Cat4503 Multiple Vlans, one not forwarding dhcp request

Answered Question
Dec 19th, 2007

Ok, I tried searching before posting, but I couldn't really narrow my search terms, so no luck.


I have a couple of vlans 1,9,14 in relation to this issue. For some reason, vlan 9 all of a sudden, the clients are not receiving dhcp offers. The dhcp server is a win 2003 machine on vlan 14. Vlan 1 is functioning fine with the request and offers. I can statically assign an ip on a vlan 9 client and surf the web and ping the vlan 14 dhcp server. I used network monitor on the dhcp server and it did not show vlan 9 requests being forwarded but it showed vlan 1 requests and offers. I deleted and recreated both vlan 9 and vlan 9 dhcp scope. I disabled the acl on vlan 9. I made sure vlan 9 was enabled and the scope activated. No success. I do not have an acl on vlan 14. Im sure more info is needed or output, just let me know. Thanks in advance.

Correct Answer by glen.grant about 9 years 1 month ago

You can create a acl on 4506 to just allow packets from the dhcp server then do a "debug ip packet detail and you can watch what packets are going to and from the server . Also make sure portfast is on your user access ports for the ones you are having trouble with . Maybe post 4506 config and maybe we can see something .

Correct Answer by Danilo Dy about 9 years 2 months ago

Hi,


There are multiple reason for this to happen. Its either in the client side, server side, network side. Too many of them to enumerate here, I give you the link instead to follow the step-by-step troubleshooting guide.


Client side http://technet2.microsoft.com/windowsserver/en/library/1cba3948-5605-4a19-89ef-8762cdcdc7ad1033.mspx?mfr=true


Server side http://technet2.microsoft.com/windowsserver/en/library/6350df25-a5d9-46e4-82c7-85d9141aa24f1033.mspx?mfr=true


Network side http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a00800f0804.shtml


Regards,

Dandy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
rhopkins_nci Thu, 12/20/2007 - 06:15

Hey Dandy, thanks for the tips. I checked to make sure I had the helper IP and made sure it matched the other vlans. I tested turning off the server firewall and still no luck. This is just weird. I cant figure out whos to blame, the switch or the server, maybe me. One vlan forwards the broadcasts and one scope offers ip info. Is there anyway to debug the dhcp traffic for a catalyst 4503? Thanks again.

Danilo Dy Thu, 12/20/2007 - 06:44

Hi,


Can you try this in the VLAN9 gateway interface?


interface [VLAN9_Gateway_Interface_ID]

ip helper-address [Windows_2003_DHCP_IP_Address]

ip forward-protocol udp


Regards,

Dandy

rhopkins_nci Thu, 12/20/2007 - 07:27

Ok, I tried conf t->int vlan 9->ip for?, and the forward-protocol was not an option. Is that strange or what? But I was able to do it globally at conf t. So I am going to test it out. But its still strange that one vlan works while the other wouldn't with this command. Thanks again Dandy, RT.

rhopkins_nci Thu, 12/20/2007 - 08:16

Well of course no luck for me. I dont know what is going on. Is there anything else I could check or do? Thanks for the help, RT.

Correct Answer
Danilo Dy Sat, 12/29/2007 - 01:55

Hi,


There are multiple reason for this to happen. Its either in the client side, server side, network side. Too many of them to enumerate here, I give you the link instead to follow the step-by-step troubleshooting guide.


Client side http://technet2.microsoft.com/windowsserver/en/library/1cba3948-5605-4a19-89ef-8762cdcdc7ad1033.mspx?mfr=true


Server side http://technet2.microsoft.com/windowsserver/en/library/6350df25-a5d9-46e4-82c7-85d9141aa24f1033.mspx?mfr=true


Network side http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a00800f0804.shtml


Regards,

Dandy

Correct Answer
glen.grant Sat, 12/29/2007 - 12:18

You can create a acl on 4506 to just allow packets from the dhcp server then do a "debug ip packet detail and you can watch what packets are going to and from the server . Also make sure portfast is on your user access ports for the ones you are having trouble with . Maybe post 4506 config and maybe we can see something .

rhopkins_nci Sun, 12/30/2007 - 17:05

Thanks everyone, I created another vlan and scope for the faulty one and its working fine. But Im going to read over what you provided and try it out. I still want to figure out what in the world happened. Thanks again.

Actions

This Discussion