They were definitely on the same VLAN. I checked and double checked. The only thing that would resolve the issue was if DHCP was created on the directly connected switch.

There should not be any problem if they are on the same VLAN in different switches. Native VLAN mismatching might have effect on it. That VLAN is allwoed on the trunk? Use debug IP DHCP to see if there is any log related to the issue.

Masoud

It is certainly not the case that it is required to have the DHCP scope configured on the switch where the client is locally connected. When properly configured DHCP works well over trunk connections.

Masoud has identified one thing that can cause problems when attempting DHCP over tunk connections which is the need for helper address on the SVI for the VLAN where the client is connected. The helper address command on the client VLAN SVI points to the address of the DHCP server.

Another possibility might be issues in the configuration of the DHCP scopes. Is there a correctly configured scope for each of the VLANs on the original switch? Another possbility might be a routing issue. Are you sure that the DHCP server has a correct route to reach the subnet of the VLAN on the original switch?

HTH

Rick

To give an update, I have managed to get DHCP to work across the trunks on layer 3 switch (3750). I could get it to work on the layer 2 switch (2960G). Still a mystery.

Keep us posted. It worked on 2960? what was the problem?

Masoud

It is good that you got it to work. I agree with Masoud that it would be helpful if you told us what was the issue and how did you fix it on the layer 3 3750 switch. If it is not working on the layer 2 2960 and if you want us to help figure out the issue then you need to share with us more information about how the 2960 is configured (and probably about how the switch that it connects to is configured) and where DHCP is configured and how DHCP is configured.

HTH

Rick

Sorry I just realised how poorly worded my post was, let me try that again;

To give an update, I have managed to get DHCP to work across the trunks. I have moved the DHCP server from the 2960G (layer2 switch) to the 3750 switch (older but layer 3). A DHCP address can now be received from any switch with switchport access to that trunk and the binding can be seen on the 3750. So I guess that layer 2 switches can't give DHCP across trunks whereas layer 3 switches can? I don't think this is logical but could it be true?

This is a much better worded and more informative post and it gives me an idea about the explanation. First let us remember that essentially DHCP is an IP layer 3 function. While a 2960 can have multiple vlans they are operating at layer 2. The 2960 can process DHCP for the one vlan for which it is configured with an IP address but not for the other vlans which operate only at layer 2.

Since the 3750 is a layer 3 switch it can process at layer 3 for multiple vlans including processing DHCP for multiple vlans. But the 2960 is restricted to processing DHCP only for the single vlan for which it has an IP address.

HTH

Rick

Hello,

Richard's answer is completely correct. I am just adding more info. DHCP works based on broadcast messages. The reason is client does not have IP at first and also has no idea about DHCP server. Client sends a broadcast request. Who recieves the broadcast request? Whoever located in the same broadcast domain receives the request. Broadcast messages travel also on trunk interfaces. Broadcast messages do not go from one VLAN to another. Router with L3 interfaces usually do not let broadcast messages pass. In L2 connectivity, server receives DHCP request if client resides in the same VLAN no matter how many switches are in between. So what if we have one DHCP server located on other side of router or in different VLAN? L3 interface will send a unicast message to DHCP server as an agent if you have configured IP-Helper. DHCP server respnses to router, then router sends back offer to the original location. So client receives the offer.

Hope it helps,

Masoud

Hello Guys,

Hello Guys,

I am trying to make one test lab. with following gear 

Cisco 800 series router  --> setup as a DHCP server : Three separate pools for vlan 10, 20 , 30. 

Cisco L3 3560 switch --Setup as core switch : Inter vlan routing configured and working. static route is configured from Cisco 800 router towards all vlans as it is configured on this switch.

Cisco L2 2960G series switch --->  setup as access layer switch --> all vlans are configured and ports are accessed in that vlans.  Trunk port is configured. I can ping everything from this switch.  

But sometimes times DHCP dont work,  clients getting the APIPA address when connected to Access layer Switch.

Clients getting right IP addresses from core switch.

Please advice.

Acces layer switch config

Switch#sh run
Building configuration...

Current configuration : 3595 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username manager privilege 15 secret 5 $1$BMtO$NjKHg8qWdlDs5qAPGJoVJ1
!
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
!
!
--More--       ip domain-name lovejit.com
!
!
crypto pki trustpoint TP-self-signed-204040832
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-204040832
revocation-check none
rsakeypair TP-self-signed-204040832
!
!
crypto pki certificate chain TP-self-signed-204040832
certificate self-signed 01
  3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32303430 34303833 32301E17 0D393330 33303130 30303230 
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 34303430 
  38333230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  CABC3B2D FCEDA6F3 7A892854 3570203A B2D3E55E C0999869 A9A548E9 B134C65C 
  18E0EB75 4F9E1E55 FDEF91BE 4FB0104C 11FE0F16 97BD192B A73468FA BCADBD83 
  732B2430 FFC4807A 3C90A9A7 9E35BF1C 7946FE42 9E561E38 AF233D44 03E3695B 
  DAF2CA55 0061EA3D D5FF27E7 143F5C6E 76B72423 168BC32E 4A201DD6 9EEBAA8D 
  02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D 
--More--       11040B30 09820753 77697463 682E301F 0603551D 23041830 168014E8 A3B81039 
  ED9ED181 81B29F3D BB8B2B0F F3CC1E30 1D060355 1D0E0416 0414E8A3 B81039ED 
  9ED18181 B29F3DBB 8B2B0FF3 CC1E300D 06092A86 4886F70D 01010405 00038181 
  00BC42FE EA138CCB 32A59E7D BCD09B6E 3F0AD22C A4220DB7 ADBFD20A C4BEE038 
  24FC9CC0 D4E3BFD9 D633C8FC 9BDC7775 4C10C8BE A676CC11 901764BE EA8C7E8E 
  AC330F49 13C1CE95 CD353401 CC716353 508E16F7 FFEE280A 61582FD6 40DCBFAD 
  9BCAA828 31AE9116 BD50AA56 EA9DBEF7 477F2121 00EC5BDF AAE96296 E858E051 FC
  quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10
name test1
!
vlan 20
name test2
!
vlan 30
--More--       name test3
!
ip ssh version 2
!
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/5
!
--More--       interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
--More--       !
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
switchport mode trunk
!
interface Vlan1
ip address 10.10.10.11 255.255.255.0
no ip route-cache
!
interface Vlan10
no ip address
ip helper-address 10.10.10.51
--More--       !
interface Vlan20
no ip address
ip helper-address 10.10.10.51
!
interface Vlan30
no ip address
ip helper-address 10.10.10.51
!
ip default-gateway 10.10.10.51
ip http server
ip http secure-server
vstack
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login
!
end

Other question i want to ask, I just put switch-port mode trunk command in all trunk ports.

Why i need to put command switch-port mode trunk allowed vlan, what does trunk do by default ?

HI,

Trunk by default will allow all VLANs.

Regards,

Deepak Kumar

Deepak is correct that you are not required to configure the vlan trunk allow command. By default the trunk will carry all of the active vlans. You would typically use the vlan trunk allow when you want the trunk to carry some but not all of the active vlans.

I believe that I see why you are having problems with DHCP on this switch based on this part of the config

interface Vlan10
no ip address
ip helper-address 10.10.10.51
--More--       !
interface Vlan20
no ip address
ip helper-address 10.10.10.51
!
interface Vlan30
no ip address
ip helper-address 10.10.10.51
!

you have configured helper addresses but they can not work because the vlan interfaces do not have an IP address. The way that helper address works is to send a request to the DHCP server with the IP of the switch interface as the address to which to send the DHCP information. When the switch interface has no IP address then it can not send the request to the DHCP server.

HTH

Rick