ExtremeSwitching (EXOS)

Expand all | Collapse all

Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

Stephen Williams

Stephen Williams01-18-2019 14:57

  • 1.  Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-13-2019 18:08
    Yesterday, we moved from a stack of x440-48t switches to a stack of X440G2-48t-10G4 switches and a large number of systems are unable to connect to the network. They are a mix of IPs set statically via DHCP reservations and others that just use whatever address they pull. They cannot be woken up via a WoL broadcast. The systems that don't wake up can be manually powered on and then need to have the IP address set in Windows to what it is statically set to in DHCP, rebooted, then set to use DHCP again and they can then connect to the network. The switches are running 22.4.1.4 patch1-2. All systems with issues are running Windows 10 and are on a mix of hardware.

    We also replaced the core switch that this stack is connected to with a X460G2-24t-10G4 22.4.1.4 patch1-2. A number of months ago, we had attempted to replace just the core switch and we saw this same behavior with systems not being able to connect, so we went back to the old hardware and hoped that replacing the core and the desktop switch would avoid the issue but it did not.

    Has anyone heard of this? Is there some setting that we are missing? We do have a policy in place to send traffic on port 4000 (used to WoL) to the correct VLAN which is working, since most systems wake.


  • 2.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-13-2019 20:55
    Have a look at Release Notes of 22.4 Patch 1-3. I currently prefer 22.6 Patch1-1.

    Please upgrade switchs and try again. If you like start with one test VLAN and one test-client.


  • 3.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-14-2019 10:26
    I don't see anything specifically in those release notes that mentions our issue? Did I just miss it?

    It looks like the most stable version of XOS for these switches is EXOS 21.1.5.2-patch1-5. I'm wondering if I should downgrade to that version or go to the version that you mentioned?


  • 4.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-14-2019 13:11
    To me it seems two separate issues but connected by a problem with broadcast traffic maybe...

    For wol I would start capturing traffic on one of the ports to see if the magic packet directed to one of the problematic machines does arrive at least.


  • 5.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-14-2019 13:43
    Update on this as I was able to get onsite. The PCs were able to wake but they aren't pulling an IP from the network. The switch port shows active, but the ARP table for those ports is empty. Things tried so far:

    Hard set port speed and duplex instead of using "Auto"
    Replaced NIC
    Deleted static DHCP reservation for a couple of the systems

    When I look at the ARP table on the switch, there are no entries for those PCs. When I add a static ARP entry, the switch then somehow knows that the entry is associated with the correct port that the PC is plugged into, but the PC still can't connect to the network.


  • 6.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-14-2019 21:27
    We migrated to the "Most Stable Release" (21.1.5.2-patch1-5) as per https://www.extremenetworks.com/support/compatibility-matrices/sw-release-extremexos-eos/ and the problem still exists.


  • 7.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-15-2019 01:23
    We were able to get this resolved, but the method was really weird and we hope someone can possibly explain why, since we are living in fear of what will happen if we have to reboot this switch for updates or if it crashes and reboots.

    We had a 8 port dumb switch that we plugged in to the network jack on the wall and then plugged each user's PC into that switch. For every system, the PC could then connect to the network and pull the assigned address from DHCP. When we unplugged the switch and plugged the PC back directly into the Summit it stayed connected to the network.


  • 8.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-15-2019 18:27
    This sounds like something GTAC would want to have a look at. There's something else going on with the config on that switch that isn't apparent here.
    If you don't mind, maybe you can post a sanitized version of your configuration here (removing hashed passwords and any public IPs, etc.)?

    I was also curious if it was related to the issue described by this article, but that doesn't sound likely: https://extremeportal.force.com/ExtrArticleDetail?n=000010555


  • 9.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-15-2019 20:09
    Unfortunately the files are too big to post and I don't currently know of a good fie hosting site to put them. I guess I'll start a GTAC case, even though they weren't able to help me when this occurred months ago when we tried to upgrade the core switch.


  • 10.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-15-2019 20:21
    If you just post the output of show config, that should be sufficient here.
    The biggest help will be if you have a setup that isn't working that can be tested by GTAC. Hopefully something can be found that we can test in the lab.


  • 11.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-15-2019 20:25
    I had tried to post the configs and at least the one for the desktop stack was over 30,000 characters. I will try and post the config for the core at least, since that switch was replaced this time and is the same one with the same config that we had attempted to replace a couple of months ago and caused the same issue (which makes it seem like it must be something with it, since it was the only commonality between the two upgrade attempts).

    code:
    #
    # Module devmgr configuration.
    #
    configure snmp sysName "Summit-CV-Core"
    configure snmp sysLocation "Calverton, MD"
    configure snmp sysContact ""
    configure diagnostics privilege admin
    configure timezone name EST -300 autodst
    configure sys-recovery-level switch reset


    #
    # Module vpex configuration.
    #


    #
    # Module vlan configuration.
    #
    configure vlan default delete ports all
    configure vr VR-Default delete ports 1-34
    configure vr VR-Default add ports 1-34
    configure vlan default delete ports 1-5,8,11-20,22-24
    create qosprofile "QP2"
    create qosprofile "QP3"
    create qosprofile "QP4"
    create qosprofile "QP5"
    create qosprofile "QP6"
    create qosprofile "QP7"
    configure ports group "Default (TXQ.0)" add 1-23,25-34
    create vlan "Desktops"
    configure vlan Desktops tag 16
    create vlan "Internal_Appliances"
    configure vlan Internal_Appliances tag 667
    create vlan "VoIP"
    configure vlan VoIP tag 224
    enable diffserv examination port 1
    disable dot1p examination port 1
    configure ports 1 display-string CenturyLink-MPLS
    enable diffserv examination port 2
    disable dot1p examination port 2
    configure ports 2 display-string ESXi-CV-SRV-01-Mirro
    enable diffserv examination port 3
    disable dot1p examination port 3
    configure ports 3 display-string ESXi-CV-SRV-02-Mirro
    enable diffserv examination port 4
    disable dot1p examination port 4
    configure ports 4 display-string Mirror-Loopback
    enable diffserv examination port 5
    disable dot1p examination port 5
    configure ports 5 display-string Axis_Camera
    enable diffserv examination port 6
    disable dot1p examination port 6
    configure ports 6 display-string ESXi-CV-SRV-01-1
    enable diffserv examination port 7
    disable dot1p examination port 7
    configure ports 7 display-string ESXi-CV-SRV-01-2
    enable diffserv examination port 8
    disable dot1p examination port 8
    configure ports 8 display-string ESXi-CV-SRV-01-SP
    enable diffserv examination port 9
    disable dot1p examination port 9
    configure ports 9 display-string ESXi-CV-SRV-02-1
    enable diffserv examination port 10
    disable dot1p examination port 10
    configure ports 10 display-string ESXi-CV-SRV-02-2
    enable diffserv examination port 11
    disable dot1p examination port 11
    configure ports 11 display-string ESXi-CV-SRV-02-SP
    enable diffserv examination port 12
    disable dot1p examination port 12
    configure ports 12 display-string CV-Tempmon
    enable diffserv examination port 13
    disable dot1p examination port 13
    configure ports 13 display-string Server_Room_Phone
    enable diffserv examination port 14
    disable dot1p examination port 14
    configure ports 14 display-string Rack1_PDU1
    enable diffserv examination port 15
    disable dot1p examination port 15
    configure ports 15 display-string Rack1_PDU2
    enable diffserv examination port 16
    disable dot1p examination port 16
    configure ports 16 display-string Symmetra_RM
    enable diffserv examination port 17
    disable dot1p examination port 17
    configure ports 17 display-string CrP
    enable diffserv examination port 18
    disable dot1p examination port 18
    configure ports 18 display-string FeK
    enable diffserv examination port 19
    disable dot1p examination port 19
    configure ports 19 display-string PoB
    enable diffserv examination port 20
    disable dot1p examination port 20
    configure ports 20 display-string VOIP_Uplink
    enable diffserv examination port 21
    enable diffserv examination port 22
    configure ports 22 display-string Crr-New
    enable diffserv examination port 23
    configure ports 23 display-string Uplink_1/2
    enable diffserv examination port 24
    configure ports 24 display-string Uplink_2/2
    enable diffserv examination port 25
    disable dot1p examination port 25
    enable diffserv examination port 26
    disable dot1p examination port 26
    enable diffserv examination port 27
    disable dot1p examination port 27
    enable diffserv examination port 28
    disable dot1p examination port 28
    enable diffserv examination port 29
    disable dot1p examination port 29
    enable jumbo-frame ports 29
    configure ports 29 auto off speed 10000 duplex full
    enable diffserv examination port 30
    disable dot1p examination port 30
    enable jumbo-frame ports 30
    configure ports 30 auto off speed 10000 duplex full
    enable diffserv examination port 31
    disable dot1p examination port 31
    enable jumbo-frame ports 31
    configure ports 31 auto off speed 10000 duplex full
    enable diffserv examination port 32
    disable dot1p examination port 32
    enable jumbo-frame ports 32
    configure ports 32 auto off speed 10000 duplex full
    enable diffserv examination port 33
    disable dot1p examination port 33
    configure ports 33 auto off speed 10000 duplex full
    enable diffserv examination port 34
    disable dot1p examination port 34
    configure ports 34 auto off speed 10000 duplex full
    enable sharing 23 grouping 23-24 algorithm address-based L2
    create mirror "CV-Mirror"
    configure mirror CV-Mirror to port-list 2-3 loopback-port 4
    enable mirror CV-Mirror
    configure vlan Default add ports 6-7,9-10,21,25-34 untagged
    configure vlan Desktops add ports 17-19,22-23 untagged
    configure vlan Internal_Appliances add ports 6-7,9-10,23 tagged
    configure vlan Internal_Appliances add ports 1,5,8,11-12,14-16 untagged
    configure vlan VoIP add ports 13,20 untagged
    configure vlan Internal_Appliances ipaddress 172.22.32.1 255.255.255.0
    enable ipforwarding vlan Internal_Appliances
    configure vlan VoIP ipaddress 172.22.36.1 255.255.254.0
    enable ipforwarding vlan VoIP
    configure vlan Desktops ipaddress 172.22.34.1 255.255.254.0
    enable ipforwarding vlan Desktops
    configure qosscheduler strict-priority ports "Default (TXQ.0)"
    configure qosscheduler strict-priority ports 24
    configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure qosprofile QP2 maxbuffer 100 weight 1
    configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure qosprofile QP3 maxbuffer 100 weight 1
    configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure qosprofile QP4 maxbuffer 100 weight 1
    configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure qosprofile QP5 maxbuffer 100 weight 1
    configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure qosprofile QP6 maxbuffer 100 weight 1
    configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure qosprofile QP7 maxbuffer 100 weight 1
    configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
    configure dot1p type 1 qosprofile QP2
    configure dot1p type 2 qosprofile QP3
    configure dot1p type 3 qosprofile QP4
    configure dot1p type 4 qosprofile QP5
    configure dot1p type 5 qosprofile QP6
    configure dot1p type 6 qosprofile QP7
    configure diffserv examination code-point 8 qosprofile QP2
    configure diffserv examination code-point 10 qosprofile QP2
    configure diffserv examination code-point 12 qosprofile QP2
    configure diffserv examination code-point 14 qosprofile QP2
    configure diffserv examination code-point 16 qosprofile QP3
    configure diffserv examination code-point 18 qosprofile QP3
    configure diffserv examination code-point 20 qosprofile QP3
    configure diffserv examination code-point 22 qosprofile QP3
    configure diffserv examination code-point 24 qosprofile QP4
    configure diffserv examination code-point 26 qosprofile QP4
    configure diffserv examination code-point 28 qosprofile QP4
    configure diffserv examination code-point 30 qosprofile QP4
    configure diffserv examination code-point 32 qosprofile QP5
    configure diffserv examination code-point 34 qosprofile QP5
    configure diffserv examination code-point 36 qosprofile QP5
    configure diffserv examination code-point 38 qosprofile QP5
    configure diffserv examination code-point 46 qosprofile QP6
    configure diffserv examination code-point 48 qosprofile QP8
    configure diffserv examination code-point 56 qosprofile QP7
    configure diffserv replacement priority 1 code-point 10
    configure diffserv replacement priority 3 code-point 26
    configure diffserv replacement priority 4 code-point 34
    configure diffserv replacement priority 5 code-point 46
    configure diffserv replacement priority 6 code-point 56
    configure diffserv replacement priority 7 code-point 48
    configure mirror CV-Mirror add port 1 ingress-and-egress
    configure cos-index 8 qosprofile QP4 replace-tos 64


    #
    # Module mcmgr configuration.
    #


    #
    # Module otm configuration.
    #


    #
    # Module fdb configuration.
    #


    #
    # Module rtmgr configuration.
    #
    configure iproute add default 172.22.32.4
    enable ipforwarding broadcast vlan "Desktops"
    enable ipforwarding broadcast vlan "Internal_Appliances"


    #
    # Module policy configuration.
    #

    configure policy profile 1 name "Failsafe" pvid-status "enable" pvid 4095
    configure policy profile 2 name "Access Point" pvid-status "enable" pvid 4095 auth-override "enable"
    configure policy profile 3 name "Administrator" pvid-status "enable" pvid 4095
    configure policy profile 4 name "Deny Access" pvid-status "enable" pvid 0
    configure policy profile 5 name "Guest Access" pvid-status "enable" pvid 4095 cos-status "enable" cos 1
    configure policy profile 6 name "Enterprise Access" pvid-status "enable" pvid 4095 cos-status "enable" cos 3
    configure policy profile 7 name "Quarantine" pvid-status "enable" pvid 0
    configure policy profile 8 name "Server" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
    configure policy profile 9 name "Printer" pvid-status "enable" pvid 0 cos-status "enable" cos 1 untagged-vlans 667
    configure policy profile 10 name "Unregistered" pvid-status "enable" pvid 0
    configure policy profile 11 name "Enterprise User" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
    configure policy profile 12 name "VoIP Phone" pvid-status "enable" pvid 4095 cos-status "enable" cos 6
    configure policy profile 13 name "Notification" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
    configure policy profile 14 name "Assessing" pvid-status "enable" pvid 0
    configure policy profile 15 name "PCs" pvid-status "enable" pvid 4095 cos-status "enable" cos 4 untagged-vlans 16
    configure policy profile 16 name "Thin/Zero clients" pvid-status "enable" pvid 4095 cos-status "enable" cos 4 untagged-vlans 16
    configure policy rule 9 ipdestsocket 172.22.32.27 mask 32 forward
    configure policy rule 9 ipdestsocket 172.22.116.6 mask 32 forward
    enable policy


    #
    # Module aaa configuration.
    #
    configure radius mgmt-access 1 server 172.22.16.94 1812 client-ip 172.22.32.1 vr VR-Default
    configure radius 1 shared-secret encrypted ""
    configure radius mgmt-access 2 server 172.22.64.46 1812 client-ip 172.22.32.1 vr VR-Default
    configure radius 2 shared-secret encrypted ""
    enable radius
    enable radius mgmt-access
    disable radius netlogin
    configure radius timeout 15
    create account admin xmc-cli encrypted ""
    configure account all password-policy min-length 8
    configure account all password-policy lockout-on-login-failures on
    configure account all password-policy lockout-time-period 5
    configure account xmc-cli password-policy min-length 8
    configure account xmc-cli password-policy lockout-on-login-failures on
    configure account xmc-cli password-policy lockout-time-period 5


    #
    # Module acl configuration.
    #





    #
    # Module bfd configuration.
    #


    #
    # Module bgp configuration.
    #


    #
    # Module cfgmgr configuration.
    #
    enable cli-config-logging
    configure cli password prompting-only on


    #
    # Module dosprotect configuration.
    #


    #
    # Module dot1ag configuration.
    #


    #
    # Module eaps configuration.
    #


    #
    # Module edp configuration.
    #
    disable edp ports 4


    #
    # Module elrp configuration.
    #


    #
    # Module ems configuration.
    #
    configure log target memory-buffer alert percent-full 90
    configure syslog add 172.22.16.9x:514 vr VR-Default local0
    enable log target syslog 172.22.16.9x:514 vr VR-Default local0
    configure log target syslog 172.22.16.9x:514 vr VR-Default local0 filter DefaultFilter severity Debug-Data
    configure log target syslog 172.22.16.9x:514 vr VR-Default local0 match Any
    configure log target syslog 172.22.16.9x:514 vr VR-Default local0 format timestamp seconds date Mmm-dd event-name none priority host-name tag-name
    configure syslog add 144.202.234.13x:5020 vr VR-Default local0
    enable log target syslog 144.202.234.13x:5020 vr VR-Default local0
    configure log target syslog 144.202.234.13x:5020 vr VR-Default local0 filter DefaultFilter severity Debug-Data
    configure log target syslog 144.202.234.13x:5020 vr VR-Default local0 match Any
    configure log target syslog 144.202.234.13x:5020 vr VR-Default local0 format timestamp seconds date Mmm-dd event-name none priority host-name tag-name


    #
    # Module epm configuration.
    #


    #
    # Module erps configuration.
    #


    #
    # Module esrp configuration.
    #


    #
    # Module ethoam configuration.
    #


    #
    # Module etmon configuration.
    #


    #
    # Module exsshd configuration.
    #
    enable ssh2


    #
    # Module hal configuration.
    #


    #
    # Module idMgr configuration.
    #
    enable identity-management
    configure identity-management add ports 1-19,21-34


    #
    # Module ipSecurity configuration.
    #
    enable ip-security dhcp-snooping vlan Desktops port 17 violation-action none
    enable ip-security dhcp-snooping vlan Desktops port 18 violation-action none
    enable ip-security dhcp-snooping vlan Desktops port 19 violation-action none
    enable ip-security dhcp-snooping vlan Desktops port 22 violation-action none
    enable ip-security dhcp-snooping vlan Desktops port 23 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 1 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 5 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 6 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 7 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 8 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 9 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 10 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 11 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 12 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 14 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 15 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 16 violation-action none
    enable ip-security dhcp-snooping vlan Internal_Appliances port 23 violation-action none


    #
    # Module ipfix configuration.
    #


    #
    # Module lldp configuration.
    #


    #
    # Module mrp configuration.
    #


    #
    # Module msdp configuration.
    #


    #
    # Module netLogin configuration.
    #


    #
    # Module netTools configuration.
    #
    configure dns-client add name-server 172.22.32.24 vr VR-Default
    configure dns-client add name-server 144.202.234.252 vr VR-Default
    configure sntp-client primary time-btp.imsweb.com vr VR-Default
    configure sntp-client secondary time-st.imsweb.com vr VR-Default
    configure sntp-client update-interval 3600
    enable sntp-client
    configure bootprelay add 172.22.32.27 vr VR-Default
    configure bootprelay add 172.22.64.46 vr VR-Default
    configure bootprelay add 172.22.16.94 vr VR-Default
    enable bootprelay ipv4 vlan Desktops
    enable bootprelay ipv4 vlan Internal_Appliances
    enable bootprelay ipv4 vlan VoIP
    configure vlan Internal_Appliances udp-profile WakePC


    #
    # Module nodealias configuration.
    #


    #
    # Module ntp configuration.
    #


    #
    # Module ospf configuration.
    #
    configure ospf vlan Desktops priority 0
    configure ospf vlan Internal_Appliances priority 0
    configure ospf vlan VoIP priority 0


    #
    # Module ospfv3 configuration.
    #


    #
    # Module pim configuration.
    #


    #
    # Module rip configuration.
    #


    #
    # Module ripng configuration.
    #


    #
    # Module snmpMaster configuration.
    #
    configure snmpv3 add user "v3admin" engine-id 80:00:07:7c:03:00:04:96:a1:a6:90 authentication sha auth-encrypted localized-key privacy aes 128 privacy-encrypted localized-key
    configure snmpv3 add group "v3group" user "v3admin" sec-model usm
    configure snmpv3 add access "v3group" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultAdminView"
    configure snmpv3 add target-addr "TVv3admin" param "TV1v3admin" ipaddress 172.22.16.93 transport-port 162 tag-list "TVInformTag"
    configure snmpv3 add target-params "TV1v3admin" user "v3admin" mp-model snmpv3 sec-model usm sec-level priv
    configure snmpv3 add notify "TVInformTag" tag "TVInformTag" type inform
    enable snmp access
    disable snmp access snmp-v1v2c
    enable snmp access snmpv3
    disable snmpv3 default-group
    configure snmp access-profile "snmpACL" readwrite
    disable snmp access vr "VR-Mgmt"


    #
    # Module stp configuration.
    #


    #
    # Module synce configuration.
    #


    #
    # Module techSupport configuration.
    #


    #
    # Module telnetd configuration.
    #
    disable telnet


    #
    # Module tftpd configuration.
    #


    #
    # Module thttpd configuration.
    #
    disable web http


    #
    # Module twamp configuration.
    #


    #
    # Module vmt configuration.
    #


    #
    # Module vrrp configuration.
    #


    #
    # Module vsm configuration.
    #




  • 12.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-17-2019 06:37
    I would recommend to disable broadcast forwarding. this is not required for dhcp-relay function.
    If this is not enough, try to disable dhcp-snooping.


  • 13.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-17-2019 14:25
    Is there a known/documented issue with the dhcp-snooping setting? We use identity management which requires that to be configured.


  • 14.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-17-2019 14:36
    I don't know. For troubleshooting I would recommend to disable security features and maybe other features (udp profile, qos,cos,diffserv settings), which are not required for the main function (switching, routing, dhcp-relaying). Then it I should be working...and after that you can re-enable these features step-by-step and check, where is the problem...


  • 15.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-17-2019 19:07
    We disabled the dhcp-snooping and identity management on all ports. We need to leave broadcast forwarding enabled on the Desktops VLAN as it is used for Wake On LAN and had been configured with no issue.

    I worked through this link https://gtacknowledge.extremenetworks.com/articles/How_To/Troubleshooting-DHCP-issues, and my results have me at even more of a loss based on my testing on one system.

    These are the steps that I can take to replicate the issue:
    1) PC is connected directly to the network and working fine
    2) Delete the IP lease from DHCP
    3) Run ipconfig /release on the PC
    4) Shut down the PC and then power it back on
    5) After entering username and password, the PC says "network or timeout error" and Wireshark on the DHCP server looks like this. (172.22.34.1 = IP of VR on core switch, 172.22.32.27 = IP of DHCP server, 172.22.34.2 = IP of VR on desktop switch)

    6) Steps 4-5 were followed multiple times and the same result happened.
    7) Install a small network switch inline between the Summit and the same PC used for testing.
    😎 Turn on the PC, network login works, and Wireshark on the DHCP server shows this. (172.22.34.1 = IP of VR on core switch, 172.22.32.27 = IP of DHCP server, 172.22.34.2 = IP of VR on desktop switch)


    9) Steps 2-4 were followed multiple times and the same result happened (could log into the PC after deleting the lease as long as the mini switch was still in place).

    The DHCP troubleshooting article talks about issues with the client or the scope, but that clearly isn't the case here as the same PC either works or doesn't work with the addition of a dumb switch inline.


  • 16.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-17-2019 19:30
    Broadcast forwarding is not required for wake on Lan, when you use udp-profile...

    I checked your config again... Please try again with disabled policy and/or netlogin. I think your policy config is not correct...


  • 17.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-18-2019 13:33
    Policy is disabled, netlogin is disabled, only one bootp server is specified, broadcast forwarding has been disabled and the problem still persists on every system that attempts to renew or request a DHCP lease unless there is a mini switch connected between the port and a PC.

    All of the settings listed above are configured at our other location and we do not have this problem. The only difference between locations is that there is a L2 based load sharing group using two ports to connect the core Summit to the desktop Summit (the other location just has 1 uplink cable between switches that is not part of a group). I can't see how this would cause any issues (and I am hesitant to try and re-configure it unless I can see a documented case where this is a problem).


  • 18.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-18-2019 14:33


    I'm not sure what that "mini" switch is doing but it's doing something ?... I understand that you have disabled everything policy/netlogin/etc and are still seeing the same issue. This makes me think it's a bootp relay issue. From your packet captures it looks like the DHCP offers are not being received by the client. Is this true?. In the captures did you see anything different in the discover/offer in the working vs non-working one?

    The first thing i would do it make sure the switch is receiving the DHCP offer (It probably is). Then capture and document which port of the lag it is received on when using the "mini" switch and not (could be different ports). Make sure the packets look good. (ingress port mirror would work)

    You can also check the "show bootprelay" command to see if the switch CPU is getting the offers. This is not so easy because it's a global counter, but if you can quiet the switch down to just that PC it would give you good data.

    Get these things for now and let us know what you find. You can also reboot the netTools process and it might help.


  • 19.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-18-2019 14:38
    Thinking about the load sharing group...if I just unplug one of the two cables, that will then just limit the traffic to that one port without the need to down the interface while doing the reconfiguring of the group, correct?


  • 20.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-18-2019 14:57
    What do you mean by reconfiguring of the group?


  • 21.  RE: Migrated to X440G2-48t-10G4 and some PCs can no longer connect to the network

    Posted 01-18-2019 15:23
    Just unplugging a cable vs "disable load sharing x" on each switch (wasn't sure if the ports were then removed from VLANs and needed to be re-added.

    I ended up just unplugging one of the cables and the problem still persists, so it isn't an issue with that. There is no difference in the packet captures between the attempts that work with the mini switch in place and the capture from the attempts that fail.