Switching

last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Issue with DHCP Relay Agent on EX Switches with J6350 Router

    Posted 12-04-2012 00:19

    Good evening/morning.

     

    I have a customer with a maddening issue and I'm banging my head against the wall trying to figure it out.

     

    They have the following network topology

     

    <Access Device> <---> <Access Switch (Ex3200)> <---> <Distribution Switch/Core (Ex4200VC)> <---> <J6350 (Router)>

     

     

    Attached to the Distribution Switch is the DHCP Server on VLAN 125.  It is a Windows Server 2008 Active Directory DHCP Server
    .

    There are about 9 other VLANs on the network (We'll say VLAN 155 for this issue at the moment).

     

    From the Access Switches to the Distribution/Core, I am using LACP lags configured as Trunk ports.  The Server VLAN is NOT configured on the trunks down to the switches as its not necessary I don't think.  The access ports to the end user devices are configured as RSTP Edge ports, with the "Desktop and Phone" Port Profile assigned and Port Security enabled (but ARP Inspection Disabled).  The Desktop VLAN is 155 and the Phone vlan is 25.

     

    The J6350 has an expansion FPC PIC installed, configured with ethernet switching.  It is acting as the primary DHCP Relay agent and has IP RVI's on all the VLANs since it is acting as a routing gateway for both inter-vlan routing and external routing.

     

    The relay agent on it is configured as such:

     

    forwarding-options {
    helpers {
        bootp {
            relay-agent-option;
            server 172.21.21.36;
            interface {
                vlan.145;
                vlan.155;
                vlan.165;
                vlan.175;
                vlan.185;
                vlan.195;
                vlan.205;
                vlan.215;
            }
        }
    }
}

     

    The result of this is very odd.

    When an end user device is connected to a VLAN 155 access port, the DHCP request will be forwarded and the DHCP Snooping Binding database will return a result from its PREVIOUS DHCP Scope (VLAN 226).  The DHCP Server has an aged lease for that device on the previous DHCP Scope, and it looks like its just trying to honor that old (and obviously invalid now) lease.  The binding table will show the MAC address of the device, the former IP, NO LEASE Timer, and the NEW VLAN and Interface.  If I clear the snooping binding table, and try to renew it will come back up again.

     

    The only way I've found to sort of resolve this is to wait for the device to try to pull an invalid scope, find that MAC address in the DHCP Server and delete the lease, then clear that mac out of the table, and try to renew again.  It then APPEARS to get the right lease...

     

    Is this the intended behavior?  That seems awfully tedious. We are trying to transition them from an older flat network to a more segmented and tiered approach.

     

    Lastly, I've tried placing the relay agents and RVI's on the switches themselves instead of on the router.  The behavior is the same.

     

     



  • 2.  RE: Issue with DHCP Relay Agent on EX Switches with J6350 Router
    Best Answer

    Posted 12-12-2012 13:49

    Figured it out.  The scopes on the DHCP server were in (Windows AD Server) a Superscope instead of disparate scopes.

     

    Once we separated the scopes, the desired behavior was realized.