01-22-2013 01:55 PM
i have a client who is using a 3com 4500g switch. they are subletting space to another tenant. i need to isolate the traffic of the subtenant but still provide them internet access as well as DHCP and DNS. right now i have 1 window server small business server running AD, DHCP and DNS on it in port 24. they have a comcast business class circuit with an gateway address of 10.1.10.1 plugged into port 1.
i have the following vlans setup:
vlan1: 1/0/1-1/0/15, 1/0/19-1/0/39, 1/0/43-1/0/52
vlan10: 1/0/1, 1/0/16-1/0/18, 1/0/40-1/0/42
vlan1 interface: 10.1.10.2/24
vlan2 interface: empty
vlan10 interface: 192.168.50.2/24
AD/DHCP/DNS server: 10.1.10.10
10.1.10.100-199/24 (original tenant)
192.168.50.50-100/24 (sub-let tenant)
i have enabled DHCP service on the switch
DHCP-SERVER 1 ip 10.1.10.10
interface vlan 10 1
i am unable to get an ip address from the dhcp server on vlan 10. it just times out. if i manually enter an ip address in to my nic properties i still cant get out to the internet. clearly am missing some things. i'm pretty new to vlans so any help would be much appreciated. this is only one switch that i am working with.
01-22-2013 03:11 PM
not sure for these switches, but the current comware switches require the admin to start the dhcp process at the global level, even for dhcp relay functions:
01-26-2013 04:13 AM
ok, there is probably nothing wrong with the switch config, but a missing route on the dhcp server.
A dhcp server can only offer leases for an IP subnet which it reach through the routing table.
If the server is configured to use the 10.1.10.1 comcast router as default gateway, so if it received the dhcp discover from the relay agent with ip 192.x.x.x, it will send the dhcp offer to the comcast gateway. The switch does not even get the offer (it passes the switch at L2, but it does not reach the L3 routed interface at the switch)
1/ set the DG of the server to the switch + configure a default route on the switch to the comcast.
This will ensure that initially the switch is DG, so the offer would reach the L3 interface of the switch
2/ add a specific route on the windows host for the 192.x.x.x subnet, which points to the switch L3 address:
route add 192.x.x.x mask 255.255.255.0 10.1.10.2 -p