Campus Switching and Routing

Reply
New Contributor

How to prevent DHCP traffic from passing between VLANs

 We have 2930f switches in several buildings and we are routing between the buildings through the 2930s.

Each building has it's own subnet and DHCP server. Each 2930 has 2 VLANS setup VLAN 20 for the LAN inside the building and VLAN 1 for the connection between the buildings. we have the routing setup and working great however DHCP is being passed from VLAN 20 through VLAN 1 to the LAN VLAN of the other buildings. Thus it;s a crap shoot as to what DHCP server answers the client first. I thought that adding the " no DHCP-relay" to the config would stop DHCP from being passed however it is still happening. Any help would be appreciated. Thanks 

Occasional Contributor I

Re: How to prevent DHCP traffic from passing between VLANs

Hi,

 

In the 2930s switches  which is doing routing in each bluiding, try giving "ip helper-address x.x.x.x" in each vlan.

The IP address you mention should be of the desired DHCP server from which you would like the end users of the bluiding to recieve the IP.

 

I hope this help, if not please feel free to write to us.

 

If you like my posts, kudo's are welcome.

If it solves your problem, please click 'Accept as Solution'.

 

Thanks

KASHIF ALI KHAN

ACSA

NETWORKING TECHNICAL CONSULTANT (Aruba GSC)

E-mail: kashif.ali.khan@hpe.com | | SKYPE:kashif.ali.khan@hpe.com

 

 

Occasional Contributor I

Re: How to prevent DHCP traffic from passing between VLANs

Hi,

 

difficult to tell without seeing the configs.

- udp broadcast forwarding for port 67/68 could cause this

- assigning all VLANs to the uplinks would cause this

- maybe more...

 

Can you provide config?

 

Regards, Jö

 

New Contributor

Re: How to prevent DHCP traffic from passing between VLANs

Here is the config from one of the 2930s.

They are all configured the same aside from the IPs and 1 of the routing statements. 

Would entering a udp broadcast statment on VLAN 20 for ports 67 & 68 pointing to the DHCP server work or a no udp broadcast for dhcp pointing back to the VLAN 20 DHCP server, do the trick?

 

Running Configuration

; JL258A Configuration Editor; Created on release #WC.16.05.0007

; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba

hostname "Aruba-2930F-8G-LINC"

module 1 type jl258a

no dhcp-relay

time daylight-time-rule continental-us-and-canada

time timezone -6

ip route 0.0.0.0 0.0.0.0 10.20.0.2

ip route 10.2.0.0 255.255.0.0 10.20.0.2

ip route 10.2.15.10 255.255.255.255 blackhole

ip route 10.3.0.0 255.255.0.0 10.20.0.3

ip route 10.3.1.91 255.255.255.255 blackhole

ip route 10.4.0.0 255.255.0.0 10.20.0.4

ip route 10.5.0.0 255.255.0.0 10.20.0.5

ip route 10.6.0.0 255.255.0.0 10.20.0.6

ip route 10.9.0.0 255.255.0.0 10.20.0.9

ip route 10.10.0.0 255.255.0.0 10.20.0.1

ip routing

 

interface 1

no power-over-ethernet

exit

 

interface 2

no power-over-ethernet

exit

 

interface 3

no power-over-ethernet

exit

 

interface 4

no power-over-ethernet

exit

 

interface 5

no power-over-ethernet

exit

 

interface 6

no power-over-ethernet

exit

 

interface 7

no power-over-ethernet

exit

 

interface 8

no power-over-ethernet

exit

 

snmp-server community "public" unrestricted

snmp-server location "Lincoln"

 

vlan 1

name "DEFAULT_ELAN"

no untagged 2-10

untagged 1

ip address 10.20.0.7 255.255.255.0

exit

 

vlan 20

name "Linc-LAN"

untagged 2-10

tagged 1

ip address 10.7.1.1 255.255.0.0

ip helper-address 10.7.1.2

exit

 

New Contributor

Re: How to prevent DHCP traffic from passing between VLANs

Kashif

We added the IP helper address to all for the switches on VLAN 20 pointing to the DHCP server with no success. we are still getting address from other buildings.

Aruba Employee

Re: How to prevent DHCP traffic from passing between VLANs

Do you have a network diagram of the environment you can share?

 

If the client device is getting an address via DHCP that is incorrect for the VLAN it's connected to, then it sounds like DHCP is not being relayed as expected. Either there's another device performing the relay, who thinks the VLAN is on a different subnet, or the DHCP server that's assigning the client an address is directly connected somehow and thinks that VLAN is the wrong subnet.

 

Starting with the client device, determine where the DHCP assignment is coming from, then work back towards that server to understand how the client is reaching the DHCP server.


Charlie Clemmer
Aruba Customer Engineering
New Contributor

Re: How to prevent DHCP traffic from passing between VLANs

Thanks everyone.

We realized that all of the LAN VLANs had the same ID. We changed the ID to be unique in each building and problem solved.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: