DHCP Server (2008 R2) providing IP only to some VLANs (catalyst 3650)

Zeeshan Khan · ‎07-24-2016

Hi,
I am facing a strange issue with VLANs and DHCP.
My DHCP Server is providing IPs to some VLANs (more than one) and not the rest of them.
I have a Cisco L3 switch (Catalyst 3650) on which I created several VLANs and assigned 2 physical ports for each VLAN so I can connect a physical machine to verify if the machine is getting an IP Address.

Following are the VLANs and their network that I'm trying to create.
VLAN2 = 10.0.2.0/23
VLAN4 = 10.0.4.0/23
VLAN6 = 10.0.6.0/23
VLAN8 = 10.0.8.0/21
VLAN16 = 10.0.16.0/21
VLAN24 = 10.0.24.0/21
VLAN32 = 10.0.32.0/21
VLAN40 = 10.0.40.0/21
VLAN99 = 10.0.0.0 / 21

I am using a DHCP server of Windows Server 2008 R2 which is connected to VLAN99 whose configuration is:
IP Address: 10.0.0.1
Subnet Mask: 255.255.248.0
Default Gateway: 10.0.0.3

For each VLAN, I created a scope in the DHCP Server.

There are in total 3 devices which are there in this setup.
1) Catalyst 3650
2) DHCP Server (Windows Server 2008 R2)
3) Client machine (Windows 7) occasionally connected to various ports to check the IP address leased by DHCP.

Below are the commands executed on switch after deleting vlan.dat and resetting it.

config t
default interface range gi1/0/1 - 48
int range gi1/0/1 - 48
spanning-tree portfast
exit

int vlan 99
ip address 10.0.0.3 255.255.248.0
ip helper-address 10.0.0.1
exit
int vlan 2
ip address 10.0.2.1 255.255.254.0
ip helper-address 10.0.0.1
exit
int vlan 4
ip address 10.0.4.1 255.255.254.0
ip helper-address 10.0.0.1
exit
int vlan 6
ip address 10.0.6.1 255.255.254.0
ip helper-address 10.0.0.1
exit
int vlan 8
ip address 10.0.8.1 255.255.248.0
ip helper-address 10.0.0.1
exit
int vlan 16
ip address 10.0.16.1 255.255.248.0
ip helper-address 10.0.0.1
exit
int vlan 24
ip address 10.0.24.1 255.255.248.0
ip helper-address 10.0.0.1
exit
int vlan 32
ip address 10.0.32.1 255.255.248.0
ip helper-address 10.0.0.1
exit
int vlan 40
ip address 10.0.40.1 255.255.248.0
ip helper-address 10.0.0.1
exit

int range gi1/0/1 - 2
switchport mode access
switchport access vlan 99
exit
int range gi1/0/3 - 4
switchport mode access
switchport access vlan 2
exit
int range gi1/0/5 - 6
switchport mode access
switchport access vlan 4
exit
int range gi1/0/7 - 8
switchport mode access
switchport access vlan 6
exit
int range gi1/0/9 - 10
switchport mode access
switchport access vlan 8
exit
int range gi1/0/11 - 12
switchport mode access
switchport access vlan 16
exit
int range gi1/0/13 - 14
switchport mode access
switchport access vlan 24
exit
int range gi1/0/15 - 16
switchport mode access
switchport access vlan 32
exit
int range gi1/0/17 - 18
switchport mode access
switchport access vlan 40
exit

What I observe is that the DHCP is able to provide IP address upto VLAN6 but for VLAN8 and above, it is not providing IP address to the client machine.
For troubleshooting part, I did the following.
1) Deleted VLAN.dat
2) Reset all the Switchports
3) Reset the switch
4) Attached another DHCP server with same scopes
5) Enabled IP Routing on switch

I also created exactly the same network in packet tracer which works perfectly fine, all the machines in every VLAN are getting IPs there.
the only difference is that in PT, I have used 3560 switch as 3650 is not available there.
Maybe I am missing something very obvious.

The attached zip file which contains .pkt file of the network.

Please advise.
Thanks.

ahmedshoaib · ‎07-24-2016

Hi Zeeshan;

Please change the subnet mask of vlan 99 from 255.255.255.248(/21) to 255.255.255.254 (/23) & verify.

/21 subnet already include your Vlan 2, Vlan 4 & Vlan 6 IP Address range.

Thanks & Best regards.

Zeeshan Khan · ‎07-24-2016

Thanks for the reply,

I think you mean to say that I should change it from 255.255.248.0(/21) to 255.255.254.0 (/23) ?

ahmedshoaib · ‎07-25-2016

Yes; Otherwise you need to change all other Vlan subnet (like below):

VLAN2 = 10.0.10.0/23
VLAN4 = 10.0.12.0/23 and so on.

Thanks & Best regards;

Zeeshan Khan · ‎07-25-2016

Hi,

I changed the subnet of VLAN99 to 255.255.255.0 and after some time I stopped getting IPs on every VLAN except VLAN99.

I have also executed the following command on switch to try and make it dhcp relay agent

ip dhcp relay information option
ip dhcp relay information option vpn
ip dhcp relay information trust-all

What next now ?

ahmedshoaib · ‎07-25-2016

Hi Zeeshan;

It should work, i don't think it's network issue. May by you DHCP is creating issue.

Just for testing purpose you can create DHCP server on you switch (not of permanently) and verify all your client are getting IP address.

One more thing can you double check the subnet mask of your DHCP Server, which should be now 255.255.255.0 or restart the DCHP services.

Thanks

Zeeshan Khan · ‎07-25-2016

Hi Shoab,

The DHCP server has got a static IP configured on it, its the subnet mask which I keep changing with the VLAN99 configuration

Here is more I found:

If I keep the subnet mask of VLAN99 and DHCP server to /24, no other VLAN would get the IP address.

If I keep change the subnet of my DHCP server to /16 (255.255.0.0) without changing the subnet mask of VLAN99 (255.255.255.0) then all the VLANs are getting the IP address.

It seems like the Switch is able to send the packets to the DHCP server but the DHCP Server is only responding to them as long as they are coming from a network which lies within the range of the network defined on DHCP Server's NIC.

Something does not seem right.

The switch is supposed to relay those packets, I shouldn't need to give an incorrect subnet mask to the DHCP Server.

Does this also mean that I will never be able to add 192.168.1.0 network scope in this DHCP server ?

Thanks.