There's a reference to the error here that may help: http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00801a6694.html

Hi Richard,

At the top of my attachment you will see the show platform command that causes the error message. I am trying to emulate the first DHCP broadcast to fff.fff.fff with ip source 0.0.0.0 and destination 255.255.255. The error only occurs when I use fff.fff.fff as the destination address. The error is consistent with seeing this address on more than one interface as it is the hardware broadcast! I would have thought that the ip helper address command would convert this to a directed broadcast.

Thanks for replying,

Gerry

The 3750 switch Configuration Guide says on page 36-23 that when this error occurs then the packet should be flooded to all other ports on the same VLAN. Does this make any sense in the context of trying to transform a MAC fff.fff.fff broadcast in to a directed unicast out of the VLAN by way of using ip helper address?

I would think that flooding to all other ports in the VLAN would make sense if the error reflects ambiguity about where the MAC address should really be associated with. And I think it is immaterial to the problem you are experiencing. As long as the port ses the DHCP broadcast and allows the VLAN interface to see it, the IP helper command should take the broadcast and generate an unicast to the destination indicated in the IP helper command.

Have you been able to proove (by Sniffer or debug or anything else) that the DHCP broadcast is received on the port? And have you prooved that nothing is being forwarded toward the helper destination?

I notice that the config now contains the following line:

no ip forward-protocol udp

Since the DHCP datagram uses UDP this would be a problem since the command instructs the IP helper to not forward UDP. I am not sure why you need forward protocol spanning-tree, but I think you need to enable ip forward-protocol usp 67 and ip forward-protocol udp 68.

Hi. You're right. That was put in lately by mistake. I have corrected it, explicitly enabled UDP ports 67 nad 68 (I think they should be enabled by default?) and got rid of the ip forward-protocol spanning-tree.

Still don't have DHCP passing out of VLAN 5. A question:if DHCP server is enabled, and it is by default, is there a conflict between it acting as a DHCP relay and the ip helper-address command which is protocol independent? I have attached the amended config. Thanks for your help. Gerry

Thanks for the updated config. I agree that this should enable forwarding of DHCP requests. And yes these ports are enabled for forwarding by helper-address by default.

As far as I know there is no conflict between the router having capability to be a DHCP server or a DHCP relay agent and the function of forwarding by helper-address. And as best as I can see you are not activating the DHCP functions here.

I do notice that the config includes:

bridge irb

I am not sure why it is here. While I do not really expect it to make much difference I would suggest that you removce it from the config.

I was re-reading your messages and I notice here that you comment that the sniffer is on interface 15 and that the request came in on interface 1. If you really mean that the request came in on interface GigabitEthernet1/0/1, that interface belongs to vlan 1 and there is no need for helper address forwarding.

Can we clarify what you have done with Sniffer, or can we retest with the Sniffer and post the results?

Hi Rick, Got rid of IRB. Must have been a type on my part about the interfaces. The DHCP request comes in on Gig interface 11, which in in Vlan 5, and can be seen by a sniffer on port 15. It can also be sees on port 2 which is monitoring Vlan 5 (see attached config). But there is no DHCP request from anything in VLAN 5 to be seen on VLAN 1 where ther DHCP server lives and is working normally. I have made some modifications to the config to make sure that DHCP snooping trusts everything. Slso, you'll notice that I have ACL logging on VLAN 5 for anything to ot from the DHCP server but nothing is being logged!

Gerry

What version of code are you running on your 3750. I am beginning to wonder if ip helper-address is really supported on your box and knowing what code might help figure that out.

Rick

Hi, The version is:

IOS (tm) C3750 Software (C3750-I5K91-M), Version 12.2(18)SE1, RELEASE SOFTWARE (fc2)

The Catalyst 3750 Switch Software Configuration Guide give examples of how to set up helper address. It also has material on how to set up a DHCP relay, which was why I was wondering how they work togeter as DHCP server is on by default.