Solved: Re: DHCP Relay between Cisco Router and Aruba Switch is not working

mudvayne15 · ‎02-18-2022

Hi Everyone,

Can someone help me verify my configuration? I did try to play around with the DHCP relay option in Aruba but I am still not getting any DHCP on the clients.

We just replaced our HP procurve with Aruba, the old settings for the DHCP relay is as follow.

dhcp-relay option 82 append ip

After the migration, we cannot get any DHCP.

My router configuration below

ip dhcp pool cc-data
   network 10.86.13.0 255.255.255.0
   domain-name domain.net
   default-router 10.86.13.254
   dns-server 10.86.9.3 10.86.9.4 10.65.20.3
   lease 0 8
   class cc-data
      address range 10.86.13.32 10.86.13.223
!
ip dhcp pool wireless
   network 10.86.12.0 255.255.255.0
   domain-name domain.net
   default-router 10.86.12.254
   dns-server 10.86.9.3 10.86.9.4 10.65.20.3
   lease 0 8
   class wireless
      address range 10.86.12.32 10.86.12.223
!
ip dhcp pool voice
   network 10.86.20.0 255.255.255.0
   domain-name domain.net
   default-router 10.86.20.254
   dns-server 10.86.9.3 10.86.9.4 10.65.20.3
   lease 0 8
   class voice
      address range 10.86.20.32 10.86.20.223
!
ip dhcp pool ops-data
   network 10.86.14.0 255.255.255.0
   domain-name domain.net
   default-router 10.86.14.254
   dns-server 10.86.9.3 10.86.9.4 10.65.20.3
   lease 0 8
   class ops-data
      address range 10.86.14.32 10.86.14.223
!
ip dhcp pool wireless-guest
   network 10.86.15.0 255.255.255.0
   domain-name domain.net
   default-router 10.86.15.254
   dns-server 10.86.9.3 10.86.9.4 10.65.20.3
   lease 0 8
   class wireless-guest
      address range 10.86.15.32 10.86.15.223
!
!
ip dhcp class cc-data
   relay agent information
      relay-information hex 0000000000000a560dfe mask ffffffffffff00000000
!
ip dhcp class wireless
   relay agent information
      relay-information hex 0000000000000a560cfe mask ffffffffffff00000000
!
ip dhcp class voice
   relay agent information
      relay-information hex 0000000000000a5614fe mask ffffffffffff00000000
!
ip dhcp class ops-data
   relay agent information
      relay-information hex 0000000000000a560efe mask ffffffffffff00000000
!
ip dhcp class wireless-guest
   relay agent information
      relay-information hex 0000000000000a560bfe mask ffffffffffff00000000
!
!
!
spanning-tree uplinkfast

ip scp server enable
!
!
interface FastEthernet0/1
 ip address 10.86.11.2 255.255.255.0
 ip route-cache flow
 ip policy route-map pbr-mpls
 duplex auto
 speed auto
!

My switch config below

module 1 type jl322a
mirror 1 port 8
console idle-timeout 180
console idle-timeout serial-usb 180
dhcp-relay option 82 replace ip
dhcp-relay option 82 replace validate
logging 10.86.9.12
radius-server host 10.65.0.235 key "Pv5T4u1G"
no telnet-server
ip route 0.0.0.0 0.0.0.0 10.86.11.1
ip route 10.0.0.0 255.0.0.0 10.86.11.29
ip route 10.86.17.0 255.255.255.0 10.86.16.1
ip route 172.0.0.0 255.0.0.0 10.86.11.29
ip route 192.168.0.0 255.255.0.0 10.86.11.29
ip routing
interface 10
H   name "Ruckus ZD 1100"
   exit
interface 17
   monitor all both mirror 1
   exit
interface 18
   monitor all both mirror 1
   exit
interface 19
   monitor all both mirror 1
   exit
interface 20
   monitor all both mirror 1
   exit
interface 21
   monitor all both mirror 1
   exit
interface 22
   monitor all both mirror 1
   exit
interface 23
   monitor all both mirror 1
   exit
Hinterface 24
   monitor all both mirror 1
   exit
snmp-server community "public" unrestricted
aaa authentication login privilege-mode
aaa authentication telnet login radius local
aaa authentication ssh login radius local
oobm
   ip address dhcp-bootp
   ipv6 enable
   ipv6 address dhcp full
   exit
vlan 1
   name "MANAGEMENT"
   no untagged 3-4,7-9,11-12,16,23
   untagged 1-2,5-6,10,13-15,17-22,24-48
   ip address 10.86.11.254 255.255.255.0
   ipv6 enable
   ipv6 address dhcp full
   exit
vlan 90
   name "SHARED"
   untagged 7-8,16,23
H   tagged 5-6,10,17-22,24
   ip address 10.86.9.254 255.255.255.0
   exit
vlan 120
   name "WLAN"
   tagged 5-8,10,17-24
   ip address 10.86.12.254 255.255.255.0
   ip helper-address 10.86.11.2
   exit
vlan 130
   name "CCDATA"
   untagged 3-4
   tagged 13-15,17-24
   ip address 10.86.13.254 255.255.255.0
   ip helper-address 10.86.11.2
   exit
vlan 140
   name "OPSDATA"
   tagged 6,17-24
   ip address 10.86.14.254 255.255.255.0
   ip helper-address 10.86.11.2
   exit
vlan 150
  name "Wireless Guest"
   tagged 5-8,10,17-24
   ip address 10.86.15.254 255.255.255.0
   ip helper-address 10.86.11.2
   exit
vlan 160
   name "VPN"
   tagged 5-8,10,17-24
   ip address 10.86.16.254 255.255.255.0
   exit
vlan 200
   name "VOICE"
   untagged 9,11-12
   tagged 8,17-24
   ip address 10.86.20.254 255.255.255.0
   ip helper-address 10.86.11.2
   voice
   exit
vlan 999
   name "PUBLIC"
   tagged 22,24
   ip address 10.86.0.254 255.255.255.0
   exit
spanning-tree
password manager

Appreciate your help, as I've already tried to remove the relay information from the router but no luck.

Giuseppe Larosa · ‎02-18-2022

Hello @mudvayne15 ,

HP bought Aruba years ago

post a

show version

just hide the serial numer

your device is a

module 1 type jl322a

put a PC with sniffer on port 8 as you have a local span session i.e. mirror 1 port 8

and have a packet capture performed on uplink to the router

Hope to help

Giuseppe

View solution in original post

MHM Cisco World · ‎02-19-2022

ip dhcp class wireless
   relay agent information
      relay-information hex 0000000000000a560cfe mask ffffffffffff00000000

this example from previous config,

first mask work like filter to filter all hex op and F=meaning don't care  0=meaning care 
so here only the last value of Op82 is care which is 
0a.56.0c.fe=10.86.12.254 <- this IP of SVI of vlan 120 WLAN

.

so previous use the IP address of the SVI to select the CLASS of DHCP Pool.

here with some wireshark and little modify to

relay-information hex

we can make it work IF ARUBA ALSO ADD SVI IP TO OP82.

View solution in original post

Georg Pauwen · ‎02-18-2022

Hello,

can you ping 10.86.11.2 from the Aruba ? I do not see an interface on the Aruba switch in the 10.86.11.0/24 subnet...what is the connecting layer 3 interface between the Cisco and the Aruba ?

mudvayne15 · ‎02-18-2022

Thanks, the connection between Cisco on Aruba is Port 18.

Giuseppe Larosa · ‎02-18-2022

Hello @mudvayne15 ,

HP bought Aruba years ago

post a

show version

just hide the serial numer

your device is a

module 1 type jl322a

put a PC with sniffer on port 8 as you have a local span session i.e. mirror 1 port 8

and have a packet capture performed on uplink to the router

Hope to help

Giuseppe

MHM Cisco World · ‎02-18-2022

friend you config different DHCP pool, each one with different CLASS,
this class is string and I see that Op82 is IP so how DHCP server select the pool depend on IP.
you must config string.

mudvayne15 · ‎02-18-2022

Hi sir, thank you

the string configuration is on the Aruba switch?

I don't see a string option on the Aruba CLI.

MHM Cisco World · ‎02-19-2022

ip dhcp class wireless
   relay agent information
      relay-information hex 0000000000000a560cfe mask ffffffffffff00000000

this example from previous config,

first mask work like filter to filter all hex op and F=meaning don't care  0=meaning care 
so here only the last value of Op82 is care which is 
0a.56.0c.fe=10.86.12.254 <- this IP of SVI of vlan 120 WLAN

.

so previous use the IP address of the SVI to select the CLASS of DHCP Pool.

here with some wireshark and little modify to

relay-information hex

we can make it work IF ARUBA ALSO ADD SVI IP TO OP82.

paul driver · ‎02-19-2022

Hello
How are you getting on with this? Have you managed to remedy dhcp allocation?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎02-19-2022

No,
according to share config and form what I know about the Op82 hex I get it.
he config the ip dhcp CLASS with right hex for the SVI but I think from change from HP to aruba make issue.
because as I know each vendor have a specific subOp value for Op82, and I think that make the issue here.
the Hex send from Aruba different form hex send from previous HP, so he must do wireshark see the Op82 and subOp, if Aruba send the SVI but the location is different so he can modify the mask and make it work.
I hope I right in my suggest.

paul driver · ‎02-19-2022

Hello

@MHM Cisco World wrote:

but I think from change from HP to aruba make issue.
because as I know each vendor have a specific subOp value for Op82, and I think that make the issue here.
the Hex send from Aruba different form hex send from previous HP,

The class id is based on client vendor not the switch vendor - sub options again i thought they are based on client however you show hp OUI hardcode into relay so possibly and the OP stated they have changed the intermediate switch as such the client vendor id would not have changed , so this could have had effect dhcp allocation,

However as stated previously i don’t think relay is required

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mudvayne15 · ‎02-21-2022

I will run a wireshark to check the

 relay-information hex

. thanks

Translator · ‎03-05-2022

Community source: English | Name of the author of the source: Giuseppe Larosa

paul driver · ‎02-18-2022

Hello
By the looks of it you don’t need any dhcp relay, Also you have policy based routing applied to the cisco interface from where the dhcp discovery messages will originate from?

You have dhcp scopes on the cisco, but it looks like the l3 routing for the LAN resides on the aruba that hosts the relay address you've applied to the aruba l3 interfaces, So I assume 10.86.11.2 is the cisco and 10.86.11.29 is an additional rtr residing in vlan 1?

Suggest removing the dhcp scopes off the cisco and apply them to the aruba and if that's not applicable then at least remove relay addressing off the aruba switch L3 interfaces as that switch hosts the vlan that the dhcp server resides in?

Lastly you have a lots of tagged/mirrored interfaces, do you have that many trunks/spanned ports on the aruba?
Also if you are running dhcp snooping on any l2 switches that connect to the aruba then make sure you are trusting those trunks connecting to that L3 switch.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mudvayne15 · ‎02-18-2022

Hi Paul,

Thanks for you feedback, 10.86.11.2 is the Cisco router. 10.86.11.29 is a VPN device.

mudvayne15 · ‎02-20-2022

Hi Everyone, thank you for the feedback. I did played around the dhcp-relay options 82 of the HP switch last weekend, Although unable to identify if they are getting DHCP since no is at the office. I can see some devices getting dhcp in the server responses (show dhcp-relay in Aruba). I think it should be ok now, just need to confirm again with the staff later today.