So I have been assisting with an issue that has been a bit maddening because I can't see the switch configs at the other site, but my gut is telling me that it's not what one technician is stating. I will be seeing them tomorrow, but want insight.
Mission: Separate the default VLAN and all devices into numerous VLAN's to relieve IP congestion. Also replace the current DHCP server with a Windows based one.
Issue: When IP Helper addresses are set to point at the new server, with the new scopes, a lease is issued to the wrong scope that what is expected.
Network topology - Six (6) Ubiquiti EdgeSwitches configured to do Layer 3, each trunked to the Ubiquiti core EdgeSwitch. There are two (2) Cisco SG300's and one (1) Cisco SG200 also on site. Currently, they have a SonicWall in place that is handling DHCP, but this is to be switched over to a new Windows DHCP virtual server. All VLANs have been scoped on the new DHCP server to customer spec (.1-.50 excluded, .201-.254 excluded, everything else can be leased). The default VLAN cannot be done away with yet, so the servers reside there for now. The endpoints (computers), printers, and wireless endpoints will all reside in their own respective VLANs. IP helper address is set per VLAN ONLY when we are ready. Otherwise, they all point at the SonicWall currently and it hands out leases for only the default scope it has.
Servers: 192.168.20.0/24 (VLAN 1)
Clients: 192.168.21.0/24 (VLAN 21)
Printers: 192.168.22.0/24 (VLAN 22)
Wireless: 192.168.23.0/24 (VLAN 23)
Management: 192.168.24.0/24 (VLAN 24)
What I do know is that the hypervisor servicing the DHCP is untagged VLAN 1 on all NICs, excluded from all other VLANs. It is unable to ping any other VLAN gateway IP's. What I don't is the overall network layout and where clients are plugged into, their current configs, etc...
My understanding of how DHCP works is that if a new client needs an IP address, it sends out a DHCP discover broadcast, to which the DHCP server would acknowledge it on the same network. However, with multiple subnets, it requires the DHCP relay to transform that broadcast into a unicast message and appends the GIADDR info to it. In my understanding, the DHCP server is only handing out leases that it's scoped for and that it receives a discover message for.
Another technician is convinced that its the virtual switch and virtual network on this server. He thinks that because the VLAN tagging on the virtual network is 0, that it's listening on too many VLAN's and handing out whatever it sees first. Considering the ports for the hypervisor are untagged for the default VLAN, excluded for all others, this makes no sense to me. I replicated this setup in a test lab using HP 2920's and had zero issues in a similar setup.
I personally think its something between the switches or with the endpoint port settings. Without seeing the configs, I can't really say though. I'm also not terribly well versed in Ubiquiti switches at all, so I can't really comment well on them. Am I right in pushing to have the switch configs reviewed for possible issues? This technician is dead set on that its DHCP server and has admittedly done a lot more networking that I do, but something just doesn't seem right to me. If I should be looking at the server, what other things should I be looking at?
No comments:
Post a Comment