DHCP Relay Issue on SG300

Taurus · ‎07-15-2020

Hello Fellows

I have an Windows Based DHCP server and I a PC which I'd like to get IP from this DHCP server

My PC is connected to Cisco SG300 Switch and is access VLAN 8 , My DHCP server is on VLAN 7.

Cisco SG300 is a Layer 2 switch and it's default gateway is VLAN 1.

All these VLANs are being terminated on firewall and they all have open access to each other( I tested this this , if I assign an static IP from VLAN 8 range to that PC I can ping any subnet.)

Problem is that I think for some reason my DHCP Relay does not work since that pc cannot get IP from DHCP server.

I'd really appreciate it if someone can help me figure out what the problem is

Switch is configuration as bellow

ip dhcp relay address 10.10.77.22 (this IP is in VLAN 7)
ip dhcp relay enable
ip dhcp information option

interface vlan 1
ip address 10.10.200.0 255.255.255.0
no ip address dhcp

ip default-gateway 10.10.200.254

interface vlan 8
ip dhcp relay enable

(PC Port)

interface gigabitethernet12
switchport mode access
switchport access vlan 8

---------------------------

show ip dhcp relay output:

DHCP relay is Enabled
Option 82 is Enabled
Maximum number of supported VLANs without IP Address is 256
Number of DHCP Relays enabled on VLANs without IP Address is 1
DHCP relay is not configured on any port.
DHCP relay is enabled on Vlans: 8
Active: 8
Inactive:
Servers: 10.10.77.22
CAV-BL-ACCS-SW2#15-Jul-2020 16:39:15 %LINK-W-Down: gi12
15-Jul-2020 16:39:19 %LINK-I-Up: gi12
15-Jul-2020 16:39:24 %STP-W-PORTSTATUS: gi12: STP status Forwarding

Thank you in advance

balaji.bandi · ‎07-15-2020

If this Switch Pure Layer 2, then Look at where Layer 3 interface for VLAN8 - DHCP relay to tell where the DHCP Server is.

what firewall?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Taurus · ‎07-15-2020

Hi Blaaji
thanks for your reply , it is a WatchGuard Firewall
So you menan DHCP relay configuration should be done on the firewall
instead?

Georg Pauwen · ‎07-15-2020

Hello,

the DHCP relay configuration on the switch looks by the book. Have you tried to configure 'spanning-tree portfast' on the PC connected ports ?

Taurus · ‎07-15-2020

Yes , I just did , but no change :(

balaji.bandi · ‎07-16-2020

Can you also clarify, below points also provide relevant configuration?

1. can you post the configuration of the port connected to the Firewall ? - do you have allowed VLAN 8 and VLAN 7 in that port?

2. Do you see the request coming to your firewall, is there any Logs you a view? is the PC request really reaching DHCP Server?

other suggestion try to add helper address :

ip helper-address all x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Taurus · ‎07-16-2020

Hi Balaji

Sure

Each Subnet has it is own connection to Firewall and each one is access port and Firewall do the routing between the subnet , Please see bellow

interface gigabitethernet48
description To_Port05_on_Firewall_for_VLAN8
switchport mode access
switchport access vlan 8

interface gigabitethernet27
description To_Port06_On_Firewall_for_New_Data_Vlan_7
switchport mode access
switchport access vlan 7

Also As you can see I have trunk connection to my ESXi as my DHCP Server is in Vlan 7 and on a vmware I allowed vlans 7 and 20(DMZ) on that port

interface gigabitethernet31
description To_VMNIC7_on_ESXI04
switchport trunk allowed vlan add 7,20
!
interface gigabitethernet32
description To_VMNIC3_on_ESXI1
switchport trunk allowed vlan add 7,20

2. Do you see the request coming to your firewall, is there any Logs you a view? is the PC request really reaching DHCP Server?

I have Just captured traffic on DHCP server I see couple of DHCP Discover requests coming to DHCP server from the Switch that I enabled DHCP Relay on but I don't see any offer request destined to switch , These packets are coming from Firewall

Src:WatchGua_da:50:84 Dst: VMware:38:08

and I know DHCP server is fine because when I put dhcp relay on Firewal(for vlan 8) PC gets IP from dchp qucikly