05-30-2005 08:23 PM - edited 03-05-2019 11:33 AM
HI experts,
I am new to Cisco switch and I am copnfiguring the Cisco Catalyst 3500 series XL switch.
The problem is I have a Windows 2000 DHCP server on the lan connected to the switch, however, all client workstation that connected to that swtich could not get IP address from the DHCP server, but if the client workstation use static IP address, it can ping the DHCP server.
I read the switch config and there is on item states taht no ip directed-broadcast.
I suspected it causes the problem, does anyone know how to enable the broadcast? or there is other reason?
Thank you very much
05-30-2005 09:33 PM
Hello,
the ´no ip directed-broadcast´ interface command will prevent the broadcast address from responding to an echo request, and it is the default since IOS version 12.0. Its main purpose is to prevent ICMP broadcast attacks, called SMURF attacks.
In your case, chances are that you need to configure the interface command:
spanning-tree portfast
on your ports. Without that command, the ports where your clients are connected to run through all Spanning Tree phases and take about 50 seconds before they become operational, causing the client DHCP requests to time out.
Can you try and configure that command on all your user ports and see if that makes a difference ?
Regards,
GP
05-30-2005 11:47 PM
Thank your for your comment but it doesn't work out.
05-30-2005 11:51 PM
In that case, could you please post your configuration? Maybe we will see something when we know all the facts.
Thanks in advance.
Kevin Dorrell
Luxembourg
05-31-2005 05:42 AM
I agree with Georg that it is very unlikely to be an issue about directed broadcast.
And I agree with Kevin that it will be very helpful to see the configuration. In particular I wonder if the server and the clients are perhaps configured in different VLANs. If that is the case the DHCP request which goes out as a broadcast would not get to the server. But if the client is configured with a static IP address then it probably also has a default gateway and could ping the server via inter VLAN routing. If the clients are in a different VLAN from the server then the ip hellper-address configured on the layer 3 interface for their VLAN could forward their DHCP requests to the server.
So please do post the configuration.
HTH
Rick
05-31-2005 10:36 PM
here is the configuration:
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CISC
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
ip subnet-zero
ip dhcp-server 172.17.1.1
!
!
!
interface FastEthernet0/1
port network
spanning-tree portfast
!
interface FastEthernet0/2
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
.
.
.
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface VLAN1
ip address 172.17.1.3 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 172.17.1.1
access-list 101 permit udp any host 172.17.1.255
snmp-server engineID local xxxxxxxxxxxxxxxxxxxxx
snmp-server community private xxxxxxx
snmp-server community public xxxxxxxxxxx
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end
Hope you can find out where the problem is!
Thank you very much for your help
05-31-2005 11:03 PM
I have some questions about your topology.
1. Is everything, including the DHCP server and the workstations, on the default VLAN, i.e. VLAN 1?
2. I see you have defined a default-gateway 172.17.1.1 and a DHCP server on the same address. These commands are not useful in this context, but they don't do any harm either. But is the information in them correct, i.e. is the DHCP server really on VLAN 1 and on 172.16.1.1?
3. The workstation you are testing, is it on one of the ports F0/1, F0/2, or F0/3 ?
4. Can you ping the DHCP server 172.16.1.1 from the command line of the switch?
5. Is the DHCP server configured to serve addresses to the subnet 172.16.1.0/24?
If the answer to all these is "yes", then I would investigate whether the DHCP server is broken. Does it serve addresses correctly on any other part of your network?
On the other hand, if the DHCP server is not on this VLAN, then the problem lies in the router at 172.16.1.1, so we would need to see the config of that.
Kevin Dorrell
Luxembourg
06-01-2005 04:49 PM
answer to your question:
1) it's all on the VLAN1
2) yes, the DHCP Server and is on VLAN1 and IP address is 172.17.1.1
3) FA0/1 is DHCP Server, FA0/2 and FA0/3 are clients.
4) I can ping the DHCP server from the command line of the switch
5) yes
05-31-2005 11:12 PM
Hello,
you have specified the IP address of a DHCP server (which also happens to be the default gateway for your VLAN 1), try to take out the command:
ip dhcp-server 172.17.1.1
This will cause the broadcasts from your clients to find the DHCP server...
HTH,
GP
06-01-2005 05:16 AM
I agree with Kevin that some more information about the DHCP server would be helpful.
I wonder about the configuration of port network on FastEthernet 0/1. What is connected on that port? If you remove the port network command from the interface does the behavior change?
HTH
Rick
06-01-2005 04:51 PM
Before I didn't put the port network command to the interface it didn't work too. Even now I removed the command, it didn't work as well.
06-01-2005 04:46 PM
I tried, didn't work
06-01-2005 05:52 PM
I am not sure why DHCP is not working and I have two requests and a suggestion.
- would you post the output of show interface for FastEthernet 0/1, 0/2, and 0/3?
- I see that an access list is defined but I do not see where it is applied or what it is used for. Can you explain that?
- would you reboot the 3500 and see if the behavior changes?
HTH
Rick
06-02-2005 02:15 AM
Hi,
I would get a cross over cable and connect a PC with the crossover cable directly to the LAN port of your DHCP server and try and get an IP address.
(ipconfig /renew)
If you can't get an address then you need to check the DHCP server.
From your configuration I can't see any reason why two devices in the same VLAN as the DHCP server can't get an IP address
If this doesn't work and no one else is using this switch erase the start-up config (erase startup-config>, reload the switch (don't save the config if prompted) and start again with a fresh configuration.
HTH
Paddy
06-02-2005 12:26 PM
You could try and specify the DHCP server:
conf t
int vlan 1
ip helper-address 172.17.1.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide