Monday, October 5, 2020

DHCP issues on C9300 switches.

Basic diagram is core switch (stacked pair) (where dhcp server is connected to) and edge switches are uplinked to it. DHCP Relay and helper are setup.

Issue is users are set to use default vlan (my hunch where the problems may be). There are several other vlans in play for servers and other devices. Doing a capture i see 1. clients do a DISCOVER packet on default (vlan 1) untagged. 2. Broadcast reaches the core switch (sent to every switch port with vlan1). 3. The uplink port on the core from the edge switch receives the u tagged broadcast packet and sends it out its native vlan of 123 (example server vlan). 4. The dhcp server recieves the DHCP DISCOVER packet on vlan 123 and responds with an offer on that vlan. 5. The DHCP offer stays on vlan 123 since the vlan is tagged from the server. All vlans are tagged on the servers interface. 6. Because the dhcp server sends the offer on vlan 123 and the paclet is tagged it cannot get pack to the pc. Restarting the oc or doing a new dhcp request it gets the correct ip 20% of the time.

This is how the leak happens. I had assumed that the packets would be marked when they arrive at the switch backplane. Appears that this is not the case.

Going forward we'll be moving the user vlan off the default and implementing dhcp snooping. Any other ideas for troubleshooting and or config?



No comments:

Post a Comment