Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2594
Views
0
Helpful
7
Replies

Border drops DHCP Discovery packets

Go to solution
Aleksandr Serov
Level 1
Level 1

‎05-17-2019 03:40 AM

Border router (3850 Fuji 16.9.3) drops DHCP coming from Edge. We built the lab for testing LISP campus infrastructure without DNA Center. All is working fine except DHCP. The scheme as in the documentation


<dhcp server>-<DC>-<fusion>-<border>-<edge>-<eid space>


We may even ping the dhcp server from the eid space, but DHCP do not work.

By "monitor capture" we diagnose that the DHCPDiscover packets are coming to border but it do not forward them to fusion nor in GRT nor in vrf of eid space.

 

How to troubleshoot the reason why the border drops dhcp?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aleksandr Serov
Level 1
Level 1

‎05-20-2019 12:25 AM - edited ‎05-27-2019 06:31 AM

I found the solution in CSCvj49480

I turned off the DHCP snooping on border and now DHCP is working

And one more important think. The border should have an interface with Anycast GW IP address in UP state. Otherwise DHCP Offers will be dropped also.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-17-2019 09:40 AM

We may even ping the dhcp server from the eid space, but dhcp do not work.

I assume this means you can reach your dhcp server from an end user in one of your VNs. If your anycast gw svi and your routing is properly configured you should be able to pull a dynamic address. I would check to ensure that you have a helper-address configured on your edge node svi (anycast gw). Then ensure you are redistributing a route into bgp for whatever VN you are running the test from your fusion so that your ebn has a route pointing up for that routing instance.

Are you able to share your edge node and ebn configuration?
0 Helpful

Go to solution
Aleksandr Serov
Level 1
Level 1
In response to Mike.Cifelli

‎05-17-2019 01:52 PM - edited ‎05-17-2019 01:56 PM

Hello,

I've attached configurations and routing from border. 

I checked the routing, redistribution, leaking and the helper-address on anycast gw svi. It seems all looks good

Thank you in advance for any help

 

Preview file
4 KB
Preview file
4 KB
Preview file
2 KB
0 Helpful

Go to solution
Scott Hodgdon
Cisco Employee
Cisco Employee

‎05-18-2019 04:31 AM

Aleksandr,

Cisco no longer supports what was once called "Campus Fabric", that is LISP-based fabric built without DNA Center. 

You can try this in the lab, but if it goes into production it will not be TAC supported.

Cheers,

Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group

0 Helpful

Go to solution
Aleksandr Serov
Level 1
Level 1
In response to Scott Hodgdon

‎05-18-2019 10:51 PM - edited ‎05-18-2019 10:54 PM

Scott,

Thank you for information. I didn't know that it is unsupported variant. It is very sad(.

What technology would you suggest?

We are in process of choosing a new campus architecture. We have to upgrade the network equipment in one our our campus in nearest future. We are going to use C9300 (if it will be Cisco)

We've already tested DNA-center and found it very "green" and buggy. I not ready to use it in production in nearest year or two. It is why we are testing similar technology but without "SD" component.

We have to understanding how to manage and troubleshoot the infrastructure by the CLI, only in that case I may allow to use the technology in production.

 

We've also tested vxlan/bgp/evpn, but C3850 do not support it. We have a dozen of C3850 and they have to migrate in new infrastucture during upgrade.

Is there any plan to implement vxlan/bgp/evpn on C3850?

 

Thank you

0 Helpful

Go to solution
Scott Hodgdon
Cisco Employee
Cisco Employee
In response to Aleksandr Serov

‎05-21-2019 01:25 AM

Alexandr,

The only supported option utilizing 9300 and 3850 for a fabric architecture in the campus is SD-Access using DNA Center.

What version did you last use ? It has matured quite a bit recently, and we have production deployments across all verticals including healthcare and finance.

My recommendation for customers wanting to deploy a fabric-ready solution in a traditional network is to at least convert to Routed Access to enable a smoother transition to fabric in the future.

There is no plan to support vxlan/bgp/evpn on 3850.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group

0 Helpful

Go to solution
Aleksandr Serov
Level 1
Level 1
In response to Scott Hodgdon

‎05-22-2019 03:17 AM

Scott,

 

Thank you for information. We will try to adapt to the DNA center.

 

But I not understand the reason why cisco deny to support cases where lisp is configured manually?  It is natural for many networkers to rely on cli configuration instead of on some centralized software network manager, especially when it do almost the same thru the cli but in background.

 

During our tests we used DNA center version 1.2.8

 

 

0 Helpful

Go to solution
Aleksandr Serov
Level 1
Level 1

‎05-20-2019 12:25 AM - edited ‎05-27-2019 06:31 AM

I found the solution in CSCvj49480

I turned off the DHCP snooping on border and now DHCP is working

And one more important think. The border should have an interface with Anycast GW IP address in UP state. Otherwise DHCP Offers will be dropped also.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card