VLAN question

[Nothinman]

Nothing in the event logs. I've been sniffing with netmon, and that interface isn't seeing any dhcp requests. It does show the pings back and forth.

I did add another switch with a trunk and traffic does pass across successfully. So it appears I was right in the first place with my setup.


Ill install wireshark and try with that.

Netmon and wireshark should return the exact same results. If you're note even seeing the DHCPDISCOVER messages the packets aren't even making it to the server. If you're using an ip helper to forward requests from another vlan the packet would be unicast to it's configured server instead of broadcast to the entire subnet, but the server should still see it on the appropriate interface.

 

[imagoon]

Are these networks live? At this point I would get a random cheap internet router and plug it in to a untagged VLAN100 port and do some DHCP testing. Basically trying to eliminate problems. If the machines get a 192.168.1.1 [whatever] from the test router but can't get DHCP from the server then it points the issues at the server. I found that a lot of the drivers were pretty finicky when it came to VLAN support. It is possible that the switches are fine and there is a server issue that needs to be worked out or the server could be fine and the network is still hosed. This would hopefully eliminate the vlanning at least.

 

[Skunk]

I have not abandoned the thread. We had an extended power outage, needed some time to verify everything came back up and there were no issues.

Good news/bad news. Once i brought everything up, DHCP started working correctly for the vlan. Bad news, I didn't change anything and can't explain why it just started working :\

Currently trunking the lab switches into the production environment to see if it will span more then the two switches in the lab.

 

[imagoon]

I have not abandoned the thread. We had an extended power outage, needed some time to verify everything came back up and there were no issues.

Good news/bad news. Once i brought everything up, DHCP started working correctly for the vlan. Bad news, I didn't change anything and can't explain why it just started working :\

Currently trunking the lab switches into the production environment to see if it will span more then the two switches in the lab.

If I had to harbor a guess... I never tested this myself so I can't say "yup this did it" but: It is very possible that the DHCP service was not truly bound to the new interface because it appeared while it was running, requiring a service cycle (power outage does that quite well) for it to actually bind to the new NIC.

 

[Skunk]

I had thought of that initially too. The server had rebooted serveral times during my testing.

 

[imagoon]

I had thought of that initially too. The server had rebooted serveral times during my testing.

Then my direction would be "some glitch in the switches."

 

[Skunk]

Just to update this and close it out..

HP has a different definition of "trunking" between their switches. We are using some v1910 and v1810. The 1910 uses the standard cisco version of trunking, and the 1810 just defines them as tagged or untagged. Once i sorted that out everything worked expected.

Example: define port 1 as trunk on the v1910, and just mark it as tagged on the v1810.

 

[imagoon]

Just to update this and close it out..

HP has a different definition of "trunking" between their switches. We are using some v1910 and v1810. The 1910 uses the standard cisco version of trunking, and the 1810 just defines them as tagged or untagged. Once i sorted that out everything worked expected.

Example: define port 1 as trunk on the v1910, and just mark it as tagged on the v1810.

Good that you figured it out.

Cisco uses ISL which it dropped for 802.1Q which is standard among nearly everyone. Did the v1910 have anything in there about trunk negotiation or the like? Some switches will try to negotiate trunking and if it fails, falls back to access port. With the 1810 only mentioning tagged and untagged, I would suspect it was not sending any negotiation packets.

Completely hypothetical.

 

[Skunk]

The 1910 didnt have anything with regards to negotiation. It just sets, trunk, access or hybrid. If it does negotiate its not mentioned anywhere, in the config settings. I havent dug into the man.

My problem was the 1810 definition of trunk. They define trunk on that one as an aggregation of ports, and i was expecting it to be the same as on the 1910. (They are both HP switches after all, one assumes they use the same terminology across their tech(The 1910 has the normal, and also a setting for aggregation))

 

[alkemyst]

I am not sure what you are trying to say here. How do you break out of a vlan if the edge switches are access ports? The only "nonsecure" thing about vlans is trunking with tagged ports and clients and expecting the client to stay in that vlan.

If you trunk to a switch and that switch exports access ports in each vlan there is no way someone is going to jump to another vlan and there would be no need for 2 switches.

With Cisco you'd do

Interface gi1/1
switchport mode access
switchport access vlan 100

You'd also need to make sure that vlan is trunked all the way through to everywhere you need it to be or it won't work.

usually some kind of routing is needed when different subnets need to 'talk'.

 

[imagoon]

With Cisco you'd do

Interface gi1/1
switchport mode access
switchport access vlan 100

You'd also need to make sure that vlan is trunked all the way through to everywhere you need it to be or it won't work.

usually some kind of routing is needed when different subnets need to 'talk'.

Not sure why you are quoting me... I am well aware of this.

--edit--

Root cause appears to be terminology variation on the switches themselves.