Unable to renew ip from secondary helper after snooping

Vinayaka Raman · ‎01-14-2012

Issue Description:

Refer the router on stick topology...VLANs 1, 120 and 123 are configured on MPLS and DSL router.

We have enabled dhcp snooping on the switches CS1 to CS8 using following command

ip dhcp snooping

ip dhcp snooping vlan 1

ip dhcp snooping vlan 120

ip dhcp snooping vlan 123

under uplink interface

ip dhcp snooping trust.

All the uplinks including dhcp server connected interface are set to dhcp snooping trust.

End devices cannot renew the IP address from the secondary DHCP server when primary is offline. Yesterday, for testing we removed the trust command from the primary DHCP server connected interface and then clients are expected to renew IP from the secondary DHCP server. but this wasn't working

The secondary helper is in the remote site. ip is 100.6.4.5

The primary helper is local. 100.179.10.4

We have not enabled any snooping feature on the routers.

the uplinks of the switch connected to the routers is set to trust

On MPLS router:

interface GigabitEthernet0/0.1

description Connection to Bombay Business VLAN

encapsulation dot1Q 1 native

ip address 100.179.10.252 255.255.255.0

ip access-group All_Purpose_Security in

ip helper-address 100.179.10.4

ip helper-address 100.6.4.5

standby 1 ip 100.179.10.254

standby 1 timers 1 3

standby 1 priority 200

standby 1 preempt

standby 1 name hsrp_netw_mgmt_vlan_gw

standby 1 track GigabitEthernet0/1 105

--------------------------------------------------------------------------------------

interface GigabitEthernet0/0.120

description WAP VLAN 120

encapsulation dot1Q 120

ip address 100.179.202.252 255.255.255.0

ip access-group All_Purpose_Security in

ip helper-address 100.179.10.4

ip helper-address 100.6.4.5

standby 120 ip 100.179.202.254

standby 120 timers 1 3

standby 120 priority 200

standby 120 preempt

standby 120 track GigabitEthernet0/1 105

end

______________________________________________________

interface GigabitEthernet0/0.123

description WAP VLAN 123

encapsulation dot1Q 123

ip address 100.179.203.252 255.255.255.0

ip access-group All_Purpose_Security in

ip helper-address 100.6.4.5

ip helper-address 100.179.10.4

ip flow ingress

standby 123 ip 100.179.203.254

standby 123 timers 1 3

standby 123 priority 200

standby 123 preempt

standby 123 track GigabitEthernet0/1 105

end

Regards Vinayak

lgijssel · ‎01-15-2012

Perhaps the issue is related to the fact that you mention renewal of the lease instead of requesting a new one.

Essentially a client "remembers" the address of the dhcp server where it got its lease from.

Renewal can only occur on that server.

What your setup should actually accomplish is to have all new leases provided from the backup server.

All leases which are at half-lease time or at the end of it will not be able to contact the server and keep their lease for quite some time before sending a new discover broadcast packet. Only when they do this, they are able to contact the second server. Please check the link for a nice presentation on the dhcp process:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6600/ps6641/prod_presentation0900aecd803116a7.pdf

Perhaps you meant to say the problem was that no leases are provided by the second server but regarding renewal, it works as explained. Having a second server is of little value for that. This is a "gotcha" which is overlooked by many.

Keep us posted!

regards,

Leo

Vinayaka Raman · ‎01-15-2012

thanks for ur inputs...i am planning to do one more testing tomorrow

remove the trust from dhcp server connected interface

restart the test laptop to check if it can take ip address from the secondary helper.

Regards Vinayak