Solved: Can't get DHCP address with "ip verify unicast reverse-path"

graham.fleming · ‎01-06-2009

Hey All,

As stated, on my WAN-facing interface on a 3825 I have it set to acquire a DHCP address. It never would get an address, though.

After much troubleshooting I figured it was the "ip verify unicast reverse-path" command. Once I took this off, it got a DHCP address right away.

Now, the strange thing is, Cisco's docs say that command should allow source 0.0.0.0 addresses to enable BOOTP/DHCP to work.

Anyone have any idea why this might be happening for me?

Richard Burts · ‎01-06-2009

Graham

I am glad that my response did help you resolve your problem. Feel free to use the "solved" mark on this response.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎01-06-2009

Graham

The source address of 0.0.0.0 would be if some device were sending DHCP requests to your interface. But your situation is that you are sending requests to the ISP and they are sending responses. It looks like since the interface does not recognize the source address of the response (which would be the valid next hop address of the ISP device) that RPF is denying the packet. One of the options in RPF is to configure an access list which can specify traffic to accept. Perhaps you should modify your RPF configuration to have an access list and in the access list permit DHCP/bootp responses.

HTH

Rick

HTH

Rick

graham.fleming · ‎01-06-2009

That's perfect, thanks a lot!

graham.fleming · ‎01-06-2009

Rick, I accidentally rated without saying it solved the issue. If you want to reply with something I'll mark that as "solved".

Richard Burts · ‎01-06-2009

Graham

I am glad that my response did help you resolve your problem. Feel free to use the "solved" mark on this response.

HTH

Rick

HTH

Rick