[nsp] Strange problem ip helper on hybride Cat6500

Sam Munzani smunzani at comcast.net
Wed Apr 14 16:36:44 EDT 2004


If you pay more attention to the config, Interface VLAN 10 and
Helper-address are on same interface. That means, clients hit DHCP server
directly(Broadcast gets answered by DHCP server directly since both on same
subnet) and not need to go through Helper-address command.

Am I missing anything here?

Sam Munzani


> Hello,
>
> We have a strange problem with the command ip helper-address.
>
> Situation:
>
> DHCP client --> Cat6500  --> Cat6500 --> DHCP server
> Hybride mode, IOS 12.1(20)E2 CatOS 7.6.5 ( redundant supervisor2 MSFC2)
>
> This is a standard configuration for all interfaces, except the ip
> addressen.
> interface Vlan10
>  description *** Hosting netwerk ***
>  ip address 10.10.10.253 255.255.255.0 alt ip address 10.10.10.254
> 255.255.255.0
>  ip access-group net10-in in
>  ip access-group net10-uit out
>  ip helper-address 10.10.10.37
>  no ip redirects
>  no ip unreachables
>  load-interval 30
>  no cdp enable
>  standby 10 ip 10.10.10.1 alt standby 10 ip 10.10.10.1
>  standby 10 priority 120 alt standby 10 priority 110
>
> ip access-group net10-in in
>  permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps log
>
>
> We have configured about 20 Vlan's with the same ip helper-address on
> the same CAT6500 and all these vlan's behave normal, except vlan10. The
> question is why ?
>
> With situation we have tested:
>
> - A DHCP request is send to the server. The DHCP server accepts the
> request, and send a reply. The reply does not reach the client. After
> removing the ACLs', nothing happend.
> - Placed the DHCP-server in the same subnet, it works.
> - Placed the DHCP-server in a different subnet, on the same Cat6500, it
> works.
> - Placed the DHCP-server in a different subnet, on a different Cat6500,
> it failed. No ACL's between the Cat6500's.
>
> A little problem is also, that we don't know a way to log the return
> traffic, because;
> - Logging in ACL's (IOS) don't work. Maybe because the ip
> helper-address-table? is first used and then the ACL becomes active.
> - Traffic between the MSFC(layer3) and supervisor(Layer2) is not visible
> with a sniffer, or something like that. There has to be a translation
> between the layers.
>
> Maybe, someone can point me to a new direction for these problems.
>
>
> Greetings.
> -- 
> Jeroen Vos
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list