cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9591
Views
0
Helpful
22
Replies

DHCP relay problems

lindaramdani
Level 1
Level 1

I got some problems with DHCP relay, I hope somone can help me out!

I've set up the environment in my lab and get the same result:

* Client (set to DHCP)

* Router 1 (Cisco 871) (LAN IP-add (VLAN1): 1.1.1.1/8)

* Router 2 (Cisco 871) (LAN IP-add: 3.3.3.1/8)

* DHCP-server (IP-add: 3.3.3.3/8)

I set the IP helper command on VLAN 1 on Router 1 to 3.3.3.3.

With Etherreal on the client I can see the DHCP-discover-packets go out.

And with Etherreal on the DHCP-server I can see the discover-packets arrive and dchp-offer-packets go back out.

With 'debug ip udp', 'debug ip dhcp packet' and accesslists set to the interfaces with log command on the interfaces on Router1 I can see the dhcp-offer arrive, but the Router1 doesn't forward this information to the client.

Instead the router sends back an ICMP - UDP Port unreachable to the DHCP server?!?

Can someone please explain to me what's going on here? :-)

22 Replies 22

Hi everybody!

The router was shipped with 12.3(8)YI2, and since it didn't work I tried to upgrade to 12.4(6)T5 before I posted my problem here, but it made no difference.

Today I followed your advice and installed yet a later version: 12.4(11)T, but the problem remains.

Perhaps it's a bug, the problem seems illogical to me anyways...I mean, why would the router decide that the UDP port is unreachable when it's only supposed to relay the information to the client? But Ethereal doesn't see any DHCP-offer-packets coming in to the client at all.

It doesn't make sense! But on the other hand it doesn't seem reasonable that I should be the only one with this problem if it was a bug eather, I mean, DHCP relay is a pretty common service. And the same problem in 3 IOS-releases?

(Yes, if I set a static ip on the client there is connectivity between the client and the DHCP-server. So it's not a connectivity problem. I agree with Rick that the output from the debug also verifies this.)

Maybe I should try downgrading the IOS to see what happens, or what do you think?

Linda

After trying 3 releases I have little optimism that downgrading the IOS will solve it. But it might be worth a try anyway (we are not making much progress otherways).

In thinking about the error being sent I wonder if the port unreachable indicates that something on the router is deciding that it can not send the dhcpoffer because something is not set up right. Can you post the output of show ip socket? Also can you clarify whether service dhcp is enabled or disabled on your router?

HTH

Rick

HTH

Rick

There is no such command as 'sh ip socket' in the 871?

Service dhcp is enabled in the router. I disabled it before to see if it made any difference, but it didn't so I enabled service dhcp again.

(I'll see if I can find a bit older image to use in the router.)

Downgrading the router didn't help either!

I also tried to shift the routers so Router1 became Router2, and Router2 got Router1's config. Far fetched, I know, but since it was an easy thing to do, I tried but the problem remains. So it's not the particular router that is producing this error.

Anyone with suggestions?

Linda

I wonder if the router believes that there is some issue with the DHCP response. Can you verify how the DHCP server is configured (what addresses is it offering, what subnet mask, etc)? Is it possible that the address of the router interface is in the DHCP pool?

If you did a packet capture on the segment where the server is located and saw the DHCP request and saw the DHCP offer, can you post the details of the DHCP offer?

HTH

Rick

HTH

Rick

Sure thing!

Didn't get every detail of the capture since I couldn't figure out a good way of copy/paste in Ethereal. Let me know if you miss something in particular.

SERVER SETTINGS

DHCP Server interface 3.3.3.3

IP Pool starting address 1.1.1.100

Size of pool 100

Default router 1.1.1.1

Mask 255.0.0.0

PACKET CAPTURE

***DHCP Discover***

Protocol: DHCP

UDP Src Port: bootps (67)

UDP Dst Port: bootps (67)

Bootstrap Protocol:

Client IP address: 0.0.0.0 (0.0.0.0)

Relay agent IP address: 1.1.1.1 (1.1.1.1)

***DHCP Offer***

Protocol: DHCP

UDP Src Port: bootps (67)

UDP Src Port: bootpc (68)

Boostrap Protocol:

Client IP addresS: 0.0.0.0 (0.0.0.0)

Your (client) IP address: 1.1.1.100 (1.1.1.100)

Next server IP address: 3.3.3.3 (3.3.3.3)

Relay agent IP address: 1.1.1.1 (1.1.1.1)

Option 53: DHCP Message Type = DHCP Offer

Option 54: Server Identifier = 3.3.3.3

Option 1: Subnet Mask = 255.0.0.0

Option 3: Router = 1.1.1.1

***Destination Unreachable (Port Unreachable)***

Protocol: ICMP

Type 3: (Destination unreachable)

Code 3: (Port unreachable)

Original IP Packet inside ICMP Packet: Src: 3.3.3.3 (3.3.3.3), Dst: 1.1.1.1 (1.1.1.1)

Original UDP Packet inside ICMP Packet: Src Port: bootps (67), Dst Port: bootpc (68)

Linda

Well that was another good theory that does not lead to an answer. I do not see any problem in the details of the offer (I had hoped that there might be a mismatch of mask or something like that).

I am beginning to grasp at straws but here are another several ideas:

- you have talked about release levels but not about feature sets. What feature set are you running? I wonder what would happen with one of the versions you are running with a more inclusive feature set?

- I wonder if there could be something about DHCP to one of the switched ports. If you were to configure a simple DHCP on the 871 would it give an address to the client?

- I wonder if there is something about VLAN 1? What would happen if you configured some other VLAN and put FastEther0 into the new VLAN?

Try any of those that sound reasonable and let us know.

HTH

Rick

HTH

Rick

MGrumme
Level 1
Level 1

hi

did you try "spanning-tree portfast"?

please note that "spanning-tree portfast" helps resovling DHCP-issues if the DHCP-Client is directly connected to the switch-port of the Cisco871 (4-port 10/100 switch)

--

The PortFast feature should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, routers, and other similar devices, to a port with PortFast enabled can cause Spanning Tree loops, which can disrupt your network.

--

kind regards

Michael

Review Cisco Networking for a $25 gift card