DHCP not handing out across VLANs

hartsellda · ‎10-25-2012

I have a strange problem I'm hoping someone can help me with. I recently installed a new 4510 layer 3 switch into an environment that had been running at a layer 2 level. Upon installing this switch, I linked all layer 2 switches into the 4510 and moved over my DHCP server to that switch as well. The original VLAN that was running prior to the installation of the 4510 was vlan 143. I kept this VLAN and added two additional VLANs to the 4510 so I now have three VLANs routed on the 4510. The problem I am running into is that my DHCP server, which is on VLAN 143, will only hand out addresses to any client requesting an address on VLAN 143. The clients on the two new VLANs get nothing when they request an address. If I assign the clients a static address on the new VLANs, they work fine. DHCP just isn't passing across those VLANs. I have included some pertinent configuration information below. I upgraded at three different locations and I'm getting the same results at all three locations. I'm thinking it has to be something with the 4510's. My DHCP server is a Mac Pro running 10.4 server. I have the same DHCP server running at other locations without any trouble. I'm just having issues with them when attached to the 4510's I've installed. Any troubleshooting or other information would be greatly appreciated. Thank you in advance.

interface GigabitEthernet7/1

description (Mac OSX Server-DHCP-143.6)

switchport access vlan 143

switchport mode access

!

interface Vlan22

description (New VLAN)

ip address 10.147.22.1 255.255.255.254.0

ip helper-address 10.147.143.6

!

interface Vlan143

description ( VLAN 143 ) .143 subnet (Existing VLAN)

ip address 10.147.143.1 255.255.255.0

ip helper-address 10.147.143.6

!

interface Vlan243

description ( VLAN 243 ) .243 subnet (New VLAN)

ip address 10.147.243.1 255.255.255.0

ip helper-address 10.147.143.6

!

router ospf 1

log-adjacency-changes

network 10.147.22.0 0.0.1.255 area 0

network 10.147.143.0 0.0.0.255 area 0

network 10.147.243.0 0.0.0.255 area 0

jimmysands73_2 · ‎10-25-2012

Curious...

interface Vlan143

description ( VLAN 143 ) .143 subnet (Existing VLAN)

ip address 10.147.143.1 255.255.255.0

ip helper-address 10.147.143.6

Why do you need the ip helper-address if the dhcp server is on the same subnet? Doubt its related to your issue, but curious nonetheless.

Back to issue

1) Can you ping the DHCP server from the ws's when statics are assigned?

allan.thomas · ‎10-25-2012

Hi,

You mention that you have connected or have uplinks to other switches connected to the 4510, is that correct? Are you passing these vlans up the trunk to these interfaces, or just vlan 143 on an access port?

Are these in the STP forwarding state for vlan 143 on these links and pruned off? The way to prove the DHCP is to configure a local interface on the 4510 put it into the same access vlan and attempt to request an IP lease. If it fails even though you are on the same broadcast domain suggest a problem with server. If you succeed, then it must be the uplinks to your hosts which is the problem. Can you post the uplink port configuration, and also from the edge switch.

Regards
Allan.

Sent from Cisco Technical Support iPad App

allan.thomas · ‎10-25-2012

Hi,

You mention that you have connected or have uplinks to other switches connected to the 4510, is that correct? Are you passing these vlans up the trunk to these interfaces, or just vlan 143 on an access port?

Are these in the STP forwarding state for vlan 143 on these links and pruned off? The way to prove the DHCP is to configure a local interface on the 4510 put it into the same access vlan and attempt to request an IP lease. If it fails even though you are on the same broadcast domain suggest a problem with server. If you succeed, then it must be the uplinks to your hosts which is the problem. Can you post the uplink port configuration, and also from the edge switch.

Regards
Allan.

Sent from Cisco Technical Support iPad App

allan.thomas · ‎10-25-2012

Hi,

You mention that you have connected or have uplinks to other switches connected to the 4510, is that correct? Are you passing these vlans up the trunk to these interfaces, or just vlan 143 on an access port?

Are these in the STP forwarding state for vlan 143 on these links and pruned off? The way to prove the DHCP is to configure a local interface on the 4510 put it into the same access vlan and attempt to request an IP lease. If it fails even though you are on the same broadcast domain suggest a problem with server. If you succeed, then it must be the uplinks to your hosts which is the problem. Can you post the uplink port configuration, and also from the edge switch.

Regards
Allan.

Sent from Cisco Technical Support iPad App

Richard Burts · ‎10-25-2012

The original poster tells us that he created the new VLANs, that he connected the switches, and that he moved the DHCP server. He did not tell us that he had configured the DHCP server with additional DHCP scopes. And I am going to guess that this is the problem.

As to the question about having the helper address on the VLAN 143 interface it is certainly not needed. It is doing no harm. But it is doing no good. If that line were removed from interface vlan 143 things would still work.

HTH

Rick

HTH

Rick

hartsellda · ‎10-26-2012

I'll answer all questions at once. First off, thank you all for your assistance. To answer Jimmy, I am able to ping my DHCP server when assigned a static address on one of the new VLANs. I'm able to do everything as if I were using a DHCP assigned address.

To answer Rick, I do have the new scopes in the DHCP server that I moved over. Also, when I connect my machine to a port in one of the new VLANs, I can see in the logs of the DHCP server, my machine doing a DHCP DISCOVER and DHCP REQUEST but no address is ever offered.

To answer Allan, yes I am passing these VLANs up the trunk to the interfaces. Below is a portion of my config. I have plugged directly into the 4510 and assigned the port to the new VLAN with no success. See my response above to Rick. I see the DHCP DISCOVER and DHCP REQUEST in my logs but no offer. I would also think it is a problem with my DHCP server if it was only happening on one switch but I have this setup at three different locations and I'm getting the same results at all locations. At a few other locations, I have a Mac 10.4 DHCP server running on Cisco networks not plugged into a 4510 and I'm having no trouble. I have also attempted to use a DHCP server that is not directly connected to the 4510 but is at a another location within our WAN and I still wasn't able to receive an address from the new VLANs.

Edge Switch config

interface GigabitEthernet1/0/49

description Uplink to 4510

switchport

switch trunk native vlan 243

switch trunk allowed vlan 243

switch mode trunk

Thank you all again for your help.

Richard Burts · ‎10-28-2012

Thanks for the additional information. There are two things in it that have me puzzled.

- If the logs of the DHCP server show receipt of DHCP DISCOVER and DHCP REQUEST but not an DHCP-OFFER then it would seem to point to a problem on the DHCP server. Are the new scopes perhaps in a super-scope?

- the interface on the edge switch is configured to pass only vlan 243 to the upstream 4510. Is vlan 243 the only vlan active on that switch? If so why use a trunk? It seems that an access port would pass the traffic that is needed.

HTH

Rick

HTH

Rick

hartsellda · ‎10-29-2012

I have also thought that the DHCP server would be the problem but I have inserted a different DHCP server and received the same problems. I even used one DHCP server that was not in the same physical location and not plugged into the 4510 and I still was not able to receive an address. The fact that I'm able to get an address on VLAN 143 but on nothing else has me confused as can be.

-The edge switch is trunked only because that is how I setup all of my edge switches regardless of how many VLANs are being passed. It's just how I learned and I've never changed.

I'm not overly worried about the edge switches right now. If I can get an address to pass within the 4510, I think all else will take care of itself.

Thanks again for the help Rick.

thegreattriscuit · ‎10-29-2012

That's correct... if the DHCP server is getting the DISCOVER and REQUEST messages, then the layer 2 and 3 transport from client to server MUST be working. There is no other possible explanation. What's more, is that if there isn't a DHCP OFFER, and you're certain that there's supposed to be, that is irrefutable evidence that the server is seeing the requests and deciding not to honor them.

So either the server is configured wrong, or the router is sending the wrong info when it forwards the DHCP DISCOVER packets.

(for instance, if your scope is 10.10.1.128/25, and the routers interface is 10.10.1.0/24... It won't work... It doesn't matter which one of them is right or wrong... but they have to be consistent). That really does look like the only reasonable explanation.

All that aside however, if you've made it this far without finding the solution by scanning over the configs, and the issue hasn't popped out at you by now, it's probably not going to. I'd recommend just setting up a packet capture and watching the DHCP requests on the wire... that'll allow you to do a couple key things...

1: verify whether or not your server is ACTUALLY responding to the requests.

2: verify that the DISCOVER and REQUEST packets actually say what they're supposed to.

If 1 and 2 are yes, then it MUST be the return path of the network

if 2 is yes, but 1 is no, then it MUST be the server config...

If 1 is no, then it's the router (or whatever layer 3 device has the 'ip helper address' statements).

shillings · ‎10-29-2012

Have you configured no service dhcp on the 4510 by any chance? This will stop the helper commands functioning properly.

hartsellda · ‎10-29-2012

Nope, I do not have no service dhcp on. Thanks.