Re: dhcp timeouts with multiple vlans & dhcp servers on CAT6509

dgray · ‎08-17-2004

We have a Cat6509 CatOS 8.1.3, Sup720 MSFC IOS 12.2(14)SX2, and we are having trouble using a linux dhcp server for registration and changing of vlans (Netreg, southwestern flavor). We use MS DHCP on Win2003 servers on 10.140 network for all valns except 10.200, and they work fine. We want to add this 2nd dhcp server (box is only device in 10.210 vlan, 10.210.8.38), and use it to assign a 'quarantine' dhcp address in 10.110.8. range, and once user passes nessus scans and user/pwd verification, that linux dhcp server would issue them a 10.200. address.

We just cannot get a machine plugged into a 10.200 vlan to get any 10.110 or 10.200 address. Keep getting dhcp server not found or unreachable. We can see dhcp discover & dhcp offer on netreg linux box, but it never gets past that.

My configs for cat6509 & msfc are attached. Can anyone help?

dgray · ‎08-18-2004

We GOT it!

Remove the "ip broadcast-address 10.200.255.255" statement on your vlan200 and

"ip broadcast-address 10.210.255.255" on vlan 210...in fact you can probably

remove it from all your networks.

This is what I think is going on....

The client sends out a DHCP broadcast (layer 2 at this point) your router won't

broadcast it. The ip helper address feature on the cisco gets around this BUT

if you explictly define a broadcast-address it will use that when rewriting the

packet header (10.200.255.255)...I think the windows box is expecting the

packet to have the original 255.255.255.255 broadcast address.

Seems to have solved our problem.