Matt

Unless I am misuderstanding the router shouldn't come into it.

You have a DHCP server in vlan 1.

Looking at routing table you posted vlan 1 uses this subnet -

192.168.2.128 255.255.255.224

and the SVI for that vlan has an IP of 192.168.2.140.

So those are the settings you should use, see my previous post.

The DHCP reply is unicast so you need the server to have the right settings.

It will send it back to it's default gateway which is 192.168.1.140 and then it gets routed to the SVI for vlan 303.

Jon

you said that the router would rout the unicast packets from the dhcp server to the ip of the svi right? so I made my dhcp gateway the ip of the interface on the router that connects to the switch and it works. i changed my mask to 255.255.255.0 to close it up a bit and i know i can close it even more with the mask. does this seem right to you guys? 

No it's not right.

The L3 switch routes the packet not the router ie..

broadcast DHCP discover sent fron client in vlan 303 gets to SVI for vlan 303 and then it sends unicast to DHCP server in vlan 1.

DHCP sends offer back and that should go to the DHCPs default gateway which is 192.168.1.140 on the same L3 switch.

Packet is routed to vlan 303 and then broadcast back to client.

The router should not come into it.

It should all happen on the L3 switch.

Jon

192.168.1.140 is the ip of the vlan 1 svi if I need to route something to other svi then I need to go to the router to get to them because the router knows the route to get there. the masks on the svi keep them from seeing one another so using the ip of the svi of vlan 1 would not get the unicast packets to the destination. I tried it, it did not work.192.168.2.253 is the ip of the l3 interface connected to router and 192.168.2.254 is the ip of the interface on router that connects to switch. so the unicast packets go to router and it knows how to get the packets to there proper destination. 

I'm not sure I follow.

Your L3 switch will route between the SVIs.

You should not need to go via the router.

The subnet masks do not mean they cannot see each other or rather they can't at L2 but your switch is L3 which means it routes the packet.

If vlan 1 needs to route to another vlan the L3 switch simply looks in the routing table and uses that.

Look at the "sh ip route" on your L3 switch.

You should only be going to the router to get to destinations outside your network not to get to destinations that are routed on your L3 switch.

This is how DHCP works in every company I have worked in ie. your L3 switch can do it all.

Jon

so if they route between eachother then in theory I could use any svi as the gateway of the DHCP server right?

No you can't because you have to use the SVI for the vlan that the DHCP server is in.

The DHCP server has an IP address, a subnet mask and gateway.

If it works out the destination IP is not In the same subnet as it is then it must send the packets to it's default gateway which is the L3 SVI for the vlan it is in.

The L3 switch then receives that packet does a lookup on the destination IP and as long as it has a route to the destination subnet it forwards the packet on.

Basically every device in a vlan should have their default gateway set to the L3 SVI for that vlan if you are using a L3 switch to route the traffic.

I'm not sure where the confusion is coming.

It could be the way I am explaining it or it could be something you are assuming that is not correct.

Can you perhaps clarify exactly what it is you are not following ?

Jon

I apreciate you guys helping me to understand this problem, I think I have a better grasp on it. one of my main problems was I had a route that I had to remove from my DHCP server that was causing some issues.

I did change the gateway of the DHCP server to the IP of the VLAN 1 SVI since that is where the DHCP server resides.

the end users are receiving IP addresses from the DHCP scope that belongs to there respective SVI that they connect through ie: SVI 192.168.3.1 255.255.255.192  i get addresses 192.168.3.2-62 so all is well there.

I am going to be routing public IP addresses with this and I think I am going to have a problem when it comes to the IP addresses that I will need to use for each SVI. I will be using 2 to 3 class c ranges and some are not exactly together. I have some 208.74 some 66.211 some 207.140  and I may have to issue 2 different on the same SVI any thoughts on how to make that work?

Do you need to assign public IPs within your network or can you just NAT them on the router as they go out ?

If you do need to assign them can you explain in more detail what the problem is because it's not clear from your description.

Jon

I am setting this up for the ISP i work for and our customers receive public IP addresses from us. we have 3 IP pools 2 from providers and 1 from ARIN

have 8 class c from arin

4 class c from one provider 

5 class c from another provider

is that what you needed to know 

It was your last paragraph in your previous post that wasn't clear.

Can you explain what is the problem is ? 

Jon

I am going to be moving from one ip pool to several and to keep my current configuration with my dhcp server and move it to several scopes i will need to be able to route all my ip addresses to begin with and slowly move them to the VLANs 

so to begine with all the different ip addresses I have will need to go over vlan 1 and after that I can slowly remove them and add the SVI for them to route through if that makes sense 

I think all I need to do is add secondary IP to the SVI but I think I will still use the IP of the SVI as the default gateway right

I am not clear how it is set up now and how it works now with multiple networks/subnets in vlan 1. And it is not important for me to understand that. What is important is to understand how it will work as you begin to use multiple vlans.

It is simple and it works when a vlan has a single IP subnet associated with the vlan and a single scope for it configured on the DHCP server. Let us assume, for example, that IP addresses 66.211.1.1 through 66.211.1.63 have been used in the original scope for vlan 1. Now you are going to remove those addresses from the original scope and configure a new scope on the DHCP server for those addresses.  Then let us assume that you change the configuration of vlan 301 and its SVI. On interface vlan 301 you configure IP address 66.211.1.1/26. And on interface vlan 301 you configure a helper address pointing to the DHCP server. Now when a user in vlan 301 sends a request for an IP address, interface vlan 301 will forward the request to the DHCP server and the server will assign an address in the range 66.211.1.2 through 66.211.1.63. In the scope the default route would be 66.211.1.1.

You could follow that process vlan by vlan as you move users from the original large vlan 1 to the new smaller vlans. You withdraw a block of IP addresses from the original combined scope and use that block of addresses in a new scope associated with a new vlan.

You mention the possibility of using a secondary address in the SVI. I am not clear what you had in mind for that. While it may be possible to have two subnets configured within a single vlan it gets quite complicated to try to use two subnets within a single vlan when you are using DHCP.

HTH

Rick 

well i guess it will get tricky because i am going to have to use 2 and 3 subnets per vlan. I have 4 chassis and I plan on configuring a vlan per chassis some chassis are more heavily loaded than others.

I will also have to have VLAN 1 configured for all IP addresses to begine with so I can slowly move the IP addresses to the VLANs they are designed for.