Reza,

Shawnw4401 · ‎03-18-2017

Hello,

My clients on the Computer VRF cannot receive DHCP. The clients can ping the DHCP server on the Server VRF. Doing a debug on the router for the DHCP packet, I receive this following output:

*Mar 18 15:29:17.203: DHCPD: client's VPN is .
*Mar 18 15:29:17.203: DHCPD: No option 125
*Mar 18 15:29:34.023: DHCPD: client's VPN is Computers.
*Mar 18 15:29:34.023: DHCPD: No option 125
*Mar 18 15:29:34.023: DHCPD: setting giaddr to 192.168.52.1.
*Mar 18 15:29:34.023: DHCPD: adding relay information option.
*Mar 18 15:29:34.023: DHCPD: BOOTREQUEST from 011c.6f65.aad0.9a forwarded to 192.168.17.19

When I go to my DHCP server (which is on Windows Server 2012), I do not see an option for 125. I've looked at these two following guides (DHCP Relay Agent Support for MPLS VPNs and Relay Class Support Usage Scenario), but I don't quite understand the: DHCP Relay Agent Support for MPLS VPNs. Maybe I am missing something that could be solved from that--I don't know. Any advice would be helpful.

The following is the configuration for the router:

interface GigabitEthernet0/1.25
encapsulation dot1Q 25
ip vrf forwarding Computers
ip dhcp relay information option vpn-id
ip dhcp relay information option-insert
ip address 192.168.52.1 255.255.255.248
ip helper-address vrf Servers 192.168.17.19
!
interface GigabitEthernet0/1.71
encapsulation dot1Q 71
ip vrf forwarding Servers
ip address 192.168.17.17 255.255.255.248
!
ip dhcp relay information option vpn

Reza Sharifi · ‎03-18-2017

Hi,

Can the DHCP server ping 192.168.52.1?

Can you ping the DHCP server from the router using source address 192.168.17.17?

Can you ping the DHCP server from the router using source address 192.168.52.1?

HTH

Shawnw4401 · ‎03-18-2017

Reza,

The two networks can communicate with each other.

LAN_Sec_Router#ping vrf Servers ip 192.168.52.1 source 192.168.17.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.52.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.17.17
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
LAN_Sec_Router#ping vrf Computers ip 192.168.17.17 source 192.168.52.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.17.17, timeout is 2 seconds:
Packet sent with a source address of 192.168.52.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
LAN_Sec_Router#ping vrf Computers ip 192.168.17.19 source 192.168.52.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.17.19, timeout is 2 seconds:
Packet sent with a source address of 192.168.52.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Reza Sharifi · ‎03-18-2017

Thanks for the outputs.

So, the 2 VRFs are able to communicate but PCs in Computer VRF can't get IPs from Servers VRF?

Shawnw4401 · ‎03-18-2017

Correct,

I can ping from my computer to the DHCP, but when I try to have it pull an IP address from the DHCP server I get the debug error:

*Mar 18 15:29:17.203: DHCPD: client's VPN is .
*Mar 18 15:29:17.203: DHCPD: No option 125
*Mar 18 15:29:34.023: DHCPD: client's VPN is Computers.
*Mar 18 15:29:34.023: DHCPD: No option 125
*Mar 18 15:29:34.023: DHCPD: setting giaddr to 192.168.52.1.
*Mar 18 15:29:34.023: DHCPD: adding relay information option.
*Mar 18 15:29:34.023: DHCPD: BOOTREQUEST from 011c.6f65.aad0.9a forwarded to 192.168.17.19

I am assuming if I enable option 125, it will work. The only issue is option 125 is not available on my DHCP server, which is running on Windows Server 2012 r2.

I can see from the debug the server sees the client coming in from the Computers VRF with the correct mac address to the DHCP server; however, it keeps looping this. It seems to be dropping the packet back to the client for some reason? That is my guess.

Reza Sharifi · ‎03-18-2017

Have you tried stopping and restarting the dhcp services on the server?

Reza Sharifi · ‎03-18-2017

Also, here is document on how to enable option 125

https://supportforums.cisco.com/document/13140791/configure-option-125-server-allow-dynamic-host-configuration-protocol-dhcp-auto

HTH

Shawnw4401 · ‎03-18-2017

Reza,

I've restarted the server several times. I did not restart just the service, though. I figured the restart of the server would suffice, as I was updating the server earlier.

When I try to configure option 125, I keep getting "The command needs a valid Scope IP address."

netsh>dhcp
In future versions of Windows, Microsoft might remove the Netsh functionality
for DHCP Server.

Microsoft recommends that you transition to Windows PowerShell if you currently
use netsh to configure and manage DHCP Server.

Type Get-Command -Module DhcpServer at the Windows PowerShell prompt to view
a list of commands to manage DHCP Server.

Visit http://go.microsoft.com/fwlink/?LinkId=217627 for additional information
about PowerShell commands for DHCP Server.
netsh dhcp>server
netsh dhcp server>scope 192.168.52.0

The command needs a valid Scope IP Address.
netsh dhcp server>

Shawnw4401 · ‎03-18-2017

Reza,

I was able to configure option 125; however, the debug still shows

*Mar 19 04:50:20.655: DHCPD: client's VPN is Computers.
*Mar 19 04:50:20.655: DHCPD: No option 125
*Mar 19 04:50:20.655: DHCPD: setting giaddr to 192.168.52.1.
*Mar 19 04:50:20.655: DHCPD: adding relay information option.
*Mar 19 04:50:20.655: DHCPD: BOOTREQUEST from 011c.6f65.aad0.9a forwarded to 192.168.17.19.
*Mar 19 04:50:20.655: DHCPD: client's VPN is .
*Mar 19 04:50:20.655: DHCPD: No option 125

Even though there is an option 125 configured for that scope now.

Reza Sharifi · ‎03-18-2017

I am sure you have this but did you configure the server to exclude the router IP?

Shawnw4401 · ‎03-18-2017

Reza,

I have an exclusion in the server to exclude 192.168.52.1 and 192.168.52.2.

Windows Server DHCP to VRF clients