DHCP relay not working

Marvin de Haas · ‎05-01-2014

dear all,

I am trying to configure DHCP relay by using ip helper addresses. Strange enough I configured the ip helper addresses properly but the DHCP requests are not being forwarded. Very strange this behavior. I configured it on other similar devices exactly the same, but on this device it is not working.

When I debug the DHCP broadcast a see a strange message about;

00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, rcvd 2
00:14:01: UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, stop process pak for forus packet

http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html

I really don't understand why the DHCP broadcast is not being forwarded. There is no ACL configured on the gateway. IP routing is enabled. Also I did an ping request from the gateways IP address to the DNS IP destination succesfully so routing is no issue at all.

The configuration is as follows;

interface Vlan1
ip address 192.168.27.254 255.255.255.0
ip helper-address 10.234.66.140
ip helper-address 10.234.66.141
ip helper-address 10.234.66.146
!
interface Vlan3
ip address 10.1.65.254 255.255.255.0
ip helper-address 10.234.66.140
ip helper-address 10.234.66.141
ip helper-address 192.168.27.24
!
interface Vlan10
ip address 10.1.67.254 255.255.255.0
ip helper-address 10.234.66.140
ip helper-address 10.234.66.141
ip helper-address 192.168.27.24
!
interface Vlan11
ip address 10.1.68.254 255.255.255.0
ip helper-address 10.234.66.140
ip helper-address 10.234.66.141
ip helper-address 192.168.27.24

Only the vlan 1 is not working properly with DHCP relay, but the rest is working fine.

Does someone have any idea what is going on here?

E, sendself FALSE, mtu 0, fwdchk FALSE pak 492D990 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 554AD2C consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 553CD64 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4920F70 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 553DF70 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 492217C consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 553F518 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 55411F8 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4925068 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 5542068 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4925ED8 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4926610 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, input feature
00:14:01:     UDP src=68, dst=67, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, rcvd 2
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, stop process pak for forus packet
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, input feature
00:14:01:     UDP src=68, dst=67, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, rcvd 2
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 347, stop process pak for forus packet
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, input feature
00:14:01:     UDP src=68, dst=67, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
00:14:01: FIBipv4-packet-proc: route packet from Vlan1 src 0.0.0.0 dst 255.255.255.255
00:14:01: FIBfwd-proc: Default:255.255.255.255/32 receive entry
00:14:01: FIBipv4-packet-proc: packet routing failed
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, rcvd 2
00:14:01:     UDP src=68, dst=67
00:14:01: IP: s=0.0.0.0 (Vlan1), d=255.255.255.255, len 360, stop process pak for forus packet
00:14:01:     UDP src=68, dst=67pak 5544BB8 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE pak 4929898 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Emmanouil Patiniotakis · ‎05-01-2014

Can you ping the DHCP servers from source IP 192.168.27.254?

Marvin de Haas · ‎05-01-2014

Nlsw201p>en
Password:
Nlsw201p#
Nlsw201p#
Nlsw201p#ping
Protocol [ip]:
Target IP address: 10.234.66.140
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.27.254
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.234.66.140, timeout is 2 seconds:
Packet sent with a source address of 192.168.27.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/17 ms
Nlsw201p#

Robert Falconer · ‎05-01-2014

Can you provide an output of show ip route?

Marvin de Haas · ‎05-08-2014

Nlsw201p#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.71.1 to network 0.0.0.0

C    192.168.27.0/24 is directly connected, Vlan1
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.1.67.0/24 is directly connected, Vlan10
C       10.1.65.0/24 is directly connected, Vlan3
C       10.1.71.0/30 is directly connected, GigabitEthernet1/0/21
C       10.1.68.0/24 is directly connected, Vlan11
O*E2 0.0.0.0/0 [110/1] via 10.1.71.1, 6d16h, GigabitEthernet1/0/21

10.1.71.1 is de default gateway

Florin Barhala · ‎05-08-2014

Let's recap this a bit; you have several SVIs. Originally you stated there's an issue with Vlan 1 and the rest is working. Now it's just Vlan 10 that really works?

Also on Vlan 10, which DHCP server offers IPs? All three or just one? Did you split the DHCP scope accordingly?

Finally do you have any kind of DHCP Snooping enabled on your network?

Marvin de Haas · ‎05-12-2014

since the beginning only vlan 1 does not work other vlans do work properly with DHCP relay. There is no IP DHCP snooping enabled on the switch.

When requesting an IP address it is not being relayed but it is configured properly. I just cannot understand why. Other vlans are being relayed properly.

Srin_G · ‎05-12-2014

could you try using one ip helper and remove the others!

Marvin de Haas · ‎06-18-2014

Sorry for the late reply was on holiday. Removing the other IP helper addresses doesn't seam to work. Strange enough one day it worked for some minutes but nothing was changed. Still it doesn't work at this moment. Actually it is really weird and I don't get it.

Morgan Andersson · ‎08-19-2016

Hi,

I have exactly the same problem, have you found a solution?

//Morgan

Marvin de Haas · ‎06-18-2014

Only vlan 1 is not working. The other vlans work fine with exactly the same ip helper addresses. DHCP scopes are being split properly. The problem is that the switch does not forward broadcasts wihin the vlan 1 domain otherwise I could see the incoming DHCP relay traffic. DHCP snooping is not enabled. If I do an extended ping from the SVI IP address to the destination IP helper is finishes succesfully, so IP routing is no problem also.

Florin Barhala · ‎05-02-2014

Can you also post show ip protocols ?

I would also try this:

interface vlan 1

no ip address

interface loopback 112

ip address 192.168.27.254 255.255.255.0

ip helper-address 10.234.66.140

Marvin de Haas · ‎05-08-2014

Nlsw201p#sh ip protocols
*** IP Routing is NSF aware ***

Routing Protocol is "ospf 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.27.254
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
    10.1.65.0 0.0.0.255 area 0
    10.1.67.0 0.0.0.255 area 0
    10.1.68.0 0.0.0.255 area 0
    10.1.71.0 0.0.0.3 area 0
    192.168.27.0 0.0.0.255 area 0
Routing Information Sources:
    Gateway         Distance      Last Update
    10.121.115.244       110      6d16h
Distance: (default is 110)

I would like to try the loopback but that will cause production disruptions, so I have to do that in a maintenance window.

I configured some vlans with the same DHCP relay and only DHCP relay from vlan 10 seems to work. I have no ACL's configured. Other similar locations with almost same configuration do work.

IP connectivity is also no problem for all vlans

interface Vlan1
ip address 192.168.27.254 255.255.255.0
ip helper-address 10.234.66.140
ip helper-address 10.234.66.141
ip helper-address 10.234.66.146
!
interface Vlan3
ip address 10.1.65.254 255.255.255.0
ip helper-address 10.234.66.140
ip helper-address 10.234.66.141
ip helper-address 192.168.27.24
!
interface Vlan10
ip address 10.1.67.254 255.255.255.0
ip helper-address 10.234.66.140
ip helper-address 10.234.66.141
ip helper-address 192.168.27.24

So why does vlan 10 work and the rest not?? I can explain that vlan 3 is not showing traffic because there are no clients inside the local LAN, so only vlan 1 is not working.

Emmanouil Patiniotakis · ‎05-02-2014

Do you have cef enabled?

Marvin de Haas · ‎05-08-2014

Vlan1 is up (if_number 2069)
Corresponding hwidb fast_if_number 2069
Corresponding hwidb firstsw->if_number 2069
Internet address is 192.168.27.254/24
ICMP redirects are always sent
IP unicast RPF check is disabled
Output features: Check hwidb
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is Vlan1
Fast switching type 1, interface type 147
IP CEF switching enabled
IP CEF switching turbo vector
IP Null turbo vector
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 2069(2069)
Slot 0 Slot unit 1 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500
Vlan3 is up (if_number 2071)
Corresponding hwidb fast_if_number 2071
Corresponding hwidb firstsw->if_number 2071
Internet address is 10.1.65.254/24
ICMP redirects are always sent
IP unicast RPF check is disabled
Output features: Check hwidb
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is Vlan3
Fast switching type 1, interface type 147
IP CEF switching enabled
IP CEF switching turbo vector
IP Null turbo vector
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 2071(2071)
Slot 0 Slot unit 3 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500
Vlan10 is up (if_number 2078)
Corresponding hwidb fast_if_number 2078
Corresponding hwidb firstsw->if_number 2078
Internet address is 10.1.67.254/24
ICMP redirects are always sent
IP unicast RPF check is disabled
Output features: Check hwidb
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is Vlan10
Fast switching type 1, interface type 147
IP CEF switching enabled
IP CEF switching turbo vector
IP Null turbo vector
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 2078(2078)
Slot 0 Slot unit 10 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500
Vlan11 is up (if_number 2079)
Corresponding hwidb fast_if_number 2079
Corresponding hwidb firstsw->if_number 2079
Internet address is 10.1.68.254/24
ICMP redirects are always sent
IP unicast RPF check is disabled
Output features: Check hwidb
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is Vlan11
Fast switching type 1, interface type 147
IP CEF switching enabled
IP CEF switching turbo vector
IP Null turbo vector
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 2079(2079)
Slot 0 Slot unit 11 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500