[c-nsp] DHCP relay question

Arie Vayner arievayner at gmail.com
Fri Oct 28 13:43:05 EDT 2005


Can you actually ping the DHCP server from the remote switch?
Arie

On 10/28/05, Gunga Din <nachocheeze at gmail.com> wrote:
> We're currently in the process of transitioning from a flat, layer2
> switched, "router-on-a-stick" topology to a layer3 routed network.
> Running into a problem with DHCP.
>
> The current ROAS is a Cat6500 w/MSFC2 running hybrid mode.  There's a
> bunch of vlans defined on the L2 Sup, each with their own routed Vlan
> interface on the MSFC.  Currently, every user data network that needs
> DHCP has an "ip helper-address" on the Vlan interface pointing to our
> DHCP server.
>
> We have a remote site connected via metro Ethernet that is connected
> via a L2 trunk on a 4507R (native IOS).  In the past practice, the
> remote sites are connected to the 4507 on access ports on various
> vlans, but their L3 routing pulls back to the main office on the Vlan
> interface on the 6500 MSFC.  What we're trying to do is bring up some
> new networks that are routed only via the remote 4507, by defining a
> L3 routed Vlan interface on the remote 4507 instead of the 6500.  That
> way, the networks that are local to that physical location don't have
> to come all the way back up the metro Ethernet connection, then back
> down it again to talk to a different network that might be physically
> only about 50 feet away.
>
> What we're attempting to do to in order to route between the remote
> networks and the local office networks is to create a separate vlan
> for "backbone routing".  This vlan exists on both devices, and we're
> using OSPF to route the different networks using a /26 (as we plan to
> add some more devices for some other sites coming on line).  This
> works fine for static IP hosts, but DHCP requests don't seem to reach
> our server at the head office.  Here's the specs:
>
> 6500 MSFC
> ------------------------
> DHCP network:
> interface Vlan (X)
>  description DHCP Server Network
>  ip address 192.168.1.1 255.255.255.0
>  no ip redirects
>  no ip unreachables
>  ip dhcp relay information trusted (running snooping on some switches locally)
> end
>
> Routed Network:
> interface Vlan (Y)
>  description Routed Backbone
>  ip address 10.100.81.129 255.255.255.192
>  no ip proxy-arp
>  ip ospf message-digest-key <blah>
>  ip ospf dead-interval 35
>  ip ospf priority 250
>
> 4705
> --------
> Routed Network:
> interface Vlan (Y)
>  description Routed Backbone
>  ip address 10.100.81.130 255.255.255.192
>  no ip unreachables
>  no ip proxy-arp
>  ip ospf message-digest-key <blah>
>  ip ospf dead-interval 35
>
> DHCP Client Network:
> interface Vlan (Z)
>  description DHCP Clients
>  ip address 172.16.1.1 255.255.0.0
>  ip helper-address  (Office DHCP Server)
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>
> Sample client network port config:
>
> interface GigabitEthernet (blah)
>  switchport access vlan Z
>  switchport mode access
>  no cdp enable
>  spanning-tree portfast
>
> If I plug a client into the GigE port and hard code an IP address on
> vlan Z, I can ping and trace to anywhere fine over the routed backbone
> (even the DHCP server).  We add the network to the OSPF config,
> OSPF does it's thing, and traffic works just fine; the DHCP server has
> IP connectivity to the static host on the
> DHCP client network.  However, if I try to obtain an IP address
> dynamically, the DHCP server never sees the request at all, and the
> end client never get's an IP.
>
> The way I understand DHCP, is that the request is broadcast, the
> router takes that request and passes it directly to the helper address
> as a unicast request with it's own IP as the source (which should be
> the DHCP client vlan Z).  The DHCP server should then answer back with
> an IP address to the requesting router, who should then forward it to
> the client requester.  But tailing the DHCP server logs, I never see
> any request for an IP coming in; it's getting dropped somewhere.
>
> Any advice on what I'm doing wrong?
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list