cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4790
Views
0
Helpful
20
Replies

3500 switch client could not get IP from DHCP Server

goranwong
Level 1
Level 1

HI experts,

I am new to Cisco switch and I am copnfiguring the Cisco Catalyst 3500 series XL switch.

The problem is I have a Windows 2000 DHCP server on the lan connected to the switch, however, all client workstation that connected to that swtich could not get IP address from the DHCP server, but if the client workstation use static IP address, it can ping the DHCP server.

I read the switch config and there is on item states taht no ip directed-broadcast.

I suspected it causes the problem, does anyone know how to enable the broadcast? or there is other reason?

Thank you very much

20 Replies 20

Hello,

the ´no ip directed-broadcast´ interface command will prevent the broadcast address from responding to an echo request, and it is the default since IOS version 12.0. Its main purpose is to prevent ICMP broadcast attacks, called SMURF attacks.

In your case, chances are that you need to configure the interface command:

spanning-tree portfast

on your ports. Without that command, the ports where your clients are connected to run through all Spanning Tree phases and take about 50 seconds before they become operational, causing the client DHCP requests to time out.

Can you try and configure that command on all your user ports and see if that makes a difference ?

Regards,

GP

Thank your for your comment but it doesn't work out.

In that case, could you please post your configuration? Maybe we will see something when we know all the facts.

Thanks in advance.

Kevin Dorrell

Luxembourg

I agree with Georg that it is very unlikely to be an issue about directed broadcast.

And I agree with Kevin that it will be very helpful to see the configuration. In particular I wonder if the server and the clients are perhaps configured in different VLANs. If that is the case the DHCP request which goes out as a broadcast would not get to the server. But if the client is configured with a static IP address then it probably also has a default gateway and could ping the server via inter VLAN routing. If the clients are in a different VLAN from the server then the ip hellper-address configured on the layer 3 interface for their VLAN could forward their DHCP requests to the server.

So please do post the configuration.

HTH

Rick

HTH

Rick

here is the configuration:

Current configuration:

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CISC

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxx

!

!

!

!

!

!

ip subnet-zero

ip dhcp-server 172.17.1.1

!

!

!

interface FastEthernet0/1

port network

spanning-tree portfast

!

interface FastEthernet0/2

spanning-tree portfast

!

interface FastEthernet0/3

spanning-tree portfast

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

.

.

.

interface FastEthernet0/48

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface VLAN1

ip address 172.17.1.3 255.255.255.0

no ip directed-broadcast

no ip route-cache

!

ip default-gateway 172.17.1.1

access-list 101 permit udp any host 172.17.1.255

snmp-server engineID local xxxxxxxxxxxxxxxxxxxxx

snmp-server community private xxxxxxx

snmp-server community public xxxxxxxxxxx

!

line con 0

transport input none

stopbits 1

line vty 0 4

login

line vty 5 15

login

!

end

Hope you can find out where the problem is!

Thank you very much for your help

I have some questions about your topology.

1. Is everything, including the DHCP server and the workstations, on the default VLAN, i.e. VLAN 1?

2. I see you have defined a default-gateway 172.17.1.1 and a DHCP server on the same address. These commands are not useful in this context, but they don't do any harm either. But is the information in them correct, i.e. is the DHCP server really on VLAN 1 and on 172.16.1.1?

3. The workstation you are testing, is it on one of the ports F0/1, F0/2, or F0/3 ?

4. Can you ping the DHCP server 172.16.1.1 from the command line of the switch?

5. Is the DHCP server configured to serve addresses to the subnet 172.16.1.0/24?

If the answer to all these is "yes", then I would investigate whether the DHCP server is broken. Does it serve addresses correctly on any other part of your network?

On the other hand, if the DHCP server is not on this VLAN, then the problem lies in the router at 172.16.1.1, so we would need to see the config of that.

Kevin Dorrell

Luxembourg

answer to your question:

1) it's all on the VLAN1

2) yes, the DHCP Server and is on VLAN1 and IP address is 172.17.1.1

3) FA0/1 is DHCP Server, FA0/2 and FA0/3 are clients.

4) I can ping the DHCP server from the command line of the switch

5) yes

Hello,

you have specified the IP address of a DHCP server (which also happens to be the default gateway for your VLAN 1), try to take out the command:

ip dhcp-server 172.17.1.1

This will cause the broadcasts from your clients to find the DHCP server...

HTH,

GP

I agree with Kevin that some more information about the DHCP server would be helpful.

I wonder about the configuration of port network on FastEthernet 0/1. What is connected on that port? If you remove the port network command from the interface does the behavior change?

HTH

Rick

HTH

Rick

Before I didn't put the port network command to the interface it didn't work too. Even now I removed the command, it didn't work as well.

I tried, didn't work

I am not sure why DHCP is not working and I have two requests and a suggestion.

- would you post the output of show interface for FastEthernet 0/1, 0/2, and 0/3?

- I see that an access list is defined but I do not see where it is applied or what it is used for. Can you explain that?

- would you reboot the 3500 and see if the behavior changes?

HTH

Rick

HTH

Rick

Hi,

I would get a cross over cable and connect a PC with the crossover cable directly to the LAN port of your DHCP server and try and get an IP address.

(ipconfig /renew)

If you can't get an address then you need to check the DHCP server.

From your configuration I can't see any reason why two devices in the same VLAN as the DHCP server can't get an IP address

If this doesn't work and no one else is using this switch erase the start-up config (erase startup-config>, reload the switch (don't save the config if prompted) and start again with a fresh configuration.

HTH

Paddy

You could try and specify the DHCP server:

conf t

int vlan 1

ip helper-address 172.17.1.1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco