Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3417
Views
0
Helpful
3
Replies

DHCP over GRE tunnel

Go to solution
RexChang32809
Level 1
Level 1

‎03-18-2020 11:41 PM - edited ‎03-18-2020 11:47 PM

Hi,

I'm preparing a environment that CPE can obtain IP address via GRE tunnel. For that purpose, I simplified my environment as below topology.

 

DHCP over GRE tunnel.jpg

 

And here's my running-config of two Cisco router(C1111-8P).

===============================================================================================

Cisco Router (R1):

Building configuration...

version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
no aaa new-model
!
ip dhcp relay information option
!
subscriber templating
!
multilink bundle-name authenticated
!
vlan internal allocation policy ascending
!
interface Tunnel1
ip address 10.10.10.1 255.255.255.0
ip helper-address 10.11.12.1
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel destination 192.168.7.14
!
interface GigabitEthernet0/0/0
ip address 172.51.37.222 255.255.255.0
ip helper-address 10.11.12.1
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 10
!
interface Vlan1
no ip address
!
interface Vlan10
ip address dhcp
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
end

Cisco Router (R2):

Building configuration...

version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
ip dhcp relay information option
!
vlan internal allocation policy ascending
!
interface Tunnel1
ip address 10.10.10.2 255.255.255.0
ip helper-address 10.11.12.1
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel destination 172.51.37.222
!
interface GigabitEthernet0/0/0
ip address 192.168.7.14 255.255.255.0
ip helper-address 10.11.12.1
negotiation auto
!
interface Vlan1
ip address dhcp
ip helper-address 10.11.12.1
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Tunnel1
ip route 10.11.12.0 255.255.255.0 Tunnel1
ip route 172.51.37.0 255.255.255.0 GigabitEthernet0/0/0
end

===============================================================================================

For now, I can ping from R2 to my DHCP server. However, despite my GRE tunnel is established, my client cannot obtain IP address via GRE from DHCP server. I observed received packets at DHCP server and there's no DHCP Discover sent by my client.

Could any one help me with this? 

 

BR,

Rex Chang

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎03-19-2020 02:04 AM

Hi,

 

   You have a chicken-egg issue here:

 

    1. I see that also the R1gets an IP address from the DHCP server, which is directly attached to its VLAN10; this is gonna work, as long as you have DHCP pool defined on the DCHP server, for local VLAN10 associated IP subnet, because the DHCP server is directly connected, it sees the DHCP client broadcast messages.

    2. I see that the remote router, R2, also has its VLAN1, the inside interface, configured for DHCP; this would work as long as the DHCP server would be locally in that VLAN. R2 , by design of DHCP, cannot pick its own DHCP Discovery packet and send it as unicast to the remote side where the DHCP server resides (the DHCP Relay function). So put a static IP address on VLAN1

   3. For DHCP clients behind R1 to get an IP address via the DHCP server behind R2, you need to ensure that VLAN10 and VLAN1 IP subnets are routable end-to-end, between the DHCP Server and the DHCP Relay Agent (R2).

 

       I cleaned your config, test it, it's gonna work, as long as you have another DHCP pool defined on your DHCP server, for VLAN1 IP subnet behind R2, and in the DHCP pool you configured the default gateway to be the IP address of R2 VLAN1 (10.11.13.1). I assume that 10.11.12.1 is your DHCP server, and R2 inside subnet is 10.11.13.0.24.

 

R1:

no ip dhcp relay information option

!

interface GigabitEthernet0/0/0
 no ip helper-address 10.11.12.1

!

interface Tunnel1
 no ip helper-address 10.11.12.1

!

ip route 10.11.13.0 255.255.255.0 Tunnel1

 

 

R2:

no ip dhcp relay information option

!

interface GigabitEthernet0/0/0
 no ip helper-address 10.11.12.1

!

interface Tunnel1
 no ip helper-address 10.11.12.1

!

interface Vlan1
no ip address dhcp

ip address 10.11.13.1 255.255.255.0
ip helper-address 10.11.12.1

!

ip route 10.11.12.0 255.255.255.0 Tunnel1

 

Regards,

Cristian Matei.

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
marce1000
VIP
VIP

‎03-19-2020 01:02 AM

 

 - Check the observed advisories from thee threads :

     https://community.cisco.com/t5/routing/dhcp-ip-via-gre-tunnel/td-p/2481767

     https://community.cisco.com/t5/routing/dhcp-relay-through-gre-over-ipsec/td-p/1622333

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎03-19-2020 02:04 AM

Hi,

 

   You have a chicken-egg issue here:

 

    1. I see that also the R1gets an IP address from the DHCP server, which is directly attached to its VLAN10; this is gonna work, as long as you have DHCP pool defined on the DCHP server, for local VLAN10 associated IP subnet, because the DHCP server is directly connected, it sees the DHCP client broadcast messages.

    2. I see that the remote router, R2, also has its VLAN1, the inside interface, configured for DHCP; this would work as long as the DHCP server would be locally in that VLAN. R2 , by design of DHCP, cannot pick its own DHCP Discovery packet and send it as unicast to the remote side where the DHCP server resides (the DHCP Relay function). So put a static IP address on VLAN1

   3. For DHCP clients behind R1 to get an IP address via the DHCP server behind R2, you need to ensure that VLAN10 and VLAN1 IP subnets are routable end-to-end, between the DHCP Server and the DHCP Relay Agent (R2).

 

       I cleaned your config, test it, it's gonna work, as long as you have another DHCP pool defined on your DHCP server, for VLAN1 IP subnet behind R2, and in the DHCP pool you configured the default gateway to be the IP address of R2 VLAN1 (10.11.13.1). I assume that 10.11.12.1 is your DHCP server, and R2 inside subnet is 10.11.13.0.24.

 

R1:

no ip dhcp relay information option

!

interface GigabitEthernet0/0/0
 no ip helper-address 10.11.12.1

!

interface Tunnel1
 no ip helper-address 10.11.12.1

!

ip route 10.11.13.0 255.255.255.0 Tunnel1

 

 

R2:

no ip dhcp relay information option

!

interface GigabitEthernet0/0/0
 no ip helper-address 10.11.12.1

!

interface Tunnel1
 no ip helper-address 10.11.12.1

!

interface Vlan1
no ip address dhcp

ip address 10.11.13.1 255.255.255.0
ip helper-address 10.11.12.1

!

ip route 10.11.12.0 255.255.255.0 Tunnel1

 

Regards,

Cristian Matei.

 

0 Helpful

Go to solution
RexChang32809
Level 1
Level 1
In response to Cristian Matei

‎03-20-2020 12:41 AM

Hi,

That did work. Thanks for your patience and help!!! You saved my day.

Best regards,

Rex Chang

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card