Supervlan and needless DHCP Requests


Hello.

If I use separate vlans on Extreme X450-24 ver. 15.3.5.2 with bootprelay, DHCP works fine for my client-device. At first there are DhcpDiscover,DhcpOffer,DhcpRequest and DhcpAck and than there are one DhcpRequest + one DhcpAck during right time-period. All right.

But if I begin to use supervlan, the situation is changed. My device sends one DhcpRequest but receives 2 replays.

Scheme:
client-device <-> switch <-> extreme witch supervlan and bootprelay <-> DHCP server

When I have mirrored traffic between switch and extreme I have seen so situation (by tcpdump):
17:20:51.442246 IP client_ip.68 > dhcp_server_ip.67: BOOTP/DHCP, Request from e8:94:f6:53:cf:45, length 548
17:20:51.442803 IP dhcp_server_ip.67 > client_ip.68: BOOTP/DHCP, Reply, length 300
17:20:51.443525 IP dhcp_server_ip.67 > client_ip.68: BOOTP/DHCP, Reply, length 300

When I have mirrored traffic between extreme and DHCP server I have seen other situation (by tcpdump):
16:08:21.422645 IP client_ip.bootpc > dhcp_server_ip.bootps: BOOTP/DHCP, Request from e8:94:f6:53:cf:45, length 548
16:08:21.423216 IP dhcp_server_ip.bootps > client_ip.bootpc: BOOTP/DHCP, Reply, length 300
16:08:21.423477 IP client_ip.bootpc > dhcp_server_ip.bootps: BOOTP/DHCP, Request from e8:94:f6:53:cf:45, length 548
16:08:21.424140 IP dhcp_server_ip.bootps > client_ip.bootpc: BOOTP/DHCP, Reply, length 300

So, after extreme we have duplicate of DhcpRequest packet.
I think extreme makes it. Why does it make this?

I have used also dhcpdump on DHCP server, but both Requests are identical

How can I fix this situation?

Thank you.

13 replies

Userlevel 4
try to disable bootprelay and see how it changes
Nick Yakimenko wrote:

try to disable bootprelay and see how it changes

I made it, but this could not help me.
Userlevel 3
Disable communication between your subvlan under your supervlan. ARP will be block/

#disable subvlan-proxy-arp vlan all
Mel78, CISSP, ECE wrote:

Disable communication between your subvlan under your supervlan. ARP will be block/

#disable subvlan-proxy-arp vlan all

It doesn't help too.
Userlevel 6
Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!

Hello, Alexandr.

Client 's device (TP-link wr740n or Windows 7) is connected to management switch. Client's vlan (one of subvlans on 450) is untagged on client's port and on port that this switch is connected to extreme 450. On extreme 450 there are 2 subvlans in 1 supervlan.
Bootprelay is on in all vlans. (when I off bootprelay — It didn't make any effect ).
This 450 is connected by ospf with extreme 650.
On 650 bootprelay is also on in vlan with it 450 and 650 are connected, and 650 has direct interface(separate vlan with bootprelay) to DHCP server.

Supervlan on 450
create vlan "SU"
configure vlan SU ipaddress *.*.*.1 255.255.255.128
enable ipforwarding vlan SU
configure vlan SU add secondary-ipaddress *.*.*.129 255.255.255.128
configure vlan "SU" add subvlan "test-su-2"
configure vlan "SU" add subvlan "test-su-1"
enable bootprelay vlan SU
configure ospf add vlan SU area 0.1.1.1 passive

Bootprelay:
configure bootprelay add *.*.*.* vr VR-Default
enable bootprelay vlan SU
enable bootprelay vlan km (vlan to 650)
enable bootprelay vlan test-su-1
enable bootprelay vlan test-su-2
Userlevel 6
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!

What address range is using in subvlan?

Thank you!
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!

I'm sorry, but I didn't understand your question. What do you mean by “address range in subvlan”? Please, explain it.
We have such ranges in supervlan:
configure vlan SU ipaddress *.*.*.1 255.255.255.128
configure vlan SU add secondary-ipaddress *.*.*.129 255.255.255.128
I'm sorry, but we don't want to show our real ip for all.

Thank you!
Userlevel 6
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!

Subvlan IP addresses from Supervlan addresses range.
You take it from main supervlan IP range, or from secondary IP range?
(because there is restriction)

Thank you!
Userlevel 6
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!

Also:
dhcp relay work at L3,
at L2 work dhcp snooping.
If your subvlans have no IP-addresses - it's can be as a part of issue. (just in theory)

Thank you!
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!

The whole address range from supervlan is permitted for using in subvlans. Client can get any ip address. Which restriction do you mean?

We don't use dhcp snooping on extreme.
When we tried to add ipaddress to subvlans we got message: “Sub-VLAN test-su-1 cannot be configured with IP address”.

Thank you.
Userlevel 6
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!

I meaned earlier - NOT assign IP address for sub-vlan interface, but divide IP-address range for sub-vlan users "configure vlan vsub1 subvlan-address-range 192.201.3.2 - 192.201.3.6"

Thank you!
Alexandr P wrote:

Hello, Viktor!

Actually you describing of you config/topology - I don't understand.

Can you, please, show supervlan and bootprelay configuration.
And also scheme with pointed ports, vlans/subvlans/supervlans.

Also - can it be loop in your scheme?

Thank you!


But if we divide IP-address range for sub-vlan, what difference will be between separate vlans and sub-vlans in supervlan? We want to use all ip for all vlans, without dividing pools. We want to divide only broadcast domain with using different vlans.

Reply