Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2267
Views
8
Helpful
8
Replies

IP helper address behaviour

suthomas1
Level 6
Level 6

‎07-18-2017 08:58 PM - edited ‎03-08-2019 11:22 AM

Hello everyone,

If ip-helper address(for a dhcp server) is configured on a switch vlan SVI , will the following sequence in capture is the expected outcome whenever a client needs a dhcp ip address.

packet 1 - host mac sends broadcast as discover msg
packet 2 - source is seen as mac address of SVI vlan , with source ip being ip of switches SVI Vlan interface
packet 3 - source host mac requests for offered ip from packet 2
packet 4 - svi source mac & svi ip send a broadcast ack for packet 3
packet 5 - source host sends out a broadcast arp to check if the assigned ip belongs to anyone else
packet 6 - one of the other host sends out a reply to actual host indicating it has the ip , resulting in conflict

packet 2 & 4 seem to involve the gateway device's SVI mac and ip address  in use, rather than the actual dhcp
server. Is this the expected way of working if helper address is configured on an SVI? does the actual dhcp server mac not reflect in the conversation?

Also, if anyone can tell me as a conflict is detected, will this not be the dhcp server to check if the ip being given is currently in use by another host.

Appreciate all reply.

Labels:
0 Helpful
8 Replies 8

Sunil Gajjar
Level 1
Level 1

‎07-28-2017 02:44 AM

Packet 2 (DHCP-Offer) & 4 (DHCP-Ack) will involve the gateway devices's SVI IP address as a "Relay agent IP address" and will use Host MAC only as "Client MAC address" on packet traces.

Regarding your question about ip conflict, the process will remain same and IP Conflicts would be still detected with your scenario.

suthomas1
Level 6
Level 6
In response to Sunil Gajjar

‎08-06-2017 08:17 PM

If an ip conflict is detected for the user & if two arp entries for that mac is seen in the layer 3 devices, what does that indicate? & is that something of a problem with the router/switch or more for the dhcp server side.

0 Helpful

Sunil Gajjar
Level 1
Level 1
In response to suthomas1

‎08-08-2017 03:47 AM

Ir an IP Conflict is detected for the user then there could be below possibilities:

1> One of the two devices with same IP is assigned the IP manually and another via DHCP

2> A rogue DHCP server is serving IP addresses from the IP Pool as of the original DHCP server

3> This also happens when a DHCP server has restarted but the client has not rebooted, in this case the DHCP lease is not expired on the client machine so it will try to retain same IP but in the meanwhile DHCP has already assigned that IP to another client so in this scenario it will show up ip conflict, wherein ipconfig/release and ipconfig/renew on the machine showing ip conflict will fix the issue.

These are general possibilities, please provide specific details if it does not answer your question.

suthomas1
Level 6
Level 6
In response to Sunil Gajjar

‎08-09-2017 04:48 PM

Thanks for the reply again. On those lines, following are details.
Some users are seeing ip conflicts during logins. In the layer 3 device, multiple arp entries for the same user can be seen with different ip's & with different arp timeouts.

sh ip arp | i 7af2
Internet  192.168.96.145         42   50bd.9dc4.7af2  ARPA   Vlan11
Internet  192.168.96.52          43   50bd.9dc4.7af2  ARPA   Vlan11
Internet  192.168.96.18           0     50bd.9dc4.7af2  ARPA   Vlan11

a sniff trace, shows at certain time the user is given an ip , it detects a conflict by doing a arp broadcast & finally the user declining the ip due to conflict.
should the server be not checking the ip alloted is not in use before allotment?
is there any other things to look for, if the layer 3 router is not causing this ?

0 Helpful

Sunil Gajjar
Level 1
Level 1
In response to suthomas1

‎08-09-2017 11:09 PM

Did you try to find the device having MAC 50bd.9dc4.7af2?

As the MAC 50bd.9dc4.7af2 does not look to be a standard MAC so suspecting issue with the device presenting itself with the MAC.

0 Helpful

suthomas1
Level 6
Level 6
In response to Sunil Gajjar

‎08-09-2017 11:24 PM

that mac belongs to the user itself. probably the user was using 192.168.96.18 , however this couldn't be confirmed due to some other issues with access.

Assuming the mac is standard(my colleague may have copy/pasted the wrong one), what should be looked upon & will the layer 3 router be causing issues here?

0 Helpful

Sunil Gajjar
Level 1
Level 1
In response to suthomas1

‎08-10-2017 01:38 AM

There is another possibility of showing single MAC for multiple IPs on a L3 switch when L2 access switches are connected behind L3 switch so L3 switch will show the MAC of the interface from where it learned it, check if that is the case then it is something normal.

Check ipconfig/all output to ensure that the machine is receiving DHCP from a single DHCP server.

Check that the DHCP lease time is not too short < 30 min.

0 Helpful

Sunil Gajjar
Level 1
Level 1
In response to suthomas1

‎08-10-2017 01:45 AM

If the MAC belongs to a specific end device, did you verify DHCP lease time? You can check it using ipconfig/all output if it is a Windows machine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card