[c-nsp] DHCP relay question

Ryan Brault rbrault at illinois.net
Fri Oct 28 13:56:23 EDT 2005


Don't know if it applies to your situation (or native 4500s either);
but, on 2600XMs, if "no service dhcp" is globally configured, it breaks
dhcp relay.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gunga Din
Sent: Friday, October 28, 2005 12:27 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] DHCP relay question


We're currently in the process of transitioning from a flat, layer2
switched, "router-on-a-stick" topology to a layer3 routed network.
Running into a problem with DHCP.

The current ROAS is a Cat6500 w/MSFC2 running hybrid mode.  There's a
bunch of vlans defined on the L2 Sup, each with their own routed Vlan
interface on the MSFC.  Currently, every user data network that needs
DHCP has an "ip helper-address" on the Vlan interface pointing to our
DHCP server.

We have a remote site connected via metro Ethernet that is connected
via a L2 trunk on a 4507R (native IOS).  In the past practice, the
remote sites are connected to the 4507 on access ports on various
vlans, but their L3 routing pulls back to the main office on the Vlan
interface on the 6500 MSFC.  What we're trying to do is bring up some
new networks that are routed only via the remote 4507, by defining a
L3 routed Vlan interface on the remote 4507 instead of the 6500.  That
way, the networks that are local to that physical location don't have
to come all the way back up the metro Ethernet connection, then back
down it again to talk to a different network that might be physically
only about 50 feet away.

What we're attempting to do to in order to route between the remote
networks and the local office networks is to create a separate vlan
for "backbone routing".  This vlan exists on both devices, and we're
using OSPF to route the different networks using a /26 (as we plan to
add some more devices for some other sites coming on line).  This
works fine for static IP hosts, but DHCP requests don't seem to reach
our server at the head office.  Here's the specs:

6500 MSFC
------------------------
DHCP network:
interface Vlan (X)
  description DHCP Server Network
  ip address 192.168.1.1 255.255.255.0
  no ip redirects
  no ip unreachables
  ip dhcp relay information trusted (running snooping on some switches
locally)
end

Routed Network:
interface Vlan (Y)
 description Routed Backbone
  ip address 10.100.81.129 255.255.255.192
  no ip proxy-arp
  ip ospf message-digest-key <blah>
  ip ospf dead-interval 35
  ip ospf priority 250

4705
--------
Routed Network:
interface Vlan (Y)
 description Routed Backbone
  ip address 10.100.81.130 255.255.255.192
  no ip unreachables
  no ip proxy-arp
  ip ospf message-digest-key <blah>
  ip ospf dead-interval 35

DHCP Client Network:
interface Vlan (Z)
  description DHCP Clients
  ip address 172.16.1.1 255.255.0.0
  ip helper-address  (Office DHCP Server)
  no ip redirects
  no ip unreachables
  no ip proxy-arp

Sample client network port config:

interface GigabitEthernet (blah)
  switchport access vlan Z
  switchport mode access
  no cdp enable
  spanning-tree portfast

If I plug a client into the GigE port and hard code an IP address on
vlan Z, I can ping and trace to anywhere fine over the routed backbone
(even the DHCP server).  We add the network to the OSPF config,
OSPF does it's thing, and traffic works just fine; the DHCP server has
IP connectivity to the static host on the
DHCP client network.  However, if I try to obtain an IP address
dynamically, the DHCP server never sees the request at all, and the
end client never get's an IP.

The way I understand DHCP, is that the request is broadcast, the
router takes that request and passes it directly to the helper address
as a unicast request with it's own IP as the source (which should be
the DHCP client vlan Z).  The DHCP server should then answer back with
an IP address to the requesting router, who should then forward it to
the client requester.  But tailing the DHCP server logs, I never see
any request for an IP coming in; it's getting dropped somewhere.

Any advice on what I'm doing wrong?

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list