cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11799
Views
0
Helpful
17
Replies

Troubleshooting DHCP issues

q-le
Level 2
Level 2

Hi All,

We have 2 x Nexus 7 cores and several access switches 3750 + 2960 and several VLANs.

All working well until recently we have a couple of users in VLAN say 200 reported they can not get an IP address from our Windows DHCP server.

ie hence they can not log to the Domain and we temporarly assign them a static IP addresses  until we figure out what went wrong!!!

We checked the trunk , the DHCP server but can not see anything wrong

How do we troubleshooting this issues ? 

Any advices are much appreciated

Thanks

Peter

 

1 Accepted Solution

Accepted Solutions

try removing the config :

hsrp 0     

from interface vlan 200.

 

hope you got it resolved.

 

-

Parvesh

Remember marking as correct answer / helpful answer.

View solution in original post

17 Replies 17

Wilson Bonilla
Level 3
Level 3

Hello Peter. 

1- Make sure your DHCP server has enough available IP addresses to assign. 

2- Double check all trunk interface allow vlan 200 across the entire path from end user to dhcp server. 

3- Is the DHCP server hosted in the same vlan as the end users?

4- If DHCP server resides in a different vlan, make sure relay-agent is properly configured.

5- Can you take two sniffer captures simultaneos;

     - Install wireshark in the end user, take a capture while trying to obtain an ip address.

     - Install wireshark in the dhcp server, at the same time you are capturing packets in the pc, capture the dhcp server NIC and check if the DHCP discover coming from the PC arrives to the server NIC, analyze further the conversation between these two end points.

 

Let me know if that helps. 

Wilson B. 

 

Hi Wilson,

1) yes, dhcp has plenty of addresses

2) all trunk interfaces are good

3)DHCP server is in a different VLAN

4) Relay agents are in the Core Nexus 7

5) DHCP server is a virtual server and can not install wireshark on it.

Wireshark on a User PC and can not see any D.O.R.A process

 

Are there any debug commands I can try on the Nexus Core 7 and the access switches ?

Thanks

Much appreciated.

 

Check if there is any rouge DHCP there in the segment people usually use the VMware in there pc and it has a built in DHCP and that causes the problem. because I went through a similar issue sniff the packets with wireshark check if there is a NAck packet of DHCP.

q-le
Level 2
Level 2

Hi ,

I will try Wireshark on the port of the users PC and see what happen.

Will post the result tomorrow.

Thanks ALL.

Parvesh Paliwal
Level 3
Level 3

As you are able to get to the required servers using static addresses, the trunks seems to be fine.

The thing that can affect the setup is - DHCP server and its reach-ability. Can you share the config of VLAN 200 at your L3 Switch (Intervlan router) ?

 

I doubt, you are not able to forward DHCP packets to the server. Second, also confirm if the dhcp sevrer is reachable using static assignments at the nodes.

 

 

HI,

here is the intervlan config:

CRT-01# sh run interface eth3/9

!Command: show running-config interface Ethernet3/9
!Time: Wed Jun  4 15:51:45 2014

version 6.1(3)

interface Ethernet3/9
  description LAS-LOADINGDK
  switchport
  switchport mode trunk
  switchport trunk native vlan 111
  switchport trunk allowed vlan 1,102,105,111-112,116-117,142,160-162,200
  switchport trunk allowed vlan add 184,302
  channel-group 309 mode active
  no shutdown

CRT-01# sh run interface po309

!Command: show running-config interface port-channel309
!Time: Wed Jun  4 15:52:05 2014

version 6.1(3)

interface port-channel309
  description LAS-LOADINGDK
  switchport
  switchport mode trunk
  switchport trunk native vlan 111
  switchport trunk allowed vlan 1,102,105,111-112,116-117,142,160-162,200
  switchport trunk allowed vlan add 184,302
  spanning-tree port type normal
  vpc 309

It is confusing that this DHCP works on some VLAN but not others ???.

is he problem at the Access switch or the Core ?

Peter

 

 

Dear Friend,

I could not find the helper-address configuration therein.

 

Please share the complete config, so that we can come to conclusion. 

Hi ,

 

Below are part of the Core Nexus 7 config:

 

ip dhcp relay
port-channel load-balance src-dst ip-l4port-vlan  
vpc domain 70
  peer-switch
  role priority 10
  peer-keepalive destination 172.18.111.251 source 172.18.111.250
  peer-gateway
  track 10
  auto-recovery
  ip arp synchronize


interface Vlan1
  no ip redirects
  no ipv6 redirects

interface Vlan100
  no ip redirects

  ip address 172.18.100.1/24
  no ipv6 redirects
  hsrp 0 
    authentication text hsrp100
    preempt 
    priority 130
    ip 172.18.100.3 
  description Servers
  no shutdown

interface Vlan101
  no ip redirects
  ip address 172.18.101.1/24
  no ipv6 redirects
  hsrp 0 
    authentication text hsrp101
    preempt 
    priority 130
    ip 172.18.101.3 
  ip dhcp relay address 172.18.100.62 
  ip dhcp relay address 172.18.100.160 
  description Workstations Executive
  no shutdown

interface Vlan102
  no ip redirects
  ip address 172.18.102.1/24
  no ipv6 redirects
  hsrp 0 
    authentication text hsrp102
    preempt 
    priority 130
    ip 172.18.102.3 
  ip dhcp relay address 172.18.100.62 
  ip dhcp relay address 172.18.100.160 
  description Workstations Security
  no shutdown

interface Vlan200
  no ip redirects
  ip address 172.18.200.1/24
  no ipv6 redirects
  hsrp 0 
    authentication text hsrp103
    preempt 
    priority 130
    ip 172.18.200.3 
  ip dhcp relay address 172.18.100.62 
  ip dhcp relay address 172.18.100.174 
  ip dhcp relay address 172.18.100.160 
  description Workstations IS
  no shutdown


 interface Vlan105

  no ip redirects
  ip address 172.18.105.1/24
  no ipv6 redirects
  hsrp 0 
    authentication text hsrp105
    preempt 
    priority 130
    ip 172.18.105.3 
  ip dhcp relay address 172.18.100.62 
  description Workstations Food and Beverage
  no shutdown

interface Vlan111
  no ip redirects
  ip address 172.18.111.1/24
  no ipv6 redirects
  hsrp 0 
    authentication text hsrp111
    preempt 
    priority 130
    ip 172.18.111.3 
  description Device Management
  no shutdown
  management

interface Vlan112
  no ip redirects
  ip address 172.18.112.1/23
  no ipv6 redirects
  hsrp 0 
    authentication text hsrp112
    preempt 
    priority 130
    ip 172.18.112.3 
  ip dhcp relay address 172.18.100.62 
  ip dhcp relay address 172.18.100.160 
  description Workstations General
  no shutdown

 

And the config for the Access switch 3750 below:

Building configuration...

Current configuration : 17076 bytes
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname LOADINGDK
!
boot-start-marker
boot-end-marker
!
!

aaa new-model
!
!
 aaa group server radius Radius
 server 172.18.100.113 auth-port 1812 acct-port 1813
 server 172.19.100.114 auth-port 1812 acct-port 1813
!
aaa authentication login default group Radius local
aaa authorization console
aaa authorization exec default group Radius local 
!
!
!
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring 1 Sun Oct 2:00 1 Sun Apr 2:00
switch 1 provision ws-c3750g-24ps
switch 2 provision ws-c3750-24ts
system mtu routing 1500
udld enable

ip subnet-zero
!
!
!

!
!
!
errdisable recovery cause bpduguard
errdisable recovery cause psecure-violation
!
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
lldp run
!
ip ssh version 2
 !
class-map match-all avaya-voice-control-
 match access-group name avaya-voice-control-
class-map match-all AutoQoS-VoIP-RTP-Trust
 match ip dscp ef 
class-map match-all AutoQoS-VoIP-Control-Trust
 match ip dscp cs3  af31 
class-map match-all avaya-voice-
 match access-group name avaya-voice-
!
!
policy-map avaya-ip-phone-input-
 class avaya-voice-
  set dscp cs2
  police 1000000 8000 exceed-action policed-dscp-transmit
 class avaya-voice-control-
  set dscp cs3
  police 1000000 8000 exceed-action policed-dscp-transmit
 class class-default
  set dscp default
policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
  set dscp ef
   police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
!
!
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 111
 switchport trunk allowed vlan 102,105,111,112,116,117,142,160-162,184,200,302
 switchport mode trunk
!
interface GigabitEthernet1/0/1
 switchport access vlan 200
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
 !
interface GigabitEthernet1/0/2
 switchport access vlan 102
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/3
 switchport access vlan 142
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
 interface GigabitEthernet1/0/4
 switchport access vlan 105
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/5
 switchport access vlan 105
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
 interface GigabitEthernet1/0/6
 switchport access vlan 160
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/7
 switchport access vlan 160
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
 interface GigabitEthernet1/0/8
 switchport access vlan 112
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/9
 switchport access vlan 112
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/10
  switchport access vlan 112
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/11
 switchport access vlan 112
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/12
 switchport access vlan 112
  switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/13
 switchport access vlan 302
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/14
 switchport access vlan 102
  switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/15
 switchport access vlan 302
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/16
  switchport access vlan 302
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/17
 switchport access vlan 162
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/18
 switchport access vlan 162
  switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/19
 switchport access vlan 162
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/20
 switchport access vlan 162
 switchport mode access
  switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/21
 switchport access vlan 112
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/22
 switchport access vlan 142
 switchport mode access
 switchport voice vlan 184
  spanning-tree portfast
!
interface GigabitEthernet1/0/23
 description device doesn't like poe
 power inline never
 switchport access vlan 117
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/24
 switchport access vlan 116
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
  spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface GigabitEthernet1/0/25
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 111
 switchport trunk allowed vlan 105,111,112,116,117,142,160-162,184,200,302
 switchport mode trunk
 shutdown
 speed nonegotiate
!
interface GigabitEthernet1/0/26
 description - coresw2 uplink -
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 111
 switchport trunk allowed vlan 102,105,111,112,116,117,142,160-162,184,200,302
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet1/0/27
 shutdown
!
interface GigabitEthernet1/0/28
  shutdown
!
interface FastEthernet2/0/1
 switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/2
 switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/3
 switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/4
 switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/5
  switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/6
 switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/7
 switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/8
 switchport access vlan 161
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet2/0/9
!
interface FastEthernet2/0/10
!
 interface FastEthernet2/0/11
!
interface FastEthernet2/0/12
!
interface FastEthernet2/0/13
 switchport access vlan 102
 switchport mode access
 switchport voice vlan 184
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast
 service-policy input avaya-ip-phone-input-
!
interface FastEthernet2/0/14
!
interface FastEthernet2/0/15
!
interface FastEthernet2/0/16
!
interface FastEthernet2/0/17
!
 interface FastEthernet2/0/18
!
interface FastEthernet2/0/19
!
interface FastEthernet2/0/20
!
interface FastEthernet2/0/21
!
interface FastEthernet2/0/22
!
interface FastEthernet2/0/23
!
interface FastEthernet2/0/24
!
interface GigabitEthernet2/0/1
 description - coresw1 uplink -
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 111
 switchport trunk allowed vlan 102,105,111,112,116,117,142,160-162,184,200,302
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet2/0/2
  shutdown
!
interface Vlan1
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface Vlan111
 ip address 172.18.111.13 255.255.255.0
 no ip route-cache
 no ip mroute-cache
!
ip default-gateway 172.18.111.3
ip classless
no ip http server
no ip http secure-server
!
ip access-list extended avaya-voice-control-
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.18.184.0 0.0.3.255 range 2048 3329 dscp cs3
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.19.184.0 0.0.0.255 range 2048 3329 dscp cs3
  permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.17.43.0 0.0.0.255 range 2048 3329 dscp cs3
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.18.181.0 0.0.0.255 range 2048 3329 dscp cs3
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.19.181.0 0.0.0.255 range 2048 3329 dscp cs3
 deny   ip any any
ip access-list extended avaya-voice-
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.18.184.0 0.0.3.255 range 2048 3329 dscp ef
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.19.184.0 0.0.0.255 range 2048 3329 dscp ef
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.17.43.0 0.0.0.255 range 2048 3329 dscp ef
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.18.181.0 0.0.0.255 range 2048 3329 dscp ef
 permit udp 172.18.184.0 0.0.3.255 range 2048 3329 172.19.181.0 0.0.0.255 range 2048 3329 dscp ef
 deny   ip any any
!
ip radius source-interface Vlan111 
logging history informational
logging trap notifications
 logging facility syslog
logging 172.18.100.103
logging 172.18.100.191

snmp-server location C3.01
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps license
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
 snmp-server enable traps vlan-membership
snmp-server host 172.18.100.191 ..traps.. 
control-plane
!
banner login ^CCCCCC
Authorized access only! Disconnect IMMEDIATELY if you are not an authorized user! ^C
!

ntp clock-period 36029332
ntp server 172.18.111.2
ntp server 172.18.111.1
end

 

Thanks

Peter

Parvesh Paliwal
Level 3
Level 3

Can you confirm if you are able to obtain IP address at nodes at switch 3750 - interface GigabitEthernet1/0/1? or at an access port at Nexus ?

 

yes, we can obtain an IP address at gi1/0/1 at switch 3750 on any other VLAN ie 102, 112 but not on the troubled VLAN 200. 

I tried to connect at the Core and still cannot get an DHCP address on the VLAN 200.

help Please

Peter

 

I am not sure what may be going bad here. please share the topology and HSRP stats.

Try removing HSRP from vlan 200 and test. This is a workaround, may be worth.

 

-- 

Parvesh

Hi Parveshpaliwal,

Sorry still try to figure how to removing HSRP from vlan200 from the Nexus Core 7.

Try to plug my laptop directly into a port on the Nexus Core and still do not get an DHCP

address.

try removing the config :

hsrp 0     

from interface vlan 200.

 

hope you got it resolved.

 

-

Parvesh

Remember marking as correct answer / helpful answer.

Parvesh Paliwal
Level 3
Level 3

Any Update ?

 

--

Parvesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco