DHCP relay problems with VLAN on different physical interfaces

Githo
Githo Posts: 1
edited April 2021 in Security
Hi

We recently wanted to seperate our VLAN on different physical interfaces (USG310).
Situation where the problems occure:
VLAN 10 on ETH8 - the DC and all other servers are member of this VLAN - 10.10.0.0/16
VLAN 50 on ETH7 - 10.50.0.0 /16 - DHCP relay to 10.10.100.100

Both interfaces connected to same switch GS1920 48HP on a tagged - tag only port in their respective VLANS.
This switch is connected to other switches with tagged - tag only ports with all VLANS allowed.

Firewall isn't an issue for testing purposes ANY to ANY allowed.

So basicly before the change they were both on ETH8, working fine. After the transfer our clients are getting ip addresses from both ranges. Clients on untagged 50 ports are getting 10.10.x.x addresses and vica versa. So somewhere along the line the tags are messed up.
This occures on all switches (main one and beyond).

Any hints on what I might be missing are much appreciated!

Best regards

All Replies

  • Dudley_Winchester
    Dudley_Winchester Posts: 21
    First Comment Third Anniversary
     Freshman Member
    Here is a thought, which you may have already considered.
    Between switches I guess you allow all VLANs between them, and have set them as "Trunk" Ports - so any traffic can flow freely between the switches (as if they were one big switch).
    On the two GS1920-48 ports that connect to the USG - I would not set them as trunk ports in the VLAN menu, otherwise all VLANs may go through either ports.
    I am assuming that each of the two ports on the switch have been set with the correct default VLAN (It sounds like it in your thread).

Security Highlight