Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
2
Replies

DHCP with ip-helper-address multiple Offers

dcarmona
Level 1
Level 1

‎05-15-2025 04:19 AM

We have a ring of switches in the network, and from each ring node (DIST) downstream, there are one or more access switches (ACC). 

Each sw_DIST has the following configuration:

interface vlan300
ip vrf forwarding NET2
ip address 172.16.X.1 255.255.255.0
ip helper-address 172.16.S.10

with a fixed IP and IP helper-address to the single DHCP server located at site S. Each sw_DIST node has a different IP range X with IPs 172.16.X.0/24 in vlan300.


Each sw_ACC has access ports configured on vlan300 with the intention of receiving IPs via DHCP from the single DHCP server.

So simple configuration…!!

If the client at site X is configured with a fixed IP from the 172.16.X.0/24 range, it works correctly.
If DHCP is configured, the client at site X receives an IP from the 172.16.S.0/24 range, where S is the site where the only DHCP server is located.

Analyzing frames, we observe that a Discover appears (correct) and so many Offers are received, both the one that should be sent from the DHCP server located at site S and many others coming from the relays, which are the sw_DIST nodes (172.16.yy.1). Finally, the client usually always chooses the IP 172.16.X.0/24, the one for its own site, which is provided by its own relay 172.16.X.1, ignoring the IP it received from the DHCP server 172.16.S.0/24.

DHCP is in place on other VLANs, but this doesn't occur, and we don't see any different configurations from one VLAN to another. 


We're not sure if so many offers should be received or if only one should be received. There are different networks between clients and servers, and IP helper-address is used for this. It's a normal and very simple architecture...

Sure something not configured, but we don’t find it… May you please send your opinion?

Best regards

Labels:
0 Helpful
2 Replies 2

Azizi123
Level 1
Level 1

‎05-26-2025 10:59 PM

The issue is caused by the sw_DIST switches either misbehaving as DHCP servers themselves or incorrectly relaying DHCP replies, resulting in multiple DHCP Offers being sent to clients. To resolve this, ensure that no sw_DIST switch has any ip dhcp pool configured, so they do not act as DHCP servers, and confirm that each sw_DIST only has a single ip helper-address pointing to the central DHCP server (172.16.S.10). Additionally, verify that the DHCP server is properly configured to reply using the correct giaddr (gateway IP) and that the DHCP Offers are only sent back to the initiating relay, not broadcasted across the ring. Use packet capture to confirm that only the central DHCP server is sending Offers, and apply filtering or routing adjustments if necessary to prevent cross-site Offer leakage.

0 Helpful

pieterh
VIP
VIP

‎05-30-2025 05:46 AM

do all switches share the same vlan300 ? (i.e. you are using a supernet 172.16.x.x/16 ?)
that will not work
in a single vlan300 alls witches receive the DHCP broadcast from the client and forward it to the DHCP server

you need to isolate the vlan300/subnet per switch

0 Helpful
Customers Also Viewed These Support Documents