Problem with DHCP on a 6509

lkcameron · ‎09-13-2005

I've come across a mongrel of a problem, and i'm pulling my hair out trying to sort it out. Its like this:

We have a DHCP (actually a Sun Jumpstart) server on our test network. The server has been equipped with a NIC capable of performing 802.1q tagging, and thus we have set it up with virtual interfaces connected to all VLANs on the switch (Cat 6509) through an 802.1q trunk port. The problem is that we cannot seem to get the server and the client to talk properly to give the client IP address etc while connected through the switch. The real vexing thing is that if we take the client and the server off the switch, and connect them through a dumb hub, all works fine without a hitch. Going through the hub works presumably because the client and server both are on VLAN 1 which is the native VLAN, and therefore traffic is not tagged tagged at all for VLAN 1.

When connected to the switch, we see the normal DHCPDISCOVERY, DHCPOFFER and DHCPREQUEST, but the DHCPCK packet from the DHCP server to complete the transaction is not forthcoming. When connected to the hub, as stated, all happens as it should... Don't you love this :)

Does anyone have any idea why our switch appears to be somehow limiting the traffic (only really the DHCPACK packet) going between our client and server? Does anyone have a solution for me. I'm about to take to all of it with a rather large hammer :)

The swich is a 6509, Sup1A + MSFC, 48-port ethernet linecard. Hybrid S/W ver 7.4(3). Pretty much default configuration except for the basic stuff. The server and clients are both Sun Blade 150's.

Please help !!!

thisisshanky · ‎09-13-2005

When you connect to the hub, you are not configuring the nic on the server as a trunk port. Is that correct? Does the Sun server have multiple ip addresses in each subnet/vlan ?

While we troubleshoot what exactly the problem is, let me suggest you an alternate solution and let me know if that sounds approving to you.

You really dont need to enable vlans and trunking on the Sun server to make this to work. DHCP is a standard protocol and if you have 10 vlans, the DHCP server can reside in one vlan, while all other vlans can have a relay agent configured which is typically a Layer 3 device in Cisco environment (your MSFC). Your MSFC should have Vlan interface definitions, with the ip helper-address command configured. This should take care of providing DHCP to all clients in all vlans. All you got to do on the Sun server is configure the nic as a normal port (with an ip address in one vlan). and the DHCP server should have multiple scopes defined for each vlan (subnet).

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

lkcameron · ‎09-13-2005

We don't have to change the settings on the NIC at all to tell it that its no longer on a trunking port. The interface on the Sun that is configured to interface with VLAN 1 is called 'ce0' as opposed to 'ce2000' for the VLAN 2 interface. This naming is a requirement of the Sun NIC's 802.1q tagging config. When you create the interfaces, you have to name them 'ceX000' where 'X' is the VLAN number that the interface is on. Thereofre when we name the VLAN 1 interface 'ce0' it means that traffic from this interface is not 802.1q tagged. This is because we do not want the traffic on the VLAN 1 interface to be tagged with 802.1q info at all, as VLAN 1 on the switchport is the native VLAN, ie. the switch does not 802.1q tag packets on that interface if they are destined for VLAN 1. So to answer your first question, yes, the NIC on the Sun is still configured to do 802.1q tagging even though its not connected to a trunking port, although this does not matter for traffic on VLAN 1, because traffic on VLAN 1 is not tagged anyhow. And yes, each sub-interface (probably the best way to describe them) on the Server's NIC is assigned an IP address on the subnet corresponding to its VLAN.

To answer your second, we are aware that we may be able to forward DHCP on the MSFC, but we wish to avoid having to make changes to any of the routers if its possible. If we can't get it to work using VLAN's, in the current configuration, we may fall back on using a relay agent.

thisisshanky · ‎09-13-2005

From the switch - Can you verify if you the trunking status is on. (I am sure it should, as you are able to see the DHCP packets via sniffer trace).

(show trunk, show port ) should help.

Also if you put a client PC on each vlan with a static ip from that subnet, is it able to ping each ip address configured on the Sun server (so called sub interface)

I am not looking for inter vlan communication, just intra vlan should be fine.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

lkcameron · ‎09-13-2005

I can confirm that normal communications within the VLAN are working fine. I can also confirm that the port on the switch is an 802.1q trunk port. We've been Jumpstarting clients off the sub-interfaces now for months, but as soon as we've tried to move from regular Jumpstart/BOOTP to DHCP, this is where the problems have arisen. Like I mentioned, all the traffic seems as expected (maybe a little delayed) with the exception of the DHCPACK packet that finalises the client/server transaction.