Summit48si DHCP offer not getting back 1

[T313C0mun1s7]

I have a Summit48si that is broken into several port based VLANs for a multi-tenant office building. Each office gets its own Class C network with 3 ports as such:

Suite 101 - VLAN ste101 non-tagged on ports 5-7 - Network 10.0.101.x/24 with the VLAN address assigned 10.0.101.1

The DHCP Server is on VLAN default which is 10.0.1.3 (DHCP Server at 10.0.1.2) and default owns ports 1-4. The Internet gateway is at 10.0.1.1. I have the following configured:

config vlan default ipaddress 10.0.1.3 255.255.255.0
config iproute add default 10.0.1.1
config default delete port 5-48
enable syslog
config syslog add 10.0.1.2 local0 notice
create vlan ste101
config ste101 ipaddress 10.0.101.1 255.255.255.0
config ste101 tag 101
config ste101 add port 5-7
enable ipforwarding
enable rip
create udp-profile dhcprelay
config dhcprelay add 67 ipaddress 10.0.1.2
config ste101 udp-profile dhcprelay
config default protocol ip
config ste101 protocol ip
config rip add vlan default
config rip add vlan ste101

With Wire Shark (etherreal) on both the DHCP server and the requesting workstation, and via syslog I can see that it appears the dhcpdiscover is going out and being forwarded to the DHCP server. The server sends a dhcpoffer, but the requesting workstation never seems to get it.

I have never worked with Extreme Networks switches before. Any help is highly appreciated, I have to get this working ASAP. I can post anything you ask for if you tell me how to get it. I already have a syslog server and Wire Shark setup.

The switch is running ExtremeWare 6.2.2 basic.

 

[T313C0mun1s7]

Yea, great idea.

So I moved the gateway router off the default vlan and removed port 1 from the default vlan. The gateway router is now 10.0.0.1, on port 1, vlan rtr, with the vlan interface address of 10.0.0.2

The DHCP server is still 10.0.1.2 but vlan default now has an interface address of 10.0.1.1 instead of 10.0.1.3

"show iproute" looks like this:

Ori Destination       Gateway        Mtr Flags       VLAN
*d  10.0.0.0/24       10.0.0.2       1   U------u--- rtr
*d  10.0.1.0/24       10.0.1.1       1   U------u--- Default
 d  10.0.101.0/24     10.0.101.1     1   U------u--- ste101
 d  10.0.102.0/24     10.0.102.1     1   -------u--- ste102
 d  10.0.103.0/24     10.0.103.1     1   -------u--- ste103
*d  127.0.0.1/8       127.0.0.1      0   U-H----um-- Default
*s  Default Route     10.0.0.1       1   UG---S-um-- rtr

Now how do I create that static route? I can not find the command to do this. Right now the router can ping all interface addresses, and the Gateway router at 10.0.0.1

The server can not ping 10.0.0.1, but it can ping 10.0.0.2 and my workstation on the ste101 vlan now successfully negotiated an address via DHCP. The server can also ping 10.0.101.1 (ste101 interface ip) but not 10.0.101.2 (the DHCP assigned workstation.

I am getting closer.

John C. Reid, President
Computer and Network Services

 

[T313C0mun1s7]

The reason I could not ping the workstation was the Windows firewall. Ping request were received, but just dropped. So in reality I can ping 10.0.101.2.

John C. Reid, President
Computer and Network Services

 

[rn4it]

Is IPforwarding enabled on the rtr vlan?

 

[T313C0mun1s7]

Right now, IPforwarding and RIP is enabled on every vlan.

The router seems to be able to ping everything, even out to the internet. Devices on vlans can ping the device interface address for vlan rtr (10.0.0.2), but not the default gateway (10.0.0.1).

Does the default route need to be in the vlan default? If so how do I route traffic to the vlan that I want globally accessible devices on? I have been tearing through the documentation, but I still find how to setup static routes to be ambiguous. There is no concrete example in the manual.

What would be the entry, for example, to route from ste101 (10.0.101.0/24) to ste112 (10.0.112.0/24)? Or to allow all vlans to access shared (10.0.200.0/24)? Does there need to be a static route back? If is it to the shared vlan do I need multiple static routes, one for every return path?

My route-map seem to have nothing in it. And I am unsure as to if and how to populate it.

Thanks again.

John C. Reid, President
Computer and Network Services

 

[rn4it]

If the PC's are able to ping the 10.0.0.2 address, then they should be getting to the router. Check the router(10.0.0.1) for ACL's that may be snuffing this traffic.

RIP would be handle inter vlan communications. In fact just having IPforwarding enabled would do this.

No the default route doesn't need to be on the default vlan. I have my edge switches at Layer2, the default gateway is on my switch mgmt vlan.

If I understand your config, your default gateway connects to your switch on the 10.0.0.x network. All vlans should route through that interface, which they seem to do. If your 10.0.0.1 device is able to ping all PC's on all vlans, then they're able to respond back. If there was a routing issue the default gateway would get timeouts, please check your default gateway for ACLs blocking the communication being requested from the PCs.

 

[T313C0mun1s7]

OK, so then if the default gateway is to route to the internet for all of these vlans, it needs to either know they are local (ClarkConnect lies about being able to do it - at least post 4.x) OR not know that it is routing to anything other than 10.0.0.x/24. Right? So then since I seem to be unable thus far to find a gateway/router Linux distro that handles multiple local subnets, do I need to have the switch do NAT? can it do that?

John C. Reid, President
Computer and Network Services

 

[rn4it]

You could get the switch to do NAT, I wouldn't. You're default gateway device should be able to handle NAT. All you seem to need it do is realeze that the internal networks are behind it's 10.0.0.1 intface and NAT all out bound requests behind its external interface.

Unforntuately, I can't help much further. I'd contact support for ClarkConnect on how to do hide NAT on their device.

good luck

 

[T313C0mun1s7]

GOT IT - thank you so much rn4it. I don't know how long it would have taken me to figure this out without you. I do know I would have certainly gone insane prior to getting it.

ClarkConnect states the ability to have multiple local LANs, but there is no mention really of how to do it. The other people that have tried have not gotten it to work, and the support people have it listed as a bug that is fixed according to bug tracking, even though it does not work. You got me thinking that all I really needed was for the gateway to know which direction to look, so I searched for static routes on ClarkConnect instead.

Here is what I did, in case anyone else ever needs to do this.

Find (or create) /etc/sysconfig/network-scripts/route-eth1 and create the pointer to the networks as needed, then restart the ethernet card. Since my local network is hanging off of eth1 that is the file I created and the card to restart. Others may differ. The format of the file is like this, my example is based on my situation so it should be easy to follow if you look at prior posts.

10.0.1.0/24 via 10.0.0.2
10.0.101.0/24 via 10.0.0.2
10.0.102.0/24 via 10.0.0.2

Of course you would continue that for every subnet, in my case when I hit ste115 with 10.0.115.0/24 I am on the next switch so then the line becomes

10.0.115.0/24 via 10.0.0.3

and the third switch at

10.0.130.0/24 via 10.0.0.4

From here I just need to finish configuring everything. I already created a config file for SW1, I need to do a find and replace for SW2 and SW3, then upload the configurations. Also the 40 scopes in the DHCP server are easier to do if you create a text file and import it with netsh - for example:

. . .

Dhcp Server 10.0.1.2 add scope 10.0.109.0 255.255.255.0 "Suite 109" ""
Dhcp Server 10.0.1.2 Scope 10.0.109.0 set state 1
Dhcp Server 10.0.1.2 Scope 10.0.109.0 Add iprange 10.0.109.2 10.0.109.254
Dhcp Server 10.0.1.2 Scope 10.0.109.0 set optionvalue 51 DWORD "691200" 
Dhcp Server 10.0.1.2 Scope 10.0.109.0 set optionvalue 3 IPADDRESS "10.0.109.1" 

Dhcp Server 10.0.1.2 add scope 10.0.110.0 255.255.255.0 "Suite 110" ""
Dhcp Server 10.0.1.2 Scope 10.0.110.0 set state 1
Dhcp Server 10.0.1.2 Scope 10.0.110.0 Add iprange 10.0.110.2 10.0.110.254
Dhcp Server 10.0.1.2 Scope 10.0.110.0 set optionvalue 51 DWORD "691200" 
Dhcp Server 10.0.1.2 Scope 10.0.110.0 set optionvalue 3 IPADDRESS "10.0.110.1"

Dhcp Server 10.0.1.2 add scope 10.0.111.0 255.255.255.0 "Suite 111" ""
Dhcp Server 10.0.1.2 Scope 10.0.111.0 set state 1
Dhcp Server 10.0.1.2 Scope 10.0.111.0 Add iprange 10.0.111.2 10.0.111.254
Dhcp Server 10.0.1.2 Scope 10.0.111.0 set optionvalue 51 DWORD "691200" 
Dhcp Server 10.0.1.2 Scope 10.0.111.0 set optionvalue 3 IPADDRESS "10.0.111.1"

. . . etc

Other needed options like DNS servers are already on the DHCP server as global options, as they are the same for every scope. I then imported it with netsh execute dhcp.txt where dhcp.txt is the name of the file. In this example my DHCP server was 10.0.1.2, if the server is local you can simply drop that part completely.

With what is chronicled here, anyone should be able to set up a multiple client scenario. I have done this once before about five years ago, but it was Fiber-to-the-Home, with each house having a Class C and using very different equipment. Also in that case the default router was the Layer 3 Switch itself.

John C. Reid, President
Computer and Network Services

 

[rn4it]

Perfect, glad to here. Does that mean the cheque's in the mail?

 

[T313C0mun1s7]

Perfect, glad to here. Does that mean the cheque's in the mail?

Cheque?? Your not an American, are you mate?

Thank you once again for all your help.

John C. Reid, President
Computer and Network Services

 

[rn4it]

Nope Canadian.