Hi. We are experiencing what I believe to be a routing issue, but cannot identify it. 1 Cisco switch stack (SGE2010) in L3 mode, 2 Vlans.
Vlan 1 = 192.168.0.253/24, untagged on all ports except 14/15
Vlan 2 = 192.168.22.1/24, untagged on port 14 and 15
SGE2010 default route 0.0.0.0/0 next hop 192.168.0.1 (Checkpoint UTM)
DHCP Relay enabled
DHCP server set to 192.168.0.16
DHCP interface set to Vlan2
Checkpoint UTM = 192.168.0.1/24
Static route = From ANY to 192.168.22.0, next hop 192.168.0.253 (Stack)
DHCP Relay setup on Checkpoint to Stack address
DHCP server, IP=192.168.0.16/24 DG=192.168.0.1 is plugged into port 8 of the stack, Vlan1
Machine 1 = static IP 192.168.22.9/24 DG=192.168.22.1 on port 14 of Stack, Vlan2
Machine 2 = DHCP client on port 15 of Stack, Vlan2
Machine 3 = DHCP client on port 16 of Stack, Vlan1
Machine 1 which is using a static address on Vlan2 works great. It can ping everywhere I want it to, including any host on Vlan 1 and the DHCP server itself.
Machine 2, DHCP client on Vlan2, never gets an address, stating that it cannot reach the DHCP server
Machine 3, DHCP client on Vlan1 works fine
From WireShark, the DHCP Discovery is sent from the DG of Vlan2, DHCP Offer is sent from DHCP server on Vlan1 with an appropriate IP from the scope for Vlan2, however, the very next entry is a ICMP Port Unreachable from Vlan2 on the Stack to the DHCP server.
Expanding the ICMP entry, it appears that the destination is the pc client since it shows a Dell mac address, and the source is the Checkpoint UTM (Sofaware).
I can ping and tracert from the Checkpoint to my static IP on Vlan 2. The same goes for the DHCP server to/from Vlan2, so I am confused as to why the routing is failing. I have tried adding Port Fast to the stack ports, but nothing changes. Sorry for the lengthy description, but I wanted to include enough detail for you. Your insights are appreciated and much needed.
Sorry, I just got back to this environment. I must have looked at that 100 times, but it wasn't until I read your post that it realized it. Thanks for waking me up. Sometimes, you just stare at it too long.
The DHCP server was in place a long while and I didn't think to change it's default gateway to the VLan1 port when we created the vlans. Thanks again for your help!
i dont think you have routing problems here, everything seems to work at Layer 3 level. there should something wrong about the Broadcast handling in ur network, check if u accidentaly set something to block bootp broadcasts, check the UTM.
you could temporarily bypass UTM, see if dhcp works then.