cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
15
Helpful
9
Replies
Highlighted

˜DHCP and Inter-VLAN-Routing

ola, 

Coming back to you again with something new I set my network, 1x router also he is a dhcp server 1x switch and a laptop.

The problem is with the dhcp I can't get ip with dhcp and go to the internet

 

down i will paste the router and switch config and also the debug

 

debug part:

 

R1-ALFA#debug dhcp
*Nov 6 01:03:02.090: DHCPD: checking for expired leases.
*Nov 6 01:03:14.607: DHCPD: inconsistent relay information.
*Nov 6 01:03:14.607: DHCPD: relay information option exists, but giaddr is zero.
*Nov 6 01:03:16.883: DHCPD: inconsistent relay information.
*Nov 6 01:03:16.883: DHCPD: relay information option exists, but giaddr is zero.

 

R1-ALFA#no debug ip dhcp server events
R1-ALFA#no debug ip dhcp server linkage
R1-ALFA#no debug ip dhcp server packet

*Nov 6 01:15:45.422: DHCP: DHCP client process started: 10
*Nov 6 01:15:45.426: RAC: Starting DHCP discover on FastEthernet0/1.55
*Nov 6 01:15:45.426: DHCP: Try 1 to acquire address for FastEthernet0/1.55
*Nov 6 01:15:50.430: DHCP: Shutting down from get_netinfo()
*Nov 6 01:15:50.430: DHCP: Attempting to shutdown DHCP Client
*Nov 6 01:15:50.466: DHCP: allocate request
*Nov 6 01:15:50.466: DHCP: new entry. add to queue, interface FastEthernet0/1.55
*Nov 6 01:15:50.466: DHCP: SDiscover attempt # 1 for entry:
*Nov 6 01:15:50.466: DHCP: SDiscover: sending 299 byte length DHCP packet
*Nov 6 01:15:50.466: DHCP: SDiscover 299 bytes
*Nov 6 01:15:50.470: B'cast on FastEthernet0/1.55 interface from 0.0.0.0
*Nov 6 01:15:54.437: DHCP: SDiscover attempt # 2 for entry:
*Nov 6 01:15:54.437: DHCP: SDiscover: sending 299 byte length DHCP packet
*Nov 6 01:15:54.437: DHCP: SDiscover 299 bytes
*Nov 6 01:15:54.437: B'cast on FastEthernet0/1.55 interface from 0.0.0.0

 

 

Router config

Building configuration...

Current configuration : 4052 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1-ALFA
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 10
enable secret 5 *******************
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
aaa session-id common
no network-clock-participate slot 1
no network-clock-participate wic 0
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.30.161
ip dhcp excluded-address 172.16.30.175
ip dhcp excluded-address 172.16.30.162
!
ip dhcp pool theinside
network 172.16.30.160 255.255.255.240
default-router 172.16.30.161
dns-server 172.16.30.161
!
!
no ip bootp server
login block-for 180 attempts 3 within 180
!
multilink bundle-name authenticated
!
!
!
!
!
username ************** password 7 ************
archive
log config
hidekeys
!
!
!
!
ip ssh port ****** rotary ********
!
!
!
interface FastEthernet0/0
description The interface that talk with ISP
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 12
no cdp enable
no mop enabled
!
interface FastEthernet0/1
description The interface that let you to play inside
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1.19
description The vlan from devices like printes (static)
encapsulation dot1Q 19
ip address 172.31.245.145 255.255.255.240
no cdp enable
!
interface FastEthernet0/1.29
description The vlan for something I don't know
encapsulation dot1Q 29
ip address 172.16.0.1 255.255.255.240
no cdp enable
!
interface FastEthernet0/1.55
description The vlan for play on net
encapsulation dot1Q 55
ip address 172.16.30.161 255.255.255.240
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Dialer12
ip address negotiated
ip access-group Firewall-ACL out
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 12
dialer idle-timeout 0
dialer persistent
dialer-group 12
no cdp enable
ppp authentication pap callin
ppp pap sent-username ********** password 7 **********
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
!
!
no ip http server
ip http secure-server
ip dns server
ip nat inside source list NAT-ACL interface Dialer12 overload
!
ip access-list standard NAT-ACL
permit 172.16.30.160 0.0.0.15
!
ip access-list extended Firewall-ACL
deny tcp any any eq echo
deny tcp any any eq discard
deny tcp any any eq daytime
deny tcp any any eq chargen
deny tcp any any eq telnet
deny tcp any any eq finger
deny tcp any any eq 3389
deny tcp any any eq 161
deny tcp any any eq 37
deny tcp any any eq 69
deny tcp any any eq ftp-data
deny tcp any any eq ftp
deny tcp any any eq www
deny ip 224.0.0.0 31.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.0.255.255 any
permit ip any any
ip access-list extended fohSSH
deny tcp any any eq 22
permit tcp any any eq *****
!
no cdp run
!
!
!
!
control-plane
!
!
banner motd ^CIf you're not the Admin get out!!^C
!
line con 0
exec-timeout 180 0
login authentication local_auth
line aux 0
login authentication local_auth
line vty 0 4
access-class fohSSH in
rotary *****
transport input ssh
line vty 5 9
access-class fohSSH in
rotary 12
transport input ssh
line vty 10
access-class fohSSH in
login authentication local_auth
rotary 12
transport input ssh
line vty 11 15
access-class fohSSH in
rotary 12
transport input ssh
!
!
end

 

 

 

Switch config

 

Building configuration...

Current configuration : 7825 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname S1-BETA
!
enable secret 5 *******
!
username ******* password 7 *********
ip subnet-zero
!
ip dhcp snooping vlan 55
ip dhcp snooping
no ip domain-lookup
ip domain-name **********
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/2
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/3
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/4
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/5
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/6
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/7
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/8
description The ports of a static dievices
switchport access vlan 29
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security aging static
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 4
!
interface FastEthernet0/9
switchport access vlan 55
switchport mode access
switchport nonegotiate
switchport port-security maximum 6
switchport port-security mac-address sticky
speed 100
duplex full
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/10
switchport access vlan 55
switchport mode access
switchport nonegotiate
switchport port-security maximum 6
switchport port-security mac-address sticky
speed 100
duplex full
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/11
switchport access vlan 55
switchport mode access
switchport nonegotiate
switchport port-security maximum 6
switchport port-security mac-address sticky
speed 100
duplex full
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/12
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/13
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/14
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/15
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/16
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/17
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/18
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/19
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/20
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/21
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/22
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/23
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface FastEthernet0/24
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 6
!
interface GigabitEthernet0/1
description the trunk port for all
switchport trunk native vlan 88
switchport trunk allowed vlan 19,29,55,88
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!
interface GigabitEthernet0/2

shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan55
description The vlan of the my Man
ip address 172.16.30.162 255.255.255.240
no ip route-cache
!
ip default-gateway 172.16.30.161
ip http server
banner motd ^C If you are not the ADMIN get the got!!!!^C
!
line con 0
exec-timeout 180 0
login local
line vty 0 4
exec-timeout 180 0
login local
transport input ssh
line vty 5 15
exec-timeout 180 0
login local
transport input ssh
!
!
end

 

9 REPLIES 9
Highlighted
VIP Expert

High level why you have native VLAN 88 ? i do not see that appeared in the router.

 

If you like DHCP offer for the device connected to switch with access port 55, then try changing as below and test - also suggest to remove  (switchport port-security mac-address sticky) - you can add security features once it working.

 

 

interface GigabitEthernet0/1
description the trunk port for all
switchport trunk native vlan 55
switchport trunk allowed vlan 19,29,55,88
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!



BB


*** Rate All Helpful Responses ***

Highlighted
VIP Mentor

Hello
You have no sub-interface for the native vlan, and would suggest for testing remove the port-security on the switchports.
Append the following and test again

rtr
conf t
Interface FastEthernet0/1.88
encapsulation dot1q 88 native

no shut

 

sw
conf t
vlan 88

exit

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Beginner

Hi,

I've put your config into my lab and to fix your issue please add:

ip helper-address 172.16.30.161

on your switch interface Vlan55 after that everything will be working as it should:

 

interface Vlan55
 description The vlan of the my Man
 ip address 172.16.30.162 255.255.255.240
 ip helper-address 172.16.30.161 
 no ip route-cache
end

 

localhost:~$ sudo ifdown eth0
localhost:~$ sudo ifup eth0
udhcpc: started, v1.31.1
udhcpc: sending discover
udhcpc: sending select for 172.16.30.164
udhcpc: lease of 172.16.30.164 obtained, lease time 86400
localhost:~$ 
Nov  7 20:05:52.243: DHCPD: DHCPREQUEST received from client 0152.5400.0c99.ad.
*Nov  7 20:05:52.244: DHCPD: Option 125 not present in the msg.
*Nov  7 20:05:52.244: DHCPD: Sending notification of ASSIGNMENT:
*Nov  7 20:05:52.244:  DHCPD: address 172.16.30.164 mask 255.255.255.240
*Nov  7 20:05:52.244:   DHCPD: htype 1 chaddr 5254.000c.99ad
*Nov  7 20:05:52.245:   DHCPD: lease time remaining (secs) = 86400
*Nov  7 20:05:52.245: DHCPD: No default domain to append - abort update
*Nov  7 20:05:52.245: DHCPD: Sending DHCPACK to client 0152.5400.0c99.ad (172.16.30.164).DHCPD: Setting only requested parameters
Highlighted

Hello

@kubn2 you shouldn't require any dhcp relay on the switch as the dhcp server service resides on the route itself that has connected interface into the vlan its servicing



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Hello

@paul driver I'm aware of that, however user getting error "giaddr is zero" and adding a helper solves this problem. Other solution could be ip dhcp relay inform trust-all (global) OR ip dhcp relay inform trusted (interface).

Highlighted

Hello
The trunk interface interconnecting the rtr and switch has a native vlan mismatch, the switch is untagging vlan 88 however the rtr is untagged vlan 1, both devices require parity

Lastly by the looks of it the switch trunk is trusting dhcp already



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Hello,

Yes, there is mismatch but 88 vlan isn't assigned to any interface as well as vlan 1 so there is no real problem (sure it's incorrect but it's not causing dhcp problems).

Highlighted

hey,

 

I tried your way and I set on the sw 

interface Vlan55
ip address 172.16.30.162 255.255.255.240
ip helper-address 172.16.30.161
no ip route-cache
!
ip default-gateway 172.16.30.161

 

and now I get ip, it's working I can go outside

 

I'm not sure if is the best way or is the ok way 

Highlighted
Rising star

.......