01-14-2012 11:15 PM - edited 03-04-2019 02:54 PM
Issue Description:
Refer the router on stick topology...VLANs 1, 120 and 123 are configured on MPLS and DSL router.
We have enabled dhcp snooping on the switches CS1 to CS8 using following command
ip dhcp snooping
ip dhcp snooping vlan 1
ip dhcp snooping vlan 120
ip dhcp snooping vlan 123
under uplink interface
ip dhcp snooping trust.
All the uplinks including dhcp server connected interface are set to dhcp snooping trust.
End devices cannot renew the IP address from the secondary DHCP server when primary is offline. Yesterday, for testing we removed the trust command from the primary DHCP server connected interface and then clients are expected to renew IP from the secondary DHCP server. but this wasn't working
The secondary helper is in the remote site. ip is 100.6.4.5
The primary helper is local. 100.179.10.4
We have not enabled any snooping feature on the routers.
the uplinks of the switch connected to the routers is set to trust
On MPLS router:
interface GigabitEthernet0/0.1
description Connection to Bombay Business VLAN
encapsulation dot1Q 1 native
ip address 100.179.10.252 255.255.255.0
ip access-group All_Purpose_Security in
ip helper-address 100.179.10.4
ip helper-address 100.6.4.5
standby 1 ip 100.179.10.254
standby 1 timers 1 3
standby 1 priority 200
standby 1 preempt
standby 1 name hsrp_netw_mgmt_vlan_gw
standby 1 track GigabitEthernet0/1 105
--------------------------------------------------------------------------------------
interface GigabitEthernet0/0.120
description WAP VLAN 120
encapsulation dot1Q 120
ip address 100.179.202.252 255.255.255.0
ip access-group All_Purpose_Security in
ip helper-address 100.179.10.4
ip helper-address 100.6.4.5
standby 120 ip 100.179.202.254
standby 120 timers 1 3
standby 120 priority 200
standby 120 preempt
standby 120 track GigabitEthernet0/1 105
end
______________________________________________________
interface GigabitEthernet0/0.123
description WAP VLAN 123
encapsulation dot1Q 123
ip address 100.179.203.252 255.255.255.0
ip access-group All_Purpose_Security in
ip helper-address 100.6.4.5
ip helper-address 100.179.10.4
ip flow ingress
standby 123 ip 100.179.203.254
standby 123 timers 1 3
standby 123 priority 200
standby 123 preempt
standby 123 track GigabitEthernet0/1 105
end
01-15-2012 12:41 AM
Perhaps the issue is related to the fact that you mention renewal of the lease instead of requesting a new one.
Essentially a client "remembers" the address of the dhcp server where it got its lease from.
Renewal can only occur on that server.
What your setup should actually accomplish is to have all new leases provided from the backup server.
All leases which are at half-lease time or at the end of it will not be able to contact the server and keep their lease for quite some time before sending a new discover broadcast packet. Only when they do this, they are able to contact the second server. Please check the link for a nice presentation on the dhcp process:
Perhaps you meant to say the problem was that no leases are provided by the second server but regarding renewal, it works as explained. Having a second server is of little value for that. This is a "gotcha" which is overlooked by many.
Keep us posted!
regards,
Leo
01-15-2012 08:30 AM
thanks for ur inputs...i am planning to do one more testing tomorrow
remove the trust from dhcp server connected interface
restart the test laptop to check if it can take ip address from the secondary helper.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide