Solved: How to stop a Bootp/DHCP request

marcobinda · ‎09-20-2005

Hi everybody,

I have a router on a LAN acting as a gateway and DHCP server.

One host (it's a Nortel PABX) on the LAN need not to receive dhcp reply to function properly, and couldn't disable it to send dhcp request .

I tried to filter traffic originated by the router using

ip local policy route-map

the problem is: the router stop the first 2

replies sent with the dest ip set to the

ip it offers to the client, but to the 3rd

request it replies with a broadcast ip dest

addr and I can't stop this packet, so the host

receive it and problems arise...

192.168.0.0/24 is the Clients subnet

192.168.1.0/24 is the Phone subnet

Is there a way to ignore bootp request from the

192.168.1.0 ?

Thanks in advance,

Marco.

Here is the config I used:

ip dhcp excluded-address 192.168.0.241 192.168.0.254

ip dhcp ping packets 3

!

ip dhcp pool dhcpcotone

network 192.168.0.0 255.255.255.0

default-router 192.168.0.254

dns-server ****

lease 0 0 30

!

ip dhcp pool ITG

host 192.168.1.10 255.255.255.0

hardware-address 0050.0449.887d

default-router 192.168.1.254

!

interface FastEthernet0/0

ip address 192.168.1.254 255.255.255.0 secondary

ip address 192.168.0.254 255.255.255.0

no ip redirects

no ip proxy-arp

ip nat inside

no ip route-cache

no ip mroute-cache

ip local policy route-map dhcpfonia

!

access-list 160 permit ip any 192.168.0.0 0.0.0.255

access-list 161 permit udp any any eq bootpc

no cdp run

route-map dhcpfonia permit 10

match ip address 160

!

route-map dhcpfonia permit 20

match ip address 161

set interface Null0

!

route-map nodhcpfonia permit 10

!

Richard Burts · ‎09-20-2005

Marco

There are a few things about your question that I do not understand well. But I will give you some answer and if it does address your problem then perhaps you can clarify the situation a bit.

On the face of it your question is:

Is there a way to ignore bootp request from the 192.168.1.0 ?

But it is not so simple because when the DHCP request arrives the source address is 0.0.0.0. I believe that the router will assign addresses from the pool with lower addresses until it is completely used before it starts to use addresses in the other pool.

I understand the design intent to separate traffic by using two subnets. But implementing it as primary address and secondary address on the same interface defeats the attempt to keep the traffic separate.

If these devices are connected on a switch perhaps it would be possible to configure two VLANs, one for client traffic and one for phone traffic. You could trunk the VLANs to the router. You could then configure the client VLAN on the router with DHCP and configure the phone VLAN without DHCP.

It might also be possible to configure a manual binding in DHCP on the router to assign a specific address if the MAC in the request was the MAC of the Nortel.

The really best answer is to find a way to stop the Nortel from sending the DHCP request. I am pretty puzzled why the Nortel sends the DHCP request and then it is a problem when the Nortel learns an answer. Perhaps you can clarify.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎09-20-2005

Marco

There are a few things about your question that I do not understand well. But I will give you some answer and if it does address your problem then perhaps you can clarify the situation a bit.

On the face of it your question is:

Is there a way to ignore bootp request from the 192.168.1.0 ?

But it is not so simple because when the DHCP request arrives the source address is 0.0.0.0. I believe that the router will assign addresses from the pool with lower addresses until it is completely used before it starts to use addresses in the other pool.

I understand the design intent to separate traffic by using two subnets. But implementing it as primary address and secondary address on the same interface defeats the attempt to keep the traffic separate.

If these devices are connected on a switch perhaps it would be possible to configure two VLANs, one for client traffic and one for phone traffic. You could trunk the VLANs to the router. You could then configure the client VLAN on the router with DHCP and configure the phone VLAN without DHCP.

It might also be possible to configure a manual binding in DHCP on the router to assign a specific address if the MAC in the request was the MAC of the Nortel.

The really best answer is to find a way to stop the Nortel from sending the DHCP request. I am pretty puzzled why the Nortel sends the DHCP request and then it is a problem when the Nortel learns an answer. Perhaps you can clarify.

HTH

Rick

HTH

Rick

marcobinda · ‎09-22-2005

Hi Rick,

I solved the problem using two different VLAN, as you

suggested. Technical people of Nortel said they couldn't stop the PABX to stop sending DHCP request, and I couldn't stop the router/server dhcp from replying. Dividing the broadcast domains was the fastest way to let the router ignore those request.

Thanks,

Marco.

Richard Burts · ‎09-22-2005

Marco

I am glad that my suggestion helped solve your problem.

I am still curious why the Nortel is requesting an address from DHCP but when it receives an address from DHCP it creates a problem. But if your problem is solved maybe that is no need to dig deeper.

HTH

Rick

HTH

Rick

marcobinda · ‎09-22-2005

Rick

The problem is that when the Nortel starts up tries

to look for a configuration on the net even if it

has already a configuration saved.

I don' know why, people who configure it couldn't

tell me why and wasn't able to change this behaviour.

The problem with the DHCP replying is that if Nortel

get a reply it ignore the configuration saved and

take as good the one got from the DHCP server.

So the problem was to make the router ignore the request only from the Nortel. The best solution was

the one you suggested, putting the Nortel in a different broadcast domain (Vlan).

Best regards,

Marco.