 2910 route:

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
10.25.0.0/16 DEFAULT_VLAN 1 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.1.0/24 Wireless_Test 100 connected 1 0

I am at a loss here.....
If anyone has any ideas, I would really appreciate it!
I know this is long, but I tried to be thorough

Thank You!

Hello.  Is 10.25.0.2 reachable on VLAN 1?  The 2910 will send an ARP request for 10.25.0.2's MAC address because it thinks that IP is locally reachable on VLAN 1 (10.25.0.0/16).  Does 10.25.0.2 also have a /16 mask? 

Either way the 2910 can't reach 10.25.0.2 on VLAN 1, which is why you can't ping it or get a DHCP address (via relay to it).

Yes, it can reach it (its also the default VLAN)

Ok, so the 2910 can ping 10.25.0.2?  Does 10.25.0.2 have a route back?  What is it using as a gateway for 192.168.1.0/24?

Thanks for the reply

On the native vlan, the switch ip is 10.25.6.1, GW is 10.25.0.10, my DHCP all works as expected.

So I decide to try to setup a vlan (100) for testing, and and setup a new DHCP Scope for 192.168.1.0/24
I set the GW to my original GW of 10.25.0.10 (not understanding, but figured it would not work to my gateway, but wanted to see it I could get an address with the new scope)

I set the vlan up (100) and the DHCP Helper and this where I get lost/confused.
I cannot see (and I am sure this is why it does not work), How to set the rest up.
I set the helper address to my DC - 10.25.0.2 which is where my new scope is.
I gave the switch an IP 192.168.1.1, plugged in a computer on the new vlan and
did not hit the dhcp, it could not get an address at all.
So I know since the default works, it is clearly me not understanding how it is
supposed to work.

Any direction would be appreciated.

Thank you.

Hosts configured for DHCP will send a broadcast (all F's MAC destination address) discover packet which will reach all hosts on the VLAN, so that's why hosts on the same VLAN as the DHCP server are getting an address.  Hosts on a different VLAN have to be relayed, to the IP helper address, and back.  The "and back" is probably where it's failing. 

On the DHCP server what route is it using for 192.168.1.0/24?  On windows run "route print", linux "netstat -rn".  If the server has a route or gateway of something other than the 2910 that's where it is sending the DHCP offer.  Add a route to 192.168.1.0/24 via the 2910.

You can also test connectivity from the 2910 for VLAN 100 by setting the source address of the ping to VLAN 100 (ping 10.25.0.2 source 100). 

Thank you again for the reply, I will not be able to look at the system again until Wednesday, (Out on personal business)I will post the info then, & Thank You again

Ok, thank you for the info, on the 2910, I cannot ping from vlan 100 to 10.25.0.2 (vlan1, dhcp Server), (thanks for the source command!!) I am guessing this is where the route is not correct

here is the route from the 2910

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 10.25.0.2 1 static 1 1
10.25.0.0/16 DEFAULT_VLAN 1 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.1.0/24 Wireless_Test 100 connected 1 0

On the Server 10.25.0.2: vlan 1    

route:

Interface List
12...00 15 5d 00 01 00 ......Microsoft Hyper-V Network Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.25.0.10 10.25.0.2 261
10.25.0.0 255.255.0.0 On-link 10.25.0.2 261
10.25.0.2 255.255.255.255 On-link 10.25.0.2 261
10.25.0.2 255.255.255.255 192.168.1.0 10.25.0.2 6
10.25.255.255 255.255.255.255 On-link 10.25.0.2 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 10.25.0.2 6
192.168.1.0 255.255.255.255 On-link 10.25.0.2 6
192.168.1.1 255.255.255.255 On-link 10.25.0.2 6
192.168.1.255 255.255.255.255 On-link 10.25.0.2 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.25.0.2 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.25.0.2 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.25.0.10 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================

I am just lost.....

5. What is 10.25.0.10? Does it have a route back to the 192.168.1.0/24 subnet?

There is some missing information you need to provide:

1. You need to put interface descriptions on the uplink ports, that describe what is connected there. From what you've provided, we can assume VLAN1 is trunked between the 2 switches, but we have no way of knowing if you have trunked VLAN100 between them.

2. Your DHCP scope: what is configured as the "router" IP address?
                             Does it display any lease offers in the new scope?

3. Your laptop test: what did you configure as your default gateway?
                          where did you attach it to the network?
                          I can't see any ports on either switch that are configured as untagged in VLAN100.

4. Why have you configured an IP address for VLAN100 on both switches? Are your clients going to use 192.168.1.1 or 192.168.1.5 as their default gateway? You need to decide where you want your inter-VLAN routing to be performed and put the router address for the 192.168.1.0 subnet there.

5. What is 10.25.0.10? Does it have a route back to the 192.168.1.0/24 subnet?

6. What do your VLAN1 hosts use as their default gateway address?

Bearing in mind we can't know for sure without the additional info I listed above, there are a couple of problems that we frequently see, one or more of which could be occurring here:

 a. VLAN100 has not been trunked between the two switches

 b. 10.25.0.10 does not have any route to the new subnet

 c. your hosts are using 10.25.0.10 as a default GW, and b.

 d. your new DHCP scope has a "router" option that does not match the source of the relayed DHCP request

Thanks for the reply, I have removed the IP addresses from the other switches 192.168.1.5

I did not think a trunk was necessary (if Iam understanding it).

I have port 24 tagged on the 2910 and tagged port 47 on 2530 for VLan 100 & untagged vlan 1

When I had the static ip on the laptop, I could ping either switch (why I thought I needed the addresses).

On the Native vlan 1 10.25.0.0 /16 gw is 10.25.0.10 sonicwall   dhcp 10.25.0.2 all works, always has.

On Vlan 100 dhcp (new scope on 10.25.0.2)  192.168.1.0/24 I i have the GW set as the switch 192.168.1.1

trying to ping from the 2910 using source 100 I cannot ping the dhcp 10.25.0.2 or the gateway 10.25.0.10

but as a test  I was more worried about getting the dhcp address than internet at this time.

And at this point I can just start over, I left the default vlan in place so everthing else can work.

So your connectivity issues were caused by,

 - the hosts on your VLAN1 subnet were not using the layer-3 switch as a default gateway, but were using the Sonicwall on 10.25.0.10

 - the Sonicwall on 10.25.0.10 does not have a route for 192.168.1.0/24, so pings to it from VLAN100 can't be replied to

This makes no sense to me.  The original network was just one vlan.

We have 2 new switches now the 2910 & a 2530, plugged them in all works. (vlan 1)

I can unplug the connection to my GW and I can ping my DC and everything else

I just wanted to try adding another vlan, vlan 100 and see if I could get DHCP address

from the new scope.   I am not seeing this....

Ok, so your server thinks 192.168.1.0/24 is directly reachable (on-link):

192.168.1.0 255.255.255.0 On-link 10.25.0.2 6
192.168.1.0 255.255.255.255 On-link 10.25.0.2 6
192.168.1.1 255.255.255.255 On-link 10.25.0.2 6
192.168.1.255 255.255.255.255 On-link 10.25.0.2 261

Not sure what installed those routes but it thinks that network is local.  Install a route on the server (route add 192.168.1.0 mask 255.255.255.0 10.25.6.1) and see if you can ping 192.168.1.1.  You may need to delete the currently installed routes (route delete 192.168.1.0) to get that installed as the preferred route. 

If you want other hosts who are also using 10.25.0.10 as a gateway to reach 192.168.1.0/24 you will need to install a route on 10.25.0.10 as well.  Hosts on 10.25.0.0/16 using that gateway will get ICMP redirected to 10.25.6.1 but you won't have to install a bunch of routes manually.

It Worked!!! Thank You!   (And everyone who answered!)

It helps to have a working example.....

so now I can play with the new scope for testing...

So eventually if I want to have the new scope access the internet,

do I add the route you suggested at the Gateway?

I will have to sit down with your example to fully understand, but I see a little 

light at the end of the tunnel, Thank You

Hi all

I have problem with routing between VLAN`s

Can anybody help me with advice how to make connectivity between VLANs

hostname "HP-2920-24G"
module 1 type j9726a
ip route 0.0.0.0 0.0.0.0 10.22.1.1
snmp-server community "public" unrestricted
openflow
controller-id 1 ip 10.22.1.26 port 6653 controller-interface vlan 3
instance "test"
listen-port 6653
member vlan 2
controller-id 1
version 1.3
enable
exit
enable
exit
oobm
ip address dhcp-bootp
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 17-24
untagged 1-16,A1-A2,B1-B2
ip address 10.22.1.28 255.255.255.0
exit
vlan 2
name "hosts"
untagged 17-22
ip address 10.23.1.1 255.255.255.0
ip helper-address 10.22.1.1
voice
exit
vlan 3
name "controller"
untagged 23-24
ip address 10.24.1.1 255.255.255.0
ip helper-address 10.22.1.1
exit
password manager

you need the "ip routing" command at the global config context to enable routing.