Re: help with Vlans to separate networks (119 Views)
Reply
Occasional Visitor
baurc
Posts: 2
Registered: ‎01-22-2013
Message 1 of 4 (166 Views)

help with Vlans to separate networks

i have a client who is using a 3com 4500g switch. they are subletting space to another tenant. i need to isolate the traffic of the subtenant but still provide them internet access as well as DHCP and DNS. right now i have 1 window server small business server running AD, DHCP and DNS on it in port 24. they have a comcast business class circuit with an gateway address of 10.1.10.1 plugged into port 1.

 

 

i have the following vlans setup:

vlan1: 1/0/1-1/0/15, 1/0/19-1/0/39, 1/0/43-1/0/52

vlan2: empty

vlan10: 1/0/1, 1/0/16-1/0/18, 1/0/40-1/0/42

 

vlan1 interface: 10.1.10.2/24

vlan2 interface: empty

vlan10 interface:  192.168.50.2/24

 

AD/DHCP/DNS server: 10.1.10.10

 

dhcp scopes:

10.1.10.100-199/24 (original tenant)

 

192.168.50.50-100/24 (sub-let tenant)

 

i have enabled DHCP service on the switch

DHCP-SERVER 1 ip 10.1.10.10

interface vlan 10 1

dhcp-server 1

 

i am unable to get an ip address from the dhcp server on vlan 10. it just times out. if i manually enter an ip address in to my nic properties i still cant get out to the internet.  clearly am missing some things. i'm pretty new to vlans so any help would be much appreciated. this is only one switch that i am working with.

Please use plain text.
Honored Contributor
Peter_Debruyne
Posts: 313
Registered: ‎03-21-2011
Message 2 of 4 (158 Views)

Re: help with Vlans to separate networks

not sure for these switches, but the current comware switches require the admin to start the dhcp process at the global level, even for dhcp relay functions:

 

dhcp enable

 

Please use plain text.
Occasional Visitor
baurc
Posts: 2
Registered: ‎01-22-2013
Message 3 of 4 (154 Views)

Re: help with Vlans to separate networks

i did a dhcp enable already too.

Please use plain text.
Honored Contributor
Peter_Debruyne
Posts: 313
Registered: ‎03-21-2011
Message 4 of 4 (119 Views)

Re: help with Vlans to separate networks

ok, there is probably nothing wrong with the switch config, but a missing route on the dhcp server.

A dhcp server can only offer leases for an IP subnet which it reach through the routing table.

 

If the server is configured to use the 10.1.10.1 comcast router as default gateway, so if it received the dhcp discover from the relay agent with ip 192.x.x.x, it will send the dhcp offer to the comcast gateway. The switch does not even get the offer (it passes the switch at L2, but it does not reach the L3 routed interface at the switch)

 

2 solutions:

1/ set the DG of the server to the switch + configure a default route on the switch to the comcast.

This will ensure that initially the switch is DG, so the offer would reach the L3 interface of the switch

2/ add a specific route on the windows host for the 192.x.x.x subnet, which points to the switch L3 address:

route add 192.x.x.x mask 255.255.255.0 10.1.10.2 -p

 

Best regards,Peter

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation