Hi Steve. I've read this document. I've turned off snooping and IP Source Guard is disabled by default. But it still doesn't work. All I want is the ip helper-address to forward DHCP requests from one VLAN to another. The documentation seems to imply that all that is needed is "service dhcp", which is on by default, and the correct "ip helper-address" on the VLAN where the clients live and the 3750 should relay the DHCP request. But it just doesent come out og the VLAN.

Hi. If I use a fixed address in VLAN 5 everything works fine. We use address scopes for the different subnets associated with each VLAN. Everything worked fine on a Catlyst 2948G-L3 where the helper-address was on a bridge group BVI interface. The DHCP server hasn't changed. Anyway, a sniff doesn't see and DHCP requests comming out of the VLAN while they are seen as broadcasts with the VLAN.

I suspect the IOS command ip helper-address is either broken on the 3750 or the semantics of the command have changed. Either way someone in Cisco must know something about this. There seem to be similar type problems (unsolved as yet) in some of the Google threads. I would really like to hear from anybody who has set up a 3750 as a DHCP relay through the SMI ports without running a fulle DHCP server.

csrouter1#show version

Cisco Internetwork Operating System Software

IOS (tm) C3750 Software (C3750-I5K91-M), Version 12.2(20)SE, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2004 by cisco Systems, Inc.

Compiled Wed 19-May-04 12:48 by yenanh

Image text-base: 0x00003000, data-base: 0x00C51EBC

ROM: Bootstrap program is C3750 boot loader

BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.1(11r)AX, RELEASE SOFTWARE (fc1)

csrouter1 uptime is 18 hours, 52 minutes

System returned to ROM by power-on

System restarted at 16:44:26 GMT Tue Jul 13 2004

System image file is "flash:c3750-i5k91-mz.122-20.SE/c3750-i5k91-mz.122-20.SE.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco WS-C3750G-24TS (PowerPC405) processor (revision C0) with 118784K/12280K bytes of memory.

Processor board ID CAT0803R1C0

Last reset from power-on

Bridging software.

6 Virtual Ethernet/IEEE 802.3 interface(s)

28 Gigabit Ethernet/IEEE 802.3 interface(s)

The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address : 00:0F:23:B0:70:00

Motherboard assembly number : 73-7058-09

Power supply part number : 341-0045-01

Motherboard serial number : CAT08030HZ7

Power supply serial number : PHI074600L5

Model revision number : C0

Motherboard revision number : A0

Model number : WS-C3750G-24TS-E

System serial number : CAT0803R1C0

Hardware Board Revision Number : 0x09

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 28 WS-C3750G-24TS 12.2(20)SE C3750-I5K91-M

Configuration register is 0xF

Thx.

We definitively fixed, or found out problem. Some missconfiguration on DHCP server. We tested with a new one on the same VLAN an everything works fine including ip address request from different vlans.

In summary conf are OK.-

Here is some output from a dhcp debug:

000329: Jul 14 16:16:21.912 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet1/0/11)

000330: Jul 14 16:16:21.912 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/0/11, MAC da: ffff.ffff.ffff, MAC sa: 0002.2d41.6de7, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0002.2d41.6de7

000331: Jul 14 16:16:21.912 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (5)

Does anybody know what "invalid mat entry" is? or why a broadcast is being flooded back out the ingress Vlan when it should be turned into a unicast to the ip helper-address ?

I have a similar issue where untrusted dhcp-clients cannot make a DHCP request. I get exactly the debug output. The Catalyst 3750 IOS Version is SMI 12.2(20)SE. The trunk ports which lead to the DHCP Servers are set to trusted where as the interfaces attached workstations are untrusted. For the moment I have disable DHCP snooping to get thing working.

Hi Geoffrey, Could you post a copy of you config file so that I can see what settings you have.

Thanks, Gerry

There appears to be a software bug with the 3750s. I have lodged a case with the TAC. We have been able to replicate the problem by simply connecting 2 Cat 3750s via fastethernet and no trunking. On one 3750 set up a dhcp server. On the second set up DHCP Snooping and trust the interconnecting port. If a PC is attached to the second 3750 and tries to obtain an IP address from the dhcp on the first it will fail. Turn off DHCP snooping on that vlan and all works as it should. The TAC are testing this in their lab and so I am awaiting further news.

Hi. This is interesting news. I bet there is more than ONE bug in the 3750s! I have tried turning off snooping but to no avail. Any chance I could look at your working config file and try to emulate it.

Thanks, gerry

Hi. This sounds an interesting approach. Does this mean that the config was somehow wrong or that there were some settings in the switch that were on but not showing up. Is there a way to factory reset a Catalyst 3750?