[c-nsp] asr9k dhcp relay + ipv4 verify unicast
Florian Lohoff
f at zz.de
Mon May 23 10:36:16 EDT 2016
Hi,
today i had to debug an ASR9001 setup with DHCP Relay and an
ipv4 verify unicast source reachable-via rx allow-self-ping on
an BVI interface. The clients failed to get leases - I saw
DISCOVERS on the server side and the server sent out
OFFERS. I could not determine whether the OFFER fails
to reach the client or the REQUEST would not reach the server.
[ ... ]
dhcp ipv4
profile relayprofile relay
helper-address vrf default 10.7.8.9
giaddr policy replace
!
interface BVI108 relay profile relayprofile
interface BVI60004 relay profile relayprofile
[ ... ]
interface BVI60004
ipv4 address 10.4.5.1 255.255.255.0
ipv4 verify unicast source reachable-via rx allow-self-ping
Removing the ipv4 verify unicast ... solved the issue which
left me a little puzzled. My google foo turned up nothing
concerning incompatibilities ...
From my understanding the verify unicast is a pure input packet
validation. The whole DHCP handshake would not create packets
stemming from an invalid IP address on the L2 Bridge e.g.
the BVI interface so i have no clue where and why the packet
would be dropped.
Flo
--
Florian Lohoff f at zz.de
UTF-8 Test: The 🐈 ran after a 🐁, but the 🐁 ran away
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160523/833e78b4/attachment.sig>
More information about the cisco-nsp
mailing list