cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2929
Views
0
Helpful
13
Replies

Servicing DHCP requests from another subnet

darren-carr
Level 2
Level 2

Hi guys

We have gone from a very flat network (single vlan, single subnet) to multiple subnets/vlans.

We have a DHCP server sitting on 192.168.2.x (servers) and workstations on a new subnet 192.168.8.x

I have configured the VLAN with an ip helpder address for the two DHCP servers but the DHCP requests go nowhere beyond the subnet/vlan (192.168.8.x).

I was looking further into this and read about the ip directed broadcast command. There seem to be mixed feelings about this command/config.

Reading into the command it would seem to suggest that this could be causing the issue for this VLAN as the broadcast is not going to the other subnet.

Do you think this is causing the problem? I dont want to be adding congestion to the network in doing this if this is not necessary?

I should also mention that I am using two 3560E's for routing and Windows 2003 servers as DHCP servers.

Thanks

Darren

13 Replies 13

SJessulat_2
Level 1
Level 1

Hi Darren,

as far as i remember, the "ip helper-address" command transforms the DHCP-Discover broadcasts into unicasts to the specified address. So you would not need the "ip directed broadcast" function.

Did you make sure to add the "ip helper-address command" to the interface, where the broadcasts originate, so in your case the 192.168.8.x vlan?

Greets,

Sebastian

Hi Sebastien

Yes I have configured the 'ip helper' on the VLAN that the broadcast originated from.

i.e

interface vlan8

ip helper address 192.168.2.x

ip helper address 192.168.2.x

I captured the packet using a sniffer and it does not seem to get beyond the switch?

The switchport is also in vlan 8

Thanks

Darren

Hmm,

could you paste the config of the 3560?

Is communication between the vlans possible at all, i.e. with static ip adresses?

Greets,

Sebastian

Hi

Here is the config

interface Vlan20

description xxxxx

ip address 192.168.20.2 255.255.255.0

ip helper-address 192.168.2.1

ip helper-address 192.168.2.2

standby 1 ip 192.168.20.1

standby 1 preempt

end

I use HSRP for redundancy at layer 3.

From the switch I can ping devices on different subnets?

Thanks

Darren

Can you ping the two DHCP servers from a PC on Vlan20?

Are the helper statements on both HSRP devices?

Hi Darren,

what i wanted to say was:

can you ping to a device in the 192.168.20.x-vlan from a device in the 192.168.2.x-vlan? You could try that with a static ip-address.

If the ping fails, then you should enable "ip routing" on the 3560's. If the ping succeeds, we have to look further.

Do the DHCP-Servers have the 3560's ip address as their gateway?

Greets,

Sebastian

Hi

If I give the machine a static IP address on a different subnet I can ping devices on the subnet where the DHCP server is located.

IP routing is enabled on the switch and I can route between VLANs.

The DHCP server does not use the same GW as the GW on the switch. With HSRP my VLAN8 uses 192.168.8.1 that translates to an address on the 192.168.2.x network for routing in the HSRP configuration. The DHCP server GW is set to the address of my firewall which is on the same subnet. I have routes to get from the FW to the 192.168.8.x subnet/vlan but im thinking this could be the issue as it is a broadcast request that is probably not being returned by my firewall to the subnet.

I am going to SPAN the port and see what is going on today and will also be changing the GW on the DHCP server.

Thanks

Darren

Hi guys

I still have this problem. I have captured the traffic on the switch for the VLAN. Please see below:

Frame 5 (342 bytes on wire, 342 bytes captured)

Arrival Time: May 4, 2009 09:57:29.500397000

[Time delta from previous captured frame: 0.422059000 seconds]

[Time delta from previous displayed frame: 4.043763000 seconds]

[Time since reference or first frame: 4.043763000 seconds]

Frame Number: 5

Frame Length: 342 bytes

Capture Length: 342 bytes

[Frame is marked: False]

[Protocols in frame: eth:ip:udp:bootp]

[Coloring Rule Name: UDP]

[Coloring Rule String: udp]

Ethernet II, Src: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

Destination: Broadcast (ff:ff:ff:ff:ff:ff)

Source: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66)

Type: IP (0x0800)

Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

Total Length: 328

Identification: 0x011a (282)

Flags: 0x00

Fragment offset: 0

Time to live: 128

Protocol: UDP (0x11)

Header checksum: 0x388c [correct]

Source: 0.0.0.0 (0.0.0.0)

Destination: 255.255.255.255 (255.255.255.255)

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

Source port: bootpc (68)

Destination port: bootps (67)

Length: 308

Checksum: 0xf372 [correct]

Bootstrap Protocol

Message type: Boot Request (1)

Hardware type: Ethernet

Hardware address length: 6

Hops: 0

Transaction ID: 0xfef50c4b

Seconds elapsed: 0

Bootp flags: 0x8000 (Broadcast)

Client IP address: 0.0.0.0 (0.0.0.0)

Your (client) IP address: 0.0.0.0 (0.0.0.0)

Next server IP address: 0.0.0.0 (0.0.0.0)

Relay agent IP address: 0.0.0.0 (0.0.0.0)

Client MAC address: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66)

Server host name not given

Boot file name not given

Magic cookie: (OK)

Option: (t=53,l=1) DHCP Message Type = DHCP Discover

Option: (t=116,l=1) DHCP Auto-Configuration

Option: (t=61,l=7) Client identifier

Option: (t=50,l=4) Requested IP Address = 169.254.80.76

Option: (t=12,l=5) Host Name = "PC582"

Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"

Option: (t=55,l=11) Parameter Request List

Option: (t=43,l=2) Vendor-Specific Information

End Option

Padding

Hi Darren,

could you maybe post a diagram of your network, including your switches, firewall, dhcp-server and the corresponding ip-addresses.

This could help us understanding the packet flow.

Greets,

Sebastian

Hi Sebastian

It is a very simple network

Clients connect to Cisco 2960, in switchport VLAN20 (192.168.20.x), interfaces are trunked to Cisco 3560, Cisco 3560e performs the intervlan routing. The DHCP server is on VLAN1 (192.168.2.1).

The servers are connected to a Cisco 3750e which has an etherchannel to the Cisco 3560e. The etherchannel is configured to allow all VLANs across.

I have two 3560Es that perform the routing. They run HSRP. IP addresses 192.168.2.251 and 252. I have defined the 20 VLAN on each of the switches 192.168.20.3 and 192.168.20.2 the actual gateway address for clients is 192.168.20.1 which is the virtual address for the HSRP configuration and is what is used for clients as their default gateway.

The route for this client should be:

192.168.2.x mask 255.255.255.0 192.168.2.252

It would appear that it is a very simple configuration.

I will try to put a drawing together to explain better but as you can see it is not that complex?

Hi Darren,

I just want to clarify something, in your original and second post you say that the DHCP client is going to be in Vlan8. In the config for Vlan8 you do not show an ip address statement. Is this just omitted from the post? The IP address need to be attached to the Layer 3 interface.

Hi

There are two VLANs that need to get an IP address now, please see below the configuration taken from the L3 switches

interface Vlan8

ip address 192.168.8.2 255.255.255.0

ip helper-address 192.168.2.1

ip helper-address 192.168.2.2

standby 1 ip 192.168.8.1

standby 1 preempt

end

SW002#sh run int vlan 20

Building configuration...

Current configuration : 203 bytes

!

interface Vlan20

description xxxxx

ip address 192.168.20.2 255.255.255.0

ip helper-address 192.168.2.1

ip helper-address 192.168.2.2

standby 1 ip 192.168.20.1

standby 1 preempt

end

Problem resolved....

no service dhcp in global parameters...

Doh! my mistake..inherited switch config and assumed! (bad) it was ok!

sorry guys... enabling 'service dhcp' fixed the issue!

Cheers

Darren

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: