@paul driver My point was: as soon as 'ip routing' is enabled on the 3650, that switch (now a router) becomes the limit for the broadcast domain. The 2960 is effectively the DHCP client, and any DHCP broadcast will go to the 3650 but no further.

Either way, not sure why ip routing is enabled at all on the 3650. My suggestion was to turn it off, that would probably solve the issue right away anyway. I hope OP only gave up temporarily, and will come back and try some of the suggestions...

Hello

---

@Georg Pauwen wrote:

@paul driver My point was: as soon as 'ip routing' is enabled on the 3650, that switch (now a router) becomes the limit for the broadcast domain. The 2960 is effectively the DHCP client, and any DHCP broadcast will go to the 3650 but no further.

---

Granted, however thats only if the dhcp packets needs to route between vlans but in this this case it wont, As the 3650 and the 2960 reside same broadcast domain (vlan 1) so the 3650 switch wont negate the broadcast for vlan 1 and dhcp dora's will traverse both switches which should result in the 2960 obtaining dhcp allocation

Actually, depending on what you want the 3560 switch to be (router or just a layer 2 switch), just turn 'ip routing' (no ip routing) altogether.

Cheers for the advice Georg... i added the ip-helper but it didn't fix the issue It is ok though as i said earlier i spend too much time on this issue and i am giving up so i can focus on pushing forward with my studies. Thank you for taking the time to help me out.

Kind Regards

Bob

Hello,

on the 3560, just disable 'ip routing':

3560#conf t

3560(config)#no ip routing

Yup I can confirm what you wrote above but to try and illustrate it more clearly

                           pc

                           |

DHCP sw ---> c3560g ---> c2960 ---> pc

When i try :

DHCP sw --->c2960 ---> pc   

the c2960 will not get an ip. When i use the command 'show cdp neighbors detail' - i can see the DHCP sw with its ip etc but I can't ping it [i have to give myself an ip and sub for that because without doing so i can't ping]. I have the same issue with the trunk... the only difference is that when i give both switches IPs i can actually ping them and their vlans [ i had 2 vlans set at that point] through the trunk.

I don't mind more people joining go ahead and give it your best

Hello
Thank you.
First all all do you have dhcp snooping enabled on any or all switches?, if so on the DHCP switch append the following command and test again

ip dhcp relay information trust-all

Also could you post the output of the following debug from the dhcp sw:
debug ip dhcp server packet

Cheers for the fast reply Paul,

I am sorry but currently i can't access the DHCP switch ... >.< I didn't know i would need access to it and my supervisor is out for the day. Even if i could log in the dhcp server it is witek switch and i have exactly 0 idea how to operate on that one.

As for the debug command the result i get is blank aka nothing.

Regards,

Bob

Hello

Not a problem, Would you be able to confirm if snooping is enabled on the other switches then? 

sh ip dhcp snooping

This is the result on c3560 :

witch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
Smartlog is configured on following VLANs:
none
Smartlog is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
circuit-id default format: vlan-mod-port
remote-id: 001d.a1a4.ef80 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Allow option Rate limit (pps)
----------------------- ------- ------------ ----------------

This is the result on c2960:

Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
circuit-id format: vlan-mod-port
remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Rate limit (pps)
------------------------ ------- ----------------

Regards,

Bob

Hello
Thank you Bob,
So now we know it isn’t dhcp option 82 that is negating dhcp allocation to the 2960.

Regards the dhcp server, As the witek switch is actual running the dhcp service for what looks like multiple vlans I would expect two see at least two active trunks on the 3560G switch 

1-  towards witek switch
2 - towards cisco 2960 (optional)

However I only see one trunk and that one trunk has port-security applied with a mac address limit of 3, now if this one trunk is connecting to the witek switch then the port security needs to be removed, in fact i would suggest remove anyway.

The link connecting to 2960 can be either be an access-port or trunk, but a trunk if you are extending multiple vlans downstream to it.

Lastly on any access -port, suggest you apply spanning-tree portfast

I did the changes you suggested however i kept only one trunk between c2960 and c3560g to be honest as of right now i wasted 2/3 of a day trying to resolve something that was suppose to be a simple exercise and that was suppose to take me only a couple of hours at best. To say the least the issue still remains and by the looks of it resolving it is WAY out of my league or knowledge since i literally just started diving in on the subject of switches.

With that being said I thank you very much for taking the time and energy to help me solve this problem Paul I really appreciate it ^_^ I hope you have a wonderful day and weekend and who knows... maybe i will see you around again;)

Best of wishes

Bob