03-05-2015 06:06 AM - edited 03-07-2019 10:57 PM
We have a stack of 6 Cisco 3850 switches all running 03.03.04SE and we are having intermittent routing issues with DHCP and fixed address hosts. Hosts with fixed addresses will randomly receive APIPA addresses when they are restarted, overriding the statically set addresses. And hosts that are configured via DHCP will occasionally have no connectivity when they are connected to the stack. However using wireshark on a host experiencing this issue we have been able to verify that pings initiated by the host can reach the DHCP server and the DHCP server responds but the packets are being dropped on the switch. In every instance the mac address table and arp entries for these hosts have appeared correct.
The only way to regain connectivity is to either force an IP address change on the host, or shut/no shut the switch port.
Has anyone experienced an issue like this or has any suggestions?
 
					
				
		
03-05-2015 07:05 AM
Hi
If the DHCP isn't in the same network or vlan of the hosts, you should use:
ip helper-address x.x.x.x
informing the dhcp server address. This will direct the dhcp hosts requests to the correct destination.
About the hosts with APIPA, you may activate the portfast option on the ports, but, if they have static IP address, they will APIPA only if a IP address conflict is detected, or, if some policy change the setting to DHCP, and the server isn't reachable.
Hope that it helps.
Theles.
03-05-2015 07:30 AM
Hi
Thanks for the response.
The DHCP server is in the same network as the hosts and is reachable by other hosts on the switches. The same thing happens when attempting to ping any internal or external host however I have only used wireshark captures between hosts and the DHCP server. To me this looks like a switch routing issue as I can see all hosts that have this issue are able to connect 1 way but network traffic never returns through the switch.
For the APIPA issue spanning-tree portfast is already set up, and I have disabled proxy arp on the switch stack and the ASA firewall inside interface. This seemed to improve the issue but it is still occurring.
Jack
03-05-2015 08:35 AM
About the DHCP, did you configured the ip helper-address? If not, try to and let me know.
I am not sure if it is mandatory on a L3 switch, but, I had some problems in the past caused by lack of this.
About the APIPA. Some computers are configured with static ip address, and, when you connect the cable on these computers, they bring apipa ip address, wright?
If yes, no matter how configured the switch is, this can't be caused by the switch, or at least, I never see or read about it. Apipa is used:
1 - The host is configured to use DHCP and can't reach the server
2 - Static IP is used, and a conflict is detected. The host may use apipa, or, no IP address is used.
This is the only two cases that I ever saw apipa showing.
Ex: You have a routed VLAN 100 with the network 10.10.10.0/24 and a host have 172.23.1.1/24 static configured. When you put the host on this vlan, it won't work, but, if you check the IP address, it will show you the IP 172....
If this is a Windows host, look for some GPO ruling the network adapter behavior.
Theles
03-06-2015 02:25 AM
DHCP snooping was not enabled on the switch but I have enabled this now. I have also configured the data vlan with ip helper-address. I will update if these changes make any difference, thanks for taking time to respond.
03-05-2015 10:31 AM
If you are not routing for vlans, then can it be a routing issue?
One more question. ...... do you have dhcp snooping configured?
03-09-2015 05:43 AM
Ok, running the "clear ip arp (IP address of broken host)" seemed to fix the issue whenever this occurs.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide