Re: DHCP Relay Not Working.

eng.khaled.omar · ‎09-23-2019

Hi All,

We have 4 sites, each site has its DHCP server, we changed that to be one DHCP server at the HQ office and all other sites will be assigned TCP/IP configuration from that one DHCP server.

On each site, we configured DHCP Relay "ip-helper address" on the core switch on each interface vlan, only one remote site worked fine and its clients are assigned TCP/IP configuration from the DHCP located at the HQ, but the other two sites are not obtaining.

I captured the packets at the core switch and found there is a packet with source IP (the interface vlan IP address) and destination IP (the DHCP Server IP address), but this packet is not reaching the DHCP server, found only discover packets on the capture with no offers.

I captured the packets at the router after the core switch but found nothing, even the discover packet is not appearing, we have DHCP snooping configured on the core and all its interfaces are configured with "ip dhcp snooping trust".

What could be the issue of preventing the discover packet from reaching the DHCP server, and by the way, I can ping the DHCP server from the core switch successfully.

Thanks,

Khaled

Georg Pauwen · ‎09-23-2019

Hello,

what is the difference (if any) in the configuration between the 'working' site and the 'non-working' site ? If possible, post the configurations of the devices involved in both working and non-working sites...

eng.khaled.omar · ‎09-23-2019

Hi,

You can find two configuration files attached, one for the working site, and the other for the non-working site.

Thanks,

Khaled

Georg Pauwen · ‎09-23-2019

Hello,

the working site has EIGRP enabled, the non working site does not. Where else in the path towards the DHCP server do you have EIGRP configured ? Since you are using iBGP, the EIGRP routes would be preferred.

It might be a good idea to post a schematic drawing of your topology so we can see what is connected to what...

eng.khaled.omar · ‎09-23-2019

Hi,

The core switch is connected to a CE router and there is iBGP between the core and the router, then to the MPLS network to the other site.

Regards,

Khaled

paul driver · ‎09-23-2019

Hello

we have dhcp snooping on the core

Suggest you remove this from the core, Dhcp snooping should ONLY be applied on access layer switches NOT the core switch

Also check the switches to see if option 82 is enabled when you've enabled dhcp snooping I have found sometimes the dhcp sever isn't compatible with this option being applied to dhcp requests.

.

sh ip dhcp snooping

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

eng.khaled.omar · ‎09-23-2019

Hi,

As you saw, DHCP snooping is also enabled on the working site, and the output of the "show ip dhcp snooping" on both sites shows that all interfaces are trusted.

Regards,

Khaled

paul driver · ‎09-23-2019

Hello

Either way snooping shouldn't be applied to the cores switches, it a layer 2 feature and should be applied only to the access layer

@eng.khaled.omar wrote:
I captured the packets at the core switch and found there is a packet with source IP (the interface vlan IP address) and destination IP (the DHCP Server IP address), but this packet is not reaching the DHCP server

What could be the issue of preventing the discover packet from reaching the DHCP server, and by the way, I can ping the DHCP server from the core switch successfully.

Would this include pinging the dhcp server sourced from each the L3 SVI address on the core?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

eng.khaled.omar · ‎09-23-2019

Would this include pinging the dhcp server sourced from each the L3 SVI address on the core? Yes, i can ping the DHCP server sourced from each of the L3 SVI from the core.

Georg Pauwen · ‎09-23-2019

Hello,

what are the access ports on the switches where the end clients are connected to configured like ? Do they have 'spanning-tree portfast' enabled ?

eng.khaled.omar · ‎09-23-2019

Hi, The access switch ports are configured as follows: switchport access vlan 20 switchport mode access spanning-tree portfast

Georg Pauwen · ‎09-23-2019

Hello,

the vtp mode on the non-working site switch is set to transparent, what is the vtp mode (show vtp status) on the working site switch ?

eng.khaled.omar · ‎09-23-2019

The VTP mode on the working-site switch is Server and the VTP mode on the non-working site switch is Transparent.

Georg Pauwen · ‎09-23-2019

Set the vtp mode to 'server' as well on the non-working switch:

Switch(config)#vtp mode server

paul driver · ‎09-23-2019

Hello

From working site and non working site do you get different paths?

traceroute 10.26.1.161 numeric

Also can you post the output from the below
access-list 110 permit udp any any
debug ip packet detail 110
debug ip dhcp server packet

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul