Solved: ip helper issue, IP from wrong VLAN being handed out

ronnieshih · ‎12-30-2011

Setup is like this: Polycom IP phones -> Cisco 2960 switches -> Cisco 2621XM router running 12.28(r). A Windows 2003 server running on HP Proliant DL380 G4 with the correct DHCP scope is configured for the IP phones, also sitting on a Cisco 2960 switch.

A typical port config on the 2960 is:

interface FastEthernet0/1

switchport mode access

switchport voice vlan 60

mls qos trust cos

auto qos voip trust

spanning-tree portfast

spanning-tree bpduguard enable

Relevant section of the config on the 2621XM router:

interface FastEthernet0/0

no ip address

no ip redirects

no ip proxy-arp

ip pim sparse-dense-mode

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.180.160.2 255.255.255.0

ip pim sparse-dense-mode

no snmp trap link-status

!

interface FastEthernet0/0.60

description Vlan Voice 60

encapsulation dot1Q 60

ip address 10.180.60.1 255.255.255.0

ip helper-address 10.180.160.20

ip pim sparse-dense-mode

no snmp trap link-status

This USED TO WORK on a Windows 2000 server which sat on different piece of hardware, but stopped immediately after the migration to Windows 2003 server was done. There was no change on the router or switches prior to or after the server migration. I see DHCP server log on the 2003 server giving DHCP NACK because the phones are apparently asking for IP's in the data VLAN. Can someone shed some light on this? thanks!

amikat · ‎01-03-2012

Hi,

can you please try to hardcode your fa0/28 interface not to trunk (ie. add "switchport mode access" command). Your new server NIC can be 802.1Q negotiation capable and as such set the port as trunk (you can check this via "sh int fa 0/28 sw" command) and if so receive also the DHCP broadcasts via Vlan 60.

Best regards,

Antonin

View solution in original post

igor.donev · ‎12-30-2011

Can you provide some of the DHCP server logs maybe? It looks like someting related to the Win 2003 server.

ronnieshih · ‎12-30-2011

Here is s small section of it. The Windows server assigns what the phone requests. 10.180.60.x is for voice and 10.180.160.x is for data.

10,03/15/11,13:12:03,Assign,10.180.60.11,,0004F2115397,

15,03/15/11,13:12:23,NACK,10.180.160.89,,0004F2115397,

15,03/15/11,13:12:43,NACK,10.180.160.89,,0004F2115397,

15,03/15/11,13:12:51,NACK,10.180.60.11,,0004F2115397,

10,03/15/11,13:12:51,Assign,10.180.60.11,,0004F2115397,

15,03/15/11,13:13:04,NACK,10.180.60.11,,0004F2115397,

11,03/15/11,13:13:04,Renew,10.180.60.11,,0004F2115397,

15,03/15/11,13:13:20,NACK,10.180.60.11,,0004F2115397,

11,03/15/11,13:13:20,Renew,10.180.60.11,,0004F2115397,

15,03/15/11,13:13:35,NACK,10.180.160.89,,0004F2115397,

15,03/15/11,13:13:46,NACK,10.180.160.89,,0004F2115397,

15,03/15/11,13:13:53,NACK,10.180.60.11,,0004F2115397,

10,03/15/11,13:13:53,Assign,10.180.60.11,,0004F2115397,

15,03/15/11,13:14:07,NACK,10.180.160.89,,0004F2115397,

15,03/15/11,13:14:22,NACK,10.180.160.89,,0004F2115397,

15,03/15/11,13:14:42,NACK,10.180.160.89,,0004F2115397,

15,03/15/11,13:14:50,NACK,10.180.60.11,,0004F2115397,

10,03/15/11,13:14:50,Assign,10.180.60.11,,0004F2115397,

igor.donev · ‎12-30-2011

Hi Ronnie,

I don't see the DHCP request in this log. Also it seems the DHCP server is misbehaving as it's assigning IP

10.180.60.11 to 0004F2115397, for just seconds away to NACK the same.

ronnieshih · ‎12-30-2011

This is the DHCP server log from Windows 2003 server, not a sniffer log. Give me a few to track that down.

mahmoodmkl · ‎12-31-2011

Hi,

As per the output pasted above can you please clarify whether the same subnet is configured on both the sub-interfaces..?

I think both the data and voice vlan should be on different subnets and this is creating the confusion.

Thanks

ronnieshih · ‎01-01-2012

fa0/0.1 is configured for data in the 10.180.160.x subnet, fa0/0.60 is configured for voice in the 10.180.60.x subnet. They are on 2 different subnets. This is shown clearly in my original post. The PC's need to daisy-chain off the Polycom phones, hence the configuration of switch ports on the 2960s to have:

switchport mode access

switchport voice vlan 60

I will have to provider a sniffer session on this but I won't be able to get this until next Tuesday so standby on that.

viswamin · ‎01-02-2012

Are there any firewalls configured on your windwos 2003 server which is preventing it from allocating ip address for the dhcp requests that comes out from the client?

-Vijay

acampbell · ‎01-02-2012

Hi --- Happy New Year,

Can you check on the DHCP server:-

Are the Data & Voice scopes included under a SUPERSCOPE

When you use seperate Vlans like you are you must NOT use SUPERSCOPES

If you have a superscope either delete it or remove the scopes in question from it.

HTH

Alex

Regards, Alex. Please rate useful posts.

ronnieshih · ‎01-02-2012

All,

NO firewall on Windows 2003 server

NO superscope is being used. There are 2 distinct regular DHCP scopes. I already know about the superscope causing this issue but this is not the case.

Can everyone agree that the switch and router configs are correct? If so, then I should post on MS forum instead.

acampbell · ‎01-02-2012

Hi,

Can you post the config of the interface that

connects to the DHCP server

Regards

Alex

Regards, Alex. Please rate useful posts.

ronnieshih · ‎01-02-2012

This is all that's on the interface:

interface FastEthernet0/28

description BR1FS2

spanning-tree portfast

Pawan Sharma · ‎01-03-2012

Hi,

Your network configuration looks perfect to atleast to me. Disable IPv6 on your server if you are not using it in your network. had seen IPv6 misbahiving with applications which uses broadcast.

Regards,

Pawan Sharma

http://www.ebrahma.com

Regards,
Pawan Sharma
https://itgears.io

amikat · ‎01-03-2012

Hi,

can you please try to hardcode your fa0/28 interface not to trunk (ie. add "switchport mode access" command). Your new server NIC can be 802.1Q negotiation capable and as such set the port as trunk (you can check this via "sh int fa 0/28 sw" command) and if so receive also the DHCP broadcasts via Vlan 60.

Best regards,

Antonin

ronnieshih · ‎01-03-2012

Thanks guys. "Switchport mode access" on the DHCP server's port resolved the issue. This is odd, but on the old 2950's, this was not required. I suppose I will always use this as best practice to avoid the same problem in the future. Thanks!