Monday, February 25, 2019

Strange DHCP issue, could really use some help.

First, the diagram.

_

Background

──────────────────────────────────────────────────────

Yesterday we improved isolation on our network from (for lack of a better word) our provider. Their backbone consists of Nexus 5Ks (vrf-lite). Since MPLS wasn't an option, they now provide us two vlans on each nexus, to which we now Layer3 around in a ring.

Previously, our cores (Cisco 9300s and 9500s) were paired with the Nexuses via EIGRP links. Now, our ring is running OSPF in a single area 0.

We are running spanning-tree (rapid-pvst) and VTP version 3. Core A is priority root bridge.

_

The Problem

──────────────────────────────────────────────────────

  1. Our DHCP server (Windows) is located on Switch A, in VLAN 5
  2. Phones on Switch A (and in phone vlan, VLAN 10) get an ip.
  3. Devices on Switch B (or beyond) do not get an ip from anything that isn't VLAN 5.
  4. There's another set of switches off Core A that aren't exhibiting this issue. Different VLANs and interface.

_

Troubleshooting

──────────────────────────────────────────────────────

  1. Core A has vlans and SVIs for the switches connected to it.
    • the SVIs have dhcp helper addresses specified!
  2. Core A, and all switches have confirmed dhcp service
  3. Access ports are all in spanning-tree portfast
  4. Can source ping...anything from everywhere.
  5. SVI's created on Switch A and Switch B with an ip helper-address work.
  6. The link between Core A and Switch A have a super basic configuration, e.g. switchport mode trunk
  7. Running Wireshark on Core A's physical interface to Switch A shows no dhcp traffic. :(
  8. Running Wireshark on Switch B with no switch-based SVI+helper looks similar to yelling into a dark chasm. No reply.
  9. Running DHCP server services for VLAN 10 on Switch A and everything is happy. We have not yet attempted to run these on Core A, just to see.
  10. Confirmed all VTP databases
  11. Confirmed all SVI ip addresses and subnet masks
  12. Confirmed all SVI relay/helper addresses
  13. Confirmed default-gateway is set to VLAN 5 SVI on Switch A
  14. Rebooted everything

_

TL;DR

──────────────────────────────────────────────────────

  1. A switch doesn't seem to want to pass DHCP requests over a layer 2 trunk to get the DHCP helper address. As a result, we can't get DHCP across subnets. After spending several hours on this problem, I'm quite open to suggestions. Wondering if OSPF is doing some kinda ninjablocking on the interfaces? shrug

TIA!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)