04-30-2009 02:18 AM - edited 03-06-2019 05:28 AM
Hi guys
We have gone from a very flat network (single vlan, single subnet) to multiple subnets/vlans.
We have a DHCP server sitting on 192.168.2.x (servers) and workstations on a new subnet 192.168.8.x
I have configured the VLAN with an ip helpder address for the two DHCP servers but the DHCP requests go nowhere beyond the subnet/vlan (192.168.8.x).
I was looking further into this and read about the ip directed broadcast command. There seem to be mixed feelings about this command/config.
Reading into the command it would seem to suggest that this could be causing the issue for this VLAN as the broadcast is not going to the other subnet.
Do you think this is causing the problem? I dont want to be adding congestion to the network in doing this if this is not necessary?
I should also mention that I am using two 3560E's for routing and Windows 2003 servers as DHCP servers.
Thanks
Darren
04-30-2009 03:43 AM
Hi Darren,
as far as i remember, the "ip helper-address" command transforms the DHCP-Discover broadcasts into unicasts to the specified address. So you would not need the "ip directed broadcast" function.
Did you make sure to add the "ip helper-address command" to the interface, where the broadcasts originate, so in your case the 192.168.8.x vlan?
Greets,
Sebastian
04-30-2009 03:48 AM
Hi Sebastien
Yes I have configured the 'ip helper' on the VLAN that the broadcast originated from.
i.e
interface vlan8
ip helper address 192.168.2.x
ip helper address 192.168.2.x
I captured the packet using a sniffer and it does not seem to get beyond the switch?
The switchport is also in vlan 8
Thanks
Darren
04-30-2009 04:01 AM
Hmm,
could you paste the config of the 3560?
Is communication between the vlans possible at all, i.e. with static ip adresses?
Greets,
Sebastian
04-30-2009 04:57 AM
Hi
Here is the config
interface Vlan20
description xxxxx
ip address 192.168.20.2 255.255.255.0
ip helper-address 192.168.2.1
ip helper-address 192.168.2.2
standby 1 ip 192.168.20.1
standby 1 preempt
end
I use HSRP for redundancy at layer 3.
From the switch I can ping devices on different subnets?
Thanks
Darren
04-30-2009 05:07 AM
Can you ping the two DHCP servers from a PC on Vlan20?
Are the helper statements on both HSRP devices?
04-30-2009 05:08 AM
Hi Darren,
what i wanted to say was:
can you ping to a device in the 192.168.20.x-vlan from a device in the 192.168.2.x-vlan? You could try that with a static ip-address.
If the ping fails, then you should enable "ip routing" on the 3560's. If the ping succeeds, we have to look further.
Do the DHCP-Servers have the 3560's ip address as their gateway?
Greets,
Sebastian
04-30-2009 04:21 PM
Hi
If I give the machine a static IP address on a different subnet I can ping devices on the subnet where the DHCP server is located.
IP routing is enabled on the switch and I can route between VLANs.
The DHCP server does not use the same GW as the GW on the switch. With HSRP my VLAN8 uses 192.168.8.1 that translates to an address on the 192.168.2.x network for routing in the HSRP configuration. The DHCP server GW is set to the address of my firewall which is on the same subnet. I have routes to get from the FW to the 192.168.8.x subnet/vlan but im thinking this could be the issue as it is a broadcast request that is probably not being returned by my firewall to the subnet.
I am going to SPAN the port and see what is going on today and will also be changing the GW on the DHCP server.
Thanks
Darren
05-03-2009 04:16 PM
Hi guys
I still have this problem. I have captured the traffic on the switch for the VLAN. Please see below:
Frame 5 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 4, 2009 09:57:29.500397000
[Time delta from previous captured frame: 0.422059000 seconds]
[Time delta from previous displayed frame: 4.043763000 seconds]
[Time since reference or first frame: 4.043763000 seconds]
Frame Number: 5
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66)
Type: IP (0x0800)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 328
Identification: 0x011a (282)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x388c [correct]
Source: 0.0.0.0 (0.0.0.0)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 308
Checksum: 0xf372 [correct]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xfef50c4b
Seconds elapsed: 0
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: HonHaiPr_b8:15:66 (00:1c:25:b8:15:66)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (t=116,l=1) DHCP Auto-Configuration
Option: (t=61,l=7) Client identifier
Option: (t=50,l=4) Requested IP Address = 169.254.80.76
Option: (t=12,l=5) Host Name = "PC582"
Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"
Option: (t=55,l=11) Parameter Request List
Option: (t=43,l=2) Vendor-Specific Information
End Option
Padding
05-03-2009 09:13 PM
Hi Darren,
could you maybe post a diagram of your network, including your switches, firewall, dhcp-server and the corresponding ip-addresses.
This could help us understanding the packet flow.
Greets,
Sebastian
05-03-2009 09:24 PM
Hi Sebastian
It is a very simple network
Clients connect to Cisco 2960, in switchport VLAN20 (192.168.20.x), interfaces are trunked to Cisco 3560, Cisco 3560e performs the intervlan routing. The DHCP server is on VLAN1 (192.168.2.1).
The servers are connected to a Cisco 3750e which has an etherchannel to the Cisco 3560e. The etherchannel is configured to allow all VLANs across.
I have two 3560Es that perform the routing. They run HSRP. IP addresses 192.168.2.251 and 252. I have defined the 20 VLAN on each of the switches 192.168.20.3 and 192.168.20.2 the actual gateway address for clients is 192.168.20.1 which is the virtual address for the HSRP configuration and is what is used for clients as their default gateway.
The route for this client should be:
192.168.2.x mask 255.255.255.0 192.168.2.252
It would appear that it is a very simple configuration.
I will try to put a drawing together to explain better but as you can see it is not that complex?
05-03-2009 09:49 PM
Hi Darren,
I just want to clarify something, in your original and second post you say that the DHCP client is going to be in Vlan8. In the config for Vlan8 you do not show an ip address statement. Is this just omitted from the post? The IP address need to be attached to the Layer 3 interface.
05-03-2009 10:02 PM
Hi
There are two VLANs that need to get an IP address now, please see below the configuration taken from the L3 switches
interface Vlan8
ip address 192.168.8.2 255.255.255.0
ip helper-address 192.168.2.1
ip helper-address 192.168.2.2
standby 1 ip 192.168.8.1
standby 1 preempt
end
SW002#sh run int vlan 20
Building configuration...
Current configuration : 203 bytes
!
interface Vlan20
description xxxxx
ip address 192.168.20.2 255.255.255.0
ip helper-address 192.168.2.1
ip helper-address 192.168.2.2
standby 1 ip 192.168.20.1
standby 1 preempt
end
05-03-2009 11:31 PM
Problem resolved....
no service dhcp in global parameters...
Doh! my mistake..inherited switch config and assumed! (bad) it was ok!
sorry guys... enabling 'service dhcp' fixed the issue!
Cheers
Darren
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: