XG 7100 vlan dhcp configuration problem

froek

I have an XG 7100, and I am having trouble getting switch port 7 to allow VLANs downstream to get a DHCP. I believe this is what you call a trunk port.

I have the following configuration:

WAN is on port 1 (has a valid address)

Interface Assignments:
Interface OPT32R4, VLAN 4 on Lagg0

VLANS:
lagg0 / vlan tag 4 / priority blank / description R4

Switches->vlans:
802.1Q enabled
group 5, vlan tag 4, members 2t, 3t, 4t, 5t, 6t, 7t, 8t, 9t, 10t.

General configuration for Interface OPT32R4:
enabled
ipv4 static
switch port - not selected
ipv4 address: 10.1.4.1 / 24

Testing - I tried plugging in my windows computer into port 7, with the network card tagged as VLAN ID 4. I do not get a dhcp address at all. Am I doing something wrong here?

Note: I will eventually get a managed switch and connect it to port 7 and configure my port-based vlans there.

froek

I am wondering if it's something special I need to do on the switch ports? I have set this up before perfectly on my 6100 no problem, but it does not have the automatic lagg0 like it does on the 7100. Devices are not getting an ip at all so I know it's not a firewall issue.

rcoleman-netgate

@froek said in XG 7100 vlan dhcp configuration problem:

I am wondering if it's something special I need to do on the switch ports? I have set this up before perfectly on my 6100 no problem, but it does not have the automatic lagg0 like it does on the 7100. Devices are not getting an ip at all so I know it's not a firewall issue.

Run a packet capture on the VLAN interface... do you see any traffic coming in tagged? Or at all? Is your switch configured to have VLAN 4 tagged on uplink? Or are your devices all connected natively/directly? If so then you need to have those ports as untagged not tagged -- but also set their PVIDs and make sure the LAN (and no other ports) are tagged.

Your test suggests that you should verify the traffic with a packet capture, too.

stephenw10

Can we assume you have enabled the DHCP service on VLAN4 (OPT32R4)? You don't mention it above.

Steve

froek

Here's my switch/interface assignments and dhcp settings.

@froek

I haven't done a packet capture yet, but will try that out next, thanks for the replies.

froek

My uplink is on ETH1, my ETH7 is connected to my ubiquity switch (all port profile), and I tagged ALL for port 1 ubiquity switch, vlan 3 for port 2, vlan 4 for port 3, and no matter what port I plug my pc into on the ubiquity side, I get no DHCP at all.

I have also directly connected my pc into ETH7 and made my VLANID on my windows machine as vlan 3 and even 4, and still nothing.

I probably have a misconfiguration on the switch side of the 7100.

froek

@rcoleman-netgate I ran a packet capture, and didn't see anything on the interface. I tried with WAN and it's fine, so kinda odd that the interface shows nothing.

rcoleman-netgate

@froek Try in Promiscuous Mode and see what comes up. I suspect you have a config problem... either the port is tagged and shouldn't be or isn't and should be.

froek

@rcoleman-netgate Interesting, I may not have been waiting long enough, or didn't unplug/replug it during the test like I did just now and I do get the following:

22:02:58.277090 IP6 fe80::e181:30f:42a9:8698.546 > ff02::1:2.547: UDP, length 82
22:02:58.418512 ARP, Request who-has 169.254.24.212 tell 169.254.24.212, length 46
22:02:58.453102 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 26
22:02:58.453470 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 26
22:02:58.453842 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 64
22:02:58.454156 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 64
22:02:58.514314 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:02:58.514583 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:02:58.514764 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:02:58.812457 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:02:58.812783 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:02:58.813222 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:02:58.813364 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:02:59.264251 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:02:59.264263 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:02:59.264341 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:02:59.821371 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
22:03:00.021260 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:03:00.021271 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:03:00.021534 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:03:00.410381 ARP, Request who-has 169.254.24.212 tell 169.254.24.212, length 46
22:03:00.783403 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:03:00.783419 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:03:00.783426 IP 169.254.24.212.137 > 169.254.255.255.137: UDP, length 68
22:03:02.285305 IP6 fe80::e181:30f:42a9:8698.546 > ff02::1:2.547: UDP, length 82
22:03:02.981874 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:03:02.982088 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:03:02.982675 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:03:02.982793 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:03:04.002506 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:03:04.002716 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:03:04.003361 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:03:04.003417 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:03:04.829215 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
22:03:06.007668 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:03:06.007793 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:03:06.008636 IP 169.254.24.212.5353 > 224.0.0.251.5353: UDP, length 40
22:03:06.008897 IP6 fe80::e181:30f:42a9:8698.5353 > ff02::fb.5353: UDP, length 40
22:03:10.291727 IP6 fe80::e181:30f:42a9:8698.546 > ff02::1:2.547: UDP, length 82
22:03:12.539754 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300

froek

@rcoleman-netgate Thank you Ryan - you got me pointed in the right direction! I realized by checking and double checking my rules I had messed up the tagging in the Interfaces/Switch/VLANs and the specific VLAN I was tagging on the port in question. I was bouncing around between vlan 3 and 4 and was not unplugging my device in between configuration changes. I since configured eth 7 as TAGGED, plugged my switch into that port as uplink, plugged into port 3 (which was vlan 3 on the switch), ensured my interface was tagging that opt device with the correct vlan, and the pc picked up the device right away.

I then quickly realized a firewall rule to allow traffic (not just TCP) was required in order to allow DNS queries to work. Thank you everyone for the replies!

rcoleman-netgate

@froek said in XG 7100 vlan dhcp configuration problem:

Thank you Ryan - you got me pointed in the right direction!

You're welcome :)