05-06-2014 12:23 PM
I have an SG500 switch that I'm using in L3 mode and trying to set up a few different VLANs for different things. I'm trying to use the switch to function as a DHCP server on those VLANs and it seems to be working properly. However, i have one VLAN that has an external DHCP server and have not configured a pool for that range. However, clients that plug into that VLAN get a DHCP NAK from the switch when the try to pull an address (in addition to the OFFER they get from the legitmate DHCP server) and this really fouls things up. Is there any way to prevent the switch from sending a DHCP NAK on this VLAN? Removing the interface IP from this VLAN isn't an option as it's the way out for all the other VLANs.
Solved! Go to Solution.
09-14-2014 11:59 PM
Hi Christopher,
This should be included in next release 1.4.1. However I would recommend you to open ticket with Cisco Small Business Support team which will attach your case to this bug and if there is any beta firmware you can also test it:
http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
Regards,
Aleksandra
11-12-2014 07:05 AM
Any update as to when we might see 1.4.1 go live? Six months is a long time to have the DHCP server work improperly.
11-14-2014 08:06 PM
null
11-14-2014 08:07 PM
.
11-15-2014 07:19 PM
Please see attachment to see if that can help on the case, and some routing issues and solutions are also explained.
Solution 1:
[1] change vlan 33 attached to SG500 to new vlan (vlan 34)
[2] SG500 as DHCP server for vlan 34
[3] DHCP ACL filter for vlan 33 on SG500
Solution 2:
[1] add a L2 switch between router & SG500
[2] use ACL to filter DHCP for vlan 33 in SG500
[3] migrate all vlan 33 from SG500 to the new L2 switch
Solution 3:
[1] both router and SG500 as DHCP server for vlan 33
[2] SG500 use DHCP host pool for vlan 33 to prevent any allocation
Ip dhcp server
Ip dhcp pool host 33
Add 192.168.33.1 /24 hardware 0000.0000.0001 // MAC of router
//this add will never be assigned since it’s already used by router
11-19-2014 08:39 AM
I have noticed this same issue on our SG500-52. Though the NAKs don't seem to be affecting anything (well, maybe one embedded device on the network...), it still concerns me that the switch is doing this. And it might in the future cause issues depending on the timing of the NAKs versus the proper DHCP server's response.
I tried creating an ACL for the VLAN (and also to a port) to which the IPV4 interface causing issues is bound, blocking UDP from the switch's source IP on source port 67, dest port 68. But the ACL is not blocking the packets for some reason.
Any timeframe on when 1.4.1 will be released with the fix? Should I open a ticket?
Thanks,
-Matt
11-19-2014 07:03 PM
Hi Matt,
[1] ACL has no effect on packet from the device itself.
[2] It is better to use single DHCP server for all subnets other than separate ones for different subnets, since the latter has more administrative overhead.
[3] Before the fix in next release under plan, alternative solution is to create a single martian DHCP host pool (an unused host IP of the subnet that binds to a non-existent MAC in the network), which will never be assigned to any host, for the SVI subnet that has another DHCP server.
05-11-2015 08:52 AM
looks like 1.4.1.03 was just released on 5/8.
i haven't flashed it to confirm if it fixes the issue or not.
-matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide