address-check

Problem

You have a 3Com 5500G-EI (or family) switch set up as a core router with multiple VLANs. You are using the DHCP relay functionality to pass DHCP requests back to a group of one or more central DHCP servers.

Clients with static IPs can't route, although they can see other systems on their subnets. DHCP clients on the same subnet (even the same physical wire!) work fine.

If you go so far as to snoop traffic, you can see the static systems ARP'ing but never getting any reply; pings the other way (ie through the router to the affected systems) show the router ARP'ing but the client never hooks up.

You confirm that you don't have an ACL problem (which is pretty unlikely since DHCP clients work properly).

Solution

You have the address-check enable parameter in your VLAN definition. The solution is to remove this from the affected VLANs; ie:

system-view
interface vlan-interface 102
address-check disable
quit

Discussion

When 3com writes in their documentation:

"address-check": use the address-check enable command to enable IP address match checking on the DHCP relay agent.

They mean:

"address-check": use the address-check enable command to prevent the routing of any statically IP'd system (ie FUCK ME HARDER PLEASE).

There is no where in the documentation which tells you that this parameter has any effect beyond the DHCP relay functionality.