1

Something happened in our server room over the weekend that had me in the office late Saturday night replacing two switches. After powering down both racks, I have an issue where none of the computers that use DHCP are getting the settings required for our network. If they are set to static, everything works fine. So I think the issue is with the DHCP server.

We have a Juniper Netscreen NS-50 hardware firewall/router that does the DHCP serving. It is supposed to hand out an address in the 192.168.1.0 range, it's private IP as the gateway and a Windows Server box's IP for the primary DNS.

I can see that DHCP is still enabled in the NS50, so either it's not working properly or it's clashing with something else on our network...

How can I fault find this in order to get it working again?

Reece
  • 783
  • 2
  • 13
  • 32
  • Why did you replace the 2 switches? Were they just layer 2 switches? Can you debug the Netscreen DHCP calls or use wireshark to debug at the client level? – TheCleaner Oct 21 '13 at 01:00
  • One of the switches had a seized fan. The other was an old 10/100 hub. The new switches d-link managed websmart gigabit switches. I've set their IP on the same range as what the Juniper should be giving via DHCP. – Reece Oct 21 '13 at 01:25
  • if setting a client on a static IP works, then it's time to debug in the CLI of the Juniper or run wireshark on a client and see if there is or isn't DHCP requests and ACKs going back and forth. If the switches themselves have bootp/dhcp relay logs that would help too. Check to see if you have to enable dhcp relay on the new switches or not. – TheCleaner Oct 21 '13 at 01:38
  • I'm getting a lot of these messages in the NS50's logs: _2013-10-21 14:27:30 info DHCP server on interface ethernet2 received DHCPDISCOVER from 001f3b5e9339 requesting out-of-scope IP address 192.168.1.153/0.0.0.0_ and _2013-10-21 14:27:24 info One or more IP addresses have expired._ – Reece Oct 21 '13 at 03:30
  • and _DHCP server on interface ethernet2 received DHCPDISCOVER from 00016c385167 requesting out-of-scope IP address 169.254.9.180/0.0.0.0_ – Reece Oct 21 '13 at 03:31
  • @ TheCleaner. Your suggestion at looking into the DHCP settings on the switches was good. There was an option in the D-Link web interface for the switch to trust/untrust physical ports for DHCP monitoring and a spot to add trusted DHCP server's IP. I added my juniper's IP to this and it fixed all of my issues. Thanks! – Reece Oct 21 '13 at 05:01
  • thanks...I'll change my comment to an answer then to help close out this question. When you get a chance to accept it, I'd appreciate it. – TheCleaner Oct 21 '13 at 12:52

2 Answers2

2

Per my comments:

if setting a client on a static IP works, then it's time to debug in the CLI of the Juniper or run wireshark on a client and see if there is or isn't DHCP requests and ACKs going back and forth. If the switches themselves have bootp/dhcp relay logs that would help too. Check to see if you have to enable dhcp relay on the new switches or not.

So checking into the switches themselves, since they were the variable that changed, should be the best place to start.

As it turns out, the OP looked in the switches and there is a choice on these managed Dlink switches to add a trusted DHCP server. He added the Juniper's IP and it has fixed his issues.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
0

First, try disconnecting the LAN <-> switch from the Juniper and connect a laptop to the lan port (using a crossover cable).

If that works (you get an IP and network access) then you probably have a rogue DHCP server on your LAN. If it doesn't work then your NS-50 is not doing dhcp. Try disabling and enabling the DHCP service and rebooting the device

Will Sheldon
  • 86
  • 2
  • wait... should I be using a crossover from the juniper to the switch? I did replace a number of visibly poor cables. – Reece Oct 20 '13 at 22:41
  • I tested this in a different sort of way... The NS50 has 4 Ethernet ports. So on the spare one, I created a new IP Range and DHCP Table, connected a laptop to an empty Gbe switch and connected the switch directly to this Ethernet port on the NS50. The laptop received an IP address via DHCP with no issues at all. – Reece Oct 21 '13 at 03:33