Solved: Re: DHCP relay issue with Nexus 3K

elie_ibrahim34 · ‎04-30-2018

Hello all,

I have a strange issue with some Cisco IP Phones.

Recently we installed a couple of Nexus 3548 in our network, they are configured with vPC and HSRP, there are 2 catalyst 9300's for distribution connected via port-channel to the Nexuses.The problematic phones are plugged into an access switch connected to the distribution switch.

The problem i have is that my phones are not getting dhcp addresses from our server on a different subnet.

I have the dhcp feature enabled and configured the ip dhcp relay address under all my SVI's.

A wireshark capture shows the DHCP Discover transaction as being a broaddcast. Correct me if im wrong, but this should be a unicast request?

I have built a test vm that i placed in the same vlan as my phones, and i do get an IP via DHCP.

Any ideas? Your help is greatly appreciated!

elie_ibrahim34 · ‎06-01-2018

Working on this with TAC

Closing this thread

View solution in original post

elie_ibrahim34 · ‎04-11-2019

Upgrade to 9.2.2 . This worked for me

View solution in original post

Georg Pauwen · ‎04-30-2018

Hello,

the phones need option 82, do you have that configured globally with the 'ip dhcp relay information option' command ?

elie_ibrahim34 · ‎04-30-2018

Hi Georg,

Yes i have it configured

Also when i issue the command show ip dhcp relay, i see

sh ip dhcp relay
DHCP relay service is enabled
Insertion of option 82 is enabled
Insertion of option 82 customize circuitid is disabled
Insertion of VPN suboptions is disabled
Insertion of cisco suboptions is disabled
Global smart-relay is disabled
Relay Trusted functionality is disabled
Relay Trusted Port is Globally disabled
V4 Relay Source Address HSRP is Globally disabled

Thanks for your help

Georg Pauwen · ‎04-30-2018

Try to enable the cisco sub-option:

ip dhcp relay sub-option type cisco

elie_ibrahim34 · ‎04-30-2018

I just did, however still no success

The wireshark capture still shows DHCP Discover and DHCP Offer, both are broadcasts...

Successfull dhcp requests shows the DHCP Discover and Offer as Unicast in the BootP protocol

Also, i have other phones connected to the same switch that are functionnal

Georg Pauwen · ‎04-30-2018

Hello,

odd indeed. I assume the hosts are actually in a different subnet than the relay server ?

Could be a bug, which version are you running ?

elie_ibrahim34 · ‎04-30-2018

Yes indeed the hosts are on vlan 33 and the dhcp server is on vlan 32.

The version im running on the nexus is NXOS: version 7.0(3)I7(3)

Georg Pauwen · ‎04-30-2018

Hello,

I'll check for bugs. In the meantime, if possible, try and reload the switch...that sometimes helps...

elie_ibrahim34 · ‎04-30-2018

Thanks for the help, rebooting the switch is a must, i'll have to schedule a window

I will report back if that fixes the issue

Thanks

elie_ibrahim34 · ‎05-01-2018

I confirm rebooting the switch did NOT solve this issue.

In fact it made matters worse, no IP Phone connected to that access switch is now getting and IP from the DHCP

Thanks for any input!

Georg Pauwen · ‎05-01-2018

Hello,

you have more of the 3548 switches, do any of the other ones have the same problem ?

elie_ibrahim34 · ‎05-02-2018

No these are the only 3548's we have at this site.

This issue only seems to be impacting Cisco IP Phone for some reason

Georg Pauwen · ‎05-02-2018

Hello,

can you post the config of one of the switches ? I just want to check how your voice vlan is configured...

elie_ibrahim34 · ‎05-02-2018

Below is the config for the SVI for the voice vlan of the active router in the hsrp config, ip's are changed for our purposes

interface Vlan33
no shutdown
no ip redirects
ip address 192.168.33.2/24
no ipv6 redirects
hsrp 33
preempt delay minimum 300
priority 130
ip 192.168.33.1
ip dhcp relay address 192.168.32.223

Interesting to note that a vm placed in that same subnet is able to get an IP from the DHCP.

Also the dhcp scope includes option 150 pointing towards the TFTP server for Cisco Phones

Georg Pauwen · ‎05-02-2018

Hello,

on the older IOS switches you could tie the IP helper addresses to redundancy groups, thus avoiding the broadcasts being converted and sent from both the active and the standby switch. There doesn't seem to be that option in NX-OS. That said, is it possible for testing purposes to disable the HSRP and check if that makes a difference ?