Solved: Re: IP helper-address not working in different segment vlans

maria.melendez · ‎03-03-2012

The dhcp server is located in vlan 100 and only vlan 100 is able to get the DHCP IP from it. The rest of the vlans are not getting DHCP request. Also, the network is getting intermittent disconnect after a Virtual Environment equipment started to have problems and the ports that they are using are trunking ports. The trunking ports has been disabled but the DHCP is still not working for additional vlans.

Service dhcp is enabled.

Thanks!

Richard Burts · ‎03-05-2012

Maria

Thank you for posting back to the forum indicating that the problem was solved and how you fixed it. VTP pruning was certainly not one of the things that I had thought about as a possible cause of this and it is interesting that this turned out to be the problem. Now that you have it working perhaps you want to mark this question as resolved?

HTH

Rick

HTH

Rick

View solution in original post

Reza Sharifi · ‎03-03-2012

Hi,

Please post your config (sh run).

Richard Burts · ‎03-03-2012

Maria

I agree with Reza that we do not have enough information yet to be able to give you good answers. In addition to posting the configuration I would ask that you specify what is the address of the DHCP server. We also need to know whether DHCP has worked in the past and stopped working or is it the case that DHCP has not ever worked on the other segment VLANs.

HTH

Rick

HTH

Rick

maria.melendez · ‎03-03-2012

Here's the config ... This is a catalyst 3750. Yes DHCP was working before properly. Yesterday stopped working, server has been rebooted and although the ip helper-address is not in vlan 100 is the only one working. I'll appreciate any information, thanks!

******************************************************************

version 12.2

no service pad

service tcp-keepalives-in

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

hostname router

boot-start-marker

boot-end-marker

logging console critical

enable secret 5 $1$fE0f$2YuK88Rj3xzIOnVg2kKjM.

username maria privilege 15 secret 5 $1$Q6RM$AMj5ByYAbaOi9nCWEW6No/

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login VTY group tacacs+ local

aaa authorization exec default local

aaa authorization network default local

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750-48ts

system mtu routing 1500

vtp interface g1/0/2

ip subnet-zero

no ip source-route

ip routing

no ip gratuitous-arps

no ip domain-lookup

ip domain-name abc.com

ip name-server 123.123.123.123

password encryption aes

crypto pki trustpoint TP-self-signed-13602432...rsakeypair TP-self-signed-13602432

crypto pki certificate chain TP-self-signed-13602432

certificate self-signed 01 ...

DFA50ED8 9FE8F40F 3CD0F1DA

B1D3823C DEE290AC C9D95DFF C8DF

quit

errdisable recovery cause security-violation

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree uplinkfast

vlan internal allocation policy ascending

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh version 2

interface Loopback0

ip address 10.10.10.10 255.255.255.255

interface FastEthernet1/0/1

switchport access vlan 6

switchport mode access

interface FastEthernet1/0/2

switchport access vlan 140

switchport mode access

shutdown

.....

interface FastEthernet1/0/47

switchport access vlan 140

switchport mode access

shutdown

interface FastEthernet1/0/48

switchport access vlan 4

switchport mode access

shutdown

no mdix auto

interface GigabitEthernet1/0/1

no switchport

ip address A.B.1.252 255.255.255.0

ip access-group border_in in

ip access-group border_out out

flowcontrol receive on

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet1/0/4

switchport trunk encapsulation dot1q

switchport mode trunk

interface Vlan1

shutdown

interface Vlan2

ip address A.B.2.254 255.255.255.0

interface Vlan4

ip address A.B.4.254 255.255.255.0

ip helper-address A.B.100.200

interface Vlan5

ip address A.B.5.254 255.255.255.0

ip helper-address A.B.100.200

interface Vlan6

ip address A.B.6.254 255.255.255.0

ip helper-address A.B.100.200

interface Vlan7

ip address A.B.7.254 255.255.255.0

interface Vlan13

ip helper-address A.B.100.200

...

interface Vlan100

ip address A.B.100.254 255.255.255.0

interface Vlan111

ip address A.B.111.254 255.255.255.0

ip default-gateway A.B.111.254

no ip classless

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

ip route 0.0.0.0 0.0.0.0 A.B.1.254

ip http server

ip http authentication local

ip http secure-server

ip access-list extended border_in

permit tcp host A.B.1.111 any

permit udp host A.B.1.111 any

permit tcp C.D.0.0 0.0.255.255 A.B.0.0 0.0.255.255 eq www

permit tcp C.D.0.0 0.0.255.255 A.B.0.0 0.0.255.255 eq 443

permit tcp C.D.0.0 0.0.255.255 A.B.0.0 0.0.255.255 eq 2222

deny tcp any A.B.0.0 0.0.255.255 eq 1 log

...

deny tcp any A.B.0.0 0.0.255.255 eq 47017 log

deny tcp any A.B.0.0 0.0.255.255 range 6711 6712 log

deny tcp any A.B.0.0 0.0.255.255 eq 6776 log

deny tcp any A.B.0.0 0.0.255.255 eq 6669 log

deny tcp any A.B.0.0 0.0.255.255 eq 2222 log

deny tcp any A.B.0.0 0.0.255.255 eq 7000 log

permit ip any any

ip access-list extended border_out

deny tcp A.B.0.0 0.0.255.255 any eq 1 log

deny udp A.B.0.0 0.0.255.255 any eq 1 log

deny tcp A.B.0.0 0.0.255.255 any eq echo log

deny udp A.B.0.0 0.0.255.255 any eq echo log

deny tcp A.B.0.0 0.0.255.255 any eq discard log

...

deny udp A.B.0.0 0.0.255.255 any eq snmp log

deny tcp A.B.0.0 0.0.255.255 any eq 162 log

deny udp A.B.0.0 0.0.255.255 any eq snmptrap log

deny udp A.B.0.0 0.0.255.255 any eq xdmcp log

permit tcp host A.B.101.175 C.D.0.0 0.0.255.255

permit udp host A.B.101.175 C.D.0.0 0.0.255.255

permit ip any any

logging history informational

logging source-interface Loopback0

logging A.B.2.231

snmp-server host A.B.2.230 seclee

snmp-server host A.B.2.231 seclee

tacacs-server host A.B.2.229

tacacs-server directed-request

line con 0

session-timeout 10

line vty 0 4

exec-timeout 5 0

login authentication VTY

transport input ssh

line vty 5 15

exec-timeout 5 0

login authentication VTY

transport input ssh

end

Reza Sharifi · ‎03-03-2012

Can the DHCP server ping A.B.100.254?

Can the DHCP server ping any other vlan's interface?

can you ping the DHCP IP from the switch?

ip default-gateway A.B.111.254

this is the interface of vlan 111 and should not be use as a default gateway. Default gateway needs to be the next hop IP address and not local SVI's IP address. Since you already have default route in your config, default-gateway should

be deleted.

HTH

maria.melendez · ‎03-03-2012

Can the DHCP server ping A.B.100.254? YES

Can the DHCP server ping any other vlan's interface? YES

can you ping the DHCP IP from the switch? YES but only from the router, not the additional switches.

Ok, thanks for the help!!

Richard Burts · ‎03-03-2012

Maria

The configuration that you posted shows several VLANs that do not have ip helper-address configured (VLANs 2, 7, and 111). If this is an accurate copy of the config then those VLANs would not be able to get address assignments from the DHCP server.

I am interested in your statement that :"can you ping the DHCP IP from the switch? YES but only from the router, not the additional switches" This makes me wonder if perhaps the default gateway on the server changed. If you were to take one of the PCs on a VLAN (perhaps vlan 4 or 5) and configure it with a static IP in the appropriate subnet, then would it be able to ping the DHCP server.

HTH

Rick

HTH

Rick

maria.melendez · ‎03-03-2012

Richard,

Yes, this config is accurate and only VLAN 4, 5, 6, are using the ip helper-address and are supposed to get the DHCP IP addresses. We have machines using static ips ( in vlan 5 and 6) and we can ping the DHCP server. But because other machines are trying to get IPs from DHCP, the network is dropping packets.

Sorry for the confusion, I have a main router and 3 additional switches(Catalyst 4506) connected in different floors. Forget about my comment, I'm not going to be able to ping from the switches any device other than my network machines, this is not permitted by ACL.

acampbell · ‎03-03-2012

Maria,

Are the scopes on the DHCP server configured under a SUPERSCOPE.

If they are you need to remove/delete the SUPERSCOPE, just leave each scope as an

independant entity.

Regards

Alex

Regards, Alex. Please rate useful posts.

maria.melendez · ‎03-03-2012

Acampbell,

Not sure if I understand right the superscope concept. Can you explain it ? I'm not the DHCP server administrator. We have all the VLan scopes defined in our DHCP server A.B.100.200.

Thanks!

acampbell · ‎03-04-2012

Maria,

You need to ask yor DHCP server administrator if they have set up the scope that you reequire under

a SUPERSCOPE.

SUPERSCOPE--MARIAS-VLANS

-MARIA SCOPE 1 VLAN-A

-MARIA SCOPE 2 VLAN-B

-MARIA SCOPE 3 VLAN-C

----etc

SUPERSCOPES are not compatable with the type of working you need.

They are used to supply Muliple IP Subnets to a single broadcast domain.

You ar using 1 SUBNET per VLAN (Broadcast domain) each of your scopes to be individual.NO SUPERSCOPE

MARIA SCOPE 1 VLAN-A

MARIA SCOPE 2 VLAN-B

MARIA SCOPE 3 VLAN-C

----etc

May be helpful

Regards

Alex

Regards, Alex. Please rate useful posts.

Richard Burts · ‎03-04-2012

Alex

In a previous post in this thread Maria says that the DHCP server was working and then stopped working. From that I believe that we can deduce that the issue is not superscope.

Maria

If PCs in VLANs 5 and 6 with static addresses can ping the DHCP server then this demonstrates that the problem is not basic IP connectivity to the DHCP server and is not a problem with the default gateway of the DHCP server (both of which were on my list of possible problems).

I do not see any obvious problems in the configuration, and we know that there is IP connectivity, so we need to look for something else that causes the problem. Perhaps you can check with the administrator of the DHCP server and ask if there are any issues on the server or if any changes have been made recently.

Would it be possible to set up a packet capture to examine traffic being sent to the DHCP server?

HTH

Rick

HTH

Rick

maria.melendez · ‎03-04-2012

Richard,

Yes, you are correct everything was working properly before ... Machines on vlan 5 and 6 using static IPs can ping the DHCP server.

I know that the missing part here is the DHCP server, but we cant get a hold of the admin. Let me remove any sensitive info from the packet capture that I have from wireshark and I'll post that soon.

Thanks all for your suggestions!!

-M

maria.melendez · ‎03-04-2012

Here's from workstation in vlan 6 asking for IP, the correct IP for this machine is A.B.6.7 ... as a result I get

169.254.232.149 IP ...

158 36 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x4a7f26ee

159 37 A.B.6.254 A.B.6.7 DHCP 345 DHCP Offer - Transaction ID 0x4a7f26ee

160 37 0.0.0.0 255.255.255.255 DHCP 379 DHCP Request - Transaction ID 0x4a7f26ee

161 37 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

162 39 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

163 39 A.B.6.159 A.B.6.255 NBNS 92 Name query NB WPAD<00>

164 40 A.B.6.159 A.B.6.255 NBNS 92 Name query NB WPAD<00>

165 41 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

166 41 A.B.6.159 A.B.6.255 NBNS 92 Name query NB WPAD<00>

167 41 A.B.6.159 A.B.6.255 NBNS 92 Name query NB WPAD<00>

168 41 0.0.0.0 255.255.255.255 DHCP 379 DHCP Request - Transaction ID 0x4a7f26ee

169 42 A.B.6.159 A.B.6.255 NBNS 92 Name query NB WPAD<00>

170 43 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

171 43 A.B.6.159 A.B.6.255 NBNS 92 Name query NB WPAD<00>

172 45 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

173 45 G-ProCom_01:39:4b Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.53

174 46 A.B.2.231 A.B.6.152 ICMP 69 Echo (ping) request id=0x000c, seq=15064/55354, ttl=12

175 46 G-ProCom_01:38:d6 Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.158

176 46 G-ProCom_01:39:4b Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.53

177 46 Hewlett-_1f:3e:43 Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.160

178 47 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

179 47 Hewlett-_1f:3e:43 Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.160

180 47 G-ProCom_01:39:4b Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.53

181 48 G-ProCom_01:39:4b Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.53

182 48 A.B.2.231 A.B.6.152 ICMP 69 Echo (ping) request id=0x000c, seq=15073/57658, ttl=12

183 49 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

184 49 0.0.0.0 255.255.255.255 DHCP 379 DHCP Request - Transaction ID 0x4a7f26ee

185 50 A.B.6.53 A.B.6.255 NBNS 92 Name query NB HPFEFC74<00>

186 50 A.B.6.53 A.B.6.255 NBNS 92 Name query NB HPFEFC74<00>

187 51 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/6/00:12:00:cf:8e:80

188 51 169.254.232.149 169.254.255.255 NBNS 92 Name query NB NAME000XNAS1<20>

189 51 A.B.6.53 A.B.6.255 NBNS 92 Name query NB HPFEFC74<00>

190 52 G-ProCom_01:36:67 Broadcast ARP 60 Who has A.B.6.254? Tell A.B.6.98

191 52 169.254.232.149 169.254.255.255 NBNS 92 Name query NB NAME000XNAS1<20>

maria.melendez · ‎03-04-2012

When connecting from same vlan as DHCP A.B.100.200 and I get IP from DHCP A.B.100.29

685 267 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x7bdaf064

686 267 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

687 269 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

688 271 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

689 272 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x7bdaf064

690 273 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

691 275 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

692 277 169.254.232.149 169.254.255.255 NBNS 92 Name query NB LEEEFSSECLXNAS1<20>

693 277 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

694 278 169.254.232.149 169.254.255.255 NBNS 92 Name query NB LEEEFSSECLXNAS1<20>

695 278 169.254.232.149 169.254.255.255 NBNS 92 Name query NB LEEEFSSECLXNAS1<20>

696 279 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

697 280 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x7bdaf064

698 281 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

699 284 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

700 286 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

701 287 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. Root = 49152/101/00:12:00:cf:8e

702 288 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. TC + Root = 49152/101/00:12:00:

703 288 Cisco_cf:8e:cf Broadcast ARP 60 Who has A.B.100.199? Tell A.B.100.254

704 289 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. TC + Root = 49152/101/00:12:00:

705 290 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. TC + Root = 49152/101/00:12:00:

706 292 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. TC + Root = 49152/101/00:12:00:

707 292 Hewlett-_4e:32:14 Broadcast ARP 60 Who has A.B.100.11? Tell A.B.100.14

708 294 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. TC + Root = 49152/101/00:12:00:

709 295 Cisco_cf:8e:cf Broadcast ARP 60 Who has A.B.100.199? Tell A.B.100.254

710 295 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x7bdaf064

711 295 Hewlett-_3b:48:53 Broadcast ARP 60 Who has A.B.100.2? Tell A.B.100.101

712 295 Hewlett-_38:51:9a Broadcast ARP 60 Who has A.B.100.101? Tell A.B.100.2

713 295 Hewlett-_3b:48:53 Broadcast ARP 60 Who has A.B.100.15? Tell A.B.100.101

714 295 Hewlett-_d2:d7:9a Broadcast ARP 60 Who has A.B.100.101? Tell A.B.100.15

715 295 Hewlett-_3b:48:53 Broadcast ARP 60 Who has A.B.100.29? Tell A.B.100.101

716 296 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. TC + Root = 49152/101/00:12:00:

717 297 Hewlett-_3b:48:53 Broadcast ARP 60 Who has A.B.100.29? Tell A.B.100.101

718 297 Hewlett-_4e:32:14 Broadcast ARP 60 Who has A.B.100.58? Tell A.B.100.14

719 298 Cisco_a8:6d:d3 Spanning-tree-(for-bridges)_00 STP 60 Conf. TC + Root = 49152/101/00:12:00:

720 298 A.B.100.200 255.255.255.255 DHCP 354 DHCP Offer - Transaction ID 0x7bdaf064

721 298 0.0.0.0 255.255.255.255 DHCP 379 DHCP Request - Transaction ID 0x7bdaf064

722 298 A.B.100.200 255.255.255.255 DHCP 359 DHCP ACK - Transaction ID 0x7bdaf064

723 298 A.B.100.29 224.0.0.22 IGMP 54 V3 Membership Report / Join group 224.0.0.252 for any so

724 298 A.B.100.29 224.0.0.22 IGMP 54 V3 Membership Report / Leave group 224.0.0.252