×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

DHCP request through accesspoint and router

Unanswered Question
Jan 30th, 2006
User Badges:

This is how our setup is like:


Laptops => Cisco 1100 AP(static IP) => Wired LAN (Subnet 1) => Cisco Router => Wired LAN (Subnet 2) => DHCP server


What i would like is that the DHCP-request from our laptops is forwarded/relayed through the AP and Router to the DHCP-server and back.


We dont want to use the AP's internal DHCP server but centralise this.


At the moment i'v configured the AP through CLI and added the following command: ip dhcp-server xx.xx.xx.xx

Where xx is the IP of the DHCP server

On the Router i'v added the command ip helper-address xx.xx.xx.xx

Where xx is the IP of the DHCP server


Don't know if this is the correct way, but i do know it isn't working.


Some help is realy appreciated.


Grx,

Joris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kka Mon, 01/30/2006 - 13:42
User Badges:

With your setup you don't need any DHCP configuration on the AP.

The AP works as bridge between the radio IF and the Ethernet IF,

this includes DHCP.


Just as you wrote configure "ip helper-address ..." on the router's

IF connected to Subnet 1. Make sure DHCP is enabled on the router,

("service dhcp" is default, invisible in the config).

joris_struijk Tue, 01/31/2006 - 00:41
User Badges:

So yust remove the "ip dhcp-server" command in the AP and setup the LAN side with a static IP (like i have done already). This should do the trick?


And on the 3600 router i have to use the "ip helper-address" command to forward the request.


But, then what is the AP's "ip dhcp-server" command good for? When should i use it?

kka Tue, 01/31/2006 - 06:42
User Badges:

If you are using DHCP to assign an IP address to your AP, i.e.


interface BVI 1

ip address dhcp


you can limit the DHCP servers from which the AP accepts

DHCP leases with "ip dhcp-server x.x.x.x".

joris_struijk Tue, 01/31/2006 - 06:31
User Badges:

Ok, i'v fixed that problem by configuring a right scope.


Next major problem that's bothering me the whole day.


The DHCP server has to be placed behind a Windows 2003 server with router functionality. This server will be promoted to an ISA server later in the project. First we have to setup the connection properly.


I'v setup the 3600 router with the approperiate "ip helper-address xx.xx.xx.xx" command. This works.


The DHCP server that's going to serve the IP-addresses is placed behind a Windows 2003 server with DHCP-relay installed.

Interface 1 of the Windows 2003 Router is connected to the Cisco router, interface 2 is connected to the subnet where the DHCP server resides. This Windows 2003 router has to forward the already forwarded DHCP request to the correct DHCP server.


That's the problem, i don't know how to let Windows 2003 correctly forward the Cisco router's DHCP request.


HELP ;)

kka Tue, 01/31/2006 - 07:33
User Badges:

I'm not familiar with Windows DHCP server, but I guess

it supports standard DHCP including evaluating the

giaddr field from the DHCP relay.


You only need one DHCP relay (your Cisco router).

Between the router and your DHCP server the DHCP traffic

is unicast, so you have to make sure that the routing

between the DHCP server and the router's IP (giaddr)

in your Subnet 1 works.

joris_struijk Tue, 01/31/2006 - 07:48
User Badges:

Are you able to present me with some tips to check that connectivity is correct? We tryied to ping the DHCP server from the router and that seemed to work.


Maby were missing something.

kka Tue, 01/31/2006 - 10:55
User Badges:

You need at least the following connectivity for DHCP relay to work.

Between the DHCP relay agent and the DHCP server:

- UDP Port 67 <-> UDP Port 67

Between the DHCP server and the DHCP client:

- UDP Port 67 <-> UDP Port 68 (renewing/releasing a lease)

- ICMP echo (Most DHCP servers check if an IP is still free)


On the Cisco router you can use some debugging commands

to check that relaying works.

(This might produce a lot of output, careful on a production system.)


#term mon

#debug ip dhcp server packet

#debug ip dhcp server events


For Subnet 1 with the router's IP 10.0.0.1 and two configured

DHCP servers (192.168.0.1, 192.168.9.1) as "ip helper" a successfull

exchange looks like this:


DHCPD: DHCPREQUEST received from client 0100.aabb.bbcc.cc.

DHCPD: setting giaddr to 10.0.0.1.

DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 192.168.0.1.

DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 192.168.9.1.

DHCPD: forwarding BOOTREPLY to client 00aa.bbbb.cccc.

DHCPD: Forwarding reply on numbered intf

DHCPD: creating ARP entry (10.0.0.49, 00aa.bbbb.cccc).

DHCPD: unicasting BOOTREPLY to client 00aa.bbbb.cccc (10.0.0.49).


#undebug all


I would also try to ping the router's IP in Subnet 1 and a client

with a fixed IP in Subnet 1 from the server. (The DHCP server uses

this to check if a lease is actually free before handing it out)


Otherwise it's time for packet sniffing on the DHCP server

and the client. (snoop, tcpdump, ethereal)

joris_struijk Wed, 02/01/2006 - 03:07
User Badges:

Were debugging right now.

We checked the routes (OK) pinging in both ways, server to client(with static IP at the moment) and back (OK)


Still our client gets no IP when set to auto


Our result is as following:


DHCPD: setting giaddr to 10.6.32.1

DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 10.6.0.2


And this ofcourse with the right MAC (to much typing)

Nothing comes back to the router, but we know the routes are confirured correctly.


Now what? Were stuck here.



joris_struijk Tue, 01/31/2006 - 09:37
User Badges:

Additional question1:


What exactly do you mean with "giaddr"? An how can i check that this is setup and routed correctly?


Additional question2:

Is it possible for routers (non Cisco, Windows) to reroute the request to other subnets (this is what we need)?


kka Tue, 01/31/2006 - 10:58
User Badges:

giaddr is a field in the DHCP packet. It contains the IP address

of the DHCP relay agent. In your example it's the router's IP

in Subnet 1. The DHCP server uses this to find the right

DHCP-pool and as destination address for its answers.



Not sure what exactly you mean by "reroute the request to other subnets".

But if you mean is it possible to use one DHCP server for several

subnets, the answer is yes. DHCP-pool and reply address can be

evaluated from the "giaddr" field in the DHCP packet. The rest

is simple IP routing between the DHCP server and the DHCP relay agent.


Basically you need routing for every subnet between the DHCP server and the relay.

joris_struijk Tue, 01/31/2006 - 11:16
User Badges:

Thx for the great responce so far.


I am at home right now, so testing is the first thing i'll be doing in the morning.


More to come tomorrow.


Grx,

Joris

joris_struijk Wed, 02/01/2006 - 04:01
User Badges:

Were debugging right now.

We checked the routes (OK) pinging in both ways, server to client(with static IP at the moment) and back (OK)


Still our client gets no IP when set to auto


Our result is as following:


DHCPD: setting giaddr to 10.6.32.1

DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 10.6.0.2


And this ofcourse with the right MAC (to much typing)

Nothing comes back to the router, but we know the routes are confirured correctly.


Now what? Were stuck here.

joris_struijk Wed, 02/01/2006 - 04:23
User Badges:

Were monitoring the DHCP server right now and it recieves DHCPdiscover packets from the Cisco relaying router and nothing else. No offer, nothing. What could be the problem of this?

kka Wed, 02/01/2006 - 06:02
User Badges:


DHCPOFFER ist the reply from the DHCP server to the client.


The DHCP transfer works like this:

Client --DHCPDISCOVER--> DHCP relay agent --DHCPDISCOVER--> DHCP server

Client <---DHCPOFFER---- DHCP relay agent <---DHCPOFFER---- DHCP server

Client ---DHCPREQUEST--> DHCP relay agent ---DHCPREQUEST--> DHCP server

Client <----DHCPACK----- DHCP relay agent <----DHCPACK----- DHCP server


Looks like your DHCP server isn't answering the forwarded

DHCPDISCOVER from the client.


Does your DHCP server on 10.6.0.2 have a pool for the 10.6.32.0 net?

joris_struijk Wed, 02/01/2006 - 06:53
User Badges:

We narrowed it down to the Windows 2003 acting as router.

We temp. replaced this windows router with another cisco router and then it works.

Wen we then place back the windows router it stops working.


The windows router doesn't correctly routes the Cisco's DHCPdiscover,DHCPrequests etc...


Now what??

We must be doing something wrong on the windows router but what?

joris_struijk Wed, 02/01/2006 - 08:06
User Badges:

what is the meaning of "no ip directed-broadcast"?

we disabled this but to no result

joris_struijk Wed, 02/01/2006 - 23:29
User Badges:

I'v run Ethereal on the Windows router and it shows the following:


Broadcast from Cisco Router, Protocol ARP, Info: Who has 10.6.0.2? Tell 10.6.128.1.

Reply on interface loop from the Cisco Router.


On the other interface he gets an ARP reply from the DHCP server responding that the DHCP server is located at the 10.6.0.1 interface of the Windows router


10.6.0.2 is the IP of the DHCP server.

10.6.128.1 is the interface of the Cisco router connected to the Windows router.


Now what? The Windows ROuter isn't forwarding anything back to the Cisco router.

kka Thu, 02/02/2006 - 04:19
User Badges:

Why does the Cisco use ARP for an IP address (10.6.0.2) of

a subnet it's supposedly not part of? This I would expect if

the Cisco is configured with a netmask containing both IPs

10.6.128.1 and 10.6.0.2, i.e. 10.6.128.0/16


Without prefixes/netmasks it's a bit difficult to understand

your network.


Yesterday you wrote, that ping from the client to the server

(DHCP server?) works in both directions - is this for the

same setup?

joris_struijk Thu, 02/02/2006 - 01:41
User Badges:

I am seeing ARP requests for the 10.6.0.2 IP from the Cisco Router and nothing else. Why?

fausto-oliveira Thu, 02/02/2006 - 08:38
User Badges:

Are you sure that the windows router is forwarding between interfaces ?


Do "netsh routing ip relay" followed by a show global and paste the output here.


Also do "netsh routing ip dump" and paste that output.

joris_struijk Fri, 02/03/2006 - 12:39
User Badges:

It's working right now.


Thx for all the help, i'v learned a lot from all of you.


The windows router had a problem with one of the interface, replacing it resolved the problem.


Silly problem, difficult to trace.


Grx and all the best,

Joris

Actions

This Discussion

 

 

Trending Topics - Security & Network