Cisco 3845 DHCP Problem

rocarter · ‎11-03-2005

I have a demo 3845 that I'm using to evaluate Cisco and Nortel branch to Branch VPN. Every time I put this router on my network, it screws up DHCP for one, and only one, of my remote locations. I can't figure out why it's doing that since the router isn't config'd for DHCP. Any ideas. I'm attaching a copy of the config. I've removed passwords and public addresses.

lgijssel · ‎11-03-2005

Don't know whether the troubled location's dhcp traffic traverses this router nor do I know the topology of the network. Therefore I have only one sugestion:

When the dhcp traffic does pass this router, you might try to assign an ip helper address to the incoming interface. The ip address should point to your dhcp server. URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d169.html#wp1084408

Regards,

Leo

rocarter · ‎11-03-2005

As you can see from the config, this router isn't even running a routing process. The traffic from the remote location shouldn't touch this router at all since the frame relay connection to the remote location terminates on a different router. If you look at the interfaces, I'm only using the ethernet interfaces. One for access to the public network the other my private network. I don't know why this router is hijacking the DHCP packets. I'll add the helper address, but I should have to do that.

Richard Burts · ‎11-04-2005

Ron

I have looked at the config that you posted and do not see any particular issue in it that would impact DHCP from another router. But the way that you have obscured addressing information and lack of knowledge of the network topology make it difficult to know for sure.

Could you post information from the router at the location that is impacted that include its configuration for handling DHCP? Could you also post the output of traceroute from that router which specifies the address of the DHCP server as destination and specifies the address of the router interface where the clients are connected as the source of the traceroute?

Perhaps that will give us better information to be able to find an answer for your issue.

HTH

Rick

HTH

Rick

rocarter · ‎11-04-2005

Rburts,

the public addresses that I obscured in the original post are the terminatation points for branch to branch VPN connections through the Internet. I can assure that they have nothing to do with this problem. If fact, this is only a demo router that does not fully participate in my corporate routing scheme. The attachment contains the trace route and configuration form the router whose site is affected.

Richard Burts · ‎11-04-2005

Ron

Thanks for posting the additional information. I have looked at it and do not yet see an explanation. I do have a couple of observations and another request.

One of the things that I wonder about at this point is the possibility that the new evaluation router may overlap with part of the address range of the Glens Falls router or in some way interfere with forwarding packets from the DHCP server to it. Can you tell me what kind of changes you made in your network to accomodate the deployment of the evaluation router?

I asked for an extended traceroute and you did a standard traceroute. It may not matter, but I would ask that now you do an extended ping. In the extended ping specify destination address of 10.170.4.71, and use the extended commands of extended ping and specify the source address as 10.100.1.7. That should provide a good test of my theory.

A few things I notice in the config, the LAN interface has a single subnet defined with a /24 mask. There are static routes that suggest that there are 5 additional /24 subnets of network 10 behind this interface. And there appear to be 5 /30 subnets within network 66. Can you tell me anything about the topology, are there additional routers behind this one? Or what is the function of these additional addresses? Also - are the clients who are not getting addresses from DHCP in the 10.100.1 subnet or are they perhaps in the other address space? Is this combination of addresses common in other offices or is it perhaps unique to this office?

I note that this router is not running any dynamic routing protocol and all routing is by static route. I note that there is no default route configured. I also note that the static route to 10.0.0.0 is configured as a floating static route (with administrative distance of 150) but do not see anything else that would produce the 10.0.0.0 route and so am puzzled about why it is a floating static. Can you clarify?

I recognize that some of these questions may not seem to relate clearly to the question of DHCP but I am trying to understand as much as I can about the environment in hope that we can find something that points to the explanation of the DHCP issue.

HTH

Rick

HTH

Rick

rocarter · ‎11-09-2005

One of the things that I wonder about at this point is the possibility that the new evaluation router may overlap with part of the address range of the Glens Falls router or in some way interfere with forwarding packets from the DHCP server to it. Can you tell me what kind of changes you made in your network to accomodate the deployment of the evaluation router?

The addresses do not overlap and I made no changes to accomodate the evaluation router.

I asked for an extended traceroute and you did a standard traceroute. It may not matter, but I would ask that now you do an extended ping. In the extended ping specify destination address of 10.170.4.71, and use the extended commands of extended ping and specify the source address as 10.100.1.7. That should provide a good test of my theory.

NAMNRGLFL001#ping

Protocol [ip]:

Target IP address: 10.170.4.71

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.100.1.7

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.170.4.71, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/34/40 ms

A few things I notice in the config, the LAN interface has a single subnet defined with a /24 mask. There are static routes that suggest that there are 5 additional /24 subnets of network 10 behind this interface.

These are for 5 site down stream of router 10.100.1.7.

And there appear to be 5 /30 subnets within network 66.

These are the serial link on an IP VPN network to the down stream site. This network is managed by the service provider.

Can you tell me anything about the topology, are there additional routers behind this one? Or what is the function of these additional addresses? Also - are the clients who are not getting addresses from DHCP in the 10.100.1 subnet or are they perhaps in the other address space?

All the subnets are getting DHCP from 10.170.4.71, including the downstream sites.

Is this combination of addresses common in other offices or is it perhaps unique to this office?

Unique only to these locations as they are the only locations managed by the carrier and has IP VPN connections.

I note that this router is not running any dynamic routing protocol and all routing is by static route. I note that there is no default route configured. I also note that the static route to 10.0.0.0 is configured as a floating static route (with administrative distance of 150) but do not see anything else that would produce the 10.0.0.0 route and so am puzzled about why it is a floating static. Can you clarify?

No sure what you mean here?

debugcisco · ‎11-26-2005

May be you can try the following to isolate the problem -

1. Remove all IP config from the 3845 new router.See if the DHCP works.

2.Add each config one by one i.e. add the ip address to the Gi0/1 then next add static routes one by one.After each addition of the config check to see if the DHCP works.

You should be able to isolate the problem using this method.Do inform if it helps.