Solved: DHCP and duplicate network addresses for static IPs when connecting through ASR router

CarlBenda53751 · ‎01-27-2021

Hi All,

This is going to be difficult to explain but easy to replicate. We have an internal 192.168.1* network address with both static and DHCP provided addresses in this /24 space. The internet is accessed through a non Cisco gateway to an ASR 1002 router that has multiple subnets that are also internet accessible all static IPs. We also have another set of internal machines that are on 192.168.0.* that are not internet facing and provide various services including iscsi, cctv, hypervisor hosts that have an internet address for their virtual ethernet nic but whose host port is on the 192.168.0* network and so on. Some of these same machines have only a single Ethernet port but nevertheless need to be on a switch that ALSO needs to be connected to the same switch as the ASR1002 is also connected.

Issue. IF I cable the 192.168.0.* switch to the switch patched to the ASR1002 along with the gateway natted NIC (internet facing nic) of the gateway supporting the 192.168.1.* network, the gateway is unable, (or the devices are unable) to receive renewed IP addresses. It also happens that if we try to change the static IP addresses on any of the hosts on the 192.168.0.* network they appear as duplicate addresses UNTIL we unplug and plug back in the switch these hosts are directly connected at which time the addresses no longer are duplicate.

Happy to provide any requested artifacts to determine why this behavior is the case. We have replaced the gateway and can definitely verify the behavior is NOT exhibited in the event we remove the patch between the cisco switch supporting the 192.168.0.* network and the internet facing switch directly connected to the ASR1002. And yes the 192.168.0.* switch is also connected to the switch port on the OTHER side of the gateway, (not internet facing port -- e.g. 192.168.1.* network switch).

Bottom line.. DHCP works fine for 192.168.1.* when 192.168.0.* is NOT connected to the switch support

CarlBenda53751 · ‎01-30-2021

Okay solved!

As it turns out, (and I thought this may be the case), I was able to essentially recreate the problem at will by connecting the sg200 switch with the 192.168.* to the internet only addresses switch which then connects to the ASR router.

The solution was to totally, (and yes everyone knows this already but mister not know-it-all here), segregate the networks such that the only ip address interfacing with the switch attached to the router were internet accessible IPs.

To do this, the VMs hosting web sites but that were however on servers with only one nic in use had to be changed such that an additional NIC on those servers were enabled with internet facing ips and wired into the internet ip address space only switch. The remaining nic on the server was still on the local switch to make use of local address space network services such as iscsi and so on. When these servers need access to the internet they do so through the gateway / firewall through a natted nic on the router, (linksys).

Bottom line, although easier to configure VMs to use the same nic as the host computer, since this disallows physical separation of network traffic internet vs local, it is much better to segregate the traffic. (again preaching to the choir I know). I still don't know why having a dhcp server directly visible to the ASR router would have the kind of interference to the service it had, but isolating the dhcp service on the linksys intranet from the ASR extranet ports solved the issue.

Thanks for the forum,

Carl

View solution in original post

paul driver · ‎01-28-2021

Hello
A picture can say a thousand words!

Can you post a topology diagram please it would make the physical setup much clearer to understand.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

CarlBenda53751 · ‎01-28-2021

This picture helps illustrate the topology. When the RED RJ-45 is connected that's when the Linksys router, although communicating with the host requesting the new IP address, is not confirming resulting in the requesting host never "inking" the new IP address on the 192.168.1.* network.

Carl

CarlBenda53751 · ‎01-28-2021

Georg Pauwen · ‎01-28-2021

Hello,

odd. Where (or what) is the DHCP server ? is there one DHCP server dishing out addresses for both the 192.168.1.0/24 and 192.168.0.0/24 range ?

CarlBenda53751 · ‎01-28-2021

The Linksys router is providing the DHCP service for 192.168.1.0/24. 192.168.0.0/24 does not have a DHCP associated with that address space. Only static addresses are on the NICs on 192.168.0.0/24 and there is no network gateway on that /24.

CarlBenda53751 · ‎01-30-2021

Okay solved!

As it turns out, (and I thought this may be the case), I was able to essentially recreate the problem at will by connecting the sg200 switch with the 192.168.* to the internet only addresses switch which then connects to the ASR router.

The solution was to totally, (and yes everyone knows this already but mister not know-it-all here), segregate the networks such that the only ip address interfacing with the switch attached to the router were internet accessible IPs.

To do this, the VMs hosting web sites but that were however on servers with only one nic in use had to be changed such that an additional NIC on those servers were enabled with internet facing ips and wired into the internet ip address space only switch. The remaining nic on the server was still on the local switch to make use of local address space network services such as iscsi and so on. When these servers need access to the internet they do so through the gateway / firewall through a natted nic on the router, (linksys).

Bottom line, although easier to configure VMs to use the same nic as the host computer, since this disallows physical separation of network traffic internet vs local, it is much better to segregate the traffic. (again preaching to the choir I know). I still don't know why having a dhcp server directly visible to the ASR router would have the kind of interference to the service it had, but isolating the dhcp service on the linksys intranet from the ASR extranet ports solved the issue.

Thanks for the forum,

Carl