Solved: Not getting IP despite IP-Helper configured on SW

ChrysalisHighwayman · ‎04-18-2023

Might be a simple answer and a noob question, but I'm having trouble with DHCP addresses being handed out despite IP-Helper being configured on the SW. DHCP Pool is configured so that's taken care of and if I manually enter IPv4 address on a connected device it works so it's just that something is preventing automatic IP allocation from pool.

C9200L-24P-4G-E SW connected to MX67C-WW in a new network environment that we're migrating. Meraki P5 trunk to drop untagged traffic with allowed vlan 64.

SW Config snippets I think might be relevant to problem:

ip name-server 146.81.XXX.ABC 146.81.XXX.DEF
ip domain name example.com
ip dhcp bootp ignore
!
ip dhcp snooping vlan 64
no ip dhcp snooping information option
ip dhcp snooping
login on-success logredundancy
mode sso
!
!
transceiver type all
monitoring
!
vlan 64
name EXAMPLE

interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
!
interface GigabitEthernet1/0/1
description Meraki
switchport trunk allowed vlan 64
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet1/0/2 ###All ports with identical configuration except port 1/0/1###
description Office
switchport access vlan 64
switchport mode access
switchport nonegotiate
spanning-tree portfast
!interface Vlan1
no ip address
shutdown
!
interface Vlan64
description EXAMPLE
ip address 10.12.XXX.XXX 255.255.255.0
ip helper-address 10.12.ABC.XXX
ip helper-address 10.12.DEF.XXX
!
ip default-gateway 10.12.XXX.1
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface Vlan64
ip ssh time-out 60
ip ssh version 2
ip ssh server algorithm mac hmac-sha2-256 hmac-sha2-512
ip ssh server algorithm encryption aes256-ctr
!
!
ip radius source-interface Vlan64
logging source-interface Vlan64
ip access-list standard 63

So when I connect to the SW in it's current configuration via copper, I get default APIPA address and no network which seems like the node is not getting served an address even tho IP helper is configured and ping/SSH is working fine.

Is there anything obvious to add to the config for example that would resolve this issue? Tried searching for answers but with no luck.

Sorry in advance for if there's something crucial information missing. I'll provide more if needed.

ChrysalisHighwayman · ‎04-18-2023

Hi!

As I thought, not much was missing. I could ping the IP helper address from this SW even before I added the lines to port 1/0/1 config.

By adding line "ip dhcp snooping trust" to port 1/0/1 DHCP started working.

View solution in original post

MHM Cisco World · ‎04-18-2023

from cisco doc.

• DHCP snooping and DHCP relay feature are not supported on the same VLAN.

Configuring DHCP Snooping (cisco.com)

Flavio Miranda · ‎04-18-2023

Hi

"no ip dhcp snooping" and "no ip dhcp snooping vlan 64" can fix your problem but you need to make sure connectivy is fine.

Can you ping this:

ping 10.12.ABC.XXX source Vlan64

ChrysalisHighwayman · ‎04-18-2023

Hi!

As I thought, not much was missing. I could ping the IP helper address from this SW even before I added the lines to port 1/0/1 config.

By adding line "ip dhcp snooping trust" to port 1/0/1 DHCP started working.

MHM Cisco World · ‎04-18-2023

Thanks for update us.

MHM

MHM Cisco World · ‎04-18-2023

But are trunk is link for dhcp server'

Only link to dhcp server must trust.

Can you share topolgy if you can please.

Thanks

MHM