cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20730
Views
0
Helpful
15
Replies

IP Helper_Address Problem 3750

dendazen2000
Level 1
Level 1

Hello everyone.

I think it is my last resort for help, as i broke my head already over this problem i am experiencing.

I have stack of 2 switches 3750s for core networking on the site and a stack of 4 2960-s for distribution

My problem is that my DHCP which is Win2008 Server is not working on the vlan interfaces.

It does work on the native vlan 1 which is 192.168.186.1/24

But i have 3 other VLANs(2,3,4:187.1,188.1,189.1).

So teh problem is that when i connect a workstation to VLAN2,3 or 4 i do not get DHCP ip address.

if i connect workstation to VLAN1 either to the core switch port or to any port of the 2960s switches, which assigned vlan1 interface i do get ip address

for the connected workstation.

The thing is when i connect WS to the vlan2,3, or 4 and assign ip address manually i can ping my DHCP server which connected to the VLAN1 port on the core switch and opposite can ping that manually assigned ip from DHCP server.

So i do not know what the problem is and service dhcp command was performed.

Here i am providing config output. of the core switch.

Please if anyone can help with soemthing or what i can do to troubleshoot.

By the way i've tried to us: debug dhcp detail command on the core switch when switching WS to get the ip from DHCP on VLAN2,3 or 4 but no output.

Current configuration : 7583 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname OpusCoreSwitch

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$AcFb$8eC/HK3tjW7B4wD8j2/bu.

!

no aaa new-model

switch 1 provision ws-c3750g-48ts

switch 2 provision ws-c3750g-48ts

system mtu routing 1500

vtp mode transparent

ip subnet-zero

ip routing

!

!

!

!

crypto pki trustpoint TP-self-signed-2680796288

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2680796288

revocation-check none

rsakeypair TP-self-signed-2680796288

!

!

crypto pki certificate chain TP-self-signed-2680796288

certificate self-signed 01

  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32363830 37393632 3838301E 170D3933 30333031 30303033

  33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36383037

  39363238 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100D4CC 30CD8504 CDFF9238 4B28C001 FB388FA5 8EE5CBFA 6D5EE6D1 C0CC383B

  CD7A94E2 9C0D4063 3EBBC494 0D9BB6A8 7448E8CF 06548C4C 9814670B 70C8EAD8

  D7684AF2 2FA71128 9E8471C5 32252380 A4EA8DA4 A1E8A5DA 4751337B 2E0DD2A4

  9F38381D 424A4F06 3D4A2EB5 5F76BF48 D57FB957 C05C802B 3161DE03 6895DD8F

  3C7B0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603

  551D1104 13301182 0F4F7075 73436F72 65537769 7463682E 301F0603 551D2304

  18301680 14A8F3EF DD632629 CEF9AC20 6F55312E 835646B4 1E301D06 03551D0E

  04160414 A8F3EFDD 632629CE F9AC206F 55312E83 5646B41E 300D0609 2A864886

  F70D0101 04050003 81810069 23FE6240 203BA97E 2A4C605F C434B6CB AB92EC04

  6B16F733 5C37F1E2 C9377165 A1CCA0D6 3A3A26CF 649058D3 EC363701 BDEDF0D7

  DA60BB4D FC7D33D9 DD215AF7 9F9894F3 F102B6F1 1E341F42 B8594211 A44B1EE2

  2A40615A 61457E2D 5BAC0194 FAC6048E 02A816FC B87FC566 904200FC 4C84336A

  EEB468C7 ECC8661D 9380D3

  quit

!

!

!

!

!

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2-4

!

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

description OPUS_PBX

switchport access vlan 4

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

switchport access vlan 4

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/7

switchport access vlan 2

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/8

switchport access vlan 3

switchport mode access

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

description Domain Cont

switchport mode access

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface GigabitEthernet1/0/29

!

interface GigabitEthernet1/0/30

!

interface GigabitEthernet1/0/31

!

interface GigabitEthernet1/0/32

!

interface GigabitEthernet1/0/33

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop

spanning-tree portfast

spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/34

!

interface GigabitEthernet1/0/35

!

interface GigabitEthernet1/0/36

!

interface GigabitEthernet1/0/37

!

interface GigabitEthernet1/0/38

!

interface GigabitEthernet1/0/39

!

interface GigabitEthernet1/0/40

!

interface GigabitEthernet1/0/41

!

interface GigabitEthernet1/0/42

!

interface GigabitEthernet1/0/43

!

interface GigabitEthernet1/0/44

!

interface GigabitEthernet1/0/45

!

interface GigabitEthernet1/0/46

!

interface GigabitEthernet1/0/47

!

interface GigabitEthernet1/0/48

!

interface GigabitEthernet1/0/49

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet1/0/50

switchport trunk encapsulation dot1q

switchport mode access

switchport nonegotiate

shutdown

channel-protocol pagp

!

interface GigabitEthernet1/0/51

!

interface GigabitEthernet1/0/52

!

interface GigabitEthernet2/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet2/0/2

!

interface GigabitEthernet2/0/3

!

interface GigabitEthernet2/0/4

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

!

interface GigabitEthernet2/0/22

!

interface GigabitEthernet2/0/23

!

interface GigabitEthernet2/0/24

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface GigabitEthernet2/0/29

!

interface GigabitEthernet2/0/30

!

interface GigabitEthernet2/0/31

!

interface GigabitEthernet2/0/32

!

interface GigabitEthernet2/0/33

!

interface GigabitEthernet2/0/34

!

interface GigabitEthernet2/0/35

!

interface GigabitEthernet2/0/36

!

interface GigabitEthernet2/0/37

!

interface GigabitEthernet2/0/38

!

interface GigabitEthernet2/0/39

!

interface GigabitEthernet2/0/40

!

interface GigabitEthernet2/0/41

!

interface GigabitEthernet2/0/42

!

interface GigabitEthernet2/0/43

!

interface GigabitEthernet2/0/44

!

interface GigabitEthernet2/0/45

!

interface GigabitEthernet2/0/46

!

interface GigabitEthernet2/0/47

!

interface GigabitEthernet2/0/48

description WAP1

switchport access vlan 3

!

interface GigabitEthernet2/0/49

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet2/0/50

!

interface GigabitEthernet2/0/51

!

interface GigabitEthernet2/0/52

!

interface Vlan1

ip address 192.168.186.20 255.255.255.0

ip helper-address 192.168.186.17

ip mask-reply

!

interface Vlan2

ip address 192.168.187.1 255.255.255.0

ip helper-address 192.168.186.17

!

interface Vlan3

ip address 192.168.188.1 255.255.255.0

ip helper-address 192.168.186.17

!

interface Vlan4

ip address 192.168.189.1 255.255.255.0

!

ip default-gateway 192.168.186.1

ip classless

ip default-network 192.168.186.0

!

ip default-gateway 192.168.186.1

ip classless

ip default-network 192.168.186.0

ip route 0.0.0.0 0.0.0.0 192.168.186.1

ip http server

ip http secure-server

!

!

!

!

control-plane

!

!

line con 0

line vty 0 4

password ****************

login

line vty 5 15

login

!

end

PLEASE if anyone can help me out with this i would appreciate as i do not know what else i can do to get it working.

Thank you very much in advance.

Danila

1 Accepted Solution

Accepted Solutions

pjmonline
Level 1
Level 1

I agree but with everything else looking ok I don't know what else to look at. All routing for vlans are done on switch. Vlan 1 routing is done on 192.168.186.1. Maybe change default gateway on dhcp server to ip of switch. Also change in vlan1 dhcp pool.

Sent from Cisco Technical Support iPhone App

View solution in original post

15 Replies 15

Denis Pointer
Level 1
Level 1

If you connect to VLAN 2 3 or 4, and assign a static IP to the PC are you able to talk to the DHCP server (i.e. ping if windows firewall isn't blocking ICMP, or RDP, etc.)?

A quick look at the config it seems ok (missing the ip helper on VLAN 4 interface though, and VLAN 1 should not need the ip helper command as it is the vlan with the DHCP server)

Can you confirm that you do have DHCP scopes for 192.168.187.0 /24, 192.168.187.0 /24, and 192.168.187.0 /24 created on the DHCP server? confirm they are enabled, and confirm that each scope has a default gateway address assigned (that is the .1 address...same as the vlan interface)?

"If you connect to VLAN 2 3 or 4, and assign a static IP to the PC are  you able to talk to the DHCP server (i.e. ping if windows firewall isn't  blocking ICMP, or RDP, etc.)?"

Yes, as i stated earlier:

"The thing is when i connect WS to the vlan2,3, or 4 and assign ip  address manually i can ping my DHCP server which connected to the VLAN1  port on the core switch and opposite can ping that manually assigned ip  from DHCP server."

"Can you confirm that you do have DHCP scopes for 192.168.187.0 /24,  192.168.187.0 /24, and 192.168.187.0 /24 created on the DHCP server?  confirm they are enabled, and confirm that each scope has a default  gateway address assigned (that is the .1 address...same as the vlan  interface)?"

Yes all confirm.

DHCP server configured correctly with default getaways:

vlan2- 192.168.187.1

vlan3-192.168.188.1

vlan4 - i od not really need dhcp here as this vlan for voice sip trunk.

Thank you.

pjmonline
Level 1
Level 1

Can you include screenshots of your dhcp server scopes and the options configured. You switch config look correct so I would say there is a problem on the shop server.

Sent from Cisco Technical Support iPhone App

Sure.

Attached please find screenshots of the dhcp server.

Thank you.

Please anyone ever had any similar problems?

Hello Danila,

I agree with all Paul's suggestions and verifications so far. Sadly it seems that so far, we have not identified the cause of your problem.

Are you by any chance running DHCP Snooping on your distribution 2960S switches? Is it possible to post the config of the 2960S stack as well?

Paul, please continue to submit your suggestions!

Best regards,

Peter

pjmonline
Level 1
Level 1

What's at 192.168.186.1? If a cisco router can you provide configuration of it?  Looking for ip route statements.  Ip route 192.168.187.0 255.255.255.0 192.168.186.20 and so forth for the other vlan.

Hi Paul,

don't you think routing could be allright? Danila confirmed that she successfully pings the DHCP server when she staticaly assigns IP in any of the VLANs.

It would be most interesting to find out where are the DHCP requests dropped.

But this is really an strange problem...

Best regards,

Jan

pjmonline
Level 1
Level 1

I agree but with everything else looking ok I don't know what else to look at. All routing for vlans are done on switch. Vlan 1 routing is done on 192.168.186.1. Maybe change default gateway on dhcp server to ip of switch. Also change in vlan1 dhcp pool.

Sent from Cisco Technical Support iPhone App

Paul,

The symptoms would perfectly align with DHCP Snooping being activated on 2960S stack for VLANs 2-4 and either no trusted port towards the 3750, or the 3750 dropping the DHCP requests coming from clients because of Option-82 being present and GIADDR being zero. If the 3750 was DHCP server itself, it would surely drop such DHCP requests. I am not sure what is it going to do if only the relay functionality is being used but we shall check that as well.

Danila, can you please run the debug ip dhcp server packet on your 3750 (make sure the terminal monitor is issued as well) and see if the 3750 complains about any problems with processing the DHCP requests coming from clients? The debug dhcp ... you originally performed is a debug of client functionality in the IOS, not a debug of the server/relay functionality.

Best regards,

Peter

"The symptoms would perfectly align with DHCP Snooping being  activated on  2960S stack for VLANs 2-4 and either no trusted port  towards the 3750,  or the 3750 dropping the DHCP requests coming from  clients because of  Option-82 being present and GIADDR being zero. If  the 3750 was DHCP  server itself, it would surely drop such DHCP  requests. I am not sure  what is it going to do if only the relay  functionality is being used but  we shall check that as well."

Well besides 2960-s even when i connect workstation to  the port on the core 3750 switch assigned to vlan 2 or 3 i do not get  dhcp ip.

I will come tomorrow and will do debug ip dhcp server packet to see any errors.

Thank you all.

Okay got some debuging output:

*Mar  3 19:16:08.209: DHCPD: Reload workspace interface Vlan2 tableid 0.

*Mar  3 19:16:08.209: DHCPD: tableid for 192.168.187.1 on Vlan2 is 0

*Mar  3 19:16:08.209: DHCPD: client's VPN is .

*Mar  3 19:16:08.209: DHCPD: Finding a relay for client 0100.c0b7.5aa2.6b on int                                    erface Vlan2.

*Mar  3 19:16:08.209: DHCPD: Looking up binding using address 192.168.187.1

*Mar  3 19:16:08.209: DHCPD: setting giaddr to 192.168.187.1.

*Mar  3 19:16:08.209: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.6b forwarded to 192                                    .168.186.17.

*Mar  3 19:16:23.082: DHCPD: Reload workspace interface Vlan1 tableid 0.

*Mar  3 19:16:23.082: DHCPD: tableid for 192.168.186.20 on Vlan1 is 0

*Mar  3 19:16:23.082: DHCPD: client's VPN is .

*Mar  3 19:16:23.082: DHCPD: Finding a relay for client 0100.c0b7.5aa2.49 on interface Vlan1.

*Mar  3 19:16:23.082: DHCPD: Looking up binding using address 192.168.186.20

*Mar  3 19:16:23.082: DHCPD: setting giaddr to 192.168.186.20.

*Mar  3 19:16:23.082: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.49 forwarded to 192.168.186.17.

*Mar  3 19:16:27.494: DHCPD: Reload workspace interface Vlan1 tableid 0.

*Mar  3 19:16:27.494: DHCPD: tableid for 192.168.186.20 on Vlan1 is 0

*Mar  3 19:16:27.494: DHCPD: client's VPN is .

*Mar  3 19:16:27.494: DHCPD: Finding a relay for client 0100.c0b7.5aa2.52 on interface Vlan1.

*Mar  3 19:16:27.494: DHCPD: Looking up binding using address 192.168.186.20

*Mar  3 19:16:27.494: DHCPD: setting giaddr to 192.168.186.20.

*Mar  3 19:16:27.494: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.52 forwarded to 192.168.186.17.

*Mar  3 19:16:38.475: DHCPD: Reload workspace interface Vlan1 tableid 0.

*Mar  3 19:16:38.475: DHCPD: tableid for 192.168.186.20 on Vlan1 is 0

*Mar  3 19:16:38.475: DHCPD: client's VPN is .

*Mar  3 19:16:38.475: DHCPD: Finding a relay for client 0100.c0b7.5aa2.64 on interface Vlan1.

*Mar  3 19:16:38.475: DHCPD: Looking up binding using address 192.168.186.20

*Mar  3 19:16:38.475: DHCPD: setting giaddr to 192.168.186.20.

*Mar  3 19:16:38.483: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.64 forwarded to 192.168.186.17.

*Mar  3 19:16:38.500: DHCPD: Reload workspace interface Vlan1 tableid 0.

*Mar  3 19:16:38.500: DHCPD: tableid for 192.168.186.20 on Vlan1 is 0

*Mar  3 19:16:38.500: DHCPD: client's VPN is .

*Mar  3 19:16:38.500: DHCPD: Finding a relay for client 0100.c0b7.5aa2.65 on interface Vlan1.

*Mar  3 19:16:38.500: DHCPD: Looking up binding using address 192.168.186.20

*Mar  3 19:16:38.500: DHCPD: setting giaddr to 192.168.186.20.

*Mar  3 19:16:38.500: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.65 forwarded to 192.168.186.17.

*Mar  3 19:16:45.203: DHCPD: option 61 is a duplicate.

*Mar  3 19:16:45.203: DHCPD: Reload workspace interface Vlan2 tableid 0.

*Mar  3 19:16:45.203: DHCPD: tableid for 192.168.187.1 on Vlan2 is 0

*Mar  3 19:16:45.203: DHCPD: client's VPN is .

*Mar  3 19:16:45.203: DHCPD: using received relay info.

*Mar  3 19:16:45.203: DHCPD: Looking up binding using address 192.168.187.1

*Mar  3 19:16:45.203: DHCPD: setting giaddr to 192.168.187.1.

*Mar  3 19:16:45.203: DHCPD: BOOTREQUEST from 0000.c0b7.5aa2.6b00.0000 forwarded to 192.168.186.17.

*Mar  3 19:20:12.284: DHCPD: Reload workspace interface Vlan1 tableid 0.

*Mar  3 19:20:12.284: DHCPD: tableid for 192.168.186.20 on Vlan1 is 0

*Mar  3 19:20:12.284: DHCPD: client's VPN is .

*Mar  3 19:20:12.284: DHCPD: Finding a relay for client 0100.c0b7.5aa2.64 on interface Vlan1.

*Mar  3 19:20:12.284: DHCPD: Looking up binding using address 192.168.186.20

*Mar  3 19:20:12.284: DHCPD: setting giaddr to 192.168.186.20.

*Mar  3 19:20:12.284: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.64 forwarded to 192.168.186.17.

*Mar  3 19:20:19.951: %IP-4-DUPADDR: Duplicate address 192.168.188.1 on Vlan3, sourced by 00a0.c87e.3c21

*Mar  3 19:20:25.160: DHCPD: Reload workspace interface Vlan1 tableid 0.

*Mar  3 19:20:25.160: DHCPD: tableid for 192.168.186.20 on Vlan1 is 0

*Mar  3 19:20:25.160: DHCPD: client's VPN is .

*Mar  3 19:20:25.160: DHCPD: Finding a relay for client 0100.c0b7.5aa2.65 on interface Vlan1.

*Mar  3 19:20:25.160: DHCPD: Looking up binding using address 192.168.186.20

*Mar  3 19:20:25.160: DHCPD: setting giaddr to 192.168.186.20.

*Mar  3 19:20:25.160: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.65 forwarded to 192.168.186.17.

*Mar  3 19:20:37.525: DHCPD: Finding a relay for client 0100.c0b7.5aa2.6b on interface Vlan2.

*Mar  3 19:20:37.525: DHCPD: Looking up binding using address 192.168.187.1

*Mar  3 19:20:37.525: DHCPD: setting giaddr to 192.168.187.1.

*Mar  3 19:20:37.533: DHCPD: BOOTREQUEST from 0100.c0b7.5aa2.6b forwarded to 192.168.186.17.

So it seems like 3750 is forwarding request to dhcp server for vlan 2, so what might be the problem then?

Okay Guys.

Thank yuo everyone for help.

As soon as i changed default getaway ip on the Win2008 server to the core switch ip 192.168.186.20.and not the ISP router, DHCP service strated giving out ips to other vlans as well.

The problem seemd in this:

As all the vlan routig is done on the core switch, i guess default getaway ip on the DHCP server needs to be a next hop which is 3750 core switch: Go figure.

OpusCoreSwitch#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.186.1 to network 0.0.0.0

C    192.168.189.0/24 is directly connected, Vlan4
C    192.168.188.0/24 is directly connected, Vlan3
C    192.168.187.0/24 is directly connected, Vlan2
C*   192.168.186.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.186.1

Thank you all for helping, specifically Paul for pointing to look into right direction.

One question though left.

How can i make all this work but with the 192.168.186.1 ip as default getaway (which is ip of the router) ?

Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: