3500 switch client could not get IP from DHCP Server

Unanswered Question
May 30th, 2005

HI experts,

I am new to Cisco switch and I am copnfiguring the Cisco Catalyst 3500 series XL switch.

The problem is I have a Windows 2000 DHCP server on the lan connected to the switch, however, all client workstation that connected to that swtich could not get IP address from the DHCP server, but if the client workstation use static IP address, it can ping the DHCP server.

I read the switch config and there is on item states taht no ip directed-broadcast.

I suspected it causes the problem, does anyone know how to enable the broadcast? or there is other reason?

Thank you very much

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
gpauwen Mon, 05/30/2005 - 21:33

Hello,

the ´no ip directed-broadcast´ interface command will prevent the broadcast address from responding to an echo request, and it is the default since IOS version 12.0. Its main purpose is to prevent ICMP broadcast attacks, called SMURF attacks.

In your case, chances are that you need to configure the interface command:

spanning-tree portfast

on your ports. Without that command, the ports where your clients are connected to run through all Spanning Tree phases and take about 50 seconds before they become operational, causing the client DHCP requests to time out.

Can you try and configure that command on all your user ports and see if that makes a difference ?

Regards,

GP

kevin.dorrell Mon, 05/30/2005 - 23:51

In that case, could you please post your configuration? Maybe we will see something when we know all the facts.

Thanks in advance.

Kevin Dorrell

Luxembourg

Richard Burts Tue, 05/31/2005 - 05:42

I agree with Georg that it is very unlikely to be an issue about directed broadcast.

And I agree with Kevin that it will be very helpful to see the configuration. In particular I wonder if the server and the clients are perhaps configured in different VLANs. If that is the case the DHCP request which goes out as a broadcast would not get to the server. But if the client is configured with a static IP address then it probably also has a default gateway and could ping the server via inter VLAN routing. If the clients are in a different VLAN from the server then the ip hellper-address configured on the layer 3 interface for their VLAN could forward their DHCP requests to the server.

So please do post the configuration.

HTH

Rick

goranwong Tue, 05/31/2005 - 22:36

here is the configuration:

Current configuration:

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CISC

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxx

!

!

!

!

!

!

ip subnet-zero

ip dhcp-server 172.17.1.1

!

!

!

interface FastEthernet0/1

port network

spanning-tree portfast

!

interface FastEthernet0/2

spanning-tree portfast

!

interface FastEthernet0/3

spanning-tree portfast

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

.

.

.

interface FastEthernet0/48

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface VLAN1

ip address 172.17.1.3 255.255.255.0

no ip directed-broadcast

no ip route-cache

!

ip default-gateway 172.17.1.1

access-list 101 permit udp any host 172.17.1.255

snmp-server engineID local xxxxxxxxxxxxxxxxxxxxx

snmp-server community private xxxxxxx

snmp-server community public xxxxxxxxxxx

!

line con 0

transport input none

stopbits 1

line vty 0 4

login

line vty 5 15

login

!

end

Hope you can find out where the problem is!

Thank you very much for your help

kevin.dorrell Tue, 05/31/2005 - 23:03

I have some questions about your topology.

1. Is everything, including the DHCP server and the workstations, on the default VLAN, i.e. VLAN 1?

2. I see you have defined a default-gateway 172.17.1.1 and a DHCP server on the same address. These commands are not useful in this context, but they don't do any harm either. But is the information in them correct, i.e. is the DHCP server really on VLAN 1 and on 172.16.1.1?

3. The workstation you are testing, is it on one of the ports F0/1, F0/2, or F0/3 ?

4. Can you ping the DHCP server 172.16.1.1 from the command line of the switch?

5. Is the DHCP server configured to serve addresses to the subnet 172.16.1.0/24?

If the answer to all these is "yes", then I would investigate whether the DHCP server is broken. Does it serve addresses correctly on any other part of your network?

On the other hand, if the DHCP server is not on this VLAN, then the problem lies in the router at 172.16.1.1, so we would need to see the config of that.

Kevin Dorrell

Luxembourg

goranwong Wed, 06/01/2005 - 16:49

answer to your question:

1) it's all on the VLAN1

2) yes, the DHCP Server and is on VLAN1 and IP address is 172.17.1.1

3) FA0/1 is DHCP Server, FA0/2 and FA0/3 are clients.

4) I can ping the DHCP server from the command line of the switch

5) yes

gpauwen Tue, 05/31/2005 - 23:12

Hello,

you have specified the IP address of a DHCP server (which also happens to be the default gateway for your VLAN 1), try to take out the command:

ip dhcp-server 172.17.1.1

This will cause the broadcasts from your clients to find the DHCP server...

HTH,

GP

Richard Burts Wed, 06/01/2005 - 05:16

I agree with Kevin that some more information about the DHCP server would be helpful.

I wonder about the configuration of port network on FastEthernet 0/1. What is connected on that port? If you remove the port network command from the interface does the behavior change?

HTH

Rick

goranwong Wed, 06/01/2005 - 16:51

Before I didn't put the port network command to the interface it didn't work too. Even now I removed the command, it didn't work as well.

Richard Burts Wed, 06/01/2005 - 17:52

I am not sure why DHCP is not working and I have two requests and a suggestion.

- would you post the output of show interface for FastEthernet 0/1, 0/2, and 0/3?

- I see that an access list is defined but I do not see where it is applied or what it is used for. Can you explain that?

- would you reboot the 3500 and see if the behavior changes?

HTH

Rick

paddyxdoyle Thu, 06/02/2005 - 02:15

Hi,

I would get a cross over cable and connect a PC with the crossover cable directly to the LAN port of your DHCP server and try and get an IP address.

(ipconfig /renew)

If you can't get an address then you need to check the DHCP server.

From your configuration I can't see any reason why two devices in the same VLAN as the DHCP server can't get an IP address

If this doesn't work and no one else is using this switch erase the start-up config (erase startup-config>, reload the switch (don't save the config if prompted) and start again with a fresh configuration.

HTH

Paddy

gunterlis Thu, 06/02/2005 - 12:26

You could try and specify the DHCP server:

conf t

int vlan 1

ip helper-address 172.17.1.1

kevin.dorrell Thu, 06/02/2005 - 04:21

I am running out of ideas on this one. I think the only thing left to do is to take a crossed-cable and connect the PC directly to the DHCP server. Does it get an IP address now? That will at least tell you whether the problem is something to do with the switch.

Kevin Dorrell

Luxembourg

goranwong Sun, 06/12/2005 - 18:58

is there a command that can enbale the ip broadcast?

I think it will work out

suresh.krishnamurthy Wed, 06/22/2005 - 02:08

hi,

Pl check whether your DHCP service is really running?

Pinging the device doesn't guarantee that service is also running

Krishnamuthy Suresh

goranwong Thu, 06/23/2005 - 23:47

It is running well if I use the hub instead of the Cisco switch

genghiskhan Fri, 07/08/2005 - 09:19

I have experienced similar behavior with the Cat 3548XL switches in the past. The problem (that we had) was with the NIC drivers on the PCs/servers. It may help to upgrade the NIC drivers to the latest version provided by the NIC manufacturer not the microsoft drivers. As long as you are not going thru a router or layer 3 switch, then dhcp traffic should pass. You might check the port statistics for each port with static assigned addresses on the PCs. Also, make sure the switch ports and PCs/Servers are set to either autoneg or static assigned speed/duplex.

Hope this will help.

Roger

Actions

Login or Register to take actions

This Discussion

Posted May 30, 2005 at 8:23 PM
Stats:
Replies:20 Avg. Rating:
Views:343 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard