Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
0
Helpful
3
Replies

IP HELPER on unnumbered inerface

Peter_Setaffy
Level 1
Level 1

‎01-12-2011 01:01 PM - edited ‎03-06-2019 02:57 PM

Dear support,
We would like to use one DHCP scope in two separated vlans.  We can not split it. Therefore we configured two vlans. You can see vlan16 uses ip unnumbered addresses from the vlan1. DHCP server is in vlan1.
We expected that DHCP relay agent should forward client's DHCP request to DHCP server also on the unnumbered interface. We expected DHCP relay agent should create record in routing table, which forward packets with user destination address to vlan 16. But we have a issue it is not working, and client does not obtain any ip address.
We would like to ask you if is it possible to configure it  and if ip helper is working with unnumbered interface.
!
interface Vlan1
description default LAN pre uzivatelov
ip address 163.242.43.1 255.255.255.0 secondary
ip address 163.242.60.1 255.255.254.0
no ip redirects
ip route-cache policy
!
interface Vlan16
ip unnumbered Vlan1
ip helper-address 163.242.43.161
no ip proxy-arp
!
"sh ver"
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(50)SG6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 23:12 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x11C3225C
ROM: 12.2(20r)EW1
Dagobah Revision 226, Swamp Revision 34
SW-ZAA-MU2-4507R uptime is 2 weeks, 6 days, 5 hours, 51 minutes
Uptime for this control processor is 2 weeks, 6 days, 5 hours, 52 minutes
System returned to ROM by power-on
System restarted at 15:13:13 CET Thu Dec 23 2010
System image file is "slot0:cat4500-ipbasek9-mz.122-50.SG6.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C4507R (MPC8245) processor (revision 10) with 262144K bytes of memory.
Processor board ID FOX1026070M
MPC8245 CPU at 266Mhz, Supervisor II+
Last reset from PowerUp
5 Virtual Ethernet interfaces
88 Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
Configuration register is 0x2
" sh module"
Chassis Type : WS-C4507R
Power consumed by backplane : 40 Watts
Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
1     2  Supervisor II+ 1000BaseX (GBIC)        WS-X4013+          JAE1046F0NZ
2     2  Supervisor II+ 1000BaseX (GBIC)        WS-X4013+          JAE1045ET6X
3    18  1000BaseX (GBIC)                       WS-X4418-GB        JAE1041D552
4    18  1000BaseX (GBIC)                       WS-X4418-GB        JAE10286DJ2
7    48  10/100/1000BaseT (RJ45)                WS-X4548-GB-RJ45   JAE1047FJE7
M MAC addresses                    Hw  Fw           Sw               Status
--+--------------------------------+---+------------+----------------+---------
1 0019.aa37.6740 to 0019.aa37.6741 4.2 12.2(20r)EW1 12.2(50)SG6      Ok
2 0019.aa37.6742 to 0019.aa37.6743 4.2 12.2(20r)EW1 12.2(50)SG6      Ok
3 0013.806f.1a74 to 0013.806f.1a85 1.3                               Ok
4 0014.1cf1.cf4a to 0014.1cf1.cf5b 1.3                               Ok
7 001a.2f36.05e0 to 001a.2f36.060f 2.3                               Ok
Mod  Redundancy role     Operating mode      Redundancy status
----+-------------------+-------------------+----------------------------------
1   Active Supervisor   SSO                 Active
2   Standby Supervisor  SSO                 Standby hot

Labels:
0 Helpful
3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

‎01-12-2011 01:33 PM

Hello Peter,

Your configuration is quite unusual. Let me have a few comments/questions:

  1. First of all, can you explain in more detail why you need to have two VLANs utilizing the same IP space? Why is it not possible to use just a single VLAN?
  2. Are these two VLANs supposed to communicate together? If not, perhaps you could create a separate VRF instance for one of these VLANs and put one SVI into the separate VRF, then create a separate DHCP pool for this SVI and VRF, and thereby make these two VLANs to use the same IP space and still be distinct.
  3. If these two VLANs are expected to communicate, I do not currently see how the switch should "bridge" these two VLANs together. It bridges two ports in the same VLAN, and it routes between two different VLANs. As you are planning to use the same IP space on both VLANs, it is indistinguishable for your switch whether the packet shall stay in the same VLAN or whether it shall be L3-switched to another VLAN.
  4. IP Unnumbered is generally used only for point-to-point links. Using IP Unnumbered on a multiaccess network like a VLAN is inappropriate and I doubt it can be deployed successfully.

Perhaps if we understand better your needs we will be able to help you further.

Best regards,

Peter

0 Helpful

Peter_Setaffy
Level 1
Level 1
In response to Peter Paluch

‎01-12-2011 02:15 PM

1/ we use 802.1x port authentication. We would like to use restricted VLAN (authentication failed VLAN 16) to provide limited services to clients (ACL). Clients in restricted VLAN16 have to have ip addresses from the same DHCP scope as in authentication VLAN. If we separate or split DHCP scope we will lose a lot of IP addresses. Nobody can say, how many user will be fall to restricted VLAN.
2/ Yes, these two VLANs must to communicate together.
3,4/ There is not problem with communication. Our IOS supports configure IP unnumbered interfaces. It is mentioned in doc.
Real problem is DHCP relay agent support for unnumbered loopback and ip-helper. It is mentioned in doc:
I know, this technique was brought for big ISP providers, but if it is working I will be usable for point 1/
0 Helpful

Gurpreet Kochar
Level 1
Level 1
In response to Peter_Setaffy

‎01-12-2011 05:14 PM

You may to want to implement vlan bridging or more commonly called as BVIs

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml

interface BVI1
description default LAN pre uzivatelov
ip address 163.242.43.1 255.255.255.0 secondary
ip address 163.242.60.1 255.255.254.0

int vlan 1

bridge-group 1

int vlan 16
bridge-group 1

0 Helpful
Customers Also Viewed These Support Documents