There's a mobile version of our website.
I am new to Cisco switch and I am copnfiguring the Cisco Catalyst 3500 series XL switch.
The problem is I have a Windows 2000 DHCP server on the lan connected to the switch, however, all client workstation that connected to that swtich could not get IP address from the DHCP server, but if the client workstation use static IP address, it can ping the DHCP server.
I read the switch config and there is on item states taht no ip directed-broadcast.
I suspected it causes the problem, does anyone know how to enable the broadcast? or there is other reason?
Thank you very much
the ´no ip directed-broadcast´ interface command will prevent the broadcast address from responding to an echo request, and it is the default since IOS version 12.0. Its main purpose is to prevent ICMP broadcast attacks, called SMURF attacks.
In your case, chances are that you need to configure the interface command:
on your ports. Without that command, the ports where your clients are connected to run through all Spanning Tree phases and take about 50 seconds before they become operational, causing the client DHCP requests to time out.
Can you try and configure that command on all your user ports and see if that makes a difference ?
In that case, could you please post your configuration? Maybe we will see something when we know all the facts.
Thanks in advance.
I agree with Georg that it is very unlikely to be an issue about directed broadcast.
And I agree with Kevin that it will be very helpful to see the configuration. In particular I wonder if the server and the clients are perhaps configured in different VLANs. If that is the case the DHCP request which goes out as a broadcast would not get to the server. But if the client is configured with a static IP address then it probably also has a default gateway and could ping the server via inter VLAN routing. If the clients are in a different VLAN from the server then the ip hellper-address configured on the layer 3 interface for their VLAN could forward their DHCP requests to the server.
So please do post the configuration.
here is the configuration:
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
ip dhcp-server 172.17.1.1
ip address 172.17.1.3 255.255.255.0
no ip directed-broadcast
no ip route-cache
ip default-gateway 172.17.1.1
access-list 101 permit udp any host 172.17.1.255
snmp-server engineID local xxxxxxxxxxxxxxxxxxxxx
snmp-server community private xxxxxxx
snmp-server community public xxxxxxxxxxx
line con 0
transport input none
line vty 0 4
line vty 5 15
Hope you can find out where the problem is!
Thank you very much for your help
I have some questions about your topology.
1. Is everything, including the DHCP server and the workstations, on the default VLAN, i.e. VLAN 1?
2. I see you have defined a default-gateway 172.17.1.1 and a DHCP server on the same address. These commands are not useful in this context, but they don't do any harm either. But is the information in them correct, i.e. is the DHCP server really on VLAN 1 and on 172.16.1.1?
3. The workstation you are testing, is it on one of the ports F0/1, F0/2, or F0/3 ?
4. Can you ping the DHCP server 172.16.1.1 from the command line of the switch?
5. Is the DHCP server configured to serve addresses to the subnet 172.16.1.0/24?
If the answer to all these is "yes", then I would investigate whether the DHCP server is broken. Does it serve addresses correctly on any other part of your network?
On the other hand, if the DHCP server is not on this VLAN, then the problem lies in the router at 172.16.1.1, so we would need to see the config of that.
answer to your question:
1) it's all on the VLAN1
2) yes, the DHCP Server and is on VLAN1 and IP address is 172.17.1.1
3) FA0/1 is DHCP Server, FA0/2 and FA0/3 are clients.
4) I can ping the DHCP server from the command line of the switch
you have specified the IP address of a DHCP server (which also happens to be the default gateway for your VLAN 1), try to take out the command:
ip dhcp-server 172.17.1.1
This will cause the broadcasts from your clients to find the DHCP server...
I agree with Kevin that some more information about the DHCP server would be helpful.
I wonder about the configuration of port network on FastEthernet 0/1. What is connected on that port? If you remove the port network command from the interface does the behavior change?
I am not sure why DHCP is not working and I have two requests and a suggestion.
- would you post the output of show interface for FastEthernet 0/1, 0/2, and 0/3?
- I see that an access list is defined but I do not see where it is applied or what it is used for. Can you explain that?
- would you reboot the 3500 and see if the behavior changes?
I would get a cross over cable and connect a PC with the crossover cable directly to the LAN port of your DHCP server and try and get an IP address.
If you can't get an address then you need to check the DHCP server.
From your configuration I can't see any reason why two devices in the same VLAN as the DHCP server can't get an IP address
If this doesn't work and no one else is using this switch erase the start-up config (erase startup-config>, reload the switch (don't save the config if prompted) and start again with a fresh configuration.
I am running out of ideas on this one. I think the only thing left to do is to take a crossed-cable and connect the PC directly to the DHCP server. Does it get an IP address now? That will at least tell you whether the problem is something to do with the switch.
I have experienced similar behavior with the Cat 3548XL switches in the past. The problem (that we had) was with the NIC drivers on the PCs/servers. It may help to upgrade the NIC drivers to the latest version provided by the NIC manufacturer not the microsoft drivers. As long as you are not going thru a router or layer 3 switch, then dhcp traffic should pass. You might check the port statistics for each port with static assigned addresses on the PCs. Also, make sure the switch ports and PCs/Servers are set to either autoneg or static assigned speed/duplex.
Hope this will help.
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion