Solved: Re: PC not taking DHCP lease from server

nuggetinu · ‎01-02-2018

Hi,

As per attached, I am trying to lease PC A a DHCP address. I have created the respective scopes on the DHCP server which is connected to DLS1. I also inlcuded the ip helper-address on vlan 100. PC A is mapped with VLAN 100. What am I missing, or is it a PT issue?

Thanks!

Georg Pauwen · ‎01-02-2018

Hello,

you need to remove the 'ip dhcp snooping' configuration from FastEthernet0/6, the access port on switch ALS1 for the PC:

interface FastEthernet0/6

--> no ip dhcp snooping

View solution in original post

Mark Malone · ‎01-02-2018

Hi
i cant open that attachment anyway maybe others can but have you turned on debug dhcp detail to see if the offer is reaching the PC or use wireshark ? if helper is in place can the pc ping the server ok to make sure there is definitly reachability there to the DHCP server so it can retrieve the address if sent ?

Georg Pauwen · ‎01-02-2018

Hello,

you need to remove the 'ip dhcp snooping' configuration from FastEthernet0/6, the access port on switch ALS1 for the PC:

interface FastEthernet0/6

--> no ip dhcp snooping

nuggetinu · ‎01-03-2018

Hi,

Thanks for the heads up. If the dhcp snooping rate was 20 pps, why wasn't it allowing any dhcp requests from the PC to reach the DHCP server?

paul driver · ‎01-03-2018

Hello
It would only have an effect if snooping was configured globally and in the same vlan as the access port

Res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nuggetinu · ‎01-03-2018

So you mean, unless it is configured globally and in the same vlan as the access port, snooping will only prevent the PC from getting DHCP configuration. I think that is how my SW is configured.

these are the commands used

ALS1(config)# ip dhcp snooping

ALS1(config)# interface range fastethernet 0/6, f0/15 - 24

ALS1(config-if-range)# ip dhcp snooping limit rate 20

ALS1(config-if-range)# exit

ALS1(config)# ip dhcp snooping vlan 100, 200

paul driver · ‎01-03-2018

Hello

Yes thats my understanding of it, As dhcp snooping needs to be enabled globally then the rate limit interface isnt applicable until snooping is enabled globally.

Also applying rate limit to an interface is usually only applied to untrusted ports and not trusted ones.

As we couldn't see you configuration its hard to understand why dhcp was being denied unless it was indeed the rate limit negating the access, but you haven't confirm either way if snooping was enabled globally and/or this interface was trusted or untrusted.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nuggetinu · ‎01-03-2018

Hi Paul,

Thanks for the continuous feedback. I have attached the file in png format. Just switch the extension to .pkt. Password of enable secret is class.

paul driver · ‎01-03-2018

Hello

I don't have access to packet tracer so cannot open your file -

However i see you do have snooping enabled and rate limit applied - can you confirm if dhcp is still being denied on just one interface or its applicable to multiple interfaces.

Did removing the rate limit solve your issue or do you still have a problem.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nuggetinu · ‎01-03-2018

Yes it did solve my problem, but I'm still after why rate limiting is not working as it should :)

paul driver · ‎01-03-2018

Hello

Okay so one possible reason is that the rate limit per second was to low for the interface it was applied to, if this was a trusted interface like a switch interconnect ( trunk) then the amount of dhcp packets traversing it could be blocked originating from the snooping vlans you have applied it on.

The same apply s to untrusted interfaces but for an end host producing over 20 pps seems to me rather high but i cannot comment on what you have attached to the access ports that would produced more than 20pps for dhcp.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎01-03-2018

Hello

As Mark states - Your attachment is not opening up, can you resend it please?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul