help IP routing VLAN on SF300-24

nguyenquynhson363 · ‎04-23-2011

I had made a DHCP server that had many scope:

1- scope: 192.168.1.208/28

2- scope: 192.168.1.224/28

3- scope: 192.168.16.0/24

and DHCP server : IP address: 192.168.16.1

so we config SF300-24 with 3 VLans

1- VLan2: IPv4 address: 192.168.1.222

subnetmask: 255.255.255.240

2- VLAN3: IPv4 address: 192.168.1.238

subnetmask: 255.255.255.240

3- VLAN4: IPv4 address 192.168.16.254

subnetmask: 255.255.255.240

How to condig SF300-24 to vlan 2 vlan 3 can get IP address from DHCP server in VLan 4?

Could you help me?

Thank!

David Hornstein · ‎04-23-2011

Hello

I hope you have enabled Layer 3 switching in the switch by changing the mode to layer 3 via telenet or console connection ?

If this is done you then have the option to relay DHCP requests from particular VLANs to your DHCP server. I basically copied the help text from the switch to below.

Defining DHCP Relay Properties

The Properties Page enables configuring the DHCP Relay status on the switch, and the IP addresses of the DHCP server where the DHCP messages are relayed.

To use this feature, it is necessary to activate the DHCP Relay on the ingress interface where the DHCP messages are to be relayed. This can be done in the DHCP Relay Interfaces Page.

Option 82 inserts additional information to the packets sent from the host.

The DHCP server passes the configuration information to hosts on a TCP/IP network. This permits the DHCP server to limit the address allocation to authorized hosts.

DHCP with Option 82 can only be enabled if DHCP Relay is enabled.

To configure the DHCP Relay feature:

Click IP Configuration > DHCP Relay > Properties. The Properties Page opens.

Enter values for the following fields:

DHCP Relay—Select to enable or disable DHCP Relay.

Option 82—Select Option 82 to enable insertion of the device MAC address and input parameters into packets for identification of the device.

This option is configurable only in Layer 3 mode.

DHCP Server Table—Displays the list of DHCP servers.

Click Add to enter the IP address of the DHCP server. The Add DHCP Properties Page opens.

Enter the value for the following field:

IP version—Displays that only IPv4 is supported.

DHCP Server IP Address—Enter the DHCP server IP address.

Click Apply. The DHCP server is defined, and the Running Configuration file is updated.

Use the DHCP Relay Interfaces Page to configure the interfaces that support DHCP Relay.

Defining DHCP Relay Interfaces

This page enables configuring the port, LAG, or VLAN interfaces that support the DHCP Relay functions. For the DHCP Relay to function, it also must be activated globally in the Properties Page.

To define the DHCP Relay interfaces:

Click IP Configuration > DHCP Relay > DHCP Relay Interfaces. The DHCP Relay Interfaces Page opens.

This page displays the interfaces where DHCP Relay is defined, and their IP addresses. In Layer 3, port, LAG, or VLANs are offered; in Layer 2 only VLANs are offered.

To add an interface, click Add. The Add DHCP Interface Page (Layer 2) opens.

Enter the Interface value.

If the switch is in Layer 2 mode, select the VLAN that is to be DHCP Relay enabled.

If the switch is in Layer 3 mode, select whether the interface is for a port, VLAN, or LAG.

Click Apply. A DHCP Relay interface is defined, and the Running Configuration file is updated.

nguyenquynhson363 · ‎04-24-2011

Dear David Horstein!

I configed SF300 is Layer 3 from console.

And I enable DHCP relay:

with VLAN interface:

and chose DHCP relay on Interface

but my pc on VLAN 2 cann't get IP address from DHCP server on VLAN4.

how to config right for this situation?

David Hornstein · ‎04-24-2011

Hi Mr Quynh,

This does depend on how clever is your DHCP server on VLAN4. The DHCP server must be able to detect a DHCP request from VLAN2 and allocate IP addresses specifically for VLAN2. That is one reason why we have a option for a DHCP relay with option 82.

Hopefully the DHCP server is smart enough to utilize or recognise the circuitID or chassis ID information from option 82 that is incorporated in the DHCP request from a VLAN2 IP host.

Check out and see if your DHCP server can utilize option 82 information to identify which vlan the dhcp request is coming from.

regards

David Hornstien

nguyenquynhson363 · ‎04-25-2011

Dear Mr David hornstein!

we don't think the reason from DHCP server.

We use the DHCP server for our company with catalyst cisco 3560 then it work well.

and they want to check switch Layser 3 SF300-24 (we anable Layer 3 by console )before we send it our customer.

and we think only with DHCP relay then VLAN 2 ; VLAN 3 cann't ping IP address of DHCP Server on VLAN 4. So they cann't get IP from DHCP server.

Could you please check this situation ?

We should config IPv4 routing and IPv4 Access-List, shouldn't we?

See you soon!

nguyenquynhson363 · ‎04-24-2011

It's image of SF300

David Hornstein · ‎04-26-2011

Dear Mr Quynh.

When you enable layer 3 in the console, the Sf300-24 turns into a Layer 3 switch just like the Catalyst 3560.

Catalyst 3560 however has a lot more functionality

Please, Mr. Quymh I am confused. According to your first post you wrote the following;

I had made a DHCP server that had many scope:

1- scope: 192.168.1.208/28

2- scope: 192.168.1.224/28

3- scope: 192.168.16.0/24

and DHCP server : IP address: 192.168.16.1

so we config SF300-24 with 3 VLans

1- VLan2: IPv4 address: 192.168.1.222

subnetmask: 255.255.255.240

2- VLAN3: IPv4 address: 192.168.1.238

subnetmask: 255.255.255.240

3- VLAN4: IPv4 address 192.168.16.254

subnetmask: 255.255.255.240

why is subnet mask of vlan 4 = 255.255.255.240

should VLAN4 be 192.168.16.254 mask=255.255.255.0 ?

At the moment with a subnet mask of 255.255.255.240 in VLAN4 you will have a valid range of IP addresses for this vlan4 of 192.168.16.241 to 192.168.16.254.

There is no way for the DHCP server at ip address 192.168.16.1 to fit into VLAN4 address range. I am suprised you can ping anything from the DHCP server.

Is this subnet mask just a written error on your original posting, can you change the subnet on the SF300-24 VLAN4 interface to 255.255.255.0?

Also within the DHCP server at IP address 192.168.16.1, you must have at least two persistant routes in the DHCP server IPv4 route table.;

Simply said the reason for this is to tell the dhcp server how to reply to IP hosts that are inside Vlan 2 and VLAN 3.

192.168.1.208 Mask= 255.255.255.240 nexthop/gateway=192.168.16.254

192.168.1.224 Mask= 255.255.255.240 nexthop/gateway=192.168.16.254

Can you please make some changes and let me know what happened.

Sincere regards

David Hornstein

nguyenquynhson363 · ‎04-26-2011

dear David Hornstein !

I'm sorry i'm miss gateway vlan 4 it's 192.168.16.254 subnetmask: 255.255.255.0

and i create ipv4 route same as you say:

192.168.1.208 Mask= 255.255.255.240 nexthop/gateway=192.168.16.254

192.168.1.224 Mask= 255.255.255.240 nexthop/gateway=192.168.16.254

but when i apply this route the i receive report following:

Gateway cannot be one of the addresses configured on this device..

so we cann't create route table as you.

could you please check this situation?

David Hornstein · ‎04-26-2011

Dear Mr Quynh.

I was thinking that you needed the routes within the DHCP server.

I would think that the DHCP server should have a default gateway and it should be 192.168.16.254 ( the SF300-24).

If the DHCP server is not using the SF300-24 as it's default gateway then you should add those routes into the DHCP server.

Can the DHCP server now ping the different vlan interfaces ?

please note:These Vlan interfaces must have a IP host connected to them or their IP interface will not respond to a Ping.

If this doesn't work, it would be most useful for you to dave the switch configuration so I can see how it is configured.

regards

Dave

nguyenquynhson363 · ‎04-27-2011

Dear David!

These pictures are steps we config on SF300 (file attached)

DHCP server: 192.168.16.1 can work well with Cisco catalyst 3560, so i don't think problem from DHCP Server.

We hope you should understandour situation

nguyenquynhson363 · ‎04-27-2011

we try config same as you say;

It's seem SF300 (mode layer 3) cann't work exactly!

could you please check this situatiion!

Alejandro Gallego · ‎04-28-2011

Sorry if this was already covered or if i am repeating something already said...

this is my understanding:

object: L3 switch multiple vlans and single dhcp server

assumptions:

single dhcp server already configured and working as expected for any single configured scope

switch is in layer 3 mode and from the switch you can access all the vlans

configuration:

Switch
1. do not use option 82 (unless absolutely needed) -- remove for now
2. ip addressing (my own for my own sanity):
  1. VLAN 1 (native) 192.168.10.0 /24
  2. VLAN 2 192.168.20.0 /24
  3. VLAN 3 192.168.30.0 /24
    - interfaces
      - vlan1 interface IP: 192.168.10.254 /24 <== NOTE this part
      - vlan2 interface IP: 192.168.20.254 /24
      - vlan3 interface IP: 192.168.30.254 /24
    - route ENTRIES (note i say entries not discovered)
      - 0.0.0.0 /0 next hop 192.168.10.253 <== NOTE: this should be to a backbone router or some other ROUTER / ROUTING device. this is how your vlans on this switch will get out of this switch
    - DHCP relay
      - no option 82 (unless needed -- i dont think you need it)
      - relay all interfaces EXCEPT the network in which the dhcp server lives on
        ex. DHCP server IP: 192.168.10.1 /24
        NO RELAY ON VLAN1 -- if you think about it there is no reason to relay as the broadcast is already heard. switches FLOOD broadcasts
      - dhcp scope options should have this for the gateway:
        vlan1: 192.168.10.254
        valn2: 192.168.20.254
        vlan3: 192.168.30.254
Tie it all together:
1. Host on VLAN20
  1. attached to an access port on VLAN20 (start with an access port; then if needed for network you can trunk it)
  2. set host for dhcp -- should get an IP address
    1. if not: assign static ip with proper addressing to make sure traffic is flowing
2. Host on VLAN30
  1. same as above
3. Host on VLAN1
  1. there is no reason this host should fail to get an address. if it does ensure the server is properly configured and begin troubleshooting LAYER2 problems. forget routing at this point, something else is seriously wrong

*** Remember that FROM the switch to the backbone router that connection should be an access port but could be a trunk. regardless this connection has no bearing on the dhcp for the vlans DIRECTLY connected on the switch. If you are getting a proper IP but can't get out; think maybe "I don't know how to get back"! Since this is a router, we have to tell the other router attached what networks i own.

hope this helps.

nguyenquynhson363 · ‎05-03-2011

Dear Gagello!

Thanks your updating information!

nguyenquynhson363 · ‎05-03-2011

Dear Gagello!

It's a problem with SF300

So we config interface vlan 1 is 192.168.10.254; and we turn off SF300 then VLan1 automaticaly become default and not register 192.168.10.1.

Could you please check this situation?

Thanks!

Alejandro Gallego · ‎05-03-2011

nguyenquynhson363 wrote:

Dear Gagello!

It's a problem with SF300

So we config interface vlan 1 is 192.168.10.254; and we turn off SF300 then VLan1 automaticaly become default and not register 192.168.10.1.

Could you please check this situation?

Thanks!

From this post I understand that everytime you power cycle the switch you loose your VLAN IP addressing that was set. Is that correct. If so, the switch should have a section typically under administration > configuration (or somehting like that) where you can perform a "copy run start"

If you can't figure that out look at your documentation or call support. If I read this correctly this should be an easy fix.