Brocade ICX-6450 DHCP problems with certain IoT devices

Discussion in 'Networking' started by bandit1216, Dec 2, 2018.

  1. bandit1216

    bandit1216 New Member

    Joined:
    Jun 6, 2018
    Messages:
    7
    Likes Received:
    0
    I bought one of the 48-port switches based on recommendations from this thread (thanks to fohdeesha for the help). This switch basically replaced my SG300 which was running all my DHCP server pools and trunking 3 VLANs for my home network. I have 3 TP-Link APs with VLAN tagging that were connected directly to the SG300 (guest network, regular, internal/servers), now connect to the Brocade.

    After getting the Brocade set up, everything was working for the most part however two devices cannot get a DHCP address and I can't for the life of me figure out why. One is an Ecobee3 (which luckily can be set with a static IP) and the other is a Roku stick (which cannot). I tried flushing the ARP cache on the switch and rebooting all my APs to force new IP leases as well as IP reservations and both devices still fail to get an IP. The weird thing is I have far "dumber" IoT devices in my household (TP-link wifi switches, which I have to put on a dedicated 2.4GHz SSID or they'll randomly disconnect), so I'm not really sure what's going on. Verified that they are connecting to my APs without problems and nothing has changed with that setup. These devices are connecting to VLAN 243 (config below). I have another Roku wired to the switch that has no problem getting a DHCP address, so I'm wondering if there some problem with DHCP discovery between APs and the switch.

    I did a little research on DHCP options thinking there might be some option not set by default on this switch that is set on the SG switches but I'm having a hard time wrapping my tiny brain around all the different options and whether they're applicable to my issue. The only thing I'm seeing in the switch logs are a bunch of messages "No ARP-PING reply from client xxx.xxx.xxx", but I'm seeing this for pretty much all the devices on that VLAN/subnet, most of which connect fine.

    The switch works great other than this problem, but it's only the the 2nd L3 switch I've worked with and I'm still a novice with networking concepts. Anyway, appreciate any help, config below (somewhat sanitized). The switch runs behind a pfsense firewall (192.168.241.1) which has all the necessary static routes back to the switch. Again nothing changed with my overall setup, only substituting this switch for the SG300.

    ver 08.0.30saT313
    !
    stack unit 1
    module 1 icx6450-48-port-management-module
    module 2 icx6450-sfp-plus-4port-40g-module
    !
    global-stp
    !
    !
    !
    vlan 241 name DEFAULT-VLAN by port
    router-interface ve 241
    spanning-tree
    !
    vlan 243 by port
    tagged ethe 1/1/1 to 1/1/3 ethe 1/1/5 to 1/1/48
    untagged ethe 1/1/4
    router-interface ve 243
    !
    vlan 247 by port
    tagged ethe 1/1/1 to 1/1/3 ethe 1/1/5 to 1/1/48
    router-interface ve 247
    !
    !
    !
    !
    !
    aaa authentication web-server default local
    default-vlan-id 241
    enable password-display
    enable acl-per-port-per-vlan
    hostname icx6450
    ip dhcp-server enable
    ip dhcp-server arp-ping-timeout 30
    !
    ip dhcp-server pool 241
    dhcp-default-router 192.168.241.2
    dns-server 192.168.241.12 192.168.241.9
    domain-name example.com
    excluded-address 192.168.241.1 192.168.241.99
    lease 1 0 0
    network 192.168.241.0 255.255.255.0
    deploy
    !
    !
    ip dhcp-server pool 243
    dhcp-default-router 192.168.243.2
    dns-server 192.168.241.12 192.168.241.9
    domain-name example.com
    excluded-address 192.168.243.1 192.168.243.99
    lease 1 0 0
    network 192.168.243.0 255.255.255.0
    deploy
    !
    !
    ip dhcp-server pool 247
    dhcp-default-router 192.168.247.2
    dns-server 192.168.241.12 192.168.241.9
    domain-name example.com
    excluded-address 192.168.247.1 192.168.247.99
    lease 1 0 0
    network 192.168.247.0 255.255.255.0
    deploy
    !
    ip directed-broadcast
    ip dns domain-list example.com
    ip dns server-address 192.168.241.1
    ip irdp
    ip proxy-arp
    no ip rarp
    ip route next-hop-enable-default
    ip route next-hop ospf
    ip route 0.0.0.0/0 192.168.241.1
    ip router-id 192.168.241.2
    !
    !
    !
    clock summer-time
    clock timezone gmt GMT-07
    !
    !
    ntp
    server 132.163.96.5
    !
    !
    no web-management http
    web-management https
    web-management frame bottom
    web-management page-menu
    !
    !
    !
    interface ethernet 1/1/1
    dual-mode
    !
    interface ethernet 1/1/2
    dual-mode
    !
    interface ethernet 1/1/3
    dual-mode
    !
    interface ethernet 1/1/5
    dual-mode
    !
    interface ethernet 1/1/6
    dual-mode
    !
    interface ethernet 1/1/7
    dual-mode
    !
    interface ethernet 1/1/8
    dual-mode
    !
    interface ethernet 1/1/9
    dual-mode
    !
    interface ethernet 1/1/10
    dual-mode
    !
    interface ethernet 1/1/11
    dual-mode
    !
    interface ethernet 1/1/12
    dual-mode
    !
    interface ethernet 1/1/13
    dual-mode
    !
    interface ethernet 1/1/14
    dual-mode
    !
    interface ethernet 1/1/15
    dual-mode
    !
    interface ethernet 1/1/16
    dual-mode
    !
    interface ethernet 1/1/17
    dual-mode
    !
    interface ethernet 1/1/18
    dual-mode
    !
    interface ethernet 1/1/19
    dual-mode
    !
    interface ethernet 1/1/20
    dual-mode
    !
    interface ethernet 1/1/21
    dual-mode
    !
    interface ethernet 1/1/22
    dual-mode
    !
    interface ethernet 1/1/23
    dual-mode
    !
    interface ethernet 1/1/24
    dual-mode
    !
    interface ethernet 1/1/25
    dual-mode
    !
    interface ethernet 1/1/26
    dual-mode
    !
    interface ethernet 1/1/27
    dual-mode
    !
    interface ethernet 1/1/28
    dual-mode
    !
    interface ethernet 1/1/29
    dual-mode
    !
    interface ethernet 1/1/30
    dual-mode
    !
    interface ethernet 1/1/31
    dual-mode
    !
    interface ethernet 1/1/32
    dual-mode
    !
    interface ethernet 1/1/33
    dual-mode
    !
    interface ethernet 1/1/34
    dual-mode
    !
    interface ethernet 1/1/35
    dual-mode
    !
    interface ethernet 1/1/36
    dual-mode
    !
    interface ethernet 1/1/37
    dual-mode
    !
    interface ethernet 1/1/38
    dual-mode
    !
    interface ethernet 1/1/39
    dual-mode
    !
    interface ethernet 1/1/40
    dual-mode
    !
    interface ethernet 1/1/41
    dual-mode
    !
    interface ethernet 1/1/42
    dual-mode
    !
    interface ethernet 1/1/43
    dual-mode
    !
    interface ethernet 1/1/44
    dual-mode
    !
    interface ethernet 1/1/45
    dual-mode
    !
    interface ethernet 1/1/46
    dual-mode
    !
    interface ethernet 1/1/47
    dual-mode
    !
    interface ethernet 1/1/48
    port-name Firewall
    dual-mode
    !
    interface ve 241
    ip address 192.168.241.2 255.255.255.0
    !
    interface ve 243
    ip address 192.168.243.2 255.255.255.0
    !
    interface ve 247
    ip address 192.168.247.2 255.255.255.0
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    end
     
    #1
  2. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    940
    Likes Received:
    683
  3. bandit1216

    bandit1216 New Member

    Joined:
    Jun 6, 2018
    Messages:
    7
    Likes Received:
    0
    Ha, thanks fohdeesha. I swear I searched the forum, guess I didn't look hard enough! I'm looking through your link, so TL;DR is it not possible to make the DHCP server on this switch "authoritative"?
     
    #3
  4. Juggie

    Juggie New Member

    Joined:
    Nov 3, 2018
    Messages:
    16
    Likes Received:
    4
    Why not just use the pfsense DHCP? You would need to add a VLAN to pfsense which I assume is already done to route the traffic and then go enable DHCP on it. No reason to use the DHCP from the switch. Or were you running both DHCP servers by accident?
     
    #4
  5. bandit1216

    bandit1216 New Member

    Joined:
    Jun 6, 2018
    Messages:
    7
    Likes Received:
    0
    I've just always run DHCP on my L3 switch, I could definitely run it on pfSense. I guess in my mind it's simpler to have the switch handle all LAN duties. I think ultimately I'll move DHCP to my domain controllers with failover.
     
    #5
  6. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    940
    Likes Received:
    683
    pfsense/opnsense does not support DHCP for anything that's not a directly connected subnet. So it flat out does not work with inter-vlan routing on the switch, which is most people's setups with L3 switches that want wirespeed routing between local networks, especially with 10gbe and 40gbe hardware.

    I and many others have been trying to get them to implement this, even offering money, which is strange as pretty much every other DHCP implementation has supported such a basic feature for the last 20 years, it's pretty much the only way dhcp is configured in an enterprise environment. In fact, it's been supported in dhcpd since I was 8 years old:

    Feature: DHCP server able to handle non-interface configured subnets · Issue #910 · opnsense/core

    DHCP Serving multiple subnets to remote networks (vlans), not directly connected · Issue #2238 · opnsense/core
     
    #6
  7. Juggie

    Juggie New Member

    Joined:
    Nov 3, 2018
    Messages:
    16
    Likes Received:
    4
    Ah, that makes sense. I have multiple VLAN's but I have not been concerned with routing substantial amounts of traffic between them (or any, as i've mostly used them for isolation) Nor do I have the pleasure of having 10GE or 40GE at this time (though I am stalking ebay for a switch).

    I'm an opnsense user as well. Would be excellent if they'd add that. Is it not possible though to add the vlan to opnsense, enable the dhcp, but force the gateway to be another ip?
     
    #7
    Last edited: Dec 2, 2018
Similar Threads: Brocade ICX-6450
Forum Title Date
Networking Brocade ICX6450 - Help with VLAN Config/SFP Licensing Question Oct 3, 2018
Networking LB6M (brocade firmware) Trouble Routing Vlans Jul 13, 2018
Networking Brocade ICX6450 / ICX6610 / ETC Jul 12, 2018
Networking Brocade ICX-6610 with Bell Canada Fibe FTTH Jul 1, 2018
Networking Having Issues With Brocade Switch - Not Booting May 5, 2018

Share This Page