DHCP Relay problems

Unanswered Question

Hi everyone,


I was wondering if anyone could offer some advice/help/clues etc for this problem.


Within the network I administer I use DNS to dish out the wpad script to enable internet access. Recently a couple of new proxy servers were installed and in a attempt to not bloat the original script any further I decided create a new script to issue the wpad config to hosts through the DHCP server using option 252. (What does this have to do with Cisco?) Well from within the segment where the DHCP server is I am able to receive option 252 however from any other VLAN I fail to receive option 252, according to wireshark, I am using ip-helper-address on each VLAN. This is the odd part, I do get option 252 when I run ipconfig /renew from a segment without the DHCP on it…..


Hardware; 6509 chassis with a SUP720 MSFC3 running 12.2(14)SX2

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Sebastian Helmer Wed, 08/04/2010 - 11:40
User Badges:
  • Silver, 250 points or more

DHCP is more than give you an IP, like you see it also offers you the option 252 also. check the scope of your vlan

where it is not working. the option is case sensitiv. dhcp relay is just necessary to allow the dhcp request (broadcast from client to server over routing)


mabye resart the pc if everything looks ok.


thats all ideas for the moment ..


regards,

Sebastian

tprendergast Wed, 08/04/2010 - 13:31
User Badges:
  • Silver, 250 points or more

Summary:


- You have multiple vlans. Somewhere, the router with the SVI for these VLANs has "ip dhcp-helper address a.b.c.d" where a.b.c.d is the ip address of your DHCP Server.

- Your DHCP server sees DHCP requests from clients on other VLANs?

- Clients on the same VLAN as the DHCP server get the response with option 252.

- Clients on other VLANs do NOT get responses with option 252?


Your statement is slightly contradictory when you say:

"Well from within the segment where the DHCP server is I am able to receive option 252 however from any other VLAN I fail to receive option 252"


And then:

"This is the odd part, I do get option 252 when I run ipconfig /renew from a segment without the DHCP on it"


So it is slightly confusing.


Do clients on the "other" VLANs get IP addresses, but not the option 252 field? If you run a full packet dump on a client in another VLAN during the DHCP (ipconfig /renew) process, do you see it getting option 252?


I would highly recommend turning other DHCP servers off and only testing with the one you are interested in using (even if it is just filtering it at the routing interface ACL) to make sure another server isn't responding faster than this one. If you have a host on a segment with ip dhcp-helper address assigned, it will still take the first DHCP response which could come from someplace else (depending on your network setup).


Please clarify a little and we'll try to help further.


Cheers,

Tim

Thanks for the replies, I'll try and answer those points.


1). Yes the core router has many VLAN's all configured with the same ip-helper-address a.b.c.d (I only have two DHCP servers on the network)

2). The DHCP server does see the requests from hosts in other VLAN's

3). Clients on the same segment get option 252 in the every DHCP ACK from the DHCP server

4). Clients in other segments which use the DHCP relay do not get option 252 in the DHCP ACK when booting up or if the network cable is unplugged and plugged back in again, however they do get option 252 when I manually run "ipconfig /renew".


Cheers Fastethernet

tprendergast Wed, 08/04/2010 - 14:31
User Badges:
  • Silver, 250 points or more

Thanks, that is very clear.


It sounds odd, because we know DHCP works when you manually do it. Are you using portfast on the switchports to the hosts? Is it possible the DHCP is getting lost while the port is going through listening and learning spanning-tree functions?


If you sniff the host and DHCP server simultaneously, and you unplug the cable and plug it back in... what happens? Does the packet get to the DHCP server or does it just never arrive? Something else seems to be amiss.


Try putting a host on a port with spanning-tree portfast on it and testing if you haven't already.

Hi Tim,


Good point about portfast, the switchport was running spanning-tree portfast.


The packet trace from wireshark shows a DHCP ACK packet with various DHCP options; default gateway, domain etc however it's missing option 252 unless I manually force a renew. The packets are getting from the client to the server and back but the packet is missing the important option. I know there is a command to enable the DHCP relay client to forward option 82 "ip dhcp relay information trust-all" which does suggest the relay client could drop some data from the packet in transit. I cannot understand why when I manually force the renew I do get option 252...........

tprendergast Wed, 08/04/2010 - 15:03
User Badges:
  • Silver, 250 points or more

This sounds like a DHCP configuration thing... I recall at some point there was a difference between a totally new request (where the IP is released, then requested, as in ipconfig /renew) and a gratuitous DHCP request (ie you unplug the cable, then plug it in, and your system asks for an IP again) where the original IP was never relinquished to the DHCP server by the host.


My gut feeling is that this isn't related to your Cisco config whatsoever. I have a feeling this is entirely related to your DHCP server config in some way. I know that isn't comforting in any way.


I searched online and saw someone say this works great on XP but not on Vista, as well. What OS platforms have you tried?

tprendergast Wed, 08/04/2010 - 15:53
User Badges:
  • Silver, 250 points or more

There is a difference in Windows DHCP server between a "refresh" and an "acquire" function in DHCP. I just checked with a guru.


I would say, if you can, stop and restart DHCP services and test again. There is a possibility that the server has cached some stuff from before you set the 252 option. See if things are better after a clean restart of the server/services.

Actions

This Discussion

Related Content