I am new to Cisco switch and I am copnfiguring the Cisco Catalyst 3500 series XL switch.
The problem is I have a Windows 2000 DHCP server on the lan connected to the switch, however, all client workstation that connected to that swtich could not get IP address from the DHCP server, but if the client workstation use static IP address, it can ping the DHCP server.
I read the switch config and there is on item states taht no ip directed-broadcast.
I suspected it causes the problem, does anyone know how to enable the broadcast? or there is other reason?
Thank you very much
the ´no ip directed-broadcast´ interface command will prevent the broadcast address from responding to an echo request, and it is the default since IOS version 12.0. Its main purpose is to prevent ICMP broadcast attacks, called SMURF attacks.
In your case, chances are that you need to configure the interface command:
on your ports. Without that command, the ports where your clients are connected to run through all Spanning Tree phases and take about 50 seconds before they become operational, causing the client DHCP requests to time out.
Can you try and configure that command on all your user ports and see if that makes a difference ?
In that case, could you please post your configuration? Maybe we will see something when we know all the facts.
Thanks in advance.
I agree with Georg that it is very unlikely to be an issue about directed broadcast.
And I agree with Kevin that it will be very helpful to see the configuration. In particular I wonder if the server and the clients are perhaps configured in different VLANs. If that is the case the DHCP request which goes out as a broadcast would not get to the server. But if the client is configured with a static IP address then it probably also has a default gateway and could ping the server via inter VLAN routing. If the clients are in a different VLAN from the server then the ip hellper-address configured on the layer 3 interface for their VLAN could forward their DHCP requests to the server.
So please do post the configuration.
here is the configuration:
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
ip dhcp-server 172.17.1.1
ip address 172.17.1.3 255.255.255.0
no ip directed-broadcast
no ip route-cache
ip default-gateway 172.17.1.1
access-list 101 permit udp any host 172.17.1.255
snmp-server engineID local xxxxxxxxxxxxxxxxxxxxx
snmp-server community private xxxxxxx
snmp-server community public xxxxxxxxxxx
line con 0
transport input none
line vty 0 4
line vty 5 15
Hope you can find out where the problem is!
Thank you very much for your help
I have some questions about your topology.
1. Is everything, including the DHCP server and the workstations, on the default VLAN, i.e. VLAN 1?
2. I see you have defined a default-gateway 172.17.1.1 and a DHCP server on the same address. These commands are not useful in this context, but they don't do any harm either. But is the information in them correct, i.e. is the DHCP server really on VLAN 1 and on 172.16.1.1?
3. The workstation you are testing, is it on one of the ports F0/1, F0/2, or F0/3 ?
4. Can you ping the DHCP server 172.16.1.1 from the command line of the switch?
5. Is the DHCP server configured to serve addresses to the subnet 172.16.1.0/24?
If the answer to all these is "yes", then I would investigate whether the DHCP server is broken. Does it serve addresses correctly on any other part of your network?
On the other hand, if the DHCP server is not on this VLAN, then the problem lies in the router at 172.16.1.1, so we would need to see the config of that.
answer to your question:
1) it's all on the VLAN1
2) yes, the DHCP Server and is on VLAN1 and IP address is 172.17.1.1
3) FA0/1 is DHCP Server, FA0/2 and FA0/3 are clients.
4) I can ping the DHCP server from the command line of the switch
you have specified the IP address of a DHCP server (which also happens to be the default gateway for your VLAN 1), try to take out the command:
ip dhcp-server 172.17.1.1
This will cause the broadcasts from your clients to find the DHCP server...
I agree with Kevin that some more information about the DHCP server would be helpful.
I wonder about the configuration of port network on FastEthernet 0/1. What is connected on that port? If you remove the port network command from the interface does the behavior change?
Before I didn't put the port network command to the interface it didn't work too. Even now I removed the command, it didn't work as well.
I am not sure why DHCP is not working and I have two requests and a suggestion.
- would you post the output of show interface for FastEthernet 0/1, 0/2, and 0/3?
- I see that an access list is defined but I do not see where it is applied or what it is used for. Can you explain that?
- would you reboot the 3500 and see if the behavior changes?
I would get a cross over cable and connect a PC with the crossover cable directly to the LAN port of your DHCP server and try and get an IP address.
If you can't get an address then you need to check the DHCP server.
From your configuration I can't see any reason why two devices in the same VLAN as the DHCP server can't get an IP address
If this doesn't work and no one else is using this switch erase the start-up config (erase startup-config>, reload the switch (don't save the config if prompted) and start again with a fresh configuration.