Solved: Hello.

mailshivam7 · ‎04-19-2017

Hello All,

I have a topology where I have configured one of the Vlan interfaces of my L3 switch connecting to LAN network as the DHCP relay server.

This is specifically for a VRF, Here is the topology :

LAN --> L3 switch - Vlan interface (VRF Forwarding) | (DHCP Relay Server) --> DHCP Server

IP addressing :

L3 switch interface connected to DHCP server: 10.10.160.32

DHCP server interface connected to L3 switch : 10.10.160.34

Loopback interface on DHCP server: 172.31.8.1

IP helper points to a Loopback interface of the DHCP server.

Problem is, When the broadcasts are received on DHCP server - Source IP address are not getting changed to the IP address of the VLAN interface (DHCP relay). Instead the DHCP discover broadcasts have a source address of 0.0.0.0 due to which the DHCP server is unable to identify the pool for the leases.

Here are the configs :

L3 Switch#sh run inter vlan 500
Building configuration...

Current configuration : 117 bytes
!
interface Vlan500
ip vrf forwarding MEDIA
ip address 172.31.0.2 255.255.248.0
ip helper-address 172.31.8.1
end

L3 Switch#sh ip route vrf MEDIA 172.31.8.1
Routing entry for 172.31.8.1/32
Known via "ospf 120", distance 110, metric 11, type intra area
Last update from 10.10.160.32 on FastEthernet0/0.120, 01:08:54 ago
Routing Descriptor Blocks:
* 10.10.160.32, from 172.31.8.1, 01:08:54 ago, via FastEthernet0/0.120
Route metric is 11, traffic share count is 1

Acc-V1#sh run int lo120
Building configuration...

Current configuration : 93 bytes
!
interface Loopback120
ip vrf forwarding MEDIA
ip address 172.31.8.1 255.255.255.255
end

DHCP server#sh run | sec dhcp
no ip dhcp use vrf connected
ip dhcp use vrf remote
ip dhcp excluded-address 172.31.0.0 172.31.0.10
ip dhcp excluded-address 172.31.4.0 172.31.7.255
ip dhcp pool MEDIA
   vrf MEDIA
   network 172.31.0.0 255.255.248.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 172.31.0.2

Acc-V1#sh ip route vrf MEDIA 172.31.0.2
Routing entry for 172.31.0.0/21
Known via "ospf 120", distance 110, metric 2, type intra area
Last update from 10.10.160.35 on FastEthernet1/0.120, 01:46:17 ago
Routing Descriptor Blocks:
* 10.10.160.35, from 172.31.0.3, 01:46:17 ago, via FastEthernet1/0.120
Route metric is 2, traffic share count is 1

++++++++++++++++++

Debugs on DHCP server :

*Mar 1 01:00:09.991: IP: tableid=1, s=0.0.0.0 (FastEthernet1/0.120), d=172.31.8.1 (Loopback120), routed via RIB
*Mar 1 01:00:09.991: IP: s=0.0.0.0 (FastEthernet1/0.503), d=172.31.8.1, len 604, rcvd 4
*Mar 1 01:00:10.011: IP: tableid=1, s=0.0.0.0 (FastEthernet0/1.120), d=172.31.8.1 (Loopback120), routed via RIB
*Mar 1 01:00:10.011: IP: s=0.0.0.0 (FastEthernet0/1.503), d=172.31.8.1, len 604, rcvd 4

*Mar 1 00:54:53.471: DHCPD: Sending notification of DISCOVER:
*Mar 1 00:54:53.471:   DHCPD: htype 1 chaddr c20a.cc52.0000
*Mar 1 00:54:53.471:   DHCPD: remote id 020a00000a0aa022100001f7
*Mar 1 00:54:53.475:   DHCPD: circuit id 00000000
*Mar 1 00:54:53.475:   DHCPD: table id 1 = vrf MEDIA
*Mar 1 00:54:53.475: DHCPD: Seeing if there is an internally specified pool class:
*Mar 1 00:54:53.475:   DHCPD: htype 1 chaddr c20a.cc52.0000
*Mar 1 00:54:53.475:   DHCPD: remote id 020a00000a0aa022100001f7
*Mar 1 00:54:53.479:   DHCPD: circuit id 00000000
*Mar 1 00:54:53.479:   DHCPD: table id 1 = vrf MEDIA
*Mar 1 00:54:53.479: DHCPD: there is no address pool for 10.10.160.34 <<<<<<<<<<< Address of Interface connected to the L3 switch.

Acc-V1#sh ip dhcp server statistics
Memory usage         23770
Address pools        1
Database agents      0
Automatic bindings   0
Manual bindings      0
Expired bindings     0
Malformed messages   0
Secure arp entries   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         66
DHCPREQUEST          0
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            0
DHCPACK              0
DHCPNAK              0

Please help me resolve the issue, Server isn't leasing out anything as it is unable to identify the pool.

I am missing something on the Relay server which is not allowing it to change the source address of the broadcasts going across the link to the DHCP server.

Thanks in advance :)

Richard Burts · ‎04-27-2017

You have this in the config of your layer 3 switch

no service dhcp

I suggest that you enable the dhcp service and see if the behavior changes.

HTH

Rick

HTH

Rick

View solution in original post

Vasilii Mikhailovskii · ‎04-26-2017

Hello.

could you please provide "show ver" from the device running relay configuration?

mailshivam7 · ‎04-27-2017

I replied with the output on my original post.

Georg Pauwen · ‎04-26-2017

Hello,

the loopback interface has an IP address from the same range as the DHCP pool, but it is not an excluded address.

What is the purpose of the loopback ? Can you post the full configuration of the L3 switch ?

Richard Burts · ‎04-26-2017

As I read it this is the pool

network 172.31.0.0 255.255.248.0

and that pool starts at 172.31.0.0 and goes through 172.31.7.255. So the loopback is not in the pool address space since it is 172.31.8.1.

Can the original poster clarify where is the device that is generating the DHCP request? What is the switch port and what is the configuration of that port?

There was a discussion in the forums recently about problems with DHCP and it turned out that the problem was that service dhcp was disabled on the device that has the helper address configured. Can the original poster verify that service dhcp is enabled on the layer 3 switch?

I agree with Georg that seeing the config of the L3 switch may be helpful. In the output there are references to interface FastEthernet0/0.120 and that seems odd to me for a layer 3 switch.

HTH

Rick

HTH

Rick

mailshivam7 · ‎04-27-2017

I replied with the output on my original post.

paul driver · ‎04-26-2017

Hello

So you have a vrf segregated network where a dhcp server is located and you wish non vrf hosts to receive dhcp allocation from this server?

If so you need to let the router know where to send these relay requests as by default vrf will have its own rib and non vrf hosts need to be routed to it.

Can you also post the running config of your L3 switch specifically any static routes you have.

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mailshivam7 · ‎04-27-2017

DHCP request is coming from a VRF host.

The host sits on L2 switch on Vlan 120 , which connects to L3 switch further whose Vlan interface is forwarding on VRF: MEDIA.

I have attached the config of L3 switch and DHCP server : Acc-v1

Thanks,

mailshivam7 · ‎04-27-2017

Hello All,

Thanks very much for the response.

I have attached the config below, There were some mistakes in my original post :

++++++++++++++++

Vlan interface is "120" not 500.

When i say DHCP server, i meant ACC-V1 router as the DHCP server is hosted on that router.

+++++++++++

Following is the config :

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname L3-Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf MEDIA
!
no ip domain lookup
!
multilink bundle-name authenticated
!

!
macro name add_vlan
end
vlan database
vlan $v
exit
@
macro name del_vlan
end
vlan database
no vlan $v
exit
@
!
vtp file nvram:vlan.dat
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface FastEthernet0/0
description Link to Acc-v1 f0/1
ip address 10.10.160.33 255.255.255.254
duplex auto
speed auto
!
interface FastEthernet0/0.120
encapsulation dot1Q 120
ip vrf forwarding MEDIA
ip address 10.10.160.33 255.255.255.254
!

!

interface FastEthernet0/1.120
encapsulation dot1Q 120
ip vrf forwarding MEDIA
ip address 10.10.160.37 255.255.255.254
!

interface FastEthernet1/0
description Link to Dis-Sw1 >>> DHCP request is coming through a client on this port from Vlan120
switchport mode trunk
duplex full
speed 100
!
interface Vlan1
no ip address
shutdown
!
interface Vlan120
ip vrf forwarding MEDIA
ip address 172.31.0.2 255.255.248.0
ip helper-address 172.31.8.1
no ip redirects
no ip proxy-arp
!
interface Vlan700
description Network Management VLAN 10.10.160.128/26
ip address 10.10.160.130 255.255.255.192

!
router ospf 120 vrf MEDIA
router-id 172.31.0.2
log-adjacency-changes
passive-interface default
no passive-interface FastEthernet0/0.120
no passive-interface FastEthernet0/1.120
no passive-interface Vlan120
network 10.10.160.33 0.0.0.0 area 0
network 10.10.160.37 0.0.0.0 area 0
network 172.31.0.0 0.0.255.255 area 0
!

!
ip forward-protocol nd

!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner exec

***************************************************************
This is a normal Router with a Switch module inside (NM-16ESW)
It has been pre-configured with hard-coded speed and duplex

To create vlans use the command "vlan database" in exec mode
After creating all desired vlans use "exit" to apply the config

To view existing vlans use the command "show vlan-switch brief"

Alias(exec) : vl - "show vlan-switch brief" command
Alias(configure): va X - macro to add vlan X
Alias(configure): vd X - macro to delete vlan X
***************************************************************

alias configure va macro global trace add_vlan $v
alias configure vd macro global trace del_vlan $v
alias exec vl show vlan-switch brief
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

++++++++++

Config on DHCP server - ACC-v1 :

!
!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Acc-V1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp use vrf remote
ip dhcp excluded-address 172.31.0.0 172.31.0.10
ip dhcp excluded-address 172.31.4.0 172.31.7.255
!
ip dhcp pool MEDIA
   vrf MEDIA
   network 172.31.0.0 255.255.248.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 172.31.0.2
!
!
ip vrf MEDIA

!
interface Loopback120
ip vrf forwarding MEDIA
ip address 172.31.8.1 255.255.255.255

!
interface FastEthernet0/1
description Link to L3-Switch
ip address 10.10.160.32 255.255.255.254
duplex auto
speed auto
!
interface FastEthernet0/1.120
encapsulation dot1Q 120
ip vrf forwarding MEDIA
ip address 10.10.160.32 255.255.255.254
ip nat inside
ip nat enable
ip virtual-reassembly

router ospf 120 vrf MEDIA
log-adjacency-changes
network 10.10.160.32 0.0.0.0 area 0
network 10.10.160.34 0.0.0.0 area 0
network 172.31.8.1 0.0.0.0 area 0
default-information originate metric 1

Thanks

Richard Burts · ‎04-27-2017

You have this in the config of your layer 3 switch

no service dhcp

I suggest that you enable the dhcp service and see if the behavior changes.

HTH

Rick

HTH

Rick

mailshivam7 · ‎04-27-2017

Thank you so much Richard, this solved the problem.

Could you explain how the L3 switch was forwarding the DHCP requests as a relay server if the DHCP service wasn't enabled. :)

Thanks again.

Richard Burts · ‎04-28-2017

I am glad that my suggestion did solve your problem. Thank you for using the rating system to mark this question as answered.

It is an interesting question why (or how) the switch was forwarding the DHCP request if the DHCP service was not enabled. I believe that the answer is in several parts.

First part - when you configure ip helper-address then IOS will forward broadcasts for several functions including DHCP. So when your layer 3 switch saw a DHCP request it forwarded a copy to the server.

Second part - for the forwarded DHCP request to work there are a couple of fields that must be filled in, particularly the field for gateway address (which is how the server determines that the pool address to use is not the pool for the connected interface). But filling in those fields depends on the service DHCP. Since that service was disabled then the switch did not fill in the gateway address field and just forwarded the (incomplete) DHCP request.

HTH

Rick

HTH

Rick

DHCP relay not changing the source IP address of the DHCP broadcasts while forwarding to DHCP server.