| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Asif
Guest
Posts: n/a
|
I've been trying to configure a simple dhcp setup with the following
topology: Cisco3750[Port:1] <---> dhcp server 192.168.2.100 Cisco3750[Port:3-5] <---> dhcp clients I am using tetheral on the dhcp server 192.168.2.100 interface to look for dhcp requests and the proceeding dhcp traffic. This is not working! I connected one of the clients to the dhcp server back-2-back to verify that dhcp works. Am I missing something? I want this to be really simple! Can anyone help, please? Here is my cisco3750 running config: Current configuration : 2208 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ enable password qlogic ! no aaa new-model switch 1 provision ws-c3750g-24ts vtp mode transparent ip subnet-zero ! ip dhcp snooping vlan 2 ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 2 name vlan-dhcp ! ! interface GigabitEthernet1/0/1 switchport access vlan 2 switchport mode access ip dhcp snooping trust ! interface GigabitEthernet1/0/2 switchport access vlan 2 switchport mode access ip dhcp snooping trust ! interface GigabitEthernet1/0/3 switchport access vlan 2 switchport mode access ip dhcp snooping trust ! interface GigabitEthernet1/0/4 switchport access vlan 2 switchport mode access ip dhcp snooping trust ! interface GigabitEthernet1/0/5 switchport access vlan 2 switchport mode access ip dhcp snooping trust ! interface GigabitEthernet1/0/6 ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 ! interface GigabitEthernet1/0/9 ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface Vlan1 ip address 172.17.141.150 255.255.254.0 no ip route-cache no ip mroute-cache shutdown ! interface Vlan2 ip address 192.168.2.150 255.255.255.0 ip helper-address 192.168.2.100 ! ip default-gateway 172.17.140.1 no ip classless no ip route static inter-vrf no ip http server ! ! ! control-plane ! ! line con 0 line vty 0 4 password qlogic login line vty 5 15 password qlogic login ! ! end Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/6, Gi1/0/7, Gi1/0/8 Gi1/0/9, Gi1/0/10, Gi1/0/11 Gi1/0/12, Gi1/0/13, Gi1/0/14 Gi1/0/15, Gi1/0/16, Gi1/0/17 Gi1/0/18, Gi1/0/19, Gi1/0/20 Gi1/0/21, Gi1/0/22, Gi1/0/23 Gi1/0/24, Gi1/0/25, Gi1/0/26 Gi1/0/27, Gi1/0/28 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, Gi1/0/3 Gi1/0/4, Gi1/0/5 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1003 trcrf 101003 4472 1005 3276 - - srb 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trbrf 101005 4472 - - 15 ibm - 0 0 VLAN AREHops STEHops Backup CRF ---- ------- ------- ---------- 1003 7 7 off Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Switch#show ip dhcp snoop Switch DHCP snooping is disabled DHCP snooping is configured on following VLANs: 2 Insertion of option 82 is enabled Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Interface Trusted Rate limit (pps) ------------------------ ------- ---------------- GigabitEthernet1/0/1 yes unlimited GigabitEthernet1/0/2 yes unlimited GigabitEthernet1/0/3 yes unlimited GigabitEthernet1/0/4 yes unlimited GigabitEthernet1/0/5 yes unlimited |
|
|
|
|
|||
|
|||
| Asif |
|
|
|
| |
|
Trendkill
Guest
Posts: n/a
|
On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote:
> I've been trying to configure a simple dhcp setup with the following > topology: > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > Cisco3750[Port:3-5] <---> dhcp clients > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > for dhcp requests and the proceeding dhcp traffic. > This is not working! > I connected one of the clients to the dhcp server back-2-back to > verify that dhcp works. > Am I missing something? > I want this to be really simple! > Can anyone help, please? > > Here is my cisco3750 running config: > > Current configuration : 2208 bytes > ! > version 12.2 > no service pad > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname Switch > ! > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > enable password qlogic > ! > no aaa new-model > switch 1 provision ws-c3750g-24ts > vtp mode transparent > ip subnet-zero > ! > ip dhcp snooping vlan 2 > ! > ! > ! > no file verify auto > spanning-tree mode pvst > spanning-tree extend system-id > ! > vlan internal allocation policy ascending > ! > vlan 2 > name vlan-dhcp > ! > ! > interface GigabitEthernet1/0/1 > switchport access vlan 2 > switchport mode access > ip dhcp snooping trust > ! > interface GigabitEthernet1/0/2 > switchport access vlan 2 > switchport mode access > ip dhcp snooping trust > ! > interface GigabitEthernet1/0/3 > switchport access vlan 2 > switchport mode access > ip dhcp snooping trust > ! > interface GigabitEthernet1/0/4 > switchport access vlan 2 > switchport mode access > ip dhcp snooping trust > ! > interface GigabitEthernet1/0/5 > switchport access vlan 2 > switchport mode access > ip dhcp snooping trust > ! > interface GigabitEthernet1/0/6 > ! > interface GigabitEthernet1/0/7 > ! > interface GigabitEthernet1/0/8 > ! > interface GigabitEthernet1/0/9 > ! > interface GigabitEthernet1/0/10 > ! > interface GigabitEthernet1/0/11 > ! > interface GigabitEthernet1/0/12 > ! > interface GigabitEthernet1/0/13 > ! > interface GigabitEthernet1/0/14 > ! > interface GigabitEthernet1/0/15 > ! > interface GigabitEthernet1/0/16 > ! > interface GigabitEthernet1/0/17 > ! > interface GigabitEthernet1/0/18 > ! > interface GigabitEthernet1/0/19 > ! > interface GigabitEthernet1/0/20 > ! > interface GigabitEthernet1/0/21 > ! > interface GigabitEthernet1/0/22 > ! > interface GigabitEthernet1/0/23 > ! > interface GigabitEthernet1/0/24 > ! > interface GigabitEthernet1/0/25 > ! > interface GigabitEthernet1/0/26 > ! > interface GigabitEthernet1/0/27 > ! > interface GigabitEthernet1/0/28 > ! > interface Vlan1 > ip address 172.17.141.150 255.255.254.0 > no ip route-cache > no ip mroute-cache > shutdown > ! > interface Vlan2 > ip address 192.168.2.150 255.255.255.0 > ip helper-address 192.168.2.100 > ! > ip default-gateway 172.17.140.1 > no ip classless > no ip route static inter-vrf > no ip http server > ! > ! > ! > control-plane > ! > ! > line con 0 > line vty 0 4 > password qlogic > login > line vty 5 15 > password qlogic > login > ! > ! > end > > Switch#show vlan > > VLAN Name Status Ports > ---- -------------------------------- --------- > ------------------------------- > 1 default active Gi1/0/6, Gi1/0/7, > Gi1/0/8 > Gi1/0/9, Gi1/0/10, > Gi1/0/11 > Gi1/0/12, Gi1/0/13, > Gi1/0/14 > Gi1/0/15, Gi1/0/16, > Gi1/0/17 > Gi1/0/18, Gi1/0/19, > Gi1/0/20 > Gi1/0/21, Gi1/0/22, > Gi1/0/23 > Gi1/0/24, Gi1/0/25, > Gi1/0/26 > Gi1/0/27, Gi1/0/28 > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > Gi1/0/3 > Gi1/0/4, Gi1/0/5 > 1002 fddi-default act/unsup > 1003 trcrf-default act/unsup > 1004 fddinet-default act/unsup > 1005 trbrf-default act/unsup > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > Trans1 Trans2 > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > ------ ------ > 1 enet 100001 1500 - - - - - > 0 0 > 2 enet 100002 1500 - - - - - > 0 0 > 1002 fddi 101002 1500 - - - - - > 0 0 > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > Trans1 Trans2 > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > ------ ------ > 1003 trcrf 101003 4472 1005 3276 - - srb > 0 0 > 1004 fdnet 101004 1500 - - - ieee - > 0 0 > 1005 trbrf 101005 4472 - - 15 ibm - > 0 0 > > VLAN AREHops STEHops Backup CRF > ---- ------- ------- ---------- > 1003 7 7 off > > Remote SPAN VLANs > ------------------------------------------------------------------------------ > > Primary Secondary Type Ports > ------- --------- ----------------- > ------------------------------------------ > > Switch#show ip dhcp snoop > Switch DHCP snooping is disabled > DHCP snooping is configured on following VLANs: > 2 > Insertion of option 82 is enabled > Option 82 on untrusted port is not allowed > Verification of hwaddr field is enabled > Interface Trusted Rate limit (pps) > ------------------------ ------- ---------------- > GigabitEthernet1/0/1 yes unlimited > GigabitEthernet1/0/2 yes unlimited > GigabitEthernet1/0/3 yes unlimited > GigabitEthernet1/0/4 yes unlimited > GigabitEthernet1/0/5 yes unlimited Why do you have an IP-helper on VLAN 2? While I would think this wouldn't hinder anything, I would definitely remove that first, especially since the switch sees those frames before anything else..... |
|
|
|
|
|||
|
|
|||
| Trendkill |
|
|
|
| |
|
Asif
Guest
Posts: n/a
|
On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote:
> On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > I've been trying to configure a simple dhcp setup with the following > > topology: > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > Cisco3750[Port:3-5] <---> dhcp clients > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > for dhcp requests and the proceeding dhcp traffic. > > This is not working! > > I connected one of the clients to the dhcp server back-2-back to > > verify that dhcp works. > > Am I missing something? > > I want this to be really simple! > > Can anyone help, please? > > > Here is my cisco3750 running config: > > > Current configuration : 2208 bytes > > ! > > version 12.2 > > no service pad > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname Switch > > ! > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > enable password qlogic > > ! > > no aaa new-model > > switch 1 provision ws-c3750g-24ts > > vtp mode transparent > > ip subnet-zero > > ! > > ip dhcp snooping vlan 2 > > ! > > ! > > ! > > no file verify auto > > spanning-tree mode pvst > > spanning-tree extend system-id > > ! > > vlan internal allocation policy ascending > > ! > > vlan 2 > > name vlan-dhcp > > ! > > ! > > interface GigabitEthernet1/0/1 > > switchport access vlan 2 > > switchport mode access > > ip dhcp snooping trust > > ! > > interface GigabitEthernet1/0/2 > > switchport access vlan 2 > > switchport mode access > > ip dhcp snooping trust > > ! > > interface GigabitEthernet1/0/3 > > switchport access vlan 2 > > switchport mode access > > ip dhcp snooping trust > > ! > > interface GigabitEthernet1/0/4 > > switchport access vlan 2 > > switchport mode access > > ip dhcp snooping trust > > ! > > interface GigabitEthernet1/0/5 > > switchport access vlan 2 > > switchport mode access > > ip dhcp snooping trust > > ! > > interface GigabitEthernet1/0/6 > > ! > > interface GigabitEthernet1/0/7 > > ! > > interface GigabitEthernet1/0/8 > > ! > > interface GigabitEthernet1/0/9 > > ! > > interface GigabitEthernet1/0/10 > > ! > > interface GigabitEthernet1/0/11 > > ! > > interface GigabitEthernet1/0/12 > > ! > > interface GigabitEthernet1/0/13 > > ! > > interface GigabitEthernet1/0/14 > > ! > > interface GigabitEthernet1/0/15 > > ! > > interface GigabitEthernet1/0/16 > > ! > > interface GigabitEthernet1/0/17 > > ! > > interface GigabitEthernet1/0/18 > > ! > > interface GigabitEthernet1/0/19 > > ! > > interface GigabitEthernet1/0/20 > > ! > > interface GigabitEthernet1/0/21 > > ! > > interface GigabitEthernet1/0/22 > > ! > > interface GigabitEthernet1/0/23 > > ! > > interface GigabitEthernet1/0/24 > > ! > > interface GigabitEthernet1/0/25 > > ! > > interface GigabitEthernet1/0/26 > > ! > > interface GigabitEthernet1/0/27 > > ! > > interface GigabitEthernet1/0/28 > > ! > > interface Vlan1 > > ip address 172.17.141.150 255.255.254.0 > > no ip route-cache > > no ip mroute-cache > > shutdown > > ! > > interface Vlan2 > > ip address 192.168.2.150 255.255.255.0 > > ip helper-address 192.168.2.100 > > ! > > ip default-gateway 172.17.140.1 > > no ip classless > > no ip route static inter-vrf > > no ip http server > > ! > > ! > > ! > > control-plane > > ! > > ! > > line con 0 > > line vty 0 4 > > password qlogic > > login > > line vty 5 15 > > password qlogic > > login > > ! > > ! > > end > > > Switch#show vlan > > > VLAN Name Status Ports > > ---- -------------------------------- --------- > > ------------------------------- > > 1 default active Gi1/0/6, Gi1/0/7, > > Gi1/0/8 > > Gi1/0/9, Gi1/0/10, > > Gi1/0/11 > > Gi1/0/12, Gi1/0/13, > > Gi1/0/14 > > Gi1/0/15, Gi1/0/16, > > Gi1/0/17 > > Gi1/0/18, Gi1/0/19, > > Gi1/0/20 > > Gi1/0/21, Gi1/0/22, > > Gi1/0/23 > > Gi1/0/24, Gi1/0/25, > > Gi1/0/26 > > Gi1/0/27, Gi1/0/28 > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > Gi1/0/3 > > Gi1/0/4, Gi1/0/5 > > 1002 fddi-default act/unsup > > 1003 trcrf-default act/unsup > > 1004 fddinet-default act/unsup > > 1005 trbrf-default act/unsup > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > Trans1 Trans2 > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > ------ ------ > > 1 enet 100001 1500 - - - - - > > 0 0 > > 2 enet 100002 1500 - - - - - > > 0 0 > > 1002 fddi 101002 1500 - - - - - > > 0 0 > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > Trans1 Trans2 > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > ------ ------ > > 1003 trcrf 101003 4472 1005 3276 - - srb > > 0 0 > > 1004 fdnet 101004 1500 - - - ieee - > > 0 0 > > 1005 trbrf 101005 4472 - - 15 ibm - > > 0 0 > > > VLAN AREHops STEHops Backup CRF > > ---- ------- ------- ---------- > > 1003 7 7 off > > > Remote SPAN VLANs > > ------------------------------------------------------------------------------ > > > Primary Secondary Type Ports > > ------- --------- ----------------- > > ------------------------------------------ > > > Switch#show ip dhcp snoop > > Switch DHCP snooping is disabled > > DHCP snooping is configured on following VLANs: > > 2 > > Insertion of option 82 is enabled > > Option 82 on untrusted port is not allowed > > Verification of hwaddr field is enabled > > Interface Trusted Rate limit (pps) > > ------------------------ ------- ---------------- > > GigabitEthernet1/0/1 yes unlimited > > GigabitEthernet1/0/2 yes unlimited > > GigabitEthernet1/0/3 yes unlimited > > GigabitEthernet1/0/4 yes unlimited > > GigabitEthernet1/0/5 yes unlimited > > Why do you have an IP-helper on VLAN 2? While I would think this > wouldn't hinder anything, I would definitely remove that first, > especially since the switch sees those frames before anything else..... At first I did a shutdown cmd on the default vlan 1 and simply connected the dhcp server and the clients. I did not configure the helper- address though. Then I decided that I want an isolated subnet, in which I want to perform dhcp operations. All this is for testing network boot by-the-way. So now I have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco docs and used the ip helper-address cmd, the directions were to configure the helper-address per vlan. I tried do the helper-address per interfaces connected to the clients and this is unsupported by the cisco f/w I have 12.2(25)SEB4. |
|
|
|
|
|||
|
|
|||
| Asif |
|
Trendkill
Guest
Posts: n/a
|
On Oct 2, 7:39 pm, Asif <asif.haswa...@gmail.com> wrote:
> On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > I've been trying to configure a simple dhcp setup with the following > > > topology: > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > > Cisco3750[Port:3-5] <---> dhcp clients > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > > for dhcp requests and the proceeding dhcp traffic. > > > This is not working! > > > I connected one of the clients to the dhcp server back-2-back to > > > verify that dhcp works. > > > Am I missing something? > > > I want this to be really simple! > > > Can anyone help, please? > > > > Here is my cisco3750 running config: > > > > Current configuration : 2208 bytes > > > ! > > > version 12.2 > > > no service pad > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname Switch > > > ! > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > > enable password qlogic > > > ! > > > no aaa new-model > > > switch 1 provision ws-c3750g-24ts > > > vtp mode transparent > > > ip subnet-zero > > > ! > > > ip dhcp snooping vlan 2 > > > ! > > > ! > > > ! > > > no file verify auto > > > spanning-tree mode pvst > > > spanning-tree extend system-id > > > ! > > > vlan internal allocation policy ascending > > > ! > > > vlan 2 > > > name vlan-dhcp > > > ! > > > ! > > > interface GigabitEthernet1/0/1 > > > switchport access vlan 2 > > > switchport mode access > > > ip dhcp snooping trust > > > ! > > > interface GigabitEthernet1/0/2 > > > switchport access vlan 2 > > > switchport mode access > > > ip dhcp snooping trust > > > ! > > > interface GigabitEthernet1/0/3 > > > switchport access vlan 2 > > > switchport mode access > > > ip dhcp snooping trust > > > ! > > > interface GigabitEthernet1/0/4 > > > switchport access vlan 2 > > > switchport mode access > > > ip dhcp snooping trust > > > ! > > > interface GigabitEthernet1/0/5 > > > switchport access vlan 2 > > > switchport mode access > > > ip dhcp snooping trust > > > ! > > > interface GigabitEthernet1/0/6 > > > ! > > > interface GigabitEthernet1/0/7 > > > ! > > > interface GigabitEthernet1/0/8 > > > ! > > > interface GigabitEthernet1/0/9 > > > ! > > > interface GigabitEthernet1/0/10 > > > ! > > > interface GigabitEthernet1/0/11 > > > ! > > > interface GigabitEthernet1/0/12 > > > ! > > > interface GigabitEthernet1/0/13 > > > ! > > > interface GigabitEthernet1/0/14 > > > ! > > > interface GigabitEthernet1/0/15 > > > ! > > > interface GigabitEthernet1/0/16 > > > ! > > > interface GigabitEthernet1/0/17 > > > ! > > > interface GigabitEthernet1/0/18 > > > ! > > > interface GigabitEthernet1/0/19 > > > ! > > > interface GigabitEthernet1/0/20 > > > ! > > > interface GigabitEthernet1/0/21 > > > ! > > > interface GigabitEthernet1/0/22 > > > ! > > > interface GigabitEthernet1/0/23 > > > ! > > > interface GigabitEthernet1/0/24 > > > ! > > > interface GigabitEthernet1/0/25 > > > ! > > > interface GigabitEthernet1/0/26 > > > ! > > > interface GigabitEthernet1/0/27 > > > ! > > > interface GigabitEthernet1/0/28 > > > ! > > > interface Vlan1 > > > ip address 172.17.141.150 255.255.254.0 > > > no ip route-cache > > > no ip mroute-cache > > > shutdown > > > ! > > > interface Vlan2 > > > ip address 192.168.2.150 255.255.255.0 > > > ip helper-address 192.168.2.100 > > > ! > > > ip default-gateway 172.17.140.1 > > > no ip classless > > > no ip route static inter-vrf > > > no ip http server > > > ! > > > ! > > > ! > > > control-plane > > > ! > > > ! > > > line con 0 > > > line vty 0 4 > > > password qlogic > > > login > > > line vty 5 15 > > > password qlogic > > > login > > > ! > > > ! > > > end > > > > Switch#show vlan > > > > VLAN Name Status Ports > > > ---- -------------------------------- --------- > > > ------------------------------- > > > 1 default active Gi1/0/6, Gi1/0/7, > > > Gi1/0/8 > > > Gi1/0/9, Gi1/0/10, > > > Gi1/0/11 > > > Gi1/0/12, Gi1/0/13, > > > Gi1/0/14 > > > Gi1/0/15, Gi1/0/16, > > > Gi1/0/17 > > > Gi1/0/18, Gi1/0/19, > > > Gi1/0/20 > > > Gi1/0/21, Gi1/0/22, > > > Gi1/0/23 > > > Gi1/0/24, Gi1/0/25, > > > Gi1/0/26 > > > Gi1/0/27, Gi1/0/28 > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > > Gi1/0/3 > > > Gi1/0/4, Gi1/0/5 > > > 1002 fddi-default act/unsup > > > 1003 trcrf-default act/unsup > > > 1004 fddinet-default act/unsup > > > 1005 trbrf-default act/unsup > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > Trans1 Trans2 > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > ------ ------ > > > 1 enet 100001 1500 - - - - - > > > 0 0 > > > 2 enet 100002 1500 - - - - - > > > 0 0 > > > 1002 fddi 101002 1500 - - - - - > > > 0 0 > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > Trans1 Trans2 > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > ------ ------ > > > 1003 trcrf 101003 4472 1005 3276 - - srb > > > 0 0 > > > 1004 fdnet 101004 1500 - - - ieee - > > > 0 0 > > > 1005 trbrf 101005 4472 - - 15 ibm - > > > 0 0 > > > > VLAN AREHops STEHops Backup CRF > > > ---- ------- ------- ---------- > > > 1003 7 7 off > > > > Remote SPAN VLANs > > > ------------------------------------------------------------------------------ > > > > Primary Secondary Type Ports > > > ------- --------- ----------------- > > > ------------------------------------------ > > > > Switch#show ip dhcp snoop > > > Switch DHCP snooping is disabled > > > DHCP snooping is configured on following VLANs: > > > 2 > > > Insertion of option 82 is enabled > > > Option 82 on untrusted port is not allowed > > > Verification of hwaddr field is enabled > > > Interface Trusted Rate limit (pps) > > > ------------------------ ------- ---------------- > > > GigabitEthernet1/0/1 yes unlimited > > > GigabitEthernet1/0/2 yes unlimited > > > GigabitEthernet1/0/3 yes unlimited > > > GigabitEthernet1/0/4 yes unlimited > > > GigabitEthernet1/0/5 yes unlimited > > > Why do you have an IP-helper on VLAN 2? While I would think this > > wouldn't hinder anything, I would definitely remove that first, > > especially since the switch sees those frames before anything else..... > > At first I did a shutdown cmd on the default vlan 1 and simply > connected > the dhcp server and the clients. I did not configure the helper- > address though. > Then I decided that I want an isolated subnet, in which I want to > perform > dhcp operations. All this is for testing network boot by-the-way. So > now I > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco > docs > and used the ip helper-address cmd, the directions were to configure > the helper-address > per vlan. I tried do the helper-address per interfaces connected to > the clients and this > is unsupported by the cisco f/w I have 12.2(25)SEB4. Ip-helper is only needed for subnets that do not have a directly connected dhcp server. Additionally, you are saying your dhcp server is .100, and your ip-helper says .150. I would either make that match, or get rid of it, especially since these clients are on the same vlan. Let me know how you fare and we can move to the next phase of looking at your issue. |
|
|
|
|
|||
|
|
|||
| Trendkill |
|
Asif
Guest
Posts: n/a
|
On Oct 2, 4:41 pm, Trendkill <jpma...@gmail.com> wrote:
> On Oct 2, 7:39 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote: > > > > On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > I've been trying to configure a simple dhcp setup with the following > > > > topology: > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > > > Cisco3750[Port:3-5] <---> dhcp clients > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > > > for dhcp requests and the proceeding dhcp traffic. > > > > This is not working! > > > > I connected one of the clients to the dhcp server back-2-back to > > > > verify that dhcp works. > > > > Am I missing something? > > > > I want this to be really simple! > > > > Can anyone help, please? > > > > > Here is my cisco3750 running config: > > > > > Current configuration : 2208 bytes > > > > ! > > > > version 12.2 > > > > no service pad > > > > service timestamps debug uptime > > > > service timestamps log uptime > > > > no service password-encryption > > > > ! > > > > hostname Switch > > > > ! > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > > > enable password qlogic > > > > ! > > > > no aaa new-model > > > > switch 1 provision ws-c3750g-24ts > > > > vtp mode transparent > > > > ip subnet-zero > > > > ! > > > > ip dhcp snooping vlan 2 > > > > ! > > > > ! > > > > ! > > > > no file verify auto > > > > spanning-tree mode pvst > > > > spanning-tree extend system-id > > > > ! > > > > vlan internal allocation policy ascending > > > > ! > > > > vlan 2 > > > > name vlan-dhcp > > > > ! > > > > ! > > > > interface GigabitEthernet1/0/1 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/2 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/3 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/4 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/5 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/6 > > > > ! > > > > interface GigabitEthernet1/0/7 > > > > ! > > > > interface GigabitEthernet1/0/8 > > > > ! > > > > interface GigabitEthernet1/0/9 > > > > ! > > > > interface GigabitEthernet1/0/10 > > > > ! > > > > interface GigabitEthernet1/0/11 > > > > ! > > > > interface GigabitEthernet1/0/12 > > > > ! > > > > interface GigabitEthernet1/0/13 > > > > ! > > > > interface GigabitEthernet1/0/14 > > > > ! > > > > interface GigabitEthernet1/0/15 > > > > ! > > > > interface GigabitEthernet1/0/16 > > > > ! > > > > interface GigabitEthernet1/0/17 > > > > ! > > > > interface GigabitEthernet1/0/18 > > > > ! > > > > interface GigabitEthernet1/0/19 > > > > ! > > > > interface GigabitEthernet1/0/20 > > > > ! > > > > interface GigabitEthernet1/0/21 > > > > ! > > > > interface GigabitEthernet1/0/22 > > > > ! > > > > interface GigabitEthernet1/0/23 > > > > ! > > > > interface GigabitEthernet1/0/24 > > > > ! > > > > interface GigabitEthernet1/0/25 > > > > ! > > > > interface GigabitEthernet1/0/26 > > > > ! > > > > interface GigabitEthernet1/0/27 > > > > ! > > > > interface GigabitEthernet1/0/28 > > > > ! > > > > interface Vlan1 > > > > ip address 172.17.141.150 255.255.254.0 > > > > no ip route-cache > > > > no ip mroute-cache > > > > shutdown > > > > ! > > > > interface Vlan2 > > > > ip address 192.168.2.150 255.255.255.0 > > > > ip helper-address 192.168.2.100 > > > > ! > > > > ip default-gateway 172.17.140.1 > > > > no ip classless > > > > no ip route static inter-vrf > > > > no ip http server > > > > ! > > > > ! > > > > ! > > > > control-plane > > > > ! > > > > ! > > > > line con 0 > > > > line vty 0 4 > > > > password qlogic > > > > login > > > > line vty 5 15 > > > > password qlogic > > > > login > > > > ! > > > > ! > > > > end > > > > > Switch#show vlan > > > > > VLAN Name Status Ports > > > > ---- -------------------------------- --------- > > > > ------------------------------- > > > > 1 default active Gi1/0/6, Gi1/0/7, > > > > Gi1/0/8 > > > > Gi1/0/9, Gi1/0/10, > > > > Gi1/0/11 > > > > Gi1/0/12, Gi1/0/13, > > > > Gi1/0/14 > > > > Gi1/0/15, Gi1/0/16, > > > > Gi1/0/17 > > > > Gi1/0/18, Gi1/0/19, > > > > Gi1/0/20 > > > > Gi1/0/21, Gi1/0/22, > > > > Gi1/0/23 > > > > Gi1/0/24, Gi1/0/25, > > > > Gi1/0/26 > > > > Gi1/0/27, Gi1/0/28 > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > > > Gi1/0/3 > > > > Gi1/0/4, Gi1/0/5 > > > > 1002 fddi-default act/unsup > > > > 1003 trcrf-default act/unsup > > > > 1004 fddinet-default act/unsup > > > > 1005 trbrf-default act/unsup > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > Trans1 Trans2 > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > ------ ------ > > > > 1 enet 100001 1500 - - - - - > > > > 0 0 > > > > 2 enet 100002 1500 - - - - - > > > > 0 0 > > > > 1002 fddi 101002 1500 - - - - - > > > > 0 0 > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > Trans1 Trans2 > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > ------ ------ > > > > 1003 trcrf 101003 4472 1005 3276 - - srb > > > > 0 0 > > > > 1004 fdnet 101004 1500 - - - ieee - > > > > 0 0 > > > > 1005 trbrf 101005 4472 - - 15 ibm - > > > > 0 0 > > > > > VLAN AREHops STEHops Backup CRF > > > > ---- ------- ------- ---------- > > > > 1003 7 7 off > > > > > Remote SPAN VLANs > > > > ------------------------------------------------------------------------------ > > > > > Primary Secondary Type Ports > > > > ------- --------- ----------------- > > > > ------------------------------------------ > > > > > Switch#show ip dhcp snoop > > > > Switch DHCP snooping is disabled > > > > DHCP snooping is configured on following VLANs: > > > > 2 > > > > Insertion of option 82 is enabled > > > > Option 82 on untrusted port is not allowed > > > > Verification of hwaddr field is enabled > > > > Interface Trusted Rate limit (pps) > > > > ------------------------ ------- ---------------- > > > > GigabitEthernet1/0/1 yes unlimited > > > > GigabitEthernet1/0/2 yes unlimited > > > > GigabitEthernet1/0/3 yes unlimited > > > > GigabitEthernet1/0/4 yes unlimited > > > > GigabitEthernet1/0/5 yes unlimited > > > > Why do you have an IP-helper on VLAN 2? While I would think this > > > wouldn't hinder anything, I would definitely remove that first, > > > especially since the switch sees those frames before anything else..... > > > At first I did a shutdown cmd on the default vlan 1 and simply > > connected > > the dhcp server and the clients. I did not configure the helper- > > address though. > > Then I decided that I want an isolated subnet, in which I want to > > perform > > dhcp operations. All this is for testing network boot by-the-way. So > > now I > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco > > docs > > and used the ip helper-address cmd, the directions were to configure > > the helper-address > > per vlan. I tried do the helper-address per interfaces connected to > > the clients and this > > is unsupported by the cisco f/w I have 12.2(25)SEB4. > > Ip-helper is only needed for subnets that do not have a directly > connected dhcp server. Additionally, you are saying your dhcp server > is .100, and your ip-helper says .150. I would either make that > match, or get rid of it, especially since these clients are on the > same vlan. Let me know how you fare and we can move to the next phase > of looking at your issue. As I already mentioned, in my previous simple configuration, I simply connected the dhcp server to port 1 and clients to ports 3 through 5. I did not do anything else. This did not work. So then I found out about helper- address and proceeded to perform the current configuration. If you look once more, the helper-address is set to 192.168.2.100 and the vlan 2 ip address is set to 192.168.2.150. And I repeat my dhcp server ip address is 192.168.2.100. Here is a copy of the above snippet for your convenience: > > > > interface Vlan2 > > > > ip address 192.168.2.150 255.255.255.0 > > > > ip helper-address 192.168.2.100 |
|
|
|
|
|||
|
|
|||
| Asif |
|
Trendkill
Guest
Posts: n/a
|
On Oct 2, 7:41 pm, Trendkill <jpma...@gmail.com> wrote:
> On Oct 2, 7:39 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote: > > > > On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > I've been trying to configure a simple dhcp setup with the following > > > > topology: > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > > > Cisco3750[Port:3-5] <---> dhcp clients > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > > > for dhcp requests and the proceeding dhcp traffic. > > > > This is not working! > > > > I connected one of the clients to the dhcp server back-2-back to > > > > verify that dhcp works. > > > > Am I missing something? > > > > I want this to be really simple! > > > > Can anyone help, please? > > > > > Here is my cisco3750 running config: > > > > > Current configuration : 2208 bytes > > > > ! > > > > version 12.2 > > > > no service pad > > > > service timestamps debug uptime > > > > service timestamps log uptime > > > > no service password-encryption > > > > ! > > > > hostname Switch > > > > ! > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > > > enable password qlogic > > > > ! > > > > no aaa new-model > > > > switch 1 provision ws-c3750g-24ts > > > > vtp mode transparent > > > > ip subnet-zero > > > > ! > > > > ip dhcp snooping vlan 2 > > > > ! > > > > ! > > > > ! > > > > no file verify auto > > > > spanning-tree mode pvst > > > > spanning-tree extend system-id > > > > ! > > > > vlan internal allocation policy ascending > > > > ! > > > > vlan 2 > > > > name vlan-dhcp > > > > ! > > > > ! > > > > interface GigabitEthernet1/0/1 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/2 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/3 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/4 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/5 > > > > switchport access vlan 2 > > > > switchport mode access > > > > ip dhcp snooping trust > > > > ! > > > > interface GigabitEthernet1/0/6 > > > > ! > > > > interface GigabitEthernet1/0/7 > > > > ! > > > > interface GigabitEthernet1/0/8 > > > > ! > > > > interface GigabitEthernet1/0/9 > > > > ! > > > > interface GigabitEthernet1/0/10 > > > > ! > > > > interface GigabitEthernet1/0/11 > > > > ! > > > > interface GigabitEthernet1/0/12 > > > > ! > > > > interface GigabitEthernet1/0/13 > > > > ! > > > > interface GigabitEthernet1/0/14 > > > > ! > > > > interface GigabitEthernet1/0/15 > > > > ! > > > > interface GigabitEthernet1/0/16 > > > > ! > > > > interface GigabitEthernet1/0/17 > > > > ! > > > > interface GigabitEthernet1/0/18 > > > > ! > > > > interface GigabitEthernet1/0/19 > > > > ! > > > > interface GigabitEthernet1/0/20 > > > > ! > > > > interface GigabitEthernet1/0/21 > > > > ! > > > > interface GigabitEthernet1/0/22 > > > > ! > > > > interface GigabitEthernet1/0/23 > > > > ! > > > > interface GigabitEthernet1/0/24 > > > > ! > > > > interface GigabitEthernet1/0/25 > > > > ! > > > > interface GigabitEthernet1/0/26 > > > > ! > > > > interface GigabitEthernet1/0/27 > > > > ! > > > > interface GigabitEthernet1/0/28 > > > > ! > > > > interface Vlan1 > > > > ip address 172.17.141.150 255.255.254.0 > > > > no ip route-cache > > > > no ip mroute-cache > > > > shutdown > > > > ! > > > > interface Vlan2 > > > > ip address 192.168.2.150 255.255.255.0 > > > > ip helper-address 192.168.2.100 > > > > ! > > > > ip default-gateway 172.17.140.1 > > > > no ip classless > > > > no ip route static inter-vrf > > > > no ip http server > > > > ! > > > > ! > > > > ! > > > > control-plane > > > > ! > > > > ! > > > > line con 0 > > > > line vty 0 4 > > > > password qlogic > > > > login > > > > line vty 5 15 > > > > password qlogic > > > > login > > > > ! > > > > ! > > > > end > > > > > Switch#show vlan > > > > > VLAN Name Status Ports > > > > ---- -------------------------------- --------- > > > > ------------------------------- > > > > 1 default active Gi1/0/6, Gi1/0/7, > > > > Gi1/0/8 > > > > Gi1/0/9, Gi1/0/10, > > > > Gi1/0/11 > > > > Gi1/0/12, Gi1/0/13, > > > > Gi1/0/14 > > > > Gi1/0/15, Gi1/0/16, > > > > Gi1/0/17 > > > > Gi1/0/18, Gi1/0/19, > > > > Gi1/0/20 > > > > Gi1/0/21, Gi1/0/22, > > > > Gi1/0/23 > > > > Gi1/0/24, Gi1/0/25, > > > > Gi1/0/26 > > > > Gi1/0/27, Gi1/0/28 > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > > > Gi1/0/3 > > > > Gi1/0/4, Gi1/0/5 > > > > 1002 fddi-default act/unsup > > > > 1003 trcrf-default act/unsup > > > > 1004 fddinet-default act/unsup > > > > 1005 trbrf-default act/unsup > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > Trans1 Trans2 > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > ------ ------ > > > > 1 enet 100001 1500 - - - - - > > > > 0 0 > > > > 2 enet 100002 1500 - - - - - > > > > 0 0 > > > > 1002 fddi 101002 1500 - - - - - > > > > 0 0 > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > Trans1 Trans2 > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > ------ ------ > > > > 1003 trcrf 101003 4472 1005 3276 - - srb > > > > 0 0 > > > > 1004 fdnet 101004 1500 - - - ieee - > > > > 0 0 > > > > 1005 trbrf 101005 4472 - - 15 ibm - > > > > 0 0 > > > > > VLAN AREHops STEHops Backup CRF > > > > ---- ------- ------- ---------- > > > > 1003 7 7 off > > > > > Remote SPAN VLANs > > > > ------------------------------------------------------------------------------ > > > > > Primary Secondary Type Ports > > > > ------- --------- ----------------- > > > > ------------------------------------------ > > > > > Switch#show ip dhcp snoop > > > > Switch DHCP snooping is disabled > > > > DHCP snooping is configured on following VLANs: > > > > 2 > > > > Insertion of option 82 is enabled > > > > Option 82 on untrusted port is not allowed > > > > Verification of hwaddr field is enabled > > > > Interface Trusted Rate limit (pps) > > > > ------------------------ ------- ---------------- > > > > GigabitEthernet1/0/1 yes unlimited > > > > GigabitEthernet1/0/2 yes unlimited > > > > GigabitEthernet1/0/3 yes unlimited > > > > GigabitEthernet1/0/4 yes unlimited > > > > GigabitEthernet1/0/5 yes unlimited > > > > Why do you have an IP-helper on VLAN 2? While I would think this > > > wouldn't hinder anything, I would definitely remove that first, > > > especially since the switch sees those frames before anything else..... > > > At first I did a shutdown cmd on the default vlan 1 and simply > > connected > > the dhcp server and the clients. I did not configure the helper- > > address though. > > Then I decided that I want an isolated subnet, in which I want to > > perform > > dhcp operations. All this is for testing network boot by-the-way. So > > now I > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco > > docs > > and used the ip helper-address cmd, the directions were to configure > > the helper-address > > per vlan. I tried do the helper-address per interfaces connected to > > the clients and this > > is unsupported by the cisco f/w I have 12.2(25)SEB4. > > Ip-helper is only needed for subnets that do not have a directly > connected dhcp server. Additionally, you are saying your dhcp server > is .100, and your ip-helper says .150. I would either make that > match, or get rid of it, especially since these clients are on the > same vlan. Let me know how you fare and we can move to the next phase > of looking at your issue. I'm sorry, the helper address does match. Regardless, you shouldn't need it on the same vlan as the dhcp server, so I'd still try to remove and test. Additionally, your show ip int brief show all ports as up/active as needed? |
|
|
|
|
|||
|
|
|||
| Trendkill |
|
Trendkill
Guest
Posts: n/a
|
On Oct 2, 8:00 pm, Trendkill <jpma...@gmail.com> wrote:
> On Oct 2, 7:41 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > On Oct 2, 7:39 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > > I've been trying to configure a simple dhcp setup with the following > > > > > topology: > > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > > > > Cisco3750[Port:3-5] <---> dhcp clients > > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > > > > for dhcp requests and the proceeding dhcp traffic. > > > > > This is not working! > > > > > I connected one of the clients to the dhcp server back-2-back to > > > > > verify that dhcp works. > > > > > Am I missing something? > > > > > I want this to be really simple! > > > > > Can anyone help, please? > > > > > > Here is my cisco3750 running config: > > > > > > Current configuration : 2208 bytes > > > > > ! > > > > > version 12.2 > > > > > no service pad > > > > > service timestamps debug uptime > > > > > service timestamps log uptime > > > > > no service password-encryption > > > > > ! > > > > > hostname Switch > > > > > ! > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > > > > enable password qlogic > > > > > ! > > > > > no aaa new-model > > > > > switch 1 provision ws-c3750g-24ts > > > > > vtp mode transparent > > > > > ip subnet-zero > > > > > ! > > > > > ip dhcp snooping vlan 2 > > > > > ! > > > > > ! > > > > > ! > > > > > no file verify auto > > > > > spanning-tree mode pvst > > > > > spanning-tree extend system-id > > > > > ! > > > > > vlan internal allocation policy ascending > > > > > ! > > > > > vlan 2 > > > > > name vlan-dhcp > > > > > ! > > > > > ! > > > > > interface GigabitEthernet1/0/1 > > > > > switchport access vlan 2 > > > > > switchport mode access > > > > > ip dhcp snooping trust > > > > > ! > > > > > interface GigabitEthernet1/0/2 > > > > > switchport access vlan 2 > > > > > switchport mode access > > > > > ip dhcp snooping trust > > > > > ! > > > > > interface GigabitEthernet1/0/3 > > > > > switchport access vlan 2 > > > > > switchport mode access > > > > > ip dhcp snooping trust > > > > > ! > > > > > interface GigabitEthernet1/0/4 > > > > > switchport access vlan 2 > > > > > switchport mode access > > > > > ip dhcp snooping trust > > > > > ! > > > > > interface GigabitEthernet1/0/5 > > > > > switchport access vlan 2 > > > > > switchport mode access > > > > > ip dhcp snooping trust > > > > > ! > > > > > interface GigabitEthernet1/0/6 > > > > > ! > > > > > interface GigabitEthernet1/0/7 > > > > > ! > > > > > interface GigabitEthernet1/0/8 > > > > > ! > > > > > interface GigabitEthernet1/0/9 > > > > > ! > > > > > interface GigabitEthernet1/0/10 > > > > > ! > > > > > interface GigabitEthernet1/0/11 > > > > > ! > > > > > interface GigabitEthernet1/0/12 > > > > > ! > > > > > interface GigabitEthernet1/0/13 > > > > > ! > > > > > interface GigabitEthernet1/0/14 > > > > > ! > > > > > interface GigabitEthernet1/0/15 > > > > > ! > > > > > interface GigabitEthernet1/0/16 > > > > > ! > > > > > interface GigabitEthernet1/0/17 > > > > > ! > > > > > interface GigabitEthernet1/0/18 > > > > > ! > > > > > interface GigabitEthernet1/0/19 > > > > > ! > > > > > interface GigabitEthernet1/0/20 > > > > > ! > > > > > interface GigabitEthernet1/0/21 > > > > > ! > > > > > interface GigabitEthernet1/0/22 > > > > > ! > > > > > interface GigabitEthernet1/0/23 > > > > > ! > > > > > interface GigabitEthernet1/0/24 > > > > > ! > > > > > interface GigabitEthernet1/0/25 > > > > > ! > > > > > interface GigabitEthernet1/0/26 > > > > > ! > > > > > interface GigabitEthernet1/0/27 > > > > > ! > > > > > interface GigabitEthernet1/0/28 > > > > > ! > > > > > interface Vlan1 > > > > > ip address 172.17.141.150 255.255.254.0 > > > > > no ip route-cache > > > > > no ip mroute-cache > > > > > shutdown > > > > > ! > > > > > interface Vlan2 > > > > > ip address 192.168.2.150 255.255.255.0 > > > > > ip helper-address 192.168.2.100 > > > > > ! > > > > > ip default-gateway 172.17.140.1 > > > > > no ip classless > > > > > no ip route static inter-vrf > > > > > no ip http server > > > > > ! > > > > > ! > > > > > ! > > > > > control-plane > > > > > ! > > > > > ! > > > > > line con 0 > > > > > line vty 0 4 > > > > > password qlogic > > > > > login > > > > > line vty 5 15 > > > > > password qlogic > > > > > login > > > > > ! > > > > > ! > > > > > end > > > > > > Switch#show vlan > > > > > > VLAN Name Status Ports > > > > > ---- -------------------------------- --------- > > > > > ------------------------------- > > > > > 1 default active Gi1/0/6, Gi1/0/7, > > > > > Gi1/0/8 > > > > > Gi1/0/9, Gi1/0/10, > > > > > Gi1/0/11 > > > > > Gi1/0/12, Gi1/0/13, > > > > > Gi1/0/14 > > > > > Gi1/0/15, Gi1/0/16, > > > > > Gi1/0/17 > > > > > Gi1/0/18, Gi1/0/19, > > > > > Gi1/0/20 > > > > > Gi1/0/21, Gi1/0/22, > > > > > Gi1/0/23 > > > > > Gi1/0/24, Gi1/0/25, > > > > > Gi1/0/26 > > > > > Gi1/0/27, Gi1/0/28 > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > > > > Gi1/0/3 > > > > > Gi1/0/4, Gi1/0/5 > > > > > 1002 fddi-default act/unsup > > > > > 1003 trcrf-default act/unsup > > > > > 1004 fddinet-default act/unsup > > > > > 1005 trbrf-default act/unsup > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > Trans1 Trans2 > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > ------ ------ > > > > > 1 enet 100001 1500 - - - - - > > > > > 0 0 > > > > > 2 enet 100002 1500 - - - - - > > > > > 0 0 > > > > > 1002 fddi 101002 1500 - - - - - > > > > > 0 0 > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > Trans1 Trans2 > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > ------ ------ > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb > > > > > 0 0 > > > > > 1004 fdnet 101004 1500 - - - ieee - > > > > > 0 0 > > > > > 1005 trbrf 101005 4472 - - 15 ibm - > > > > > 0 0 > > > > > > VLAN AREHops STEHops Backup CRF > > > > > ---- ------- ------- ---------- > > > > > 1003 7 7 off > > > > > > Remote SPAN VLANs > > > > > ------------------------------------------------------------------------------ > > > > > > Primary Secondary Type Ports > > > > > ------- --------- ----------------- > > > > > ------------------------------------------ > > > > > > Switch#show ip dhcp snoop > > > > > Switch DHCP snooping is disabled > > > > > DHCP snooping is configured on following VLANs: > > > > > 2 > > > > > Insertion of option 82 is enabled > > > > > Option 82 on untrusted port is not allowed > > > > > Verification of hwaddr field is enabled > > > > > Interface Trusted Rate limit (pps) > > > > > ------------------------ ------- ---------------- > > > > > GigabitEthernet1/0/1 yes unlimited > > > > > GigabitEthernet1/0/2 yes unlimited > > > > > GigabitEthernet1/0/3 yes unlimited > > > > > GigabitEthernet1/0/4 yes unlimited > > > > > GigabitEthernet1/0/5 yes unlimited > > > > > Why do you have an IP-helper on VLAN 2? While I would think this > > > > wouldn't hinder anything, I would definitely remove that first, > > > > especially since the switch sees those frames before anything else..... > > > > At first I did a shutdown cmd on the default vlan 1 and simply > > > connected > > > the dhcp server and the clients. I did not configure the helper- > > > address though. > > > Then I decided that I want an isolated subnet, in which I want to > > > perform > > > dhcp operations. All this is for testing network boot by-the-way. So > > > now I > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco > > > docs > > > and used the ip helper-address cmd, the directions were to configure > > > the helper-address > > > per vlan. I tried do the helper-address per interfaces connected to > > > the clients and this > > > is unsupported by the cisco f/w I have 12.2(25)SEB4. > > > Ip-helper is only needed for subnets that do not have a directly > > connected dhcp server. Additionally, you are saying your dhcp server > > is .100, and your ip-helper says .150. I would either make that > > match, or get rid of it, especially since these clients are on the > > same vlan. Let me know how you fare and we can move to the next phase > > of looking at your issue. > > I'm sorry, the helper address does match. Regardless, you shouldn't > need it on the same vlan as the dhcp server, so I'd still try to > remove and test. Additionally, your show ip int brief show all ports > as up/active as needed? Ok, I saw your latest post. Can you ping the dhcp server from the switch? What happens when you do an extended ping (and choose a source interface of the VLAN 2 IP address)? If ping is successful, can you try to set one of the clients to a hard coded IP and do the same test? Can you ping between the static IPed client and the dhcp server? Does show mac-address-table show macs for the clients when they first connect as they should? |
|
|
|
|
|||
|
|
|||
| Trendkill |
|
Asif
Guest
Posts: n/a
|
On Oct 2, 5:02 pm, Trendkill <jpma...@gmail.com> wrote:
> On Oct 2, 8:00 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > On Oct 2, 7:41 pm, Trendkill <jpma...@gmail.com> wrote: > > > > On Oct 2, 7:39 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > > On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > > > I've been trying to configure a simple dhcp setup with the following > > > > > > topology: > > > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > > > > > Cisco3750[Port:3-5] <---> dhcp clients > > > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > > > > > for dhcp requests and the proceeding dhcp traffic. > > > > > > This is not working! > > > > > > I connected one of the clients to the dhcp server back-2-back to > > > > > > verify that dhcp works. > > > > > > Am I missing something? > > > > > > I want this to be really simple! > > > > > > Can anyone help, please? > > > > > > > Here is my cisco3750 running config: > > > > > > > Current configuration : 2208 bytes > > > > > > ! > > > > > > version 12.2 > > > > > > no service pad > > > > > > service timestamps debug uptime > > > > > > service timestamps log uptime > > > > > > no service password-encryption > > > > > > ! > > > > > > hostname Switch > > > > > > ! > > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > > > > > enable password qlogic > > > > > > ! > > > > > > no aaa new-model > > > > > > switch 1 provision ws-c3750g-24ts > > > > > > vtp mode transparent > > > > > > ip subnet-zero > > > > > > ! > > > > > > ip dhcp snooping vlan 2 > > > > > > ! > > > > > > ! > > > > > > ! > > > > > > no file verify auto > > > > > > spanning-tree mode pvst > > > > > > spanning-tree extend system-id > > > > > > ! > > > > > > vlan internal allocation policy ascending > > > > > > ! > > > > > > vlan 2 > > > > > > name vlan-dhcp > > > > > > ! > > > > > > ! > > > > > > interface GigabitEthernet1/0/1 > > > > > > switchport access vlan 2 > > > > > > switchport mode access > > > > > > ip dhcp snooping trust > > > > > > ! > > > > > > interface GigabitEthernet1/0/2 > > > > > > switchport access vlan 2 > > > > > > switchport mode access > > > > > > ip dhcp snooping trust > > > > > > ! > > > > > > interface GigabitEthernet1/0/3 > > > > > > switchport access vlan 2 > > > > > > switchport mode access > > > > > > ip dhcp snooping trust > > > > > > ! > > > > > > interface GigabitEthernet1/0/4 > > > > > > switchport access vlan 2 > > > > > > switchport mode access > > > > > > ip dhcp snooping trust > > > > > > ! > > > > > > interface GigabitEthernet1/0/5 > > > > > > switchport access vlan 2 > > > > > > switchport mode access > > > > > > ip dhcp snooping trust > > > > > > ! > > > > > > interface GigabitEthernet1/0/6 > > > > > > ! > > > > > > interface GigabitEthernet1/0/7 > > > > > > ! > > > > > > interface GigabitEthernet1/0/8 > > > > > > ! > > > > > > interface GigabitEthernet1/0/9 > > > > > > ! > > > > > > interface GigabitEthernet1/0/10 > > > > > > ! > > > > > > interface GigabitEthernet1/0/11 > > > > > > ! > > > > > > interface GigabitEthernet1/0/12 > > > > > > ! > > > > > > interface GigabitEthernet1/0/13 > > > > > > ! > > > > > > interface GigabitEthernet1/0/14 > > > > > > ! > > > > > > interface GigabitEthernet1/0/15 > > > > > > ! > > > > > > interface GigabitEthernet1/0/16 > > > > > > ! > > > > > > interface GigabitEthernet1/0/17 > > > > > > ! > > > > > > interface GigabitEthernet1/0/18 > > > > > > ! > > > > > > interface GigabitEthernet1/0/19 > > > > > > ! > > > > > > interface GigabitEthernet1/0/20 > > > > > > ! > > > > > > interface GigabitEthernet1/0/21 > > > > > > ! > > > > > > interface GigabitEthernet1/0/22 > > > > > > ! > > > > > > interface GigabitEthernet1/0/23 > > > > > > ! > > > > > > interface GigabitEthernet1/0/24 > > > > > > ! > > > > > > interface GigabitEthernet1/0/25 > > > > > > ! > > > > > > interface GigabitEthernet1/0/26 > > > > > > ! > > > > > > interface GigabitEthernet1/0/27 > > > > > > ! > > > > > > interface GigabitEthernet1/0/28 > > > > > > ! > > > > > > interface Vlan1 > > > > > > ip address 172.17.141.150 255.255.254.0 > > > > > > no ip route-cache > > > > > > no ip mroute-cache > > > > > > shutdown > > > > > > ! > > > > > > interface Vlan2 > > > > > > ip address 192.168.2.150 255.255.255.0 > > > > > > ip helper-address 192.168.2.100 > > > > > > ! > > > > > > ip default-gateway 172.17.140.1 > > > > > > no ip classless > > > > > > no ip route static inter-vrf > > > > > > no ip http server > > > > > > ! > > > > > > ! > > > > > > ! > > > > > > control-plane > > > > > > ! > > > > > > ! > > > > > > line con 0 > > > > > > line vty 0 4 > > > > > > password qlogic > > > > > > login > > > > > > line vty 5 15 > > > > > > password qlogic > > > > > > login > > > > > > ! > > > > > > ! > > > > > > end > > > > > > > Switch#show vlan > > > > > > > VLAN Name Status Ports > > > > > > ---- -------------------------------- --------- > > > > > > ------------------------------- > > > > > > 1 default active Gi1/0/6, Gi1/0/7, > > > > > > Gi1/0/8 > > > > > > Gi1/0/9, Gi1/0/10, > > > > > > Gi1/0/11 > > > > > > Gi1/0/12, Gi1/0/13, > > > > > > Gi1/0/14 > > > > > > Gi1/0/15, Gi1/0/16, > > > > > > Gi1/0/17 > > > > > > Gi1/0/18, Gi1/0/19, > > > > > > Gi1/0/20 > > > > > > Gi1/0/21, Gi1/0/22, > > > > > > Gi1/0/23 > > > > > > Gi1/0/24, Gi1/0/25, > > > > > > Gi1/0/26 > > > > > > Gi1/0/27, Gi1/0/28 > > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > > > > > Gi1/0/3 > > > > > > Gi1/0/4, Gi1/0/5 > > > > > > 1002 fddi-default act/unsup > > > > > > 1003 trcrf-default act/unsup > > > > > > 1004 fddinet-default act/unsup > > > > > > 1005 trbrf-default act/unsup > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > > Trans1 Trans2 > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > > ------ ------ > > > > > > 1 enet 100001 1500 - - - - - > > > > > > 0 0 > > > > > > 2 enet 100002 1500 - - - - - > > > > > > 0 0 > > > > > > 1002 fddi 101002 1500 - - - - - > > > > > > 0 0 > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > > Trans1 Trans2 > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > > ------ ------ > > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb > > > > > > 0 0 > > > > > > 1004 fdnet 101004 1500 - - - ieee - > > > > > > 0 0 > > > > > > 1005 trbrf 101005 4472 - - 15 ibm - > > > > > > 0 0 > > > > > > > VLAN AREHops STEHops Backup CRF > > > > > > ---- ------- ------- ---------- > > > > > > 1003 7 7 off > > > > > > > Remote SPAN VLANs > > > > > > ------------------------------------------------------------------------------ > > > > > > > Primary Secondary Type Ports > > > > > > ------- --------- ----------------- > > > > > > ------------------------------------------ > > > > > > > Switch#show ip dhcp snoop > > > > > > Switch DHCP snooping is disabled > > > > > > DHCP snooping is configured on following VLANs: > > > > > > 2 > > > > > > Insertion of option 82 is enabled > > > > > > Option 82 on untrusted port is not allowed > > > > > > Verification of hwaddr field is enabled > > > > > > Interface Trusted Rate limit (pps) > > > > > > ------------------------ ------- ---------------- > > > > > > GigabitEthernet1/0/1 yes unlimited > > > > > > GigabitEthernet1/0/2 yes unlimited > > > > > > GigabitEthernet1/0/3 yes unlimited > > > > > > GigabitEthernet1/0/4 yes unlimited > > > > > > GigabitEthernet1/0/5 yes unlimited > > > > > > Why do you have an IP-helper on VLAN 2? While I would think this > > > > > wouldn't hinder anything, I would definitely remove that first, > > > > > especially since the switch sees those frames before anything else..... > > > > > At first I did a shutdown cmd on the default vlan 1 and simply > > > > connected > > > > the dhcp server and the clients. I did not configure the helper- > > > > address though. > > > > Then I decided that I want an isolated subnet, in which I want to > > > > perform > > > > dhcp operations. All this is for testing network boot by-the-way. So > > > > now I > > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco > > > > docs > > > > and used the ip helper-address cmd, the directions were to configure > > > > the helper-address > > > > per vlan. I tried do the helper-address per interfaces connected to > > > > the clients and this > > > > is unsupported by the cisco f/w I have 12.2(25)SEB4. > > > > Ip-helper is only needed for subnets that do not have a directly > > > connected dhcp server. Additionally, you are saying your dhcp server > > > is .100, and your ip-helper says .150. I would either make that > > > match, or get rid of it, especially since these clients are on the > > > same vlan. Let me know how you fare and we can move to the next phase > > > of looking at your issue. > > > I'm sorry, the helper address does match. Regardless, you shouldn't > > need it on the same vlan as the dhcp server, so I'd still try to > > remove and test. Additionally, your show ip int brief show all ports > > as up/active as needed? > > Ok, I saw your latest post. Can you ping the dhcp server from the > switch? What happens when you do an extended ping (and choose a > source interface of the VLAN 2 IP address)? If ping is successful, > can you try to set one of the clients to a hard coded IP and do the > same test? Can you ping between the static IPed client and the dhcp > server? Does show mac-address-table show macs for the clients when > they first connect as they should? Did several of these from the switch and it works: Switch#ping 192.168.2.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds: !!!!! On the dhcp client system: # ping 192.168.2.100 192.168.2.100 is alive As I understand, broadcast pkts to 255.255.255.255 are not allowed to be propagate across the switch ports by default and my guess is that this is the problem I am facing with the dhcp operation. But then I though that the ip helper-address was meant to address this issue. But you are saying that the helper-address is used for subnet to subnet traffic flow in particular for dhcp. Anyway, I do appreciate your help so far. All the checks you suggested work so far. I tried the dhcp boot and it still fails. I have not changed anything yet. |
|
|
|
|
|||
|
|
|||
| Asif |
|
Merv
Guest
Posts: n/a
|
On Oct 2, 8:28 pm, Asif <asif.haswa...@gmail.com> wrote:
> On Oct 2, 5:02 pm, Trendkill <jpma...@gmail.com> wrote: > > > On Oct 2, 8:00 pm, Trendkill <jpma...@gmail.com> wrote: > > > > On Oct 2, 7:41 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > On Oct 2, 7:39 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > > On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > > > On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > > > > I've been trying to configure a simple dhcp setup with the following > > > > > > > topology: > > > > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > > > > > > Cisco3750[Port:3-5] <---> dhcp clients > > > > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > > > > > > for dhcp requests and the proceeding dhcp traffic. > > > > > > > This is not working! > > > > > > > I connected one of the clients to the dhcp server back-2-back to > > > > > > > verify that dhcp works. > > > > > > > Am I missing something? > > > > > > > I want this to be really simple! > > > > > > > Can anyone help, please? > > > > > > > > Here is my cisco3750 running config: > > > > > > > > Current configuration : 2208 bytes > > > > > > > ! > > > > > > > version 12.2 > > > > > > > no service pad > > > > > > > service timestamps debug uptime > > > > > > > service timestamps log uptime > > > > > > > no service password-encryption > > > > > > > ! > > > > > > > hostname Switch > > > > > > > ! > > > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > > > > > > enable password qlogic > > > > > > > ! > > > > > > > no aaa new-model > > > > > > > switch 1 provision ws-c3750g-24ts > > > > > > > vtp mode transparent > > > > > > > ip subnet-zero > > > > > > > ! > > > > > > > ip dhcp snooping vlan 2 > > > > > > > ! > > > > > > > ! > > > > > > > ! > > > > > > > no file verify auto > > > > > > > spanning-tree mode pvst > > > > > > > spanning-tree extend system-id > > > > > > > ! > > > > > > > vlan internal allocation policy ascending > > > > > > > ! > > > > > > > vlan 2 > > > > > > > name vlan-dhcp > > > > > > > ! > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/1 > > > > > > > switchport access vlan 2 > > > > > > > switchport mode access > > > > > > > ip dhcp snooping trust > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/2 > > > > > > > switchport access vlan 2 > > > > > > > switchport mode access > > > > > > > ip dhcp snooping trust > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/3 > > > > > > > switchport access vlan 2 > > > > > > > switchport mode access > > > > > > > ip dhcp snooping trust > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/4 > > > > > > > switchport access vlan 2 > > > > > > > switchport mode access > > > > > > > ip dhcp snooping trust > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/5 > > > > > > > switchport access vlan 2 > > > > > > > switchport mode access > > > > > > > ip dhcp snooping trust > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/6 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/7 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/8 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/9 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/10 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/11 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/12 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/13 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/14 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/15 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/16 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/17 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/18 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/19 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/20 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/21 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/22 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/23 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/24 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/25 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/26 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/27 > > > > > > > ! > > > > > > > interface GigabitEthernet1/0/28 > > > > > > > ! > > > > > > > interface Vlan1 > > > > > > > ip address 172.17.141.150 255.255.254.0 > > > > > > > no ip route-cache > > > > > > > no ip mroute-cache > > > > > > > shutdown > > > > > > > ! > > > > > > > interface Vlan2 > > > > > > > ip address 192.168.2.150 255.255.255.0 > > > > > > > ip helper-address 192.168.2.100 > > > > > > > ! > > > > > > > ip default-gateway 172.17.140.1 > > > > > > > no ip classless > > > > > > > no ip route static inter-vrf > > > > > > > no ip http server > > > > > > > ! > > > > > > > ! > > > > > > > ! > > > > > > > control-plane > > > > > > > ! > > > > > > > ! > > > > > > > line con 0 > > > > > > > line vty 0 4 > > > > > > > password qlogic > > > > > > > login > > > > > > > line vty 5 15 > > > > > > > password qlogic > > > > > > > login > > > > > > > ! > > > > > > > ! > > > > > > > end > > > > > > > > Switch#show vlan > > > > > > > > VLAN Name Status Ports > > > > > > > ---- -------------------------------- --------- > > > > > > > ------------------------------- > > > > > > > 1 default active Gi1/0/6, Gi1/0/7, > > > > > > > Gi1/0/8 > > > > > > > Gi1/0/9, Gi1/0/10, > > > > > > > Gi1/0/11 > > > > > > > Gi1/0/12, Gi1/0/13, > > > > > > > Gi1/0/14 > > > > > > > Gi1/0/15, Gi1/0/16, > > > > > > > Gi1/0/17 > > > > > > > Gi1/0/18, Gi1/0/19, > > > > > > > Gi1/0/20 > > > > > > > Gi1/0/21, Gi1/0/22, > > > > > > > Gi1/0/23 > > > > > > > Gi1/0/24, Gi1/0/25, > > > > > > > Gi1/0/26 > > > > > > > Gi1/0/27, Gi1/0/28 > > > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > > > > > > Gi1/0/3 > > > > > > > Gi1/0/4, Gi1/0/5 > > > > > > > 1002 fddi-default act/unsup > > > > > > > 1003 trcrf-default act/unsup > > > > > > > 1004 fddinet-default act/unsup > > > > > > > 1005 trbrf-default act/unsup > > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > > > Trans1 Trans2 > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > > > ------ ------ > > > > > > > 1 enet 100001 1500 - - - - - > > > > > > > 0 0 > > > > > > > 2 enet 100002 1500 - - - - - > > > > > > > 0 0 > > > > > > > 1002 fddi 101002 1500 - - - - - > > > > > > > 0 0 > > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > > > Trans1 Trans2 > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > > > ------ ------ > > > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb > > > > > > > 0 0 > > > > > > > 1004 fdnet 101004 1500 - - - ieee - > > > > > > > 0 0 > > > > > > > 1005 trbrf 101005 4472 - - 15 ibm - > > > > > > > 0 0 > > > > > > > > VLAN AREHops STEHops Backup CRF > > > > > > > ---- ------- ------- ---------- > > > > > > > 1003 7 7 off > > > > > > > > Remote SPAN VLANs > > > > > > > ---------------------------------------------------------------------------*--- > > > > > > > > Primary Secondary Type Ports > > > > > > > ------- --------- ----------------- > > > > > > > ------------------------------------------ > > > > > > > > Switch#show ip dhcp snoop > > > > > > > Switch DHCP snooping is disabled > > > > > > > DHCP snooping is configured on following VLANs: > > > > > > > 2 > > > > > > > Insertion of option 82 is enabled > > > > > > > Option 82 on untrusted port is not allowed > > > > > > > Verification of hwaddr field is enabled > > > > > > > Interface Trusted Rate limit (pps) > > > > > > > ------------------------ ------- ---------------- > > > > > > > GigabitEthernet1/0/1 yes unlimited > > > > > > > GigabitEthernet1/0/2 yes unlimited > > > > > > > GigabitEthernet1/0/3 yes unlimited > > > > > > > GigabitEthernet1/0/4 yes unlimited > > > > > > > GigabitEthernet1/0/5 yes unlimited > > > > > > > Why do you have an IP-helper on VLAN 2? While I would think this > > > > > > wouldn't hinder anything, I would definitely remove that first, > > > > > > especially since the switch sees those frames before anything else..... > > > > > > At first I did a shutdown cmd on the default vlan 1 and simply > > > > > connected > > > > > the dhcp server and the clients. I did not configure the helper- > > > > > address though. > > > > > Then I decided that I want an isolated subnet, in which I want to > > > > > perform > > > > > dhcp operations. All this is for testing network boot by-the-way. So > > > > > now I > > > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco > > > > > docs > > > > > and used the ip helper-address cmd, the directions were to configure > > > > > the helper-address > > > > > per vlan. I tried do the helper-address per interfaces connected to > > > > > the clients and this > > > > > is unsupported by the cisco f/w I have 12.2(25)SEB4. > > > > > Ip-helper is only needed for subnets that do not have a directly > > > > connected dhcp server. Additionally, you are saying your dhcp server > > > > is .100, and your ip-helper says .150. I would either make that > > > > match, or get rid of it, especially since these clients are on the > > > > same vlan. Let me know how you fare and we can move to the next phase > > > > of looking at your issue. > > > > I'm sorry, the helper address does match. Regardless, you shouldn't > > > need it on the same vlan as the dhcp server, so I'd still try to > > > remove and test. Additionally, your show ip int brief show all ports > > > as up/active as needed? > > > Ok, I saw your latest post. Can you ping the dhcp server from the > > switch? What happens when you do an extended ping (and choose a > > source interface of the VLAN 2 IP address)? If ping is successful, > > can you try to set one of the clients to a hard coded IP and do the > > same test? Can you ping between the static IPed client and the dhcp > > server? Does show mac-address-table show macs for the clients when > > they first connect as they should? > > Did several of these from the switch and it works: > > Switch#ping 192.168.2.100 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds: > !!!!! > > On the dhcp client system: > > # ping 192.168.2.100 > 192.168.2.100 is alive > > As I understand, broadcast pkts to 255.255.255.255 are not allowed > to be propagate across the switch ports by default and my guess is > that this is the problem I am facing with the dhcp operation. > But then I though that the ip helper-address was meant to address > this issue. But you are saying that the helper-address is used for > subnet to subnet traffic flow in particular for dhcp. > Anyway, I do appreciate your help so far. > All the checks you suggested work so far. I tried the dhcp boot > and it still fails. I have not changed anything yet. Suggest you remove the DHCPP snooping commands from all VLAN 2 in case there is an IOS bug. Post the output of show version. Broadcast packets must be received by all active devices in the same VLAN. Is the DHCP server known to be working - what DHCP server prodcut is it ? You could also try connecting a DHCP client PC and the DHCP server back to back using a crossover cable to see if the DHCP cient get a lease |
|
|
|
|
|||
|
|
|||
| Merv |
|
Asif
Guest
Posts: n/a
|
On Oct 3, 12:39 am, Merv <merv.hr...@rogers.com> wrote:
> On Oct 2, 8:28 pm, Asif <asif.haswa...@gmail.com> wrote: > > > On Oct 2, 5:02 pm, Trendkill <jpma...@gmail.com> wrote: > > > > On Oct 2, 8:00 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > On Oct 2, 7:41 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > > On Oct 2, 7:39 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > > > On Oct 2, 4:29 pm, Trendkill <jpma...@gmail.com> wrote: > > > > > > > > On Oct 2, 6:48 pm, Asif <asif.haswa...@gmail.com> wrote: > > > > > > > > > I've been trying to configure a simple dhcp setup with the following > > > > > > > > topology: > > > > > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100 > > > > > > > > Cisco3750[Port:3-5] <---> dhcp clients > > > > > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look > > > > > > > > for dhcp requests and the proceeding dhcp traffic. > > > > > > > > This is not working! > > > > > > > > I connected one of the clients to the dhcp server back-2-back to > > > > > > > > verify that dhcp works. > > > > > > > > Am I missing something? > > > > > > > > I want this to be really simple! > > > > > > > > Can anyone help, please? > > > > > > > > > Here is my cisco3750 running config: > > > > > > > > > Current configuration : 2208 bytes > > > > > > > > ! > > > > > > > > version 12.2 > > > > > > > > no service pad > > > > > > > > service timestamps debug uptime > > > > > > > > service timestamps log uptime > > > > > > > > no service password-encryption > > > > > > > > ! > > > > > > > > hostname Switch > > > > > > > > ! > > > > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/ > > > > > > > > enable password qlogic > > > > > > > > ! > > > > > > > > no aaa new-model > > > > > > > > switch 1 provision ws-c3750g-24ts > > > > > > > > vtp mode transparent > > > > > > > > ip subnet-zero > > > > > > > > ! > > > > > > > > ip dhcp snooping vlan 2 > > > > > > > > ! > > > > > > > > ! > > > > > > > > ! > > > > > > > > no file verify auto > > > > > > > > spanning-tree mode pvst > > > > > > > > spanning-tree extend system-id > > > > > > > > ! > > > > > > > > vlan internal allocation policy ascending > > > > > > > > ! > > > > > > > > vlan 2 > > > > > > > > name vlan-dhcp > > > > > > > > ! > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/1 > > > > > > > > switchport access vlan 2 > > > > > > > > switchport mode access > > > > > > > > ip dhcp snooping trust > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/2 > > > > > > > > switchport access vlan 2 > > > > > > > > switchport mode access > > > > > > > > ip dhcp snooping trust > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/3 > > > > > > > > switchport access vlan 2 > > > > > > > > switchport mode access > > > > > > > > ip dhcp snooping trust > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/4 > > > > > > > > switchport access vlan 2 > > > > > > > > switchport mode access > > > > > > > > ip dhcp snooping trust > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/5 > > > > > > > > switchport access vlan 2 > > > > > > > > switchport mode access > > > > > > > > ip dhcp snooping trust > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/6 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/7 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/8 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/9 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/10 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/11 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/12 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/13 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/14 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/15 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/16 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/17 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/18 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/19 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/20 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/21 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/22 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/23 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/24 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/25 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/26 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/27 > > > > > > > > ! > > > > > > > > interface GigabitEthernet1/0/28 > > > > > > > > ! > > > > > > > > interface Vlan1 > > > > > > > > ip address 172.17.141.150 255.255.254.0 > > > > > > > > no ip route-cache > > > > > > > > no ip mroute-cache > > > > > > > > shutdown > > > > > > > > ! > > > > > > > > interface Vlan2 > > > > > > > > ip address 192.168.2.150 255.255.255.0 > > > > > > > > ip helper-address 192.168.2.100 > > > > > > > > ! > > > > > > > > ip default-gateway 172.17.140.1 > > > > > > > > no ip classless > > > > > > > > no ip route static inter-vrf > > > > > > > > no ip http server > > > > > > > > ! > > > > > > > > ! > > > > > > > > ! > > > > > > > > control-plane > > > > > > > > ! > > > > > > > > ! > > > > > > > > line con 0 > > > > > > > > line vty 0 4 > > > > > > > > password qlogic > > > > > > > > login > > > > > > > > line vty 5 15 > > > > > > > > password qlogic > > > > > > > > login > > > > > > > > ! > > > > > > > > ! > > > > > > > > end > > > > > > > > > Switch#show vlan > > > > > > > > > VLAN Name Status Ports > > > > > > > > ---- -------------------------------- --------- > > > > > > > > ------------------------------- > > > > > > > > 1 default active Gi1/0/6, Gi1/0/7, > > > > > > > > Gi1/0/8 > > > > > > > > Gi1/0/9, Gi1/0/10, > > > > > > > > Gi1/0/11 > > > > > > > > Gi1/0/12, Gi1/0/13, > > > > > > > > Gi1/0/14 > > > > > > > > Gi1/0/15, Gi1/0/16, > > > > > > > > Gi1/0/17 > > > > > > > > Gi1/0/18, Gi1/0/19, > > > > > > > > Gi1/0/20 > > > > > > > > Gi1/0/21, Gi1/0/22, > > > > > > > > Gi1/0/23 > > > > > > > > Gi1/0/24, Gi1/0/25, > > > > > > > > Gi1/0/26 > > > > > > > > Gi1/0/27, Gi1/0/28 > > > > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2, > > > > > > > > Gi1/0/3 > > > > > > > > Gi1/0/4, Gi1/0/5 > > > > > > > > 1002 fddi-default act/unsup > > > > > > > > 1003 trcrf-default act/unsup > > > > > > > > 1004 fddinet-default act/unsup > > > > > > > > 1005 trbrf-default act/unsup > > > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > > > > Trans1 Trans2 > > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > > > > ------ ------ > > > > > > > > 1 enet 100001 1500 - - - - - > > > > > > > > 0 0 > > > > > > > > 2 enet 100002 1500 - - - - - > > > > > > > > 0 0 > > > > > > > > 1002 fddi 101002 1500 - - - - - > > > > > > > > 0 0 > > > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode > > > > > > > > Trans1 Trans2 > > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- -------- > > > > > > > > ------ ------ > > > > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb > > > > > > > > 0 0 > > > > > > > > 1004 fdnet 101004 1500 - - - ieee - > > > > > > > > 0 0 > > > > > > > > 1005 trbrf 101005 4472 - - 15 ibm - > > > > > > > > 0 0 > > > > > > > > > VLAN AREHops STEHops Backup CRF > > > > > > > > ---- ------- ------- ---------- > > > > > > > > 1003 7 7 off > > > > > > > > > Remote SPAN VLANs > > > > > > > > ---------------------------------------------------------------------------*--- > > > > > > > > > Primary Secondary Type Ports > > > > > > > > ------- --------- ----------------- > > > > > > > > ------------------------------------------ > > > > > > > > > Switch#show ip dhcp snoop > > > > > > > > Switch DHCP snooping is disabled > > > > > > > > DHCP snooping is configured on following VLANs: > > > > > > > > 2 > > > > > > > > Insertion of option 82 is enabled > > > > > > > > Option 82 on untrusted port is not allowed > > > > > > > > Verification of hwaddr field is enabled > > > > > > > > Interface Trusted Rate limit (pps) > > > > > > > > ------------------------ ------- ---------------- > > > > > > > > GigabitEthernet1/0/1 yes unlimited > > > > > > > > GigabitEthernet1/0/2 yes unlimited > > > > > > > > GigabitEthernet1/0/3 yes unlimited > > > > > > > > GigabitEthernet1/0/4 yes unlimited > > > > > > > > GigabitEthernet1/0/5 yes unlimited > > > > > > > > Why do you have an IP-helper on VLAN 2? While I would think this > > > > > > > wouldn't hinder anything, I would definitely remove that first, > > > > > > > especially since the switch sees those frames before anything else..... > > > > > > > At first I did a shutdown cmd on the default vlan 1 and simply > > > > > > connected > > > > > > the dhcp server and the clients. I did not configure the helper- > > > > > > address though. > > > > > > Then I decided that I want an isolated subnet, in which I want to > > > > > > perform > > > > > > dhcp operations. All this is for testing network boot by-the-way. So > > > > > > now I > > > > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco > > > > > > docs > > > > > > and used the ip helper-address cmd, the directions were to configure > > > > > > the helper-address > > > > > > per vlan. I tried do the helper-address per interfaces connected to > > > > > > the clients and this > > > > > > is unsupported by the cisco f/w I have 12.2(25)SEB4. > > > > > > Ip-helper is only needed for subnets that do not have a directly > > > > > connected dhcp server. Additionally, you are saying your dhcp server > > > > > is .100, and your ip-helper says .150. I would either make that > > > > > match, or get rid of it, especially since these clients are on the > > > > > same vlan. Let me know how you fare and we can move to the next phase > > > > > of looking at your issue. > > > > > I'm sorry, the helper address does match. Regardless, you shouldn't > > > > need it on the same vlan as the dhcp server, so I'd still try to > > > > remove and test. Additionally, your show ip int brief show all ports > > > > as up/active as needed? > > > > Ok, I saw your latest post. Can you ping the dhcp server from the > > > switch? What happens when you do an extended ping (and choose a > > > source interface of the VLAN 2 IP address)? If ping is successful, > > > can you try to set one of the clients to a hard coded IP and do the > > > same test? Can you ping between the static IPed client and the dhcp > > > server? Does show mac-address-table show macs for the clients when > > > they first connect as they should? > > > Did several of these from the switch and it works: > > > Switch#ping 192.168.2.100 > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds: > > !!!!! > > > On the dhcp client system: > > > # ping 192.168.2.100 > > 192.168.2.100 is alive > > > As I understand, broadcast pkts to 255.255.255.255 are not allowed > > to be propagate across the switch ports by default and my guess is > > that this is the problem I am facing with the dhcp operation. > > But then I though that the ip helper-address was meant to address > > this issue. But you are saying that the helper-address is used for > > subnet to subnet traffic flow in particular for dhcp. > > Anyway, I do appreciate your help so far. > > All the checks you suggested work so far. I tried the dhcp boot > > and it still fails. I have not changed anything yet. > > Suggest you remove the DHCPP snooping commands from all VLAN 2 in case > there is an IOS bug. > > Post the output of show version. > > Broadcast packets must be received by all active devices in the same > VLAN. > > Is the DHCP server known to be working - what DHCP server prodcut is > it ? > > You could also try connecting a DHCP client PC and the DHCP server > back to back using a crossover cable to see if the DHCP cient get a > lease dhcp server: Internet Systems Consortium DHCP Server V3.0.4b2 Cisco 3750 VERSION (reformatted): Switch = 1 Ports = 28 Model = WS-C3750G-24TS SW Version = 12.2(25)SEB4 SW Image = C3750-IPSERVICES-M Back2Back: If you look in my earlier posts, you'll see that I've conformed that it works. Anyway, I reconfirmed again, and back2back works. Got rid of the ip dhcp snooping, and it still does not work! I am running out of ideas here. |
|
|
|
|
|||
|
|
|||
| Asif |
|
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| DHCP on Cisco 3750 | Adam Przestroga | Cisco | 8 | 08-01-2009 01:07 PM |
| Adding new 3750 in existing 3750 stacking | jayesh | Cisco | 0 | 03-14-2007 10:49 AM |
| Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 | Vimokh | Cisco | 3 | 09-06-2006 02:16 AM |
| Cisco 3750 -> Need help in configuring | microtitan@gmail.com | Cisco | 0 | 08-22-2006 02:49 AM |
| 3750 G 24TS vs. 3750 G 12S | Alireza Dabagh [MS] | Cisco | 4 | 09-29-2004 12:44 AM |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc. |
