cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9590
Views
0
Helpful
22
Replies

DHCP relay problems

lindaramdani
Level 1
Level 1

I got some problems with DHCP relay, I hope somone can help me out!

I've set up the environment in my lab and get the same result:

* Client (set to DHCP)

* Router 1 (Cisco 871) (LAN IP-add (VLAN1): 1.1.1.1/8)

* Router 2 (Cisco 871) (LAN IP-add: 3.3.3.1/8)

* DHCP-server (IP-add: 3.3.3.3/8)

I set the IP helper command on VLAN 1 on Router 1 to 3.3.3.3.

With Etherreal on the client I can see the DHCP-discover-packets go out.

And with Etherreal on the DHCP-server I can see the discover-packets arrive and dchp-offer-packets go back out.

With 'debug ip udp', 'debug ip dhcp packet' and accesslists set to the interfaces with log command on the interfaces on Router1 I can see the dhcp-offer arrive, but the Router1 doesn't forward this information to the client.

Instead the router sends back an ICMP - UDP Port unreachable to the DHCP server?!?

Can someone please explain to me what's going on here? :-)

22 Replies 22

ankbhasi
Cisco Employee
Cisco Employee

Hi Friend,

Can you confirm if you see "ip bootp server" command on your any of the routers?

Regards,

Ankur

Hi!

Yes, 'ip bootp server' and 'service dhcp' is set on the routers, although I can't see it printed out in the config (I guess it's the default settings and therefore not printed out).

Hi Friend,

Can you run "no ip bootp server" command and update with the result.

Ankur

Hi!

Thanks for your suggestion. I tried to turn bootp server off with your command, but there's no difference in the output.

The DHCP-server still recieves ICMP Type:3 Code:3, Port unreachable from Router1 when trying to send the dhcp-offer back to the client.

In Router 1 I see the following output:

DHCPD: BOOTREQUEST from forwarded to 3.3.3.3.

UDP: rcvd src=3.3.3.3(67), dst=1.1.1.1(68), length=340

and after that nothing happens!

/linda

Does anyone else have any idea what is causing my problem?

Linda

Posting the config of the router might enable us to find something that would explain this.

HTH

Rick

HTH

Rick

Hi Rick!

(Back from the holidays now, hence a late reply.)

Sure thing I can post the config, but it's nearly empty since it's a lab config. I've set it up just to test this thing.

The router is a 871 and Version 12.4(6)T5. The dhcp-client is connected to Fa0.

I also post the output from the 'debug ip udp' command.

Jan 4 15:24:47.663: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=308

Jan 4 15:24:47.663: UDP: sent src=1.1.1.1(67), dst=3.3.3.3(67), length=308

Jan 4 15:24:47.679: UDP: rcvd src=3.3.3.3(67), dst=1.1.1.1(68), length=340

Jan 4 15:24:55.663: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=308

Jan 4 15:24:55.667: UDP: sent src=1.1.1.1(67), dst=3.3.3.3(67), length=308

Jan 4 15:24:55.683: UDP: rcvd src=3.3.3.3(67), dst=1.1.1.1(68), length=340

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router1

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

!

no aaa new-model

!

resource policy

!

ip cef

!

!

interface FastEthernet0

no cdp enable

spanning-tree portfast

!

interface FastEthernet1

shutdown

!

interface FastEthernet2

shutdown

!

interface FastEthernet3

shutdown

!

interface FastEthernet4

ip address 2.2.2.1 255.0.0.0

duplex auto

speed auto

!

interface Vlan1

ip address 1.1.1.1 255.0.0.0

ip helper-address 3.3.3.3

!

ip route 0.0.0.0 0.0.0.0 2.2.2.2

!

no ip http server

no ip http secure-server

!

!

control-plane

!

!

line con 0

no modem enable

transport output all

line aux 0

transport output all

line vty 0 4

transport input all

transport output all

!

scheduler max-task-time 5000

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

Linda

Thanks for posting the additional information. I do not see anything in the config that explains the behavior. I wonder if a show interface of the interface the client is connected to and of the VLAN interface would show us anything useful?

I also wonder if the output of debug dhcp (in addition to the debug ip dhcp which you already ran) would tell us anything? And if those do not show anything useful I would ask that you do debug ip packet and post the output.

HTH

Rick

HTH

Rick

Hi Rick!

Thanks for taking your time trying to help me!

Here follows the output you requested except output from debug dhcp which showed nothing at all. I also added the output of debug ip icmp to show that the router, as mentioned in my first post, is sending an icmp port unreachable back to the dhcp-server for some reason?

FastEthernet0 is up, line protocol is up

Hardware is Fast Ethernet, address is 0017.5922.738c (bia 0017.5922.738c)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:02:58, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 1000 bits/sec, 1 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

265 packets input, 35436 bytes, 0 no buffer

Received 235 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

148 packets output, 9472 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Vlan1 is up, line protocol is up

Hardware is EtherSVI, address is 0017.5922.738c (bia 0017.5922.738c)

Internet address is 1.1.1.1/8

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:17, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

251 packets input, 33126 bytes, 0 no buffer

Received 251 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

4 packets output, 240 bytes, 0 underruns

0 output errors, 1 interface resets

0 output buffer failures, 0 output buffers swapped out

debug ip packet

Jan 5 09:36:37.799: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 328, rcvd 2

Jan 5 09:36:37.799: IP: tableid=0, s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), routed via FIB

Jan 5 09:36:37.799: IP: s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), len 328, sending

Jan 5 09:36:37.815: IP: tableid=0, s=3.3.3.3 (FastEthernet4), d=1.1.1.1 (Vlan1), routed via RIB

Jan 5 09:36:37.815: IP: s=3.3.3.3 (FastEthernet4), d=1.1.1.1, len 360, rcvd 4

Jan 5 09:36:37.815: IP: tableid=0, s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), routed via FIB

Jan 5 09:36:37.815: IP: s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), len 56, sending

(and then it starts all over again)

debug ip icmp

Jan 5 09:38:06.451: ICMP: dst (1.1.1.1) port unreachable sent to 3.3.3.3

Jan 5 09:38:10.447: ICMP: dst (1.1.1.1) port unreachable sent to 3.3.3.3

Jan 5 09:38:18.451: ICMP: dst (1.1.1.1) port unreachable sent to 3.3.3.3

Jan 5 09:38:34.455: ICMP: dst (1.1.1.1) port unreachable sent to 3.3.3.3

Hello

If I understand you correctly, the discovers arrive at router 2 and the offers are send out of router 2.

Dou you see them arriving at Fa4 at router 1?Since you work with static routes, is there a route from R2 to R1?

Could you post the R2 config?

Is R2 pingable from R1?

Greetings

Hi,

Can you try this option, instead of assign a helper address to the vlan interface,use the vlan interface to connect to the other router.And the routed port Fa4, to be connected to the LAN with ip helper configuration.

This is just a try and i assume there may be limited functionality for switch ports than a routed port in such router models.

Thanks

Jay

If the problem still not solved. Can you ping from this router to the DHCP server, i.e. 3.3.3.3 ? Can you also provide a trace route from router 1 to DHCP server ?

Can configure a static IP at the PC and try to ping from the PC to the DHCP server ?

Agreed w/ Fred that please check the return path from the DHCP server back to this router LAN. e.g. gatway at DHCP server, or route from remote router back to this router LAN (VLAN 1).

Are two routers using 2.2.2.x for interconnection ? Or via other routers ?

Hope this helps.

Jack

Your questions seem oriented to it being a problem of connectivity between the two routers. Would you not agree that this debug from an earlier post in this thread shows the packet being sent and a response being received (successful connectivity between the routers):

Jan 5 09:36:37.799: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 328, rcvd 2

Jan 5 09:36:37.799: IP: tableid=0, s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), routed via FIB

Jan 5 09:36:37.799: IP: s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), len 328, sending

Jan 5 09:36:37.815: IP: tableid=0, s=3.3.3.3 (FastEthernet4), d=1.1.1.1 (Vlan1), routed via RIB

Jan 5 09:36:37.815: IP: s=3.3.3.3 (FastEthernet4), d=1.1.1.1, len 360, rcvd 4

Jan 5 09:36:37.815: IP: tableid=0, s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), routed via FIB

Jan 5 09:36:37.815: IP: s=1.1.1.1 (local), d=3.3.3.3 (FastEthernet4), len 56, sending

I believe that the problem is something local to the router (or perhaps to the client). But the config posted does not have anything that looks like a config problem to me. Can you see anything in it?

Linda - I am wondering about the possibility that you are hitting some bug. Is it possible to try a different version of IOS in the router?

HTH

Rick

HTH

Rick

Hi Rick, I remember that case but able to find it out. I agreed it may be similar reason, i.e. I have cannot find config. issue on the NAT too from the exsiting info. So I asked for the design, if I have another router config then I can guess the connectivity.

Any idea from you other than the IOS ver. ?

Many thx.

Review Cisco Networking for a $25 gift card