Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firmware 1.4.0.88 for SG300-52 appears to break DHCP Relay

My VLANs terminate at my switches, so I use DHCP relay with Option82 to hand out addresses for the VLAN subnet. After upgrading from 1.3.7.18 to 1.4.0.88, DHCP isn't being handed out on my VLANs. Anyone else having this problem?

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

I'm just setting up DHCP

I'm just setting up DHCP relay for the first time with my SG 300-28, firmware 1.4.0.88 and noticed that the DHCPDISCOVER promulgated by the relay had the same source and destination port (67), whereas the original DHCPDISCOVER used 67 & 68. Furthermore the 1.3.7.18 firmware doesn't swap these around:

Snippets from Wireshark:

1.4.088 -

Original DHCPDISCOVER from client:

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

Relayed DHCPDISCOVER from SG300:

User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)

 

That looks a little suspicious to me

 

1.3.7.18

Original DHCPDISCOVER from client:

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

Relayed DHCPDISCOVER from SG300:

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

 

I'm not certain that that's your issue (it didn't fix my problem), but thought I'd point it out

 

 

New Member

You can find tcam utilisation

You can find tcam utilisation mix in GUI :

"Administration - Routing resources"

or in CLI

#Conf T

#System router resources ip xxx

 

In new firmware Default value is 128, so a maximum of 128 IPv4 routed. I dont remember to see this parameters in firmware 1.0.0, i belive that in prior firmware the switch use IPv4 TCAM until he had ressource left.

 

You have maximum 466 tcam ressources in SG300, you have to find right balance between max IPv4 routed hosts and route/interface/qos/ACL utilisation. My case i've chose to raise it to 384 (256 today because actualy I can't reboot switch in production environement) and let 82 TCAM ressource for non ip rules.

 

I hope it help.

39 REPLIES
Bronze

Hi, Boot code need to be

Hi,

 

Boot code need to be upgraded for version  1.4.0.88.Kindly disable the DHCP realy and enable it again.

Kindly check in below URL :  Release notes(Check page no:13)

 

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/release_notes/R_1_4_RN.pdf

 

regards

Moorthy

 

New Member

Yes, the boot code was

Yes, the boot code was upgraded at the same time the switch firmware was.

I tried:

1. Disable DHCP relay

2. Save

3. Reboot

4. Enable DHCP relay

5. Save

6. Reboot

 

And it still does not appear to work...

Hi Jonathan,I would recommend

Hi Jonathan,

I would recommend you to double check the configuration file. If the DHCP relay is actually present under correct interfaces and if so then another step would be packet capture on this interface to see if the bootp packets are leaving switch.

Regards,

Aleksandra

New Member

Right now the switch is

Right now the switch is running 1.3.7, but:

ip dhcp relay address 192.168.127.129
ip dhcp relay enable
ip dhcp information option

 

 

I did pcaps while running 1.4, they show the bootp packets leaving the switch but not entering. It's fairly trivial to reproduce this bug with an SG300 because it has dual firmware. Set to 1.3 as the active image, it works, set to 1.4, it doesn't work. You can flip back and forth between them without changing the config to reproduce the problem.

Hi Jonathan,r u running any

Hi Jonathan,

r u running any type of voice vlan? can you email me your config file via private message?

Aleksandra

New Member

No Auto Voice VLAN.  config

No Auto Voice VLAN. 

 

config sent in pm.

You have to do it from your

You have to do it from your profile, it has change :-)

Hi Jonathan,I have done the

Hi Jonathan,

I have done the test with your configuration file as below:

port gi51 - Windows server 2008

port 1- phone SPA504G

show mac address-table indicates that server is in VLAN 1 while phone in VLAN 124.

I kept bootcode 1.3.5.06 and swap images 1.4.0.88 or 1.3.7.18

 

Results:

DHCP realy works as expected with both images. I cannot see any problem unless I choose wrong port for server as only 50 and 51 are ip dhcp snooping trusted in your configuration.

 

 Regards,

Aleksandra

New Member

Nuts. I have 4 switches with

Nuts. I have 4 switches with nearly the exact same configuration and this issue is reproducible on every single one of them.

 

Is your sg300 in L3 mode and is the DHCP server set to hand out the sg300 as the default gateway to anyone requesting something from vlan 124? 

Hi Jonathan,I have your

Hi Jonathan,

I have your configuration added manually via CLI. Plugged in DHCP server to port 51 with IP 192.168.127.129/24 and DHCP pool 192.168.124.0/24 which is your VLAN 124 where all the ports are from 1-48. Packet capture shows DHCP Discovery unicast with scr IP 192.168.124.62 dst 192.168.127.129 and DHCP Offer with Client IP 192.168.124.1 and option 3 (router) 192.168.124.62.

all works with no changes in your configuration. To be precise I did not only copy you password settings.

Is your bootcode the same as mine?

Is your server connected to port gi51 or 52?

Aleksandra

 

New Member

Just checked... bootcode is 1

Just checked... bootcode is 1.3.5.06, uplink is 51

 

Any other ideas? Could I try your config on mine?

 

New Member

Not that I think it'll make a

Not that I think it'll make a difference, but DHCP hands out IP 192.168.124.0/26  with the lowest 192.168.124.1 reserved, and the highest:192.168.124.62 reserved (because that's the sg300's gateway address on VLAN 124)

New Member

wait how do I send you a

wait how do I send you a private message? I clicked on your name and I don't see the option anywhere

New Member

I'm just setting up DHCP

I'm just setting up DHCP relay for the first time with my SG 300-28, firmware 1.4.0.88 and noticed that the DHCPDISCOVER promulgated by the relay had the same source and destination port (67), whereas the original DHCPDISCOVER used 67 & 68. Furthermore the 1.3.7.18 firmware doesn't swap these around:

Snippets from Wireshark:

1.4.088 -

Original DHCPDISCOVER from client:

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

Relayed DHCPDISCOVER from SG300:

User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)

 

That looks a little suspicious to me

 

1.3.7.18

Original DHCPDISCOVER from client:

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

Relayed DHCPDISCOVER from SG300:

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

 

I'm not certain that that's your issue (it didn't fix my problem), but thought I'd point it out

 

 

New Member

Confirmed... I'm seeing the

Confirmed... I'm seeing the exact same behavior! Nice find.

Here are two packet captures from the SG300 to my DHCP server:

1.4: https://www.cloudshark.org/captures/f74bcfad752c

1.3: https://www.cloudshark.org/captures/76360f902726

 

Hi,Yes, it does change but no

Hi,

Yes, it does change but no issue with Windows 2008 server.

What is your DHCP server?

Regards,

Aleksandra

 

 

New Member

Dnsmasq version 2.68 

Dnsmasq version 2.68 

Hi,Have you seen this working

Hi,

Have you seen this working before with any other DHCP relay agents?

Aleksandra

New Member

Yes. dnsmasq is incredibly

Yes. dnsmasq is incredibly prolific, it's used in nearly every open source router. 

No doubt about this. Just

No doubt about this. Just there is a small difference between relay and regular DHCP discovery/request.

 

New Member

If you want to try to

If you want to try to reproduce, Download a distribution that includes dnsmasq as it's DHCP server or just run Ubuntu from a live USB.

If there are other packet captures or anything else I can do on my network to give you information, I'm more than willing to help. I want to keep my firmware current but at this rate we'll be stuck on 1.3 forever.

Hi Jonathan,I guess it would

Hi Jonathan,

I guess it would be good idea to open an official ticket with Small Business Support team so we will document everything in details:

http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Regards,

Aleksandra

New Member

Hello All,It's the same for

Hello All,

It's the same for me here. DHCP was working before upgrade but not after.

Windows clients can obtain IP on the vlan but wyses clients and windws CE clients fail to have IP via DHCP relay.

Hi,Have not seen such an

Hi,

Have not seen such an issue yet but if there is a problem with latest firmware I strongly recommend you to open ticket with Small Business team so they can narrow down and if needed open bug:

http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Regards,

Aleksandra

New Member

I've no open contrat for our

I've no open contrat for our SMB switch so no support...

 

May be I've found a workaround for this issue. After many many try this issue seams to not be a DHCP relay issue but a global routing break that cause DHCP relay very very slow and cause timeout for some DHCP clients (in my case Wyse ThinOS).

 

The solution for me was to increase TCAM routing ressource from 128 to higher value.

 

We upgrade from firmware 1.0 to 1.4 and I belive that TCAM partitioning was quite different.

New Member

That's why I could not

That's why I could not reproduce the issue in test or mock-up pre-update systems.

 

Could you confirm that:

-Is it normal to have, for each host routed via SG300, 1 Neighbors TCAM entry? So Sg300 limit routing to -+400 hosts dependent of ACL / Services and routing interface in configuration.

-Do you have TCAM count of new Sg500?

 

Many thanks in advance.

New Member

I reply to my previous post:

I reply to my previous post: as I can find on internet SG500X device is 3072 TCAM entries and the Sx500 device is 2048.

New Member

Is there a log entry or

Is there a log entry or anything that would indicate it has ran out of TCAM resources?

New Member

We have theses log entry

We have theses log entry :

Error   %ARP-E-ARPTBL: ARP Table Overflow, aggregated (3)       
Error   %ARP-E-ARPTBL: ARP Table Overflow     
Error   %ARP-E-ARPTBL: ARP Table Overflow, aggregated (9)       
Error   %ARP-E-ARPTBL: ARP Table Overflow     
 

1203
Views
25
Helpful
39
Replies