Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP relay not working

dear all,

 

I am trying to configure DHCP relay by using ip helper addresses. Strange enough I configured the ip helper addresses properly but the DHCP requests are not being forwarded. Very strange this behavior. I configured it on other similar devices exactly the same, but on this device it is not working.

When I debug the DHCP broadcast a see a strange message about;

00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, rcvd 2
00:14:01: UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, stop process pak for forus packet

http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html

I really don't understand why the DHCP broadcast is not being forwarded. There is no ACL configured on the gateway. IP routing is enabled. Also I did an ping request from the gateways IP address to the DNS IP destination succesfully so routing is no issue at all.

The configuration is as follows;

interface Vlan1
 ip address 192.168.27.254 255.255.255.0
 ip helper-address 10.234.66.140
 ip helper-address 10.234.66.141
 ip helper-address 10.234.66.146
!
interface Vlan3
 ip address 10.1.65.254 255.255.255.0
 ip helper-address 10.234.66.140
 ip helper-address 10.234.66.141
 ip helper-address 192.168.27.24
!
interface Vlan10
 ip address 10.1.67.254 255.255.255.0
 ip helper-address 10.234.66.140
 ip helper-address 10.234.66.141
 ip helper-address 192.168.27.24
!
interface Vlan11
 ip address 10.1.68.254 255.255.255.0
 ip helper-address 10.234.66.140
 ip helper-address 10.234.66.141
 ip helper-address 192.168.27.24
 

Only the vlan 1 is not working properly with DHCP relay, but the rest is working fine.

Does someone have any idea what is going on here?

 

E, sendself FALSE, mtu 0, fwdchk FALSE pak 492D990 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 554AD2C consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 553CD64 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4920F70 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 553DF70 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 492217C consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 553F518 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 55411F8 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4925068 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 5542068 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4925ED8 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4926610 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, input feature
00:14:01:     UDP src=68, dst=67, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, rcvd 2
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, stop process pak for forus packet
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, input feature
00:14:01:     UDP src=68, dst=67, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, rcvd 2
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, stop process pak for forus packet
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, input feature
00:14:01:     UDP src=68, dst=67, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, rcvd 2
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, stop process pak for forus packet
00:14:01:     UDP src=68, dst=67pak 5544BB8 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4929898 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
 

Everyone's tags (1)
16 REPLIES

Can you ping the DHCP servers

Can you ping the DHCP servers from source IP 192.168.27.254?

New Member

Nlsw201p>enPassword:Nlsw201p


Nlsw201p>en
Password:
Nlsw201p#
Nlsw201p#
Nlsw201p#ping
Protocol [ip]:
Target IP address: 10.234.66.140
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.27.254
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.234.66.140, timeout is 2 seconds:
Packet sent with a source address of 192.168.27.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/17 ms
Nlsw201p#
 

New Member

Can you provide an output of

Can you provide an output of show ip route?

New Member

Nlsw201p#sh ip routeCodes: C

Nlsw201p#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.71.1 to network 0.0.0.0

C    192.168.27.0/24 is directly connected, Vlan1
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.1.67.0/24 is directly connected, Vlan10
C       10.1.65.0/24 is directly connected, Vlan3
C       10.1.71.0/30 is directly connected, GigabitEthernet1/0/21
C       10.1.68.0/24 is directly connected, Vlan11
O*E2 0.0.0.0/0 [110/1] via 10.1.71.1, 6d16h, GigabitEthernet1/0/21

10.1.71.1 is de default gateway

Let's recap this a bit; you

Let's recap this a bit; you have several SVIs. Originally you stated there's an issue with Vlan 1 and the rest is working. Now it's just Vlan 10 that really works?

 

Also on Vlan 10, which DHCP server offers IPs? All three or just one? Did you split the DHCP scope accordingly?

Finally do you have any kind of DHCP Snooping enabled on your network?

New Member

since the beginning only vlan

since the beginning only vlan 1 does not work other vlans do work properly with DHCP relay. There is no IP DHCP snooping enabled on the switch.

When requesting an IP address it is not being relayed but it is configured properly. I just cannot understand why. Other vlans are being relayed properly.

 

New Member

could you try using one ip

could you try using one ip helper and remove the others!
 

New Member

Sorry for the late reply was

Sorry for the late reply was on holiday. Removing the other IP helper addresses doesn't seam to work. Strange enough one day it worked for some minutes but nothing was changed. Still it doesn't work at this moment. Actually it is really weird and I don't get it.

New Member

Hi,

Hi,

I have exactly the same problem, have you found a solution?

//Morgan

New Member

Only vlan 1 is not working.

Only vlan 1 is not working. The other vlans work fine with exactly the same ip helper addresses. DHCP scopes are being split properly. The problem is that the switch does not forward broadcasts wihin the vlan 1 domain otherwise I could see the incoming DHCP relay traffic. DHCP snooping is not enabled. If I do an extended ping from the SVI IP address to the destination IP helper is finishes succesfully, so IP routing is no problem also.

Can you also post show ip

Can you also post show ip protocols ?

I would also try this:

interface vlan 1

no ip address

interface loopback 112

ip address 192.168.27.254 255.255.255.0

ip helper-address 10.234.66.140

New Member

Nlsw201p#sh ip protocols***

Nlsw201p#sh ip protocols
*** IP Routing is NSF aware ***

Routing Protocol is "ospf 100"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 192.168.27.254
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    10.1.65.0 0.0.0.255 area 0
    10.1.67.0 0.0.0.255 area 0
    10.1.68.0 0.0.0.255 area 0
    10.1.71.0 0.0.0.3 area 0
    192.168.27.0 0.0.0.255 area 0
  Routing Information Sources:
    Gateway         Distance      Last Update
    10.121.115.244       110      6d16h
  Distance: (default is 110)

I would like to try the loopback but that will cause production disruptions, so I have to do that in a maintenance window.

I configured some vlans with the same DHCP relay and only DHCP relay from vlan 10 seems to work. I have no ACL's configured. Other similar locations with almost same configuration do work.

IP connectivity is also no problem for all vlans


interface Vlan1
 ip address 192.168.27.254 255.255.255.0
 ip helper-address 10.234.66.140
 ip helper-address 10.234.66.141
 ip helper-address 10.234.66.146
!
interface Vlan3
 ip address 10.1.65.254 255.255.255.0
 ip helper-address 10.234.66.140
 ip helper-address 10.234.66.141
 ip helper-address 192.168.27.24
!
interface Vlan10
 ip address 10.1.67.254 255.255.255.0
 ip helper-address 10.234.66.140
 ip helper-address 10.234.66.141
 ip helper-address 192.168.27.24
 

So why does vlan 10 work and the rest not?? I can explain that vlan 3 is not showing traffic because there are no clients inside the local LAN, so only vlan 1 is not working.

Do you have cef enabled?

Do you have cef enabled?

New Member

Vlan1 is up (if_number 2069) 

Vlan1 is up (if_number 2069)
  Corresponding hwidb fast_if_number 2069
  Corresponding hwidb firstsw->if_number 2069
  Internet address is 192.168.27.254/24
  ICMP redirects are always sent
  IP unicast RPF check is disabled
  Output features: Check hwidb
  Inbound access list is not set
  Outbound access list is not set
  IP policy routing is disabled
  BGP based policy accounting on input is disabled
  BGP based policy accounting on output is disabled
  Hardware idb is Vlan1
  Fast switching type 1, interface type 147
  IP CEF switching enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
  Input fast flags 0x0, Output fast flags 0x0
  ifindex 2069(2069)
  Slot 0 Slot unit 1 VC -1
  Transmit limit accumulator 0x0 (0x0)
  IP MTU 1500
Vlan3 is up (if_number 2071)
  Corresponding hwidb fast_if_number 2071
  Corresponding hwidb firstsw->if_number 2071
  Internet address is 10.1.65.254/24
  ICMP redirects are always sent
  IP unicast RPF check is disabled
  Output features: Check hwidb
  Inbound access list is not set
  Outbound access list is not set
  IP policy routing is disabled
  BGP based policy accounting on input is disabled
  BGP based policy accounting on output is disabled
  Hardware idb is Vlan3
  Fast switching type 1, interface type 147
  IP CEF switching enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
  Input fast flags 0x0, Output fast flags 0x0
  ifindex 2071(2071)
  Slot 0 Slot unit 3 VC -1
  Transmit limit accumulator 0x0 (0x0)
  IP MTU 1500
Vlan10 is up (if_number 2078)
  Corresponding hwidb fast_if_number 2078
  Corresponding hwidb firstsw->if_number 2078
  Internet address is 10.1.67.254/24
  ICMP redirects are always sent
  IP unicast RPF check is disabled
  Output features: Check hwidb
  Inbound access list is not set
  Outbound access list is not set
  IP policy routing is disabled
  BGP based policy accounting on input is disabled
  BGP based policy accounting on output is disabled
  Hardware idb is Vlan10
  Fast switching type 1, interface type 147
  IP CEF switching enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
  Input fast flags 0x0, Output fast flags 0x0
  ifindex 2078(2078)
  Slot 0 Slot unit 10 VC -1
  Transmit limit accumulator 0x0 (0x0)
  IP MTU 1500
Vlan11 is up (if_number 2079)
  Corresponding hwidb fast_if_number 2079
  Corresponding hwidb firstsw->if_number 2079
  Internet address is 10.1.68.254/24
  ICMP redirects are always sent
  IP unicast RPF check is disabled
  Output features: Check hwidb
  Inbound access list is not set
  Outbound access list is not set
  IP policy routing is disabled
  BGP based policy accounting on input is disabled
  BGP based policy accounting on output is disabled
  Hardware idb is Vlan11
  Fast switching type 1, interface type 147
  IP CEF switching enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
  Input fast flags 0x0, Output fast flags 0x0
  ifindex 2079(2079)
  Slot 0 Slot unit 11 VC -1
  Transmit limit accumulator 0x0 (0x0)
  IP MTU 1500
 

Most of the times DHCP Relays

Most of the times DHCP Relays does not work because people forgets to enable the DHCP service in the global configuration of the network device:

Try this:

conf t

service dhcp

http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html

PPrerequisites for Configuring the Cisco IOS DHCP Relay Agent

Before you configure the DHCP relay agent, you should understand the concepts documented in the "DHCP Overview" module.

The Cisco IOS DHCP server and relay agent are enabled by default. You can verify if they have been disabled by checking your configuration file. If they have been disabled, the no service dhcp command will appear in the configuration file. Use the service dhcp command to reenable the functionality if necessary.

The Cisco IOS DHCP relay agent will be enabled on an interface only when the ip helper-address is configured. This command enables the DHCP broadcast to be forwarded to the configured DHCP server.

New Member

I do face the same issue

I do face the same issue

For me, the setup is working properly and suddenly goes off, during the time i can't see any relay packet from SVI to DHCP server. This issue is for only one SVI, all other are working.

I am using 3850 box with Image: cat3k_caa-universalk9 SW ver: 03.03.05SE

3015
Views
10
Helpful
16
Replies
CreatePlease login to create content