> Or do you mean that you have other routing issues? I have other routing issues.
More detail for the interested: I have a ProCurve 5308xl standing as the core swtich in our district. All of the schools connect to it over gigabit fiber, save one 100mbit school. I am trying to get a guest vlan working so I can put visitors and non-work related wifi devices on a separate network, but I want them to be forced to use our content filter. Our content filter can't support multiple networks/vlans, but it can support multiple routed subnets. (Note I've complained to the manufacturer about this, but I don't seem to be getting anywhere on this front.) So, I need to route all of this "Guest" network through our normal network, while applying an ACL that prevents any traffic to/from this network except to/from our gateway/content filter. I've got it working... sorta. I can get on the network, I get an IP from our DHCP server (Thanks guys!) and I can ping the other subnet and even the gateway. I just can't ping past the gateway. I have a few theories I'm working through: Is my gateway/content filter somehow blocking the traffic? (Possibly) Is the gateway/content filter not setup to route traffic that originates in a subnet? (Also possibly) The only odd thing I can see is that I can ping another subnet's interface on the 5308xl... and my route should not allow that. Thus, I'm looking at that as well... Does the default route take over even if I specify a route for a VLAN? --Matt Ross Ephrata School District ----- Original Message ----- From: Kurt Buff [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Fri, 12 Aug 2011 11:53:01 -0700 Subject: Re: DHCP Server and multiple subnets > Are you meaning that you need to forward a DHCP request over more than > 1 router? That is, requestor is on subnet1, makes a request, router2 > forwards it over subnet2 to router2, which then forwards it to the > DHCP server on subnet3. I haven't done that, nor heard of anyone who > does, but it might be possible. That would be interesting. If that's > the situation, however, I'd use it to make a case to collapse those > two routers into one, if circumstances permitted. > > Or do you mean that you have other routing issues? > > Kurt > > On Fri, Aug 12, 2011 at 11:38, Matthew W. Ross <[email protected]> > wrote: > > Thanks all. I tried it, and it worked perfectly... except I can't get it > to route beyond the first router. But to my original question, DHCP passes > along as prescribed and I can ping between subnets. > > > > Thanks for the help. > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: Kurt Buff > > [mailto:[email protected]] > > To: NT System Admin Issues > > [mailto:[email protected]] > > Sent: Fri, 12 Aug 2011 > > 11:28:50 -0700 > > Subject: Re: DHCP Server and multiple subnets > > > > > >> Not trickery. > >> > >> Assuming that there's a router in your environment, you need to put a > >> helper address on the router for each subnet for which the DHCP server > >> will be serving addresses. (You can run multiple subnets without a > >> router, but it's really a bad idea.) > >> > >> For instance, on my HP 3400cl core switch, two of my vlans are set up > >> as follows: > >> > >> vlan 111 > >> name "VLAN111" > >> ip address 192.168.xx.xx 255.255.255.0 > >> ip helper-address 192.168.xx.xx > >> tagged 25-47 > >> exit > >> vlan 112 > >> name "VLAN112" > >> ip address 192.168.xx.xx 255.255.255.0 > >> ip helper-address 192.168.xx.xx > >> tagged 25-47 > >> exit > >> > >> It'll be very similar syntax on a Cisco switch for the helper address. > >> > >> The router then forwards the broadcast packet with to the DHCP server. > >> > >> Kurt > >> > >> On Fri, Aug 12, 2011 at 08:44, Matthew W. Ross <[email protected]> > >> wrote: > >> > Hey list, quick question for ya as my googlefu is not coming up with > >> concrete answers: > >> > > >> > Can a single DHCP server serve up two separate subnets? How does the > DHCP > >> server decide which subnet to place the client (besides reservations)? > Does > >> it just auto-magically figure it out based on where the broadcast is > coming > >> from, or is there other trickery involved? > >> > > >> > > >> > --Matt Ross > >> > Ephrata School District > >> > > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > > >> > --- > >> > To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> > or send an email to [email protected] > >> > with the body: unsubscribe ntsysadmin > >> > > >> > > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to [email protected] > >> with the body: unsubscribe ntsysadmin > >> > >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
