Brocade ICX-6450 DHCP problems with certain IoT devices

bandit1216

New Member
Jun 6, 2018
8
2
3
I bought one of the 48-port switches based on recommendations from this thread (thanks to fohdeesha for the help). This switch basically replaced my SG300 which was running all my DHCP server pools and trunking 3 VLANs for my home network. I have 3 TP-Link APs with VLAN tagging that were connected directly to the SG300 (guest network, regular, internal/servers), now connect to the Brocade.

After getting the Brocade set up, everything was working for the most part however two devices cannot get a DHCP address and I can't for the life of me figure out why. One is an Ecobee3 (which luckily can be set with a static IP) and the other is a Roku stick (which cannot). I tried flushing the ARP cache on the switch and rebooting all my APs to force new IP leases as well as IP reservations and both devices still fail to get an IP. The weird thing is I have far "dumber" IoT devices in my household (TP-link wifi switches, which I have to put on a dedicated 2.4GHz SSID or they'll randomly disconnect), so I'm not really sure what's going on. Verified that they are connecting to my APs without problems and nothing has changed with that setup. These devices are connecting to VLAN 243 (config below). I have another Roku wired to the switch that has no problem getting a DHCP address, so I'm wondering if there some problem with DHCP discovery between APs and the switch.

I did a little research on DHCP options thinking there might be some option not set by default on this switch that is set on the SG switches but I'm having a hard time wrapping my tiny brain around all the different options and whether they're applicable to my issue. The only thing I'm seeing in the switch logs are a bunch of messages "No ARP-PING reply from client xxx.xxx.xxx", but I'm seeing this for pretty much all the devices on that VLAN/subnet, most of which connect fine.

The switch works great other than this problem, but it's only the the 2nd L3 switch I've worked with and I'm still a novice with networking concepts. Anyway, appreciate any help, config below (somewhat sanitized). The switch runs behind a pfsense firewall (192.168.241.1) which has all the necessary static routes back to the switch. Again nothing changed with my overall setup, only substituting this switch for the SG300.

ver 08.0.30saT313
!
stack unit 1
module 1 icx6450-48-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
!
global-stp
!
!
!
vlan 241 name DEFAULT-VLAN by port
router-interface ve 241
spanning-tree
!
vlan 243 by port
tagged ethe 1/1/1 to 1/1/3 ethe 1/1/5 to 1/1/48
untagged ethe 1/1/4
router-interface ve 243
!
vlan 247 by port
tagged ethe 1/1/1 to 1/1/3 ethe 1/1/5 to 1/1/48
router-interface ve 247
!
!
!
!
!
aaa authentication web-server default local
default-vlan-id 241
enable password-display
enable acl-per-port-per-vlan
hostname icx6450
ip dhcp-server enable
ip dhcp-server arp-ping-timeout 30
!
ip dhcp-server pool 241
dhcp-default-router 192.168.241.2
dns-server 192.168.241.12 192.168.241.9
domain-name example.com
excluded-address 192.168.241.1 192.168.241.99
lease 1 0 0
network 192.168.241.0 255.255.255.0
deploy
!
!
ip dhcp-server pool 243
dhcp-default-router 192.168.243.2
dns-server 192.168.241.12 192.168.241.9
domain-name example.com
excluded-address 192.168.243.1 192.168.243.99
lease 1 0 0
network 192.168.243.0 255.255.255.0
deploy
!
!
ip dhcp-server pool 247
dhcp-default-router 192.168.247.2
dns-server 192.168.241.12 192.168.241.9
domain-name example.com
excluded-address 192.168.247.1 192.168.247.99
lease 1 0 0
network 192.168.247.0 255.255.255.0
deploy
!
ip directed-broadcast
ip dns domain-list example.com
ip dns server-address 192.168.241.1
ip irdp
ip proxy-arp
no ip rarp
ip route next-hop-enable-default
ip route next-hop ospf
ip route 0.0.0.0/0 192.168.241.1
ip router-id 192.168.241.2
!
!
!
clock summer-time
clock timezone gmt GMT-07
!
!
ntp
server 132.163.96.5
!
!
no web-management http
web-management https
web-management frame bottom
web-management page-menu
!
!
!
interface ethernet 1/1/1
dual-mode
!
interface ethernet 1/1/2
dual-mode
!
interface ethernet 1/1/3
dual-mode
!
interface ethernet 1/1/5
dual-mode
!
interface ethernet 1/1/6
dual-mode
!
interface ethernet 1/1/7
dual-mode
!
interface ethernet 1/1/8
dual-mode
!
interface ethernet 1/1/9
dual-mode
!
interface ethernet 1/1/10
dual-mode
!
interface ethernet 1/1/11
dual-mode
!
interface ethernet 1/1/12
dual-mode
!
interface ethernet 1/1/13
dual-mode
!
interface ethernet 1/1/14
dual-mode
!
interface ethernet 1/1/15
dual-mode
!
interface ethernet 1/1/16
dual-mode
!
interface ethernet 1/1/17
dual-mode
!
interface ethernet 1/1/18
dual-mode
!
interface ethernet 1/1/19
dual-mode
!
interface ethernet 1/1/20
dual-mode
!
interface ethernet 1/1/21
dual-mode
!
interface ethernet 1/1/22
dual-mode
!
interface ethernet 1/1/23
dual-mode
!
interface ethernet 1/1/24
dual-mode
!
interface ethernet 1/1/25
dual-mode
!
interface ethernet 1/1/26
dual-mode
!
interface ethernet 1/1/27
dual-mode
!
interface ethernet 1/1/28
dual-mode
!
interface ethernet 1/1/29
dual-mode
!
interface ethernet 1/1/30
dual-mode
!
interface ethernet 1/1/31
dual-mode
!
interface ethernet 1/1/32
dual-mode
!
interface ethernet 1/1/33
dual-mode
!
interface ethernet 1/1/34
dual-mode
!
interface ethernet 1/1/35
dual-mode
!
interface ethernet 1/1/36
dual-mode
!
interface ethernet 1/1/37
dual-mode
!
interface ethernet 1/1/38
dual-mode
!
interface ethernet 1/1/39
dual-mode
!
interface ethernet 1/1/40
dual-mode
!
interface ethernet 1/1/41
dual-mode
!
interface ethernet 1/1/42
dual-mode
!
interface ethernet 1/1/43
dual-mode
!
interface ethernet 1/1/44
dual-mode
!
interface ethernet 1/1/45
dual-mode
!
interface ethernet 1/1/46
dual-mode
!
interface ethernet 1/1/47
dual-mode
!
interface ethernet 1/1/48
port-name Firewall
dual-mode
!
interface ve 241
ip address 192.168.241.2 255.255.255.0
!
interface ve 243
ip address 192.168.243.2 255.255.255.0
!
interface ve 247
ip address 192.168.247.2 255.255.255.0
!
!
!
!
!
!
!
!
!
!
end
 

bandit1216

New Member
Jun 6, 2018
8
2
3
Ha, thanks fohdeesha. I swear I searched the forum, guess I didn't look hard enough! I'm looking through your link, so TL;DR is it not possible to make the DHCP server on this switch "authoritative"?
 

Juggie

New Member
Nov 3, 2018
27
8
3
Why not just use the pfsense DHCP? You would need to add a VLAN to pfsense which I assume is already done to route the traffic and then go enable DHCP on it. No reason to use the DHCP from the switch. Or were you running both DHCP servers by accident?
 

bandit1216

New Member
Jun 6, 2018
8
2
3
Why not just use the pfsense DHCP? You would need to add a VLAN to pfsense which I assume is already done to route the traffic and then go enable DHCP on it. No reason to use the DHCP from the switch. Or were you running both DHCP servers by accident?
I've just always run DHCP on my L3 switch, I could definitely run it on pfSense. I guess in my mind it's simpler to have the switch handle all LAN duties. I think ultimately I'll move DHCP to my domain controllers with failover.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,333
2,475
113
31
fohdeesha.com
Why not just use the pfsense DHCP? You would need to add a VLAN to pfsense which I assume is already done to route the traffic and then go enable DHCP on it. No reason to use the DHCP from the switch. Or were you running both DHCP servers by accident?
pfsense/opnsense does not support DHCP for anything that's not a directly connected subnet. So it flat out does not work with inter-vlan routing on the switch, which is most people's setups with L3 switches that want wirespeed routing between local networks, especially with 10gbe and 40gbe hardware.

I and many others have been trying to get them to implement this, even offering money, which is strange as pretty much every other DHCP implementation has supported such a basic feature for the last 20 years, it's pretty much the only way dhcp is configured in an enterprise environment. In fact, it's been supported in dhcpd since I was 8 years old:

Feature: DHCP server able to handle non-interface configured subnets · Issue #910 · opnsense/core

DHCP Serving multiple subnets to remote networks (vlans), not directly connected · Issue #2238 · opnsense/core
 
  • Like
Reactions: Karstino

Juggie

New Member
Nov 3, 2018
27
8
3
pfsense/opnsense does not support DHCP for anything that's not a directly connected subnet. So it flat out does not work with inter-vlan routing on the switch, which is most people's setups with L3 switches that want wirespeed routing between local networks, especially with 10gbe and 40gbe hardware.

I and many others have been trying to get them to implement this, even offering money, which is strange as pretty much every other DHCP implementation has supported such a basic feature for the last 20 years, it's pretty much the only way dhcp is configured in an enterprise environment. In fact, it's been supported in dhcpd since I was 8 years old:

Feature: DHCP server able to handle non-interface configured subnets · Issue #910 · opnsense/core

DHCP Serving multiple subnets to remote networks (vlans), not directly connected · Issue #2238 · opnsense/core
Ah, that makes sense. I have multiple VLAN's but I have not been concerned with routing substantial amounts of traffic between them (or any, as i've mostly used them for isolation) Nor do I have the pleasure of having 10GE or 40GE at this time (though I am stalking ebay for a switch).

I'm an opnsense user as well. Would be excellent if they'd add that. Is it not possible though to add the vlan to opnsense, enable the dhcp, but force the gateway to be another ip?
 
Last edited: