Servicing DHCP requests from another subnet

Unanswered Question
Apr 30th, 2009

Hi guys

We have gone from a very flat network (single vlan, single subnet) to multiple subnets/vlans.

We have a DHCP server sitting on 192.168.2.x (servers) and workstations on a new subnet 192.168.8.x

I have configured the VLAN with an ip helpder address for the two DHCP servers but the DHCP requests go nowhere beyond the subnet/vlan (192.168.8.x).

I was looking further into this and read about the ip directed broadcast command. There seem to be mixed feelings about this command/config.

Reading into the command it would seem to suggest that this could be causing the issue for this VLAN as the broadcast is not going to the other subnet.

Do you think this is causing the problem? I dont want to be adding congestion to the network in doing this if this is not necessary?

I should also mention that I am using two 3560E's for routing and Windows 2003 servers as DHCP servers.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
SJessulat_2 Thu, 04/30/2009 - 03:43

Hi Darren,

as far as i remember, the "ip helper-address" command transforms the DHCP-Discover broadcasts into unicasts to the specified address. So you would not need the "ip directed broadcast" function.

Did you make sure to add the "ip helper-address command" to the interface, where the broadcasts originate, so in your case the 192.168.8.x vlan?



darren-carr Thu, 04/30/2009 - 03:48

Hi Sebastien

Yes I have configured the 'ip helper' on the VLAN that the broadcast originated from.


interface vlan8

ip helper address 192.168.2.x

ip helper address 192.168.2.x

I captured the packet using a sniffer and it does not seem to get beyond the switch?

The switchport is also in vlan 8



SJessulat_2 Thu, 04/30/2009 - 04:01


could you paste the config of the 3560?

Is communication between the vlans possible at all, i.e. with static ip adresses?



darren-carr Thu, 04/30/2009 - 04:57


Here is the config

interface Vlan20

description xxxxx

ip address

ip helper-address

ip helper-address

standby 1 ip

standby 1 preempt


I use HSRP for redundancy at layer 3.

From the switch I can ping devices on different subnets?



SJessulat_2 Thu, 04/30/2009 - 05:08

Hi Darren,

what i wanted to say was:

can you ping to a device in the 192.168.20.x-vlan from a device in the 192.168.2.x-vlan? You could try that with a static ip-address.

If the ping fails, then you should enable "ip routing" on the 3560's. If the ping succeeds, we have to look further.

Do the DHCP-Servers have the 3560's ip address as their gateway?



darren-carr Thu, 04/30/2009 - 16:21


If I give the machine a static IP address on a different subnet I can ping devices on the subnet where the DHCP server is located.

IP routing is enabled on the switch and I can route between VLANs.

The DHCP server does not use the same GW as the GW on the switch. With HSRP my VLAN8 uses that translates to an address on the 192.168.2.x network for routing in the HSRP configuration. The DHCP server GW is set to the address of my firewall which is on the same subnet. I have routes to get from the FW to the 192.168.8.x subnet/vlan but im thinking this could be the issue as it is a broadcast request that is probably not being returned by my firewall to the subnet.

I am going to SPAN the port and see what is going on today and will also be changing the GW on the DHCP server.



darren-carr Sun, 05/03/2009 - 16:16

Hi guys

I still have this problem. I have captured the traffic on the switch for the VLAN. Please see below:

Frame 5 (342 bytes on wire, 342 bytes captured)

Arrival Time: May 4, 2009 09:57:29.500397000

[Time delta from previous captured frame: 0.422059000 seconds]

[Time delta from previous displayed frame: 4.043763000 seconds]

[Time since reference or first frame: 4.043763000 seconds]

Frame Number: 5

Frame Length: 342 bytes

Capture Length: 342 bytes

[Frame is marked: False]

[Protocols in frame: eth:ip:udp:bootp]

[Coloring Rule Name: UDP]

[Coloring Rule String: udp]

Ethernet II, Src: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

Destination: Broadcast (ff:ff:ff:ff:ff:ff)

Source: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66)

Type: IP (0x0800)

Internet Protocol, Src: (, Dst: (

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

Total Length: 328

Identification: 0x011a (282)

Flags: 0x00

Fragment offset: 0

Time to live: 128

Protocol: UDP (0x11)

Header checksum: 0x388c [correct]

Source: (

Destination: (

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

Source port: bootpc (68)

Destination port: bootps (67)

Length: 308

Checksum: 0xf372 [correct]

Bootstrap Protocol

Message type: Boot Request (1)

Hardware type: Ethernet

Hardware address length: 6

Hops: 0

Transaction ID: 0xfef50c4b

Seconds elapsed: 0

Bootp flags: 0x8000 (Broadcast)

Client IP address: (

Your (client) IP address: (

Next server IP address: (

Relay agent IP address: (

Client MAC address: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66)

Server host name not given

Boot file name not given

Magic cookie: (OK)

Option: (t=53,l=1) DHCP Message Type = DHCP Discover

Option: (t=116,l=1) DHCP Auto-Configuration

Option: (t=61,l=7) Client identifier

Option: (t=50,l=4) Requested IP Address =

Option: (t=12,l=5) Host Name = "PC582"

Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"

Option: (t=55,l=11) Parameter Request List

Option: (t=43,l=2) Vendor-Specific Information

End Option


SJessulat_2 Sun, 05/03/2009 - 21:13

Hi Darren,

could you maybe post a diagram of your network, including your switches, firewall, dhcp-server and the corresponding ip-addresses.

This could help us understanding the packet flow.



darren-carr Sun, 05/03/2009 - 21:24

Hi Sebastian

It is a very simple network

Clients connect to Cisco 2960, in switchport VLAN20 (192.168.20.x), interfaces are trunked to Cisco 3560, Cisco 3560e performs the intervlan routing. The DHCP server is on VLAN1 (

The servers are connected to a Cisco 3750e which has an etherchannel to the Cisco 3560e. The etherchannel is configured to allow all VLANs across.

I have two 3560Es that perform the routing. They run HSRP. IP addresses and 252. I have defined the 20 VLAN on each of the switches and the actual gateway address for clients is which is the virtual address for the HSRP configuration and is what is used for clients as their default gateway.

The route for this client should be:

192.168.2.x mask

It would appear that it is a very simple configuration.

I will try to put a drawing together to explain better but as you can see it is not that complex?

bs6825 Sun, 05/03/2009 - 21:49

Hi Darren,

I just want to clarify something, in your original and second post you say that the DHCP client is going to be in Vlan8. In the config for Vlan8 you do not show an ip address statement. Is this just omitted from the post? The IP address need to be attached to the Layer 3 interface.

darren-carr Sun, 05/03/2009 - 22:02


There are two VLANs that need to get an IP address now, please see below the configuration taken from the L3 switches

interface Vlan8

ip address

ip helper-address

ip helper-address

standby 1 ip

standby 1 preempt


SW002#sh run int vlan 20

Building configuration...

Current configuration : 203 bytes


interface Vlan20

description xxxxx

ip address

ip helper-address

ip helper-address

standby 1 ip

standby 1 preempt


darren-carr Sun, 05/03/2009 - 23:31

Problem resolved....

no service dhcp in global parameters...

Doh! my mistake..inherited switch config and assumed! (bad) it was ok!

sorry guys... enabling 'service dhcp' fixed the issue!




This Discussion