cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
28020
Views
5
Helpful
21
Replies

IP helper-address not working in different segment vlans

maria.melendez
Level 1
Level 1

The dhcp server is located in vlan 100 and only vlan 100 is able to get the DHCP IP from it. The rest of the vlans are not getting DHCP request. Also, the network is getting intermittent disconnect after a Virtual Environment equipment started to have problems and the ports that they are using are trunking ports. The trunking ports has been disabled but the DHCP is still not working for additional vlans.

Service dhcp is enabled. 

Thanks!

1 Accepted Solution

Accepted Solutions

Maria

Thank you for posting back to the forum indicating that the problem was solved and how you fixed it. VTP pruning was certainly not one of the things that I had thought about as a possible cause of this and it is interesting that this turned out to be the problem. Now that you have it working perhaps you want to mark this question as resolved?

HTH

Rick

HTH

Rick

View solution in original post

21 Replies 21

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Please post your config (sh run).

Maria

I agree with Reza that we do not have enough information yet to be able to give you good answers. In addition to posting the configuration I would ask that you specify what is the address of the DHCP server. We also need to know whether DHCP has worked in the past and stopped working or is it the case that DHCP has not ever worked on the other segment VLANs.

HTH

Rick

HTH

Rick

maria.melendez
Level 1
Level 1

Here's the config ...  This is a catalyst 3750. Yes DHCP was working before properly. Yesterday stopped working, server has been rebooted and although the ip helper-address is not in vlan 100 is the only one working. I'll appreciate any information, thanks!

******************************************************************

version 12.2

no service pad

service tcp-keepalives-in

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

hostname router

boot-start-marker

boot-end-marker

logging console critical

enable secret 5 $1$fE0f$2YuK88Rj3xzIOnVg2kKjM.

username maria privilege 15 secret 5 $1$Q6RM$AMj5ByYAbaOi9nCWEW6No/

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login VTY group tacacs+ local

aaa authorization exec default local

aaa authorization network default local

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750-48ts

system mtu routing 1500

vtp interface g1/0/2

ip subnet-zero

no ip source-route

ip routing

no ip gratuitous-arps

no ip domain-lookup

ip domain-name abc.com

ip name-server 123.123.123.123

password encryption aes

crypto pki trustpoint TP-self-signed-13602432...rsakeypair TP-self-signed-13602432

crypto pki certificate chain TP-self-signed-13602432

certificate self-signed 01  ...

  DFA50ED8 9FE8F40F 3CD0F1DA

  B1D3823C DEE290AC C9D95DFF C8DF

  quit

errdisable recovery cause security-violation

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree uplinkfast

vlan internal allocation policy ascending

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh version 2

interface Loopback0

ip address 10.10.10.10 255.255.255.255

interface FastEthernet1/0/1

switchport access vlan 6

switchport mode access

interface FastEthernet1/0/2

switchport access vlan 140

switchport mode access

shutdown

.....  

interface FastEthernet1/0/47

switchport access vlan 140

switchport mode access

shutdown

interface FastEthernet1/0/48

switchport access vlan 4

switchport mode access

shutdown

no mdix auto

interface GigabitEthernet1/0/1

no switchport

ip address A.B.1.252 255.255.255.0

ip access-group border_in in

ip access-group border_out out

flowcontrol receive on

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet1/0/4

switchport trunk encapsulation dot1q

switchport mode trunk

interface Vlan1

shutdown

interface Vlan2

ip address A.B.2.254 255.255.255.0

interface Vlan4

ip address A.B.4.254 255.255.255.0

ip helper-address A.B.100.200

interface Vlan5

ip address A.B.5.254 255.255.255.0

ip helper-address A.B.100.200

interface Vlan6

ip address A.B.6.254 255.255.255.0

ip helper-address A.B.100.200

interface Vlan7

ip address A.B.7.254 255.255.255.0

interface Vlan13

ip helper-address A.B.100.200

...

interface Vlan100

ip address A.B.100.254 255.255.255.0

interface Vlan111

ip address A.B.111.254 255.255.255.0

ip default-gateway A.B.111.254

no ip classless

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

ip route 0.0.0.0 0.0.0.0 A.B.1.254

ip http server

ip http authentication local

ip http secure-server

ip access-list extended border_in

permit tcp host A.B.1.111 any

permit udp host A.B.1.111 any

permit tcp C.D.0.0 0.0.255.255 A.B.0.0 0.0.255.255 eq www

permit tcp C.D.0.0 0.0.255.255 A.B.0.0 0.0.255.255 eq 443

permit tcp C.D.0.0 0.0.255.255 A.B.0.0 0.0.255.255 eq 2222

deny   tcp any A.B.0.0 0.0.255.255 eq 1 log

...

deny   tcp any A.B.0.0 0.0.255.255 eq 47017 log

deny   tcp any A.B.0.0 0.0.255.255 range 6711 6712 log

deny   tcp any A.B.0.0 0.0.255.255 eq 6776 log

deny   tcp any A.B.0.0 0.0.255.255 eq 6669 log

deny   tcp any A.B.0.0 0.0.255.255 eq 2222 log

deny   tcp any A.B.0.0 0.0.255.255 eq 7000 log

permit ip any any

ip access-list extended border_out

deny   tcp A.B.0.0 0.0.255.255 any eq 1 log

deny   udp A.B.0.0 0.0.255.255 any eq 1 log

deny   tcp A.B.0.0 0.0.255.255 any eq echo log

deny   udp A.B.0.0 0.0.255.255 any eq echo log

deny   tcp A.B.0.0 0.0.255.255 any eq discard log

...

deny   udp A.B.0.0 0.0.255.255 any eq snmp log

deny   tcp A.B.0.0 0.0.255.255 any eq 162 log

deny   udp A.B.0.0 0.0.255.255 any eq snmptrap log

deny   udp A.B.0.0 0.0.255.255 any eq xdmcp log

permit tcp host A.B.101.175 C.D.0.0 0.0.255.255

permit udp host A.B.101.175 C.D.0.0 0.0.255.255

permit ip any any

logging history informational

logging source-interface Loopback0

logging A.B.2.231

snmp-server host A.B.2.230 seclee

snmp-server host A.B.2.231 seclee

tacacs-server host A.B.2.229

tacacs-server directed-request

line con 0

session-timeout 10

line vty 0 4

exec-timeout 5 0

login authentication VTY

transport input ssh

line vty 5 15

exec-timeout 5 0

login authentication VTY

transport input ssh

end

Can the DHCP server ping A.B.100.254?

Can the DHCP server ping any other vlan's interface?

can you ping the DHCP IP from the switch?

ip default-gateway A.B.111.254

this is the interface of vlan 111 and should not be use as a default gateway.  Default gateway needs to be the next hop IP address and not local SVI's IP address.  Since you already have default route in your config, default-gateway should

be deleted.

HTH

Can the DHCP server ping A.B.100.254?  YES

Can the DHCP server ping any other vlan's interface? YES

can you ping the DHCP IP from the switch? YES but only from the router, not the additional switches.

Ok, thanks for the help!!

Maria

The configuration that you posted shows several VLANs that do not have ip helper-address configured (VLANs 2, 7, and 111). If this is an accurate copy of the config then those VLANs would not be able to get address assignments from the DHCP server.

I  am interested in your statement that :"can you ping the DHCP IP from  the switch? YES but only from the router, not the additional switches"  This makes me wonder if perhaps the default gateway on the server  changed. If you were to take one of the PCs on a VLAN (perhaps vlan 4 or 5) and configure it with a static IP in the appropriate subnet, then would it be able to ping the DHCP server.

HTH

Rick

HTH

Rick

Richard,

Yes, this config is accurate and only VLAN 4, 5, 6, are using the ip helper-address and are supposed to get the DHCP IP addresses. We have machines using static ips ( in vlan 5 and 6) and we can ping the DHCP server. But because other machines are trying to get IPs from DHCP, the network is dropping packets.

Sorry for the confusion, I have a main router and 3 additional switches(Catalyst 4506) connected in different floors. Forget about my comment, I'm not going to be able to ping from the switches any device other than my network machines, this is not permitted by ACL. 

Maria,

Are the scopes on the DHCP server configured under a SUPERSCOPE.

If they are you need to remove/delete the SUPERSCOPE, just leave each scope as an

independant entity.

Regards

Alex

Regards, Alex. Please rate useful posts.

maria.melendez
Level 1
Level 1

Acampbell,

Not sure if I understand right the superscope concept.  Can you explain it ?  I'm not the DHCP server administrator. We have all the VLan scopes defined in our DHCP server A.B.100.200. 

Thanks!

Maria,

You need to ask yor DHCP server administrator if they have set up the scope that you reequire under

a SUPERSCOPE.

SUPERSCOPE--MARIAS-VLANS

-MARIA SCOPE 1 VLAN-A

-MARIA SCOPE 2 VLAN-B

-MARIA SCOPE 3 VLAN-C

----etc

SUPERSCOPES are not compatable with the type of working you need.

They are used to supply Muliple IP Subnets to a single broadcast domain.

You ar using 1 SUBNET per VLAN (Broadcast domain) each of your scopes to be individual.NO SUPERSCOPE

MARIA SCOPE 1 VLAN-A

MARIA SCOPE 2 VLAN-B

MARIA SCOPE 3 VLAN-C

----etc

May be helpful

Regards

Alex

Regards, Alex. Please rate useful posts.

Alex

In a previous post in this thread Maria says that the DHCP server was working and then stopped working. From that I believe that we can deduce that the issue is not superscope.

Maria

If PCs in VLANs 5 and 6 with static addresses can ping the DHCP server then this demonstrates that the problem is not basic IP connectivity to the DHCP server and is not a problem with the default gateway of the DHCP server (both of which were on my list of possible problems).

I do not see any obvious problems in the configuration, and we know that there is IP connectivity, so we need to look for something else that causes the problem. Perhaps you can check with the administrator of the DHCP server and ask if there are any issues on the server or if any changes have been made recently.

Would it be possible to set up a packet capture to examine traffic being sent to the DHCP server?

HTH

Rick

HTH

Rick

maria.melendez
Level 1
Level 1

Richard,

Yes, you are correct everything was working properly before ... Machines on vlan 5 and 6 using static IPs can ping the DHCP server. 

I know that the missing part here is the DHCP server, but we cant get a hold of the admin. Let me remove any sensitive info from the packet capture that I have from wireshark and I'll post that soon.

Thanks all for your suggestions!!

-M

maria.melendez
Level 1
Level 1

Here's from workstation in vlan 6 asking for IP, the correct IP for this machine is A.B.6.7 ... as a result I get

169.254.232.149 IP ...

158    36    0.0.0.0    255.255.255.255    DHCP    342    DHCP Discover - Transaction ID 0x4a7f26ee

159    37    A.B.6.254    A.B.6.7    DHCP    345    DHCP Offer    - Transaction ID 0x4a7f26ee

160    37    0.0.0.0    255.255.255.255    DHCP    379    DHCP Request  - Transaction ID 0x4a7f26ee

161    37    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

162    39    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

163    39    A.B.6.159    A.B.6.255    NBNS    92    Name query NB WPAD<00>

164    40    A.B.6.159    A.B.6.255    NBNS    92    Name query NB WPAD<00>

165    41    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

166    41    A.B.6.159    A.B.6.255    NBNS    92    Name query NB WPAD<00>

167    41    A.B.6.159    A.B.6.255    NBNS    92    Name query NB WPAD<00>

168    41    0.0.0.0    255.255.255.255    DHCP    379    DHCP Request  - Transaction ID 0x4a7f26ee

169    42    A.B.6.159    A.B.6.255    NBNS    92    Name query NB WPAD<00>

170    43    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

171    43    A.B.6.159    A.B.6.255    NBNS    92    Name query NB WPAD<00>

172    45    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

173    45    G-ProCom_01:39:4b    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.53

174    46    A.B.2.231    A.B.6.152    ICMP    69    Echo (ping) request  id=0x000c, seq=15064/55354, ttl=12

175    46    G-ProCom_01:38:d6    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.158

176    46    G-ProCom_01:39:4b    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.53

177    46    Hewlett-_1f:3e:43    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.160

178    47    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

179    47    Hewlett-_1f:3e:43    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.160

180    47    G-ProCom_01:39:4b    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.53

181    48    G-ProCom_01:39:4b    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.53

182    48    A.B.2.231    A.B.6.152    ICMP    69    Echo (ping) request  id=0x000c, seq=15073/57658, ttl=12

183    49    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

184    49    0.0.0.0    255.255.255.255    DHCP    379    DHCP Request  - Transaction ID 0x4a7f26ee

185    50    A.B.6.53    A.B.6.255    NBNS    92    Name query NB HPFEFC74<00>

186    50    A.B.6.53    A.B.6.255    NBNS    92    Name query NB HPFEFC74<00>

187    51    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/6/00:12:00:cf:8e:80

188    51    169.254.232.149    169.254.255.255    NBNS    92    Name query NB NAME000XNAS1<20>

189    51    A.B.6.53    A.B.6.255    NBNS    92    Name query NB HPFEFC74<00>

190    52    G-ProCom_01:36:67    Broadcast    ARP    60    Who has A.B.6.254?  Tell A.B.6.98

191    52    169.254.232.149    169.254.255.255    NBNS    92    Name query NB NAME000XNAS1<20>

maria.melendez
Level 1
Level 1

When connecting from same vlan as DHCP A.B.100.200 and I get IP from DHCP  A.B.100.29

685    267    0.0.0.0    255.255.255.255    DHCP    342    DHCP Discover - Transaction ID 0x7bdaf064

686    267    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

687    269    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

688    271    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

689    272    0.0.0.0    255.255.255.255    DHCP    342    DHCP Discover - Transaction ID 0x7bdaf064

690    273    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

691    275    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

692    277    169.254.232.149    169.254.255.255    NBNS    92    Name query NB LEEEFSSECLXNAS1<20>

693    277    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

694    278    169.254.232.149    169.254.255.255    NBNS    92    Name query NB LEEEFSSECLXNAS1<20>

695    278    169.254.232.149    169.254.255.255    NBNS    92    Name query NB LEEEFSSECLXNAS1<20>

696    279    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

697    280    0.0.0.0    255.255.255.255    DHCP    342    DHCP Discover - Transaction ID 0x7bdaf064

698    281    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

699    284    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

700    286    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

701    287    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. Root = 49152/101/00:12:00:cf:8e

702    288    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. TC + Root = 49152/101/00:12:00:

703    288    Cisco_cf:8e:cf    Broadcast    ARP    60    Who has A.B.100.199?  Tell A.B.100.254

704    289    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. TC + Root = 49152/101/00:12:00:

705    290    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. TC + Root = 49152/101/00:12:00:

706    292    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. TC + Root = 49152/101/00:12:00:

707    292    Hewlett-_4e:32:14    Broadcast    ARP    60    Who has A.B.100.11?  Tell A.B.100.14

708    294    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. TC + Root = 49152/101/00:12:00:

709    295    Cisco_cf:8e:cf    Broadcast    ARP    60    Who has A.B.100.199?  Tell A.B.100.254

710    295    0.0.0.0    255.255.255.255    DHCP    342    DHCP Discover - Transaction ID 0x7bdaf064

711    295    Hewlett-_3b:48:53    Broadcast    ARP    60    Who has A.B.100.2?  Tell A.B.100.101

712    295    Hewlett-_38:51:9a    Broadcast    ARP    60    Who has A.B.100.101?  Tell A.B.100.2

713    295    Hewlett-_3b:48:53    Broadcast    ARP    60    Who has A.B.100.15?  Tell A.B.100.101

714    295    Hewlett-_d2:d7:9a    Broadcast    ARP    60    Who has A.B.100.101?  Tell A.B.100.15

715    295    Hewlett-_3b:48:53    Broadcast    ARP    60    Who has A.B.100.29?  Tell A.B.100.101

716    296    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. TC + Root = 49152/101/00:12:00:

717    297    Hewlett-_3b:48:53    Broadcast    ARP    60    Who has A.B.100.29?  Tell A.B.100.101

718    297    Hewlett-_4e:32:14    Broadcast    ARP    60    Who has A.B.100.58?  Tell A.B.100.14

719    298    Cisco_a8:6d:d3    Spanning-tree-(for-bridges)_00    STP    60    Conf. TC + Root = 49152/101/00:12:00:

720    298    A.B.100.200    255.255.255.255    DHCP    354    DHCP Offer    - Transaction ID 0x7bdaf064

721    298    0.0.0.0    255.255.255.255    DHCP    379    DHCP Request  - Transaction ID 0x7bdaf064

722    298    A.B.100.200    255.255.255.255    DHCP    359    DHCP ACK      - Transaction ID 0x7bdaf064

723    298    A.B.100.29    224.0.0.22    IGMP    54    V3 Membership Report / Join group 224.0.0.252 for any so

724    298    A.B.100.29    224.0.0.22    IGMP    54    V3 Membership Report / Leave group 224.0.0.252

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco