Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DHCP from gateway?

The DHCP server my Macs use is not on the local subnet.  In my firewall rules, I allow traffic from the DHCP server address UDP 67 to local UDP 68, and that works... until it doesn't.  Every now and then, I find a machine with a zeroconf address and ipfw logs showing dropped DHCP packets from my gateway.  I added a rule to allow that, and DHCP starts working again.  But... why?  I understand that routers will include a DHCP relay, but that should be preserving source / destination, IIRC.  And why would this be so intermittent?


DHCP from gateway?

Can you provide a quick diagram of your setup including all  routing devices between the hosts and the dhcp server

Re: DHCP from gateway?


I'm not sure if I understand the question correctly but I think the answer is that the DHCP communication depends on if the client already has a lease or not.

  • If it doesn't have a lease it sends a broadcast on the local subnet, which will be forwarded as unicast to the server by the DHCP relay agent (ip helper-address configured on SVI). As the client doesn't have a lease, it's IP-adress is set to the unspecified
  • If, in contrast, the client has a valid lease, it has layer-3 connectivity and it knows the DHCP server's IP-address. So it can unicast directly to the server to renew the lease without using the relay-agent.

Does that answer your question?



New Member

DHCP from gateway?

Hi Rolf.  Not really... but mentioning the lease may be relevant as to why this issue doesn't manifest itself everywhere all the time.  But what seems to be happening is if the interface is dropped and brought back up, and so is unconfigured, at least some of the time it sees the DHCP traffic sourced from the gateway, NOT the DHCP server.  But I just checked and it looks like the lease length is an hour (unless OSX records the lease length time in minutes instead of seconds), so that doesn't wash either.

Fortunately, this is kind of academic, as since I know what the issue is I can just add a firewall rule.  But it does bug me, and I like to find answers to puzzlers :-)

New Member

DHCP from gateway?

Unfortunately, no... the network here is a "black box" to me.  Other than having admin rights on my hosts, I'm just another lowly peon user :-)