Supervlan and needless DHCP Requests

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hello.

If I use separate vlans on Extreme X450-24 ver. 15.3.5.2 with bootprelay, DHCP works fine for my client-device. At first there are DhcpDiscover,DhcpOffer,DhcpRequest and DhcpAck and than there are one DhcpRequest + one DhcpAck during right time-period. All right.

But if I begin to use supervlan, the situation is changed. My device sends one DhcpRequest but receives 2 replays.

Scheme:
client-device <-> switch <-> extreme witch supervlan and bootprelay <-> DHCP server

When I have mirrored traffic between switch and extreme I have seen so situation (by tcpdump):
17:20:51.442246 IP client_ip.68 > dhcp_server_ip.67: BOOTP/DHCP, Request from e8:94:f6:53:cf:45, length 548
17:20:51.442803 IP dhcp_server_ip.67 > client_ip.68: BOOTP/DHCP, Reply, length 300
17:20:51.443525 IP dhcp_server_ip.67 > client_ip.68: BOOTP/DHCP, Reply, length 300

When I have mirrored traffic between extreme and DHCP server I have seen other situation (by tcpdump):
16:08:21.422645 IP client_ip.bootpc > dhcp_server_ip.bootps: BOOTP/DHCP, Request from e8:94:f6:53:cf:45, length 548
16:08:21.423216 IP dhcp_server_ip.bootps > client_ip.bootpc: BOOTP/DHCP, Reply, length 300
16:08:21.423477 IP client_ip.bootpc > dhcp_server_ip.bootps: BOOTP/DHCP, Request from e8:94:f6:53:cf:45, length 548
16:08:21.424140 IP dhcp_server_ip.bootps > client_ip.bootpc: BOOTP/DHCP, Reply, length 300

So, after extreme we have duplicate of DhcpRequest packet.
I think extreme makes it. Why does it make this?

I have used also dhcpdump on DHCP server, but both Requests are identical

How can I fix this situation?

Thank you.
Photo of Victor Vit

Victor Vit

  • 282 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,488 Points 2k badge 2x thumb
try to disable bootprelay and see how it changes
Photo of Victor Vit

Victor Vit

  • 282 Points 250 badge 2x thumb
I made it, but this could not help me.
Photo of Mel78, CISSP, ECE

Mel78, CISSP, ECE

  • 1,044 Points 1k badge 2x thumb
Disable communication between your subvlan under your supervlan. ARP will be block/

#disable subvlan-proxy-arp vlan all
Photo of Victor Vit

Victor Vit

  • 282 Points 250 badge 2x thumb
It doesn't help too.
Photo of Alexandr P

Alexandr P, Embassador

  • 12,768 Points 10k badge 2x thumb
Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme? 

Thank you!
(Edited)
Photo of Alexandr P

Alexandr P, Embassador

  • 12,768 Points 10k badge 2x thumb
Subvlan IP addresses from Supervlan addresses range.
You take it from main supervlan IP range, or from secondary IP range?
(because there is restriction)

Thank you!
Photo of Alexandr P

Alexandr P, Embassador

  • 12,768 Points 10k badge 2x thumb
Also:
dhcp relay work at L3,
at L2 work dhcp snooping.
If your subvlans have no IP-addresses - it's can be as a part of issue. (just in theory)

Thank you!
(Edited)
Photo of Victor Vit

Victor Vit

  • 282 Points 250 badge 2x thumb
The whole  address range from supervlan is permitted for using in subvlans. Client can get any ip address. Which restriction do you mean?
 
We don't use dhcp snooping on extreme.
When we tried to add ipaddress to subvlans we got message: “Sub-VLAN test-su-1 cannot be configured with IP address”.
 
Thank you.
Photo of Alexandr P

Alexandr P, Embassador

  • 12,768 Points 10k badge 2x thumb
I meaned earlier - NOT assign IP address for sub-vlan interface, but divide IP-address range for sub-vlan users "configure vlan vsub1 subvlan-address-range 192.201.3.2 - 192.201.3.6"

Thank you!
Photo of Victor Vit

Victor Vit

  • 282 Points 250 badge 2x thumb
But if we divide IP-address range for sub-vlan, what difference will be between separate vlans and sub-vlans in supervlan? We want to use all ip for all vlans, without dividing pools. We want to divide  only broadcast domain with using different vlans.