Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
4
Helpful
10
Replies

HSRP ON NEXUS N9K CANNOT WORK WITH IP DHCP RELAY

Hashen
Level 1
Level 1

‎09-05-2024 01:02 AM

Hello,
I had an infrastructure with a Nexus 9k3 ​​at the core level. We recently decided to make a core in HA (a second Nexus was added) in VPC. At the access layer level, they are C9200. The DHCP server is on another device so an IP dhcp relay is configured on each N9k3, but the gateways are on the N9k3_1. At this level everything works

My problem as soon as I configure HSRP (version 2) on the 2 nexus to put the gateways in VIP, users can no longer have IP addresses.

below the VPC domain configuration between the 2 N9k3

NEXUS 1
vpc domain 100
peer-switch
role priority 1
system-priority 1
peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf vpc-keepalive
delay restore 3
auto-recovery
ip arp synchronize

NEXUS 2
vpc domain 100
peer-switch
role priority 2
system-priority 1
peer-keepalive destination 10.1.1.1 source 10.1.1.2 vrf vpc-keepalive
delay restore 3
auto-recovery
ip arp synchronize

 

in attached file the architecture

Does anyone have an idea to support me.

Labels:
Preview file
66 KB
10 Replies 10

Enes Simnica
Level 1
Level 1

‎09-05-2024 01:11 AM

hello @Hashen. Looks like the issue you're encountering with DHCP after configuring HSRP on your Nexus 9K switches is likely related to how HSRP and DHCP relay interact. Since the DHCP relay was previously working with static gateways on Nexus 1, adding HSRP could be causing some conflicts.

I would check a few things....:

  1. Relay Configuration: Ensure the IP helper-address is set for the HSRP VIP, not the physical interfaces.

  2. DHCP Forwarding: Make sure both Nexus switches are relaying DHCP requests correctly, even when one is in standby.

  3. ARP Sync: Confirm that ARP synchronization between the two Nexus switches is working properly.

  4. HSRP Priority: Check HSRP priorities and preemption to avoid any role flapping that could disrupt DHCP.

  5. VPC Peer-Link: Ensure the VPC peer-link is stable, as issues here can impact DHCP relay.

  6. Logs: Review DHCP logs or use debug commands to see if there’s an issue with the relay.

some commands that can help:

ip arp synchronize
show ip dhcp snooping
debug ip dhcp relay packet

I believe these steps should help resolve the issue. Great topology, by the way!

-Enes

more Cisco?!
more Gym?!
0 Helpful

Hashen
Level 1
Level 1
In response to Enes Simnica

‎09-05-2024 01:42 AM

Hi @Enes Simnica 

thanks for your contribution.
i will check the debug commands and give you a feedback.

ip arp syncho is already configured.

at the HSRP configuration level, here is the following:

NEXUS 1

interface Vlan141
description "STOR"
no shutdown
no IP redirect
IP address 192.168.140.2/24
hsrp version 2
hsrp 140
preempt
priority 110
ip 192.168.141.1
DHCP IP relay address 20.20.21.1

NEXUS 2

interface Vlan141
description "STOR"
no shutdown
no IP redirect
IP address 192.168.140.3/24
hsrp version 2
hsrp 140
preempt
priority 105
ip address 192.168.141.1
DHCP IP relay address 20.20.21.1

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Hashen

‎09-09-2024 03:49 AM

Hello @Hashen ,

your HSRP VIP 192.168.141.1 looks like to be on a different IP subnet then interface SVI address 192.168.140.2/24.

Probably it is just a mistyping error  in preparing the post.

Hope to help

Giuseppe

 

0 Helpful

Enes Simnica
Level 1
Level 1

‎09-05-2024 01:17 AM

BTW, the configuration looks good.

 
more Cisco?!
more Gym?!

MHM Cisco World
VIP
VIP

‎09-05-2024 01:22 AM

Add under vpc domain 

Peer-gateway

MHM

0 Helpful

Hashen
Level 1
Level 1
In response to MHM Cisco World

‎09-05-2024 01:46 AM

I had added it, that was the configuration
vpc domain 100
peer-switch
role priority 1
system-priority 1
peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf vpc-keepalive
peer-gateway
layer3 peer-router
auto-recovery
ip arp synchronize
delay restore 3

It didn't work and then i removed it. but apparently that wasn't the problem. i'll put it back.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Hashen

‎09-05-2024 01:50 AM

Peer-gateway

Need to add to both NSK

The issue is the dhcp is send as unicast source from vlan SVI IP and it retrun to hsrp peer not to same router send unicast dhcp, here without Peer-gateway the traffic will drop

Try add it and check 

MHM

0 Helpful

paul driver
VIP
VIP

‎09-05-2024 07:49 AM

Hello
Upstream towards the NK3s and the DHCP server, make sure dhcp is trusted on any trunk interconnects

int x/x
ip dhcp snooping trust


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hashen
Level 1
Level 1

‎09-09-2024 12:38 AM

Hello everyone, @Enes Simnica @paul driver @MHM Cisco World 

I have noted your observation. However the result remains the same (Unfortunately, I lost the debug).However I recently read somewhere that the HSRP VIP has several limitations including the impossibility of being a source of DHCP requests.

Below is the link. The precise part in the attached file.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/unicast/configuration/guide/b-cisco-nexus-9000-series-nx-os-unicast-routing-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-unicast-routing-configuration-guide-93x_cha... 

Observations.... please

Preview file
142 KB

MHM Cisco World
VIP
VIP
In response to Hashen

‎09-09-2024 12:46 AM

Friend that in case you force NSK use HSRP VIP as source of DHCP relay

Use etheranalyzer to see if packet is recieve from server or not and what is source of frame 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card