Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

"ip verify unicast reverse-path" and DHCP

Has anyone else run into problems when trying to implement "ip verify unicast reverse-path" and using "ip helper-address" for reaching a centralized DHCP server?

When "ip verify" is enabled on the interface workstations can no longer get DHCP addresses. When debugging DHCP on the router it shows a DHCP request but never a reply. Also I see the following error because I am logging the deny's for "ip verify"

%SEC-6-IPACCESSLOGP: list 199 denied udp 169.254.223.34 (unresolved) (0) -> 255.255.255.255(0), 3 packets

The workstations are Windows NT and 2K.

It looks like windows uses the 169.254.xx.xx address to send the DHCP packets instead of 0.0.0.0.

Thanks

4 REPLIES
New Member

Re: "ip verify unicast reverse-path" and DHCP

the 169.254.x.x address is the address which MS workstations will assign to themselves if they cannot get an IP address. What is the scope of your IP addresses on your DHCP server?

New Member

Re: "ip verify unicast reverse-path" and DHCP

I do not believe it is a scope problem. The "ip helper-address" feature works without "ip verify unicast....." turned on. It breaks after that feature is activated. I tried permitting UDP port 68 and 67 for "ip verify...." but it did not seem to help.

Bronze

Re: "ip verify unicast reverse-path" and DHCP

I've never used RFP, but I'd guess you need a route to 169.254.x.x before RPF will allow these packets through.

Gold

Re: "ip verify unicast reverse-path" and DHCP

There are some versions of IOS, especially in 12.0 mainline, where there are bugs that cause this not to work. CSCdk80591 is one, I think there may be others, because I know for a fact I had at least one 12.0 rev above 12.0(3.5) affected. Try upgrading to the latest IOS in your train - there are GD releases available in both 12.0 and 12.1 mainline.

233
Views
0
Helpful
4
Replies
CreatePlease to create content