Re: DHCP not working from Cisco router to HP switch

Forbes Jenalyn Rose · ‎11-19-2013

Hi,

Can someone please help me with the config on my router and switch?

Here's the running config:

CISCO router:

hostname mykuldcmit-gw-1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

ip cef

!

no ip dhcp use vrf connected

!

ip dhcp pool my-data

network 10.60.3.0 255.255.255.0

domain-name domainname.net

default-router 10.60.3.254

dns-server [dns ip]

lease 0 8

class my-data

address range 10.60.3.16 10.60.3.223

!

ip dhcp class my-data

relay agent information

relay-information hex 0000000000000a3e03fe mask ffffffffffff00000000

!

login block-for 60 attempts 3 within 30

login delay 10

!

interface FastEthernet0/0

description ADSL WAN Interface

ip address 175.100.200.100 255.255.255.248

duplex auto

speed auto

!

interface FastEthernet0/1

description internal

ip address 10.60.1.2 255.255.255.0

duplex auto

speed auto

!

interface Serial0/3/0

no ip address

shutdown

no fair-queue

clock rate 2000000

!

ip route 0.0.0.0 0.0.0.0 175.100.200.100

ip route 10.60.0.0 255.255.224.0 10.60.1.254

!

no ip http server

!

control-plane

!

login

!

scheduler allocate 20000 1000

end

SWITCH Config:

Running configuration:

; J8692A Configuration Editor; Created on release #K.12.16

hostname "sw-1"

ip routing

snmp-server community "MLCBB" Operator

vlan 1

name "management"

untagged 24

ip address 10.60.1.254 255.255.255.0

no untagged 1,16-17

exit

vlan 100

name "voice"

untagged 16-17

ip address 10.60.20.254 255.255.255.0

tagged 20

voice

exit

vlan 30

name "data"

untagged 1-15, 18-23

ip helper-address 10.60.1.2

ip address 10.60.3.254 255.255.255.0

exit

vlan 999

name "shared"

untagged 1

ip address 10.60.0.254 255.255.255.0

tagged 21-22

exit

dhcp-relay option 82 append ip

ip route 0.0.0.0 0.0.0.0 10.60.1.2

ip route 10.0.0.0 255.0.0.0 10.60.1.2

devils_advocate · ‎11-19-2013

Hi

Presumably none of the hosts in Vlan 30 are getting DHCP addresses?

Is your HP switch doing InterVlan routing?

I think the second IP route statement on the HP may be causing you an issue as its effectively saying, 'To reach any host starting with 10., forward the packet to 10.60.1.2'. You don't want that to happen as your HP switch has the connected interfaces in the majority of the 10.* network.

Forbes Jenalyn Rose · ‎11-22-2013

Hi,

I did try to remove the second ip route on the switch but still not working.

cadet alain · ‎11-19-2013

Hi,

Can you also enter this command on the Cisco device:

ip dhcp relay information trusted

Regards

Alain

Don't forget to rate helpful posts.

Forbes Jenalyn Rose · ‎11-22-2013

Hi,

I tried adding the command "ip dhcp relay information trust-all" but still not working.

Forbes Jenalyn Rose · ‎11-22-2013

Here's the new config:

SWITCH Config:

hostname "ProCurve Switch 2610-24-PWR"

console inactivity-timer 5

ip routing

snmp-server community "public" Unrestricted

vlan 1

name "DEFAULT_VLAN"

untagged 25,27-28

ip address 10.160.1.254 255.255.255.0

no untagged 1-24,26

exit

vlan 30

name "Data"

untagged 1-15,18-20,24

ip address 10.160.3.254 255.255.255.0

ip helper-address 10.160.1.1

exit

vlan 999

name "Shared"

exit

vlan 100

name "Voice"

untagged 16-17,21-22

ip address 10.160.10.254 255.255.255.0

tagged 20

exit

vlan 31

name "LAN via SSG5"

untagged 23,26

exit

dhcp-relay option 82 append ip

ip route 0.0.0.0 0.0.0.0 10.160.1.1

password manager

ROUTER Config:

Current configuration : 2570 bytes

!

version 12.4

no service timestamps debug uptime

no service timestamps log uptime

no service password-encryption

!

hostname my-gw-1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

ip cef

!

no ip dhcp use vrf connected

!

ip dhcp pool my-data

network 10.160.3.0 255.255.255.0

domain-name docomointertouch.net

default-router 10.160.3.254

lease 0 8

class my-data

address range 10.160.3.16 10.160.3.223

!

ip dhcp class my-data

relay agent information

relay-information hex 0000000000000a3e03fe mask ffffffffffff00000000

!

ip domain name domainname.net

login block-for 60 attempts 3 within 30

login delay 10

no vlan accounting input

!

interface FastEthernet0/0

description ADSL WAN Interface

ip address 175.100.200.100 255.255.255.248

ip access-group firewall in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

description internal

ip address 10.160.1.1 255.255.255.0

no ip redirects

no ip proxy-arp

ip nat inside

duplex auto

speed auto

!

interface Serial0/3/0

no ip address

shutdown

no fair-queue

clock rate 2000000

!

ip route 0.0.0.0 0.0.0.0 175.100.200.99

ip route 10.160.0.0 255.255.224.0 10.160.1.254

!

no ip http server

ip nat translation tcp-timeout 42300

ip nat translation udp-timeout 150

ip nat translation finrst-timeout 45

ip nat translation syn-timeout 45

ip nat translation dns-timeout 45

ip nat translation icmp-timeout 45

ip nat translation max-entries 4000

ip nat pool nat 175.100.200.100 175.100.200.100 netmask 255.255.255.224

ip nat inside source route-map nat pool nat overload

!

ip access-list extended firewall

permit ip any host 175.100.200.100

permit icmp any any

ip access-list extended nat

permit ip 10.160.0.0 0.0.31.255 any

permit ip host 0.0.0.0 host 255.255.255.255

!

route-map nat permit 10

match ip address nat

!

control-plane

!

line con 0

login

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

Forbes Jenalyn Rose · ‎11-22-2013

When I do "debug ip dhcp server packet/events", this is what I only got:

*Nov 22 15:38:09.279: DHCPD: checking for expire.

Please advise what I am missing on my config.

Thank you.

Karthick Murugan · ‎11-22-2013

I am not sure if the DHCP service is enabled in the router.

conf ter

service dhcp

Please check the same.

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285

Forbes Jenalyn Rose · ‎11-22-2013

Hi Karthick,

"service dhcp" is already enabled.

Still no luck.

cadet alain · ‎11-22-2013

Hi,

access-list 199 permit udp any eq bootpc any eq bootps

access-list 199 permit udp any eq bootps any eq bootpc

do debug ip pack detail 199

Try to get a DHCP address from one of the hosts connected to the switch and post log output from router

Regards

Alain

Don't forget to rate helpful posts.

Forbes Jenalyn Rose · ‎11-22-2013

Hi Alain,

I did this and here's the output.

my-gw-1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

my-1(config)#access

my-1(config)#$ 199 permit udp any eq bootpc any eq bootps

my-1(config)#$ 199 permit udp any eq bootps any eq bootpc

my-gw-1(config)#^Z

my-gw-1#

my-gw-1#debug ip pack detail 199

IP packet debugging is on (detailed) for access list 199

my-gw-1#term mon

my-gw-1#

*Nov 23 00:44:09.296: DHCPD: checking for expired leases.

*Nov 23 00:46:09.296: DHCPD: checking for expired leases.

I disable/re-enable the interface from the switch where the pc is connected. It's the one trying to get the dhcp ip address.

Still not working.

cadet alain · ‎11-23-2013

Hi,

it seems like you're not receiving any dhcp packet from the host , to rule out the logging on the router can you do this:

undebug all

conf t

access-list 198 permit icmp any any

do debug ip pack 198

and ping the router from the switch to see if you got logging output.

if you don't then verify logging with sh log and post output here.

if you got output for the ping then we'll have to take a look at the switches.

Regards

Alain

Don't forget to rate helpful posts.

Forbes Jenalyn Rose · ‎11-23-2013

Hi Alain,

Thank you for your reply.

Here's the output when I ping the router from the switch.

*Nov 23 16:35:22.708: IP: tableid=0, s=10.160.1.254 (FastEthernet0/1), d=10.160.1.1 (FastEthernet0/1), routed via RIB

*Nov 23 16:35:22.708: IP: s=10.160.1.254 (FastEthernet0/1), d=10.160.1.1 (FastEthernet0/1), len 50, rcvd 3

*Nov 23 16:35:22.708: IP: tableid=0, s=10.160.1.1 (local), d=10.160.1.254 (FastEthernet0/1), routed via FIB

*Nov 23 16:35:22.708: IP: s=10.160.1.1 (local), d=10.160.1.254 (FastEthernet0/1), len 50, sending

I have posted the switch config on top. Please advise.

Thanks,

Jenalyn

cadet alain · ‎11-23-2013

Hi,

Can you assign a static IP to a host in vlan 30 and ping the router 10.160.1.1 and tell us if you are successful.

What port on the switch is connected to router and to host in vlan 30 ?

Also on router you can edit your nat ACL:

ip access-list extended nat

no 20

and modify your static route:

no ip route 10.160.0.0 255.255.224.0 10.160.1.254

ip route 10.160.3.0 255.255.255.0 10.160.1.254

ip route 10.160.10.0 255.255.255.0 10.160.1.254

if the static host can communicate with the router and still a host configured with ipconfig/release and ipconfig/renew can't get an IP then we can try to capture packets on the vlan 1 on the switch.

Regards

Alain

Don't forget to rate helpful posts.