07-15-2020 01:30 PM - edited 07-15-2020 01:43 PM
Hello Fellows
I have an Windows Based DHCP server and I a PC which I'd like to get IP from this DHCP server
My PC is connected to Cisco SG300 Switch and is access VLAN 8 , My DHCP server is on VLAN 7.
Cisco SG300 is a Layer 2 switch and it's default gateway is VLAN 1.
All these VLANs are being terminated on firewall and they all have open access to each other( I tested this this , if I assign an static IP from VLAN 8 range to that PC I can ping any subnet.)
Problem is that I think for some reason my DHCP Relay does not work since that pc cannot get IP from DHCP server.
I'd really appreciate it if someone can help me figure out what the problem is
Switch is configuration as bellow
ip dhcp relay address 10.10.77.22 (this IP is in VLAN 7)
ip dhcp relay enable
ip dhcp information option
interface vlan 1
ip address 10.10.200.0 255.255.255.0
no ip address dhcp
ip default-gateway 10.10.200.254
interface vlan 8
ip dhcp relay enable
(PC Port)
interface gigabitethernet12
switchport mode access
switchport access vlan 8
---------------------------
show ip dhcp relay output:
DHCP relay is Enabled
Option 82 is Enabled
Maximum number of supported VLANs without IP Address is 256
Number of DHCP Relays enabled on VLANs without IP Address is 1
DHCP relay is not configured on any port.
DHCP relay is enabled on Vlans: 8
Active: 8
Inactive:
Servers: 10.10.77.22
CAV-BL-ACCS-SW2#15-Jul-2020 16:39:15 %LINK-W-Down: gi12
15-Jul-2020 16:39:19 %LINK-I-Up: gi12
15-Jul-2020 16:39:24 %STP-W-PORTSTATUS: gi12: STP status Forwarding
Thank you in advance
07-15-2020 01:44 PM - edited 07-15-2020 01:46 PM
If this Switch Pure Layer 2, then Look at where Layer 3 interface for VLAN8 - DHCP relay to tell where the DHCP Server is.
what firewall?
07-15-2020 01:58 PM
07-15-2020 02:14 PM
Hello,
the DHCP relay configuration on the switch looks by the book. Have you tried to configure 'spanning-tree portfast' on the PC connected ports ?
07-15-2020 02:19 PM
07-16-2020 01:07 AM
Can you also clarify, below points also provide relevant configuration?
1. can you post the configuration of the port connected to the Firewall ? - do you have allowed VLAN 8 and VLAN 7 in that port?
2. Do you see the request coming to your firewall, is there any Logs you a view? is the PC request really reaching DHCP Server?
other suggestion try to add helper address :
ip helper-address all x.x.x.x
07-16-2020 06:34 AM - edited 07-16-2020 07:10 AM
Hi Balaji
Sure
Each Subnet has it is own connection to Firewall and each one is access port and Firewall do the routing between the subnet , Please see bellow
interface gigabitethernet48
description To_Port05_on_Firewall_for_VLAN8
switchport mode access
switchport access vlan 8
interface gigabitethernet27
description To_Port06_On_Firewall_for_New_Data_Vlan_7
switchport mode access
switchport access vlan 7
Also As you can see I have trunk connection to my ESXi as my DHCP Server is in Vlan 7 and on a vmware I allowed vlans 7 and 20(DMZ) on that port
interface gigabitethernet31
description To_VMNIC7_on_ESXI04
switchport trunk allowed vlan add 7,20
!
interface gigabitethernet32
description To_VMNIC3_on_ESXI1
switchport trunk allowed vlan add 7,20
2. Do you see the request coming to your firewall, is there any Logs you a view? is the PC request really reaching DHCP Server?
I have Just captured traffic on DHCP server I see couple of DHCP Discover requests coming to DHCP server from the Switch that I enabled DHCP Relay on but I don't see any offer request destined to switch , These packets are coming from Firewall
Src:WatchGua_da:50:84 Dst: VMware:38:08
and I know DHCP server is fine because when I put dhcp relay on Firewal(for vlan 8) PC gets IP from dchp qucikly
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide