[nsp] Strange problem ip helper on hybride Cat6500

Jeroen Vos Jeroen.Vos at omroep.nl
Thu Apr 15 06:42:39 EDT 2004


That's my fault, i have changed the ip addresses to private for this
posting.

The correct values are:

interface Vlan10
description *** Hosting netwerk ***
ip address 10.10.10.253 255.255.255.0 alt ip address 10.10.10.254
255.255.255.0
ip access-group net10-in in
ip access-group net10-uit out
ip helper-address 10.10.254.37


Greetings.
-- 
Jeroen Vos


-----Oorspronkelijk bericht-----
Van: Sam Munzani [mailto:smunzani at comcast.net]
Verzonden: Wednesday, April 14, 2004 10:41 PM
Aan: Sam Munzani; Jeroen Vos; cisco-nsp at puck.nether.net
Onderwerp: Re: [nsp] Strange problem ip helper on hybride Cat6500


Correction to my previous post.

Interface VLAN 10 and Helper-address are on same subnet. Means direct
ARP
path between client and Server. Why would router come in picture in that
case?

Sam


> If you pay more attention to the config, Interface VLAN 10 and
> Helper-address are on same interface. That means, clients hit DHCP
server
> directly(Broadcast gets answered by DHCP server directly since both on
same
> subnet) and not need to go through Helper-address command.
>
> Am I missing anything here?
>
> Sam Munzani
>
>
> > Hello,
> >
> > We have a strange problem with the command ip helper-address.
> >
> > Situation:
> >
> > DHCP client --> Cat6500  --> Cat6500 --> DHCP server
> > Hybride mode, IOS 12.1(20)E2 CatOS 7.6.5 ( redundant supervisor2
MSFC2)
> >
> > This is a standard configuration for all interfaces, except the ip
> > addressen.
> > interface Vlan10
> >  description *** Hosting netwerk ***
> >  ip address 10.10.10.253 255.255.255.0 alt ip address 10.10.10.254
> > 255.255.255.0
> >  ip access-group net10-in in
> >  ip access-group net10-uit out
> >  ip helper-address 10.10.10.37
> >  no ip redirects
> >  no ip unreachables
> >  load-interval 30
> >  no cdp enable
> >  standby 10 ip 10.10.10.1 alt standby 10 ip 10.10.10.1
> >  standby 10 priority 120 alt standby 10 priority 110
> >
> > ip access-group net10-in in
> >  permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
log
> >
> >
> > We have configured about 20 Vlan's with the same ip helper-address
on
> > the same CAT6500 and all these vlan's behave normal, except vlan10.
The
> > question is why ?
> >
> > With situation we have tested:
> >
> > - A DHCP request is send to the server. The DHCP server accepts the
> > request, and send a reply. The reply does not reach the client.
After
> > removing the ACLs', nothing happend.
> > - Placed the DHCP-server in the same subnet, it works.
> > - Placed the DHCP-server in a different subnet, on the same Cat6500,
it
> > works.
> > - Placed the DHCP-server in a different subnet, on a different
Cat6500,
> > it failed. No ACL's between the Cat6500's.
> >
> > A little problem is also, that we don't know a way to log the return
> > traffic, because;
> > - Logging in ACL's (IOS) don't work. Maybe because the ip
> > helper-address-table? is first used and then the ACL becomes active.
> > - Traffic between the MSFC(layer3) and supervisor(Layer2) is not
visible
> > with a sniffer, or something like that. There has to be a
translation
> > between the layers.
> >
> > Maybe, someone can point me to a new direction for these problems.
> >
> >
> > Greetings.
> > -- 
> > Jeroen Vos
> >
> >
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list