DHCP and ip helper-address question.

Unanswered Question
Jun 18th, 2007

Hi

I have a problem thats bringing up something a bit basic in my mind, that I hope someone can clear up for me.

I have a trunk port on a 3560 switch that connects to a voip phone from which a PC hangs off. The phone needs to pick up a dhcp address in vlan 202, however the dhcp server is in vlan 2. I've put the following command "ip helper-address 10.11.2.200" on the router interface which has three sub-interfaces for each vlan i.e vlan 2,202 and 203.

Now when the phone issues a dhcp request the dhcp broadcast hits the router, the router then forwards the broadcast to the dhcp server (10.11.2.200), when the dhcp server receives the request it issues the address. Now my question is how does the dhcp server now what ip to give? how does it know what ip's need to be in vlan 202?

When I ran with the above scenario the phones never received a dhcp assigned address. The only way it worked was when I gave the vlan 202 interface on our 3560 switch an ip address, and then immediately the phone picked up the vlan 202 address, the vlan 202 network is 10.200.1.0 255.255.255.0.

Could someone please explain why putting an ip address on the vlan interface would suddenly allow the dhcp request to complete successfully? And how putting an ip address on the vlan helps the phone get the correct ip for vlan 202?

If you need any further info, or if I need to clarify please ask.

Thanks in advance

Dan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Timor_SSS Mon, 06/18/2007 - 01:37

1) Put the ip helper command on the subinterface of vlan 202 (not on interface itself). Be carefull, there might be a routing problem!!! Maybe you should consider assigning static IP addresses the the phones or placing an additional DHCP server on Vlan 2.

2) There are several methods that DHCP server can identify the requestor and assign it an appropriate IP. It can be MAC-based, vlan based and so on. If you'll provide more details about it, maybe I can help.

HTH

Tim

dan_track Mon, 06/18/2007 - 01:59

Hi

Thanks for you help.

1) The routing is actually a managed service, the ISP says that the sub-interfaces terminate at the interface and they can all see the ip-helper address command and IP.

2) Sorry I'm not sure what details you need. this is all implemented in windows active-directory. They dhcp scopes do have scope options. Is there anything in particular you need or is the whole dhcp config on the ad server?

Thanks

Dan

Richard Burts Mon, 06/18/2007 - 02:44

Dan

You are correct that resolving your issue requires some understanding of the basics of how DHCP and ip helper-address work. In the DHCP request packet one of the fields is for gateway address. When the layer 3 device (router or layer 3 switch) receives the DHCP request from the client and is going to use helper-address to forward the request to a DHCP server is a different subnet, then the layer 3 device puts its IP address into the gateway address field. When the request gets to the DHCP server, the server looks at the gateway address to determine where the request came from and therefore what scope to use to assign an address to the client.

So when there was no IP address on VLAN 202 interface (or subinterface) it could not fill in the gateway address and the DHCP request was not successful. When you assigned an IP address then it could fill in the gateway address and that is why the DHCP request started to work only when you put an IP address on the interface.

HTH

Rick

dan_track Mon, 06/18/2007 - 03:13

Hi

Thanks for that info. It was really helpful.

Can you just clarify something for me please. The switch and router are two separate devices, the switch is working at layer 2 and the router is a 2850 router. The ip on the router is different i.e (10.200.1.1) and the switch vlan 202 has 10.200.1.20. So how would the switch vlan's ip help it put the gateway ip address in the field.

Thanks

Dan

glen.grant Mon, 06/18/2007 - 03:23

The switch has nothing to to do with any routing if it is a layer 2 switch , the request is sent to the router address (gateway) for processing ,the router converts the broadcast to a unicast or directed broadcast via the ip helper statement to the dhcp server .The address on the switch itself is to manage the switch via telnet and nothing else and has nothing to do with a address being assigned.

dan_track Mon, 06/18/2007 - 03:30

Hi,

Thanks for that. Would you know why the DHCP started to work once I put the IP on the interface of the switch (layer 2), but wouldn't work before then?

Thanks

Dan

Richard Burts Mon, 06/18/2007 - 03:50

To resolve this I believe that we need to see the configs from the switch and from the router.

If the switch is really just a layer 2 operation then Glen is correct. The symptoms described (without an IP address on the switch the DHCP request fails and with an IP address on the switch the DHCP request is successful) suggest that the switch is operating at layer 3 as well as at layer 2. Seeing the configs would help to resolve this.

HTH

Rick

dan_track Mon, 06/18/2007 - 04:18

Hi

Here's the switch config. Not all the interfaces have been included as they are all the same.

Additionally the FastEthernet trunk links are connected to the phones that place themselves in vlan 202.

I don't have access to the router as that is managed by the ISP

The DHCP server is in vlan 1

Any questions please let me know.

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Switch1

!

enable secret 5 $au$apdblrkx4oliasfnagfd.dkgnfsf.GthI.

!

no aaa new-model

udld enable

ip subnet-zero

no ip domain-lookup

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause channel-misconfig

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery interval 180

no file verify auto

!

spanning-tree mode pvst

spanning-tree portfast bpduguard default

spanning-tree extend system-id

spanning-tree uplinkfast max-update-rate 15

spanning-tree uplinkfast

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

description ISP router

switchport trunk encapsulation dot1q

switchport mode trunk

no mdix auto

!

interface FastEthernet0/2

switchport access vlan 203

switchport mode access

speed 100

duplex full

no mdix auto

!

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust dscp

auto qos voip trust

no mdix auto

!

interface FastEthernet0/4

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust dscp

auto qos voip trust

no mdix auto

.

.

(all other interfaces same as FastEthernet 0/4

.

.

interface GigabitEthernet0/1

description uplink ports

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

description uplink ports

switchport trunk encapsulation dot1q

switchport mode trunk

interface Vlan1

ip address 10.11.2.100 255.255.255.0

!

interface Vlan202

ip address 10.200.1.20 255.255.255.0

!

interface Vlan203

no ip address

!

ip classless

ip http server

Thanks again

Dan

Richard Burts Mon, 06/18/2007 - 04:35

Dan

Thanks for posting the additional information. From the fact that there are 2 VLAN interfaces with IP addresses I believe that we can conclude that if both VLANs are active that this is not a simple layer 2 switch. A layer 2 switch can have only a single active VLAN interface with an IP address. So either this switch is acting as a layer 3 switch or there is an issue that one of the VLANs is not active. Is it a possibility that VLAN 202 was not active, producing the problem with DHCP requests, and that your config change made it active and allowed the DHCP request to be successful?

HTH

Rick

Timor_SSS Mon, 06/18/2007 - 04:18

Dan,

The topology that you've described here is simple "Routing on a stick", where each subinterface on the router is used as a gateway for VLAN. If you want IP helper to work, it must be configured on the subinterface! The reason it worked when it was connected to VLAN202, is that no inter-vlan DHCP queries were needed (the DHCP server was on the same Vlan with the IP phone).

Even if you'll configure it righe, you'll have a routing problem, because, the DHCP will assign IP's and Default gateways of vlan 202 to vlan 2 (which has a different subnet). Your Ip phoned will be unreacheble.

My advise, use static IP configuration on your IP phones or put some DHCP server inside vlan 2.

Tim

Actions

This Discussion