Configuring dhcp on cisco 3750

Discussion in 'Cisco' started by Asif, Oct 2, 2007.

  1. Asif

    Asif Guest

    I've been trying to configure a simple dhcp setup with the following
    topology:

    Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    Cisco3750[Port:3-5] <---> dhcp clients

    I am using tetheral on the dhcp server 192.168.2.100 interface to look
    for dhcp requests and the proceeding dhcp traffic.
    This is not working!
    I connected one of the clients to the dhcp server back-2-back to
    verify that dhcp works.
    Am I missing something?
    I want this to be really simple!
    Can anyone help, please?

    Here is my cisco3750 running config:

    Current configuration : 2208 bytes
    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Switch
    !
    enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    enable password qlogic
    !
    no aaa new-model
    switch 1 provision ws-c3750g-24ts
    vtp mode transparent
    ip subnet-zero
    !
    ip dhcp snooping vlan 2
    !
    !
    !
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    vlan 2
    name vlan-dhcp
    !
    !
    interface GigabitEthernet1/0/1
    switchport access vlan 2
    switchport mode access
    ip dhcp snooping trust
    !
    interface GigabitEthernet1/0/2
    switchport access vlan 2
    switchport mode access
    ip dhcp snooping trust
    !
    interface GigabitEthernet1/0/3
    switchport access vlan 2
    switchport mode access
    ip dhcp snooping trust
    !
    interface GigabitEthernet1/0/4
    switchport access vlan 2
    switchport mode access
    ip dhcp snooping trust
    !
    interface GigabitEthernet1/0/5
    switchport access vlan 2
    switchport mode access
    ip dhcp snooping trust
    !
    interface GigabitEthernet1/0/6
    !
    interface GigabitEthernet1/0/7
    !
    interface GigabitEthernet1/0/8
    !
    interface GigabitEthernet1/0/9
    !
    interface GigabitEthernet1/0/10
    !
    interface GigabitEthernet1/0/11
    !
    interface GigabitEthernet1/0/12
    !
    interface GigabitEthernet1/0/13
    !
    interface GigabitEthernet1/0/14
    !
    interface GigabitEthernet1/0/15
    !
    interface GigabitEthernet1/0/16
    !
    interface GigabitEthernet1/0/17
    !
    interface GigabitEthernet1/0/18
    !
    interface GigabitEthernet1/0/19
    !
    interface GigabitEthernet1/0/20
    !
    interface GigabitEthernet1/0/21
    !
    interface GigabitEthernet1/0/22
    !
    interface GigabitEthernet1/0/23
    !
    interface GigabitEthernet1/0/24
    !
    interface GigabitEthernet1/0/25
    !
    interface GigabitEthernet1/0/26
    !
    interface GigabitEthernet1/0/27
    !
    interface GigabitEthernet1/0/28
    !
    interface Vlan1
    ip address 172.17.141.150 255.255.254.0
    no ip route-cache
    no ip mroute-cache
    shutdown
    !
    interface Vlan2
    ip address 192.168.2.150 255.255.255.0
    ip helper-address 192.168.2.100
    !
    ip default-gateway 172.17.140.1
    no ip classless
    no ip route static inter-vrf
    no ip http server
    !
    !
    !
    control-plane
    !
    !
    line con 0
    line vty 0 4
    password qlogic
    login
    line vty 5 15
    password qlogic
    login
    !
    !
    end

    Switch#show vlan

    VLAN Name Status Ports
    ---- -------------------------------- ---------
    -------------------------------
    1 default active Gi1/0/6, Gi1/0/7,
    Gi1/0/8
    Gi1/0/9, Gi1/0/10,
    Gi1/0/11
    Gi1/0/12, Gi1/0/13,
    Gi1/0/14
    Gi1/0/15, Gi1/0/16,
    Gi1/0/17
    Gi1/0/18, Gi1/0/19,
    Gi1/0/20
    Gi1/0/21, Gi1/0/22,
    Gi1/0/23
    Gi1/0/24, Gi1/0/25,
    Gi1/0/26
    Gi1/0/27, Gi1/0/28
    2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    Gi1/0/3
    Gi1/0/4, Gi1/0/5
    1002 fddi-default act/unsup
    1003 trcrf-default act/unsup
    1004 fddinet-default act/unsup
    1005 trbrf-default act/unsup

    VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- --------
    ------ ------
    1 enet 100001 1500 - - - - -
    0 0
    2 enet 100002 1500 - - - - -
    0 0
    1002 fddi 101002 1500 - - - - -
    0 0

    VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- --------
    ------ ------
    1003 trcrf 101003 4472 1005 3276 - - srb
    0 0
    1004 fdnet 101004 1500 - - - ieee -
    0 0
    1005 trbrf 101005 4472 - - 15 ibm -
    0 0


    VLAN AREHops STEHops Backup CRF
    ---- ------- ------- ----------
    1003 7 7 off

    Remote SPAN VLANs
    ------------------------------------------------------------------------------


    Primary Secondary Type Ports
    ------- --------- -----------------
    ------------------------------------------

    Switch#show ip dhcp snoop
    Switch DHCP snooping is disabled
    DHCP snooping is configured on following VLANs:
    2
    Insertion of option 82 is enabled
    Option 82 on untrusted port is not allowed
    Verification of hwaddr field is enabled
    Interface Trusted Rate limit (pps)
    ------------------------ ------- ----------------
    GigabitEthernet1/0/1 yes unlimited
    GigabitEthernet1/0/2 yes unlimited
    GigabitEthernet1/0/3 yes unlimited
    GigabitEthernet1/0/4 yes unlimited
    GigabitEthernet1/0/5 yes unlimited
     
    Asif, Oct 2, 2007
    #1
    1. Advertising

  2. Asif

    Trendkill Guest

    On Oct 2, 6:48 pm, Asif <> wrote:
    > I've been trying to configure a simple dhcp setup with the following
    > topology:
    >
    > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > Cisco3750[Port:3-5] <---> dhcp clients
    >
    > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > for dhcp requests and the proceeding dhcp traffic.
    > This is not working!
    > I connected one of the clients to the dhcp server back-2-back to
    > verify that dhcp works.
    > Am I missing something?
    > I want this to be really simple!
    > Can anyone help, please?
    >
    > Here is my cisco3750 running config:
    >
    > Current configuration : 2208 bytes
    > !
    > version 12.2
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname Switch
    > !
    > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > enable password qlogic
    > !
    > no aaa new-model
    > switch 1 provision ws-c3750g-24ts
    > vtp mode transparent
    > ip subnet-zero
    > !
    > ip dhcp snooping vlan 2
    > !
    > !
    > !
    > no file verify auto
    > spanning-tree mode pvst
    > spanning-tree extend system-id
    > !
    > vlan internal allocation policy ascending
    > !
    > vlan 2
    > name vlan-dhcp
    > !
    > !
    > interface GigabitEthernet1/0/1
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/2
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/3
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/4
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/5
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/6
    > !
    > interface GigabitEthernet1/0/7
    > !
    > interface GigabitEthernet1/0/8
    > !
    > interface GigabitEthernet1/0/9
    > !
    > interface GigabitEthernet1/0/10
    > !
    > interface GigabitEthernet1/0/11
    > !
    > interface GigabitEthernet1/0/12
    > !
    > interface GigabitEthernet1/0/13
    > !
    > interface GigabitEthernet1/0/14
    > !
    > interface GigabitEthernet1/0/15
    > !
    > interface GigabitEthernet1/0/16
    > !
    > interface GigabitEthernet1/0/17
    > !
    > interface GigabitEthernet1/0/18
    > !
    > interface GigabitEthernet1/0/19
    > !
    > interface GigabitEthernet1/0/20
    > !
    > interface GigabitEthernet1/0/21
    > !
    > interface GigabitEthernet1/0/22
    > !
    > interface GigabitEthernet1/0/23
    > !
    > interface GigabitEthernet1/0/24
    > !
    > interface GigabitEthernet1/0/25
    > !
    > interface GigabitEthernet1/0/26
    > !
    > interface GigabitEthernet1/0/27
    > !
    > interface GigabitEthernet1/0/28
    > !
    > interface Vlan1
    > ip address 172.17.141.150 255.255.254.0
    > no ip route-cache
    > no ip mroute-cache
    > shutdown
    > !
    > interface Vlan2
    > ip address 192.168.2.150 255.255.255.0
    > ip helper-address 192.168.2.100
    > !
    > ip default-gateway 172.17.140.1
    > no ip classless
    > no ip route static inter-vrf
    > no ip http server
    > !
    > !
    > !
    > control-plane
    > !
    > !
    > line con 0
    > line vty 0 4
    > password qlogic
    > login
    > line vty 5 15
    > password qlogic
    > login
    > !
    > !
    > end
    >
    > Switch#show vlan
    >
    > VLAN Name Status Ports
    > ---- -------------------------------- ---------
    > -------------------------------
    > 1 default active Gi1/0/6, Gi1/0/7,
    > Gi1/0/8
    > Gi1/0/9, Gi1/0/10,
    > Gi1/0/11
    > Gi1/0/12, Gi1/0/13,
    > Gi1/0/14
    > Gi1/0/15, Gi1/0/16,
    > Gi1/0/17
    > Gi1/0/18, Gi1/0/19,
    > Gi1/0/20
    > Gi1/0/21, Gi1/0/22,
    > Gi1/0/23
    > Gi1/0/24, Gi1/0/25,
    > Gi1/0/26
    > Gi1/0/27, Gi1/0/28
    > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > Gi1/0/3
    > Gi1/0/4, Gi1/0/5
    > 1002 fddi-default act/unsup
    > 1003 trcrf-default act/unsup
    > 1004 fddinet-default act/unsup
    > 1005 trbrf-default act/unsup
    >
    > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > Trans1 Trans2
    > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > ------ ------
    > 1 enet 100001 1500 - - - - -
    > 0 0
    > 2 enet 100002 1500 - - - - -
    > 0 0
    > 1002 fddi 101002 1500 - - - - -
    > 0 0
    >
    > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > Trans1 Trans2
    > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > ------ ------
    > 1003 trcrf 101003 4472 1005 3276 - - srb
    > 0 0
    > 1004 fdnet 101004 1500 - - - ieee -
    > 0 0
    > 1005 trbrf 101005 4472 - - 15 ibm -
    > 0 0
    >
    > VLAN AREHops STEHops Backup CRF
    > ---- ------- ------- ----------
    > 1003 7 7 off
    >
    > Remote SPAN VLANs
    > ------------------------------------------------------------------------------
    >
    > Primary Secondary Type Ports
    > ------- --------- -----------------
    > ------------------------------------------
    >
    > Switch#show ip dhcp snoop
    > Switch DHCP snooping is disabled
    > DHCP snooping is configured on following VLANs:
    > 2
    > Insertion of option 82 is enabled
    > Option 82 on untrusted port is not allowed
    > Verification of hwaddr field is enabled
    > Interface Trusted Rate limit (pps)
    > ------------------------ ------- ----------------
    > GigabitEthernet1/0/1 yes unlimited
    > GigabitEthernet1/0/2 yes unlimited
    > GigabitEthernet1/0/3 yes unlimited
    > GigabitEthernet1/0/4 yes unlimited
    > GigabitEthernet1/0/5 yes unlimited


    Why do you have an IP-helper on VLAN 2? While I would think this
    wouldn't hinder anything, I would definitely remove that first,
    especially since the switch sees those frames before anything else.....
     
    Trendkill, Oct 3, 2007
    #2
    1. Advertising

  3. Asif

    Asif Guest

    On Oct 2, 4:29 pm, Trendkill <> wrote:
    > On Oct 2, 6:48 pm, Asif <> wrote:
    >
    >
    >
    > > I've been trying to configure a simple dhcp setup with the following
    > > topology:

    >
    > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > for dhcp requests and the proceeding dhcp traffic.
    > > This is not working!
    > > I connected one of the clients to the dhcp server back-2-back to
    > > verify that dhcp works.
    > > Am I missing something?
    > > I want this to be really simple!
    > > Can anyone help, please?

    >
    > > Here is my cisco3750 running config:

    >
    > > Current configuration : 2208 bytes
    > > !
    > > version 12.2
    > > no service pad
    > > service timestamps debug uptime
    > > service timestamps log uptime
    > > no service password-encryption
    > > !
    > > hostname Switch
    > > !
    > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > enable password qlogic
    > > !
    > > no aaa new-model
    > > switch 1 provision ws-c3750g-24ts
    > > vtp mode transparent
    > > ip subnet-zero
    > > !
    > > ip dhcp snooping vlan 2
    > > !
    > > !
    > > !
    > > no file verify auto
    > > spanning-tree mode pvst
    > > spanning-tree extend system-id
    > > !
    > > vlan internal allocation policy ascending
    > > !
    > > vlan 2
    > > name vlan-dhcp
    > > !
    > > !
    > > interface GigabitEthernet1/0/1
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/2
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/3
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/4
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/5
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/6
    > > !
    > > interface GigabitEthernet1/0/7
    > > !
    > > interface GigabitEthernet1/0/8
    > > !
    > > interface GigabitEthernet1/0/9
    > > !
    > > interface GigabitEthernet1/0/10
    > > !
    > > interface GigabitEthernet1/0/11
    > > !
    > > interface GigabitEthernet1/0/12
    > > !
    > > interface GigabitEthernet1/0/13
    > > !
    > > interface GigabitEthernet1/0/14
    > > !
    > > interface GigabitEthernet1/0/15
    > > !
    > > interface GigabitEthernet1/0/16
    > > !
    > > interface GigabitEthernet1/0/17
    > > !
    > > interface GigabitEthernet1/0/18
    > > !
    > > interface GigabitEthernet1/0/19
    > > !
    > > interface GigabitEthernet1/0/20
    > > !
    > > interface GigabitEthernet1/0/21
    > > !
    > > interface GigabitEthernet1/0/22
    > > !
    > > interface GigabitEthernet1/0/23
    > > !
    > > interface GigabitEthernet1/0/24
    > > !
    > > interface GigabitEthernet1/0/25
    > > !
    > > interface GigabitEthernet1/0/26
    > > !
    > > interface GigabitEthernet1/0/27
    > > !
    > > interface GigabitEthernet1/0/28
    > > !
    > > interface Vlan1
    > > ip address 172.17.141.150 255.255.254.0
    > > no ip route-cache
    > > no ip mroute-cache
    > > shutdown
    > > !
    > > interface Vlan2
    > > ip address 192.168.2.150 255.255.255.0
    > > ip helper-address 192.168.2.100
    > > !
    > > ip default-gateway 172.17.140.1
    > > no ip classless
    > > no ip route static inter-vrf
    > > no ip http server
    > > !
    > > !
    > > !
    > > control-plane
    > > !
    > > !
    > > line con 0
    > > line vty 0 4
    > > password qlogic
    > > login
    > > line vty 5 15
    > > password qlogic
    > > login
    > > !
    > > !
    > > end

    >
    > > Switch#show vlan

    >
    > > VLAN Name Status Ports
    > > ---- -------------------------------- ---------
    > > -------------------------------
    > > 1 default active Gi1/0/6, Gi1/0/7,
    > > Gi1/0/8
    > > Gi1/0/9, Gi1/0/10,
    > > Gi1/0/11
    > > Gi1/0/12, Gi1/0/13,
    > > Gi1/0/14
    > > Gi1/0/15, Gi1/0/16,
    > > Gi1/0/17
    > > Gi1/0/18, Gi1/0/19,
    > > Gi1/0/20
    > > Gi1/0/21, Gi1/0/22,
    > > Gi1/0/23
    > > Gi1/0/24, Gi1/0/25,
    > > Gi1/0/26
    > > Gi1/0/27, Gi1/0/28
    > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > Gi1/0/3
    > > Gi1/0/4, Gi1/0/5
    > > 1002 fddi-default act/unsup
    > > 1003 trcrf-default act/unsup
    > > 1004 fddinet-default act/unsup
    > > 1005 trbrf-default act/unsup

    >
    > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > Trans1 Trans2
    > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > ------ ------
    > > 1 enet 100001 1500 - - - - -
    > > 0 0
    > > 2 enet 100002 1500 - - - - -
    > > 0 0
    > > 1002 fddi 101002 1500 - - - - -
    > > 0 0

    >
    > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > Trans1 Trans2
    > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > ------ ------
    > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > 0 0
    > > 1004 fdnet 101004 1500 - - - ieee -
    > > 0 0
    > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > 0 0

    >
    > > VLAN AREHops STEHops Backup CRF
    > > ---- ------- ------- ----------
    > > 1003 7 7 off

    >
    > > Remote SPAN VLANs
    > > ------------------------------------------------------------------------------

    >
    > > Primary Secondary Type Ports
    > > ------- --------- -----------------
    > > ------------------------------------------

    >
    > > Switch#show ip dhcp snoop
    > > Switch DHCP snooping is disabled
    > > DHCP snooping is configured on following VLANs:
    > > 2
    > > Insertion of option 82 is enabled
    > > Option 82 on untrusted port is not allowed
    > > Verification of hwaddr field is enabled
    > > Interface Trusted Rate limit (pps)
    > > ------------------------ ------- ----------------
    > > GigabitEthernet1/0/1 yes unlimited
    > > GigabitEthernet1/0/2 yes unlimited
    > > GigabitEthernet1/0/3 yes unlimited
    > > GigabitEthernet1/0/4 yes unlimited
    > > GigabitEthernet1/0/5 yes unlimited

    >
    > Why do you have an IP-helper on VLAN 2? While I would think this
    > wouldn't hinder anything, I would definitely remove that first,
    > especially since the switch sees those frames before anything else.....


    At first I did a shutdown cmd on the default vlan 1 and simply
    connected
    the dhcp server and the clients. I did not configure the helper-
    address though.
    Then I decided that I want an isolated subnet, in which I want to
    perform
    dhcp operations. All this is for testing network boot by-the-way. So
    now I
    have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    docs
    and used the ip helper-address cmd, the directions were to configure
    the helper-address
    per vlan. I tried do the helper-address per interfaces connected to
    the clients and this
    is unsupported by the cisco f/w I have 12.2(25)SEB4.
     
    Asif, Oct 3, 2007
    #3
  4. Asif

    Trendkill Guest

    On Oct 2, 7:39 pm, Asif <> wrote:
    > On Oct 2, 4:29 pm, Trendkill <> wrote:
    >
    >
    >
    > > On Oct 2, 6:48 pm, Asif <> wrote:

    >
    > > > I've been trying to configure a simple dhcp setup with the following
    > > > topology:

    >
    > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > > for dhcp requests and the proceeding dhcp traffic.
    > > > This is not working!
    > > > I connected one of the clients to the dhcp server back-2-back to
    > > > verify that dhcp works.
    > > > Am I missing something?
    > > > I want this to be really simple!
    > > > Can anyone help, please?

    >
    > > > Here is my cisco3750 running config:

    >
    > > > Current configuration : 2208 bytes
    > > > !
    > > > version 12.2
    > > > no service pad
    > > > service timestamps debug uptime
    > > > service timestamps log uptime
    > > > no service password-encryption
    > > > !
    > > > hostname Switch
    > > > !
    > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > > enable password qlogic
    > > > !
    > > > no aaa new-model
    > > > switch 1 provision ws-c3750g-24ts
    > > > vtp mode transparent
    > > > ip subnet-zero
    > > > !
    > > > ip dhcp snooping vlan 2
    > > > !
    > > > !
    > > > !
    > > > no file verify auto
    > > > spanning-tree mode pvst
    > > > spanning-tree extend system-id
    > > > !
    > > > vlan internal allocation policy ascending
    > > > !
    > > > vlan 2
    > > > name vlan-dhcp
    > > > !
    > > > !
    > > > interface GigabitEthernet1/0/1
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > ip dhcp snooping trust
    > > > !
    > > > interface GigabitEthernet1/0/2
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > ip dhcp snooping trust
    > > > !
    > > > interface GigabitEthernet1/0/3
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > ip dhcp snooping trust
    > > > !
    > > > interface GigabitEthernet1/0/4
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > ip dhcp snooping trust
    > > > !
    > > > interface GigabitEthernet1/0/5
    > > > switchport access vlan 2
    > > > switchport mode access
    > > > ip dhcp snooping trust
    > > > !
    > > > interface GigabitEthernet1/0/6
    > > > !
    > > > interface GigabitEthernet1/0/7
    > > > !
    > > > interface GigabitEthernet1/0/8
    > > > !
    > > > interface GigabitEthernet1/0/9
    > > > !
    > > > interface GigabitEthernet1/0/10
    > > > !
    > > > interface GigabitEthernet1/0/11
    > > > !
    > > > interface GigabitEthernet1/0/12
    > > > !
    > > > interface GigabitEthernet1/0/13
    > > > !
    > > > interface GigabitEthernet1/0/14
    > > > !
    > > > interface GigabitEthernet1/0/15
    > > > !
    > > > interface GigabitEthernet1/0/16
    > > > !
    > > > interface GigabitEthernet1/0/17
    > > > !
    > > > interface GigabitEthernet1/0/18
    > > > !
    > > > interface GigabitEthernet1/0/19
    > > > !
    > > > interface GigabitEthernet1/0/20
    > > > !
    > > > interface GigabitEthernet1/0/21
    > > > !
    > > > interface GigabitEthernet1/0/22
    > > > !
    > > > interface GigabitEthernet1/0/23
    > > > !
    > > > interface GigabitEthernet1/0/24
    > > > !
    > > > interface GigabitEthernet1/0/25
    > > > !
    > > > interface GigabitEthernet1/0/26
    > > > !
    > > > interface GigabitEthernet1/0/27
    > > > !
    > > > interface GigabitEthernet1/0/28
    > > > !
    > > > interface Vlan1
    > > > ip address 172.17.141.150 255.255.254.0
    > > > no ip route-cache
    > > > no ip mroute-cache
    > > > shutdown
    > > > !
    > > > interface Vlan2
    > > > ip address 192.168.2.150 255.255.255.0
    > > > ip helper-address 192.168.2.100
    > > > !
    > > > ip default-gateway 172.17.140.1
    > > > no ip classless
    > > > no ip route static inter-vrf
    > > > no ip http server
    > > > !
    > > > !
    > > > !
    > > > control-plane
    > > > !
    > > > !
    > > > line con 0
    > > > line vty 0 4
    > > > password qlogic
    > > > login
    > > > line vty 5 15
    > > > password qlogic
    > > > login
    > > > !
    > > > !
    > > > end

    >
    > > > Switch#show vlan

    >
    > > > VLAN Name Status Ports
    > > > ---- -------------------------------- ---------
    > > > -------------------------------
    > > > 1 default active Gi1/0/6, Gi1/0/7,
    > > > Gi1/0/8
    > > > Gi1/0/9, Gi1/0/10,
    > > > Gi1/0/11
    > > > Gi1/0/12, Gi1/0/13,
    > > > Gi1/0/14
    > > > Gi1/0/15, Gi1/0/16,
    > > > Gi1/0/17
    > > > Gi1/0/18, Gi1/0/19,
    > > > Gi1/0/20
    > > > Gi1/0/21, Gi1/0/22,
    > > > Gi1/0/23
    > > > Gi1/0/24, Gi1/0/25,
    > > > Gi1/0/26
    > > > Gi1/0/27, Gi1/0/28
    > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > > Gi1/0/3
    > > > Gi1/0/4, Gi1/0/5
    > > > 1002 fddi-default act/unsup
    > > > 1003 trcrf-default act/unsup
    > > > 1004 fddinet-default act/unsup
    > > > 1005 trbrf-default act/unsup

    >
    > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > Trans1 Trans2
    > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > ------ ------
    > > > 1 enet 100001 1500 - - - - -
    > > > 0 0
    > > > 2 enet 100002 1500 - - - - -
    > > > 0 0
    > > > 1002 fddi 101002 1500 - - - - -
    > > > 0 0

    >
    > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > Trans1 Trans2
    > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > ------ ------
    > > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > > 0 0
    > > > 1004 fdnet 101004 1500 - - - ieee -
    > > > 0 0
    > > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > > 0 0

    >
    > > > VLAN AREHops STEHops Backup CRF
    > > > ---- ------- ------- ----------
    > > > 1003 7 7 off

    >
    > > > Remote SPAN VLANs
    > > > ------------------------------------------------------------------------------

    >
    > > > Primary Secondary Type Ports
    > > > ------- --------- -----------------
    > > > ------------------------------------------

    >
    > > > Switch#show ip dhcp snoop
    > > > Switch DHCP snooping is disabled
    > > > DHCP snooping is configured on following VLANs:
    > > > 2
    > > > Insertion of option 82 is enabled
    > > > Option 82 on untrusted port is not allowed
    > > > Verification of hwaddr field is enabled
    > > > Interface Trusted Rate limit (pps)
    > > > ------------------------ ------- ----------------
    > > > GigabitEthernet1/0/1 yes unlimited
    > > > GigabitEthernet1/0/2 yes unlimited
    > > > GigabitEthernet1/0/3 yes unlimited
    > > > GigabitEthernet1/0/4 yes unlimited
    > > > GigabitEthernet1/0/5 yes unlimited

    >
    > > Why do you have an IP-helper on VLAN 2? While I would think this
    > > wouldn't hinder anything, I would definitely remove that first,
    > > especially since the switch sees those frames before anything else.....

    >
    > At first I did a shutdown cmd on the default vlan 1 and simply
    > connected
    > the dhcp server and the clients. I did not configure the helper-
    > address though.
    > Then I decided that I want an isolated subnet, in which I want to
    > perform
    > dhcp operations. All this is for testing network boot by-the-way. So
    > now I
    > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    > docs
    > and used the ip helper-address cmd, the directions were to configure
    > the helper-address
    > per vlan. I tried do the helper-address per interfaces connected to
    > the clients and this
    > is unsupported by the cisco f/w I have 12.2(25)SEB4.


    Ip-helper is only needed for subnets that do not have a directly
    connected dhcp server. Additionally, you are saying your dhcp server
    is .100, and your ip-helper says .150. I would either make that
    match, or get rid of it, especially since these clients are on the
    same vlan. Let me know how you fare and we can move to the next phase
    of looking at your issue.
     
    Trendkill, Oct 3, 2007
    #4
  5. Asif

    Asif Guest

    On Oct 2, 4:41 pm, Trendkill <> wrote:
    > On Oct 2, 7:39 pm, Asif <> wrote:
    >
    >
    >
    > > On Oct 2, 4:29 pm, Trendkill <> wrote:

    >
    > > > On Oct 2, 6:48 pm, Asif <> wrote:

    >
    > > > > I've been trying to configure a simple dhcp setup with the following
    > > > > topology:

    >
    > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > > > for dhcp requests and the proceeding dhcp traffic.
    > > > > This is not working!
    > > > > I connected one of the clients to the dhcp server back-2-back to
    > > > > verify that dhcp works.
    > > > > Am I missing something?
    > > > > I want this to be really simple!
    > > > > Can anyone help, please?

    >
    > > > > Here is my cisco3750 running config:

    >
    > > > > Current configuration : 2208 bytes
    > > > > !
    > > > > version 12.2
    > > > > no service pad
    > > > > service timestamps debug uptime
    > > > > service timestamps log uptime
    > > > > no service password-encryption
    > > > > !
    > > > > hostname Switch
    > > > > !
    > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > > > enable password qlogic
    > > > > !
    > > > > no aaa new-model
    > > > > switch 1 provision ws-c3750g-24ts
    > > > > vtp mode transparent
    > > > > ip subnet-zero
    > > > > !
    > > > > ip dhcp snooping vlan 2
    > > > > !
    > > > > !
    > > > > !
    > > > > no file verify auto
    > > > > spanning-tree mode pvst
    > > > > spanning-tree extend system-id
    > > > > !
    > > > > vlan internal allocation policy ascending
    > > > > !
    > > > > vlan 2
    > > > > name vlan-dhcp
    > > > > !
    > > > > !
    > > > > interface GigabitEthernet1/0/1
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/2
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/3
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/4
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/5
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/6
    > > > > !
    > > > > interface GigabitEthernet1/0/7
    > > > > !
    > > > > interface GigabitEthernet1/0/8
    > > > > !
    > > > > interface GigabitEthernet1/0/9
    > > > > !
    > > > > interface GigabitEthernet1/0/10
    > > > > !
    > > > > interface GigabitEthernet1/0/11
    > > > > !
    > > > > interface GigabitEthernet1/0/12
    > > > > !
    > > > > interface GigabitEthernet1/0/13
    > > > > !
    > > > > interface GigabitEthernet1/0/14
    > > > > !
    > > > > interface GigabitEthernet1/0/15
    > > > > !
    > > > > interface GigabitEthernet1/0/16
    > > > > !
    > > > > interface GigabitEthernet1/0/17
    > > > > !
    > > > > interface GigabitEthernet1/0/18
    > > > > !
    > > > > interface GigabitEthernet1/0/19
    > > > > !
    > > > > interface GigabitEthernet1/0/20
    > > > > !
    > > > > interface GigabitEthernet1/0/21
    > > > > !
    > > > > interface GigabitEthernet1/0/22
    > > > > !
    > > > > interface GigabitEthernet1/0/23
    > > > > !
    > > > > interface GigabitEthernet1/0/24
    > > > > !
    > > > > interface GigabitEthernet1/0/25
    > > > > !
    > > > > interface GigabitEthernet1/0/26
    > > > > !
    > > > > interface GigabitEthernet1/0/27
    > > > > !
    > > > > interface GigabitEthernet1/0/28
    > > > > !
    > > > > interface Vlan1
    > > > > ip address 172.17.141.150 255.255.254.0
    > > > > no ip route-cache
    > > > > no ip mroute-cache
    > > > > shutdown
    > > > > !
    > > > > interface Vlan2
    > > > > ip address 192.168.2.150 255.255.255.0
    > > > > ip helper-address 192.168.2.100
    > > > > !
    > > > > ip default-gateway 172.17.140.1
    > > > > no ip classless
    > > > > no ip route static inter-vrf
    > > > > no ip http server
    > > > > !
    > > > > !
    > > > > !
    > > > > control-plane
    > > > > !
    > > > > !
    > > > > line con 0
    > > > > line vty 0 4
    > > > > password qlogic
    > > > > login
    > > > > line vty 5 15
    > > > > password qlogic
    > > > > login
    > > > > !
    > > > > !
    > > > > end

    >
    > > > > Switch#show vlan

    >
    > > > > VLAN Name Status Ports
    > > > > ---- -------------------------------- ---------
    > > > > -------------------------------
    > > > > 1 default active Gi1/0/6, Gi1/0/7,
    > > > > Gi1/0/8
    > > > > Gi1/0/9, Gi1/0/10,
    > > > > Gi1/0/11
    > > > > Gi1/0/12, Gi1/0/13,
    > > > > Gi1/0/14
    > > > > Gi1/0/15, Gi1/0/16,
    > > > > Gi1/0/17
    > > > > Gi1/0/18, Gi1/0/19,
    > > > > Gi1/0/20
    > > > > Gi1/0/21, Gi1/0/22,
    > > > > Gi1/0/23
    > > > > Gi1/0/24, Gi1/0/25,
    > > > > Gi1/0/26
    > > > > Gi1/0/27, Gi1/0/28
    > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > > > Gi1/0/3
    > > > > Gi1/0/4, Gi1/0/5
    > > > > 1002 fddi-default act/unsup
    > > > > 1003 trcrf-default act/unsup
    > > > > 1004 fddinet-default act/unsup
    > > > > 1005 trbrf-default act/unsup

    >
    > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > Trans1 Trans2
    > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > ------ ------
    > > > > 1 enet 100001 1500 - - - - -
    > > > > 0 0
    > > > > 2 enet 100002 1500 - - - - -
    > > > > 0 0
    > > > > 1002 fddi 101002 1500 - - - - -
    > > > > 0 0

    >
    > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > Trans1 Trans2
    > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > ------ ------
    > > > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > > > 0 0
    > > > > 1004 fdnet 101004 1500 - - - ieee -
    > > > > 0 0
    > > > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > > > 0 0

    >
    > > > > VLAN AREHops STEHops Backup CRF
    > > > > ---- ------- ------- ----------
    > > > > 1003 7 7 off

    >
    > > > > Remote SPAN VLANs
    > > > > ------------------------------------------------------------------------------

    >
    > > > > Primary Secondary Type Ports
    > > > > ------- --------- -----------------
    > > > > ------------------------------------------

    >
    > > > > Switch#show ip dhcp snoop
    > > > > Switch DHCP snooping is disabled
    > > > > DHCP snooping is configured on following VLANs:
    > > > > 2
    > > > > Insertion of option 82 is enabled
    > > > > Option 82 on untrusted port is not allowed
    > > > > Verification of hwaddr field is enabled
    > > > > Interface Trusted Rate limit (pps)
    > > > > ------------------------ ------- ----------------
    > > > > GigabitEthernet1/0/1 yes unlimited
    > > > > GigabitEthernet1/0/2 yes unlimited
    > > > > GigabitEthernet1/0/3 yes unlimited
    > > > > GigabitEthernet1/0/4 yes unlimited
    > > > > GigabitEthernet1/0/5 yes unlimited

    >
    > > > Why do you have an IP-helper on VLAN 2? While I would think this
    > > > wouldn't hinder anything, I would definitely remove that first,
    > > > especially since the switch sees those frames before anything else.....

    >
    > > At first I did a shutdown cmd on the default vlan 1 and simply
    > > connected
    > > the dhcp server and the clients. I did not configure the helper-
    > > address though.
    > > Then I decided that I want an isolated subnet, in which I want to
    > > perform
    > > dhcp operations. All this is for testing network boot by-the-way. So
    > > now I
    > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    > > docs
    > > and used the ip helper-address cmd, the directions were to configure
    > > the helper-address
    > > per vlan. I tried do the helper-address per interfaces connected to
    > > the clients and this
    > > is unsupported by the cisco f/w I have 12.2(25)SEB4.

    >
    > Ip-helper is only needed for subnets that do not have a directly
    > connected dhcp server. Additionally, you are saying your dhcp server
    > is .100, and your ip-helper says .150. I would either make that
    > match, or get rid of it, especially since these clients are on the
    > same vlan. Let me know how you fare and we can move to the next phase
    > of looking at your issue.


    As I already mentioned, in my previous simple configuration, I simply
    connected the dhcp server to port 1 and clients to ports 3 through 5.
    I did not
    do anything else. This did not work. So then I found out about helper-
    address
    and proceeded to perform the current configuration. If you look once
    more, the helper-address
    is set to 192.168.2.100 and the vlan 2 ip address is set to
    192.168.2.150.
    And I repeat my dhcp server ip address is 192.168.2.100.
    Here is a copy of the above snippet for your convenience:
    > > > > interface Vlan2
    > > > > ip address 192.168.2.150 255.255.255.0
    > > > > ip helper-address 192.168.2.100
     
    Asif, Oct 3, 2007
    #5
  6. Asif

    Trendkill Guest

    On Oct 2, 7:41 pm, Trendkill <> wrote:
    > On Oct 2, 7:39 pm, Asif <> wrote:
    >
    >
    >
    > > On Oct 2, 4:29 pm, Trendkill <> wrote:

    >
    > > > On Oct 2, 6:48 pm, Asif <> wrote:

    >
    > > > > I've been trying to configure a simple dhcp setup with the following
    > > > > topology:

    >
    > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > > > for dhcp requests and the proceeding dhcp traffic.
    > > > > This is not working!
    > > > > I connected one of the clients to the dhcp server back-2-back to
    > > > > verify that dhcp works.
    > > > > Am I missing something?
    > > > > I want this to be really simple!
    > > > > Can anyone help, please?

    >
    > > > > Here is my cisco3750 running config:

    >
    > > > > Current configuration : 2208 bytes
    > > > > !
    > > > > version 12.2
    > > > > no service pad
    > > > > service timestamps debug uptime
    > > > > service timestamps log uptime
    > > > > no service password-encryption
    > > > > !
    > > > > hostname Switch
    > > > > !
    > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > > > enable password qlogic
    > > > > !
    > > > > no aaa new-model
    > > > > switch 1 provision ws-c3750g-24ts
    > > > > vtp mode transparent
    > > > > ip subnet-zero
    > > > > !
    > > > > ip dhcp snooping vlan 2
    > > > > !
    > > > > !
    > > > > !
    > > > > no file verify auto
    > > > > spanning-tree mode pvst
    > > > > spanning-tree extend system-id
    > > > > !
    > > > > vlan internal allocation policy ascending
    > > > > !
    > > > > vlan 2
    > > > > name vlan-dhcp
    > > > > !
    > > > > !
    > > > > interface GigabitEthernet1/0/1
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/2
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/3
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/4
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/5
    > > > > switchport access vlan 2
    > > > > switchport mode access
    > > > > ip dhcp snooping trust
    > > > > !
    > > > > interface GigabitEthernet1/0/6
    > > > > !
    > > > > interface GigabitEthernet1/0/7
    > > > > !
    > > > > interface GigabitEthernet1/0/8
    > > > > !
    > > > > interface GigabitEthernet1/0/9
    > > > > !
    > > > > interface GigabitEthernet1/0/10
    > > > > !
    > > > > interface GigabitEthernet1/0/11
    > > > > !
    > > > > interface GigabitEthernet1/0/12
    > > > > !
    > > > > interface GigabitEthernet1/0/13
    > > > > !
    > > > > interface GigabitEthernet1/0/14
    > > > > !
    > > > > interface GigabitEthernet1/0/15
    > > > > !
    > > > > interface GigabitEthernet1/0/16
    > > > > !
    > > > > interface GigabitEthernet1/0/17
    > > > > !
    > > > > interface GigabitEthernet1/0/18
    > > > > !
    > > > > interface GigabitEthernet1/0/19
    > > > > !
    > > > > interface GigabitEthernet1/0/20
    > > > > !
    > > > > interface GigabitEthernet1/0/21
    > > > > !
    > > > > interface GigabitEthernet1/0/22
    > > > > !
    > > > > interface GigabitEthernet1/0/23
    > > > > !
    > > > > interface GigabitEthernet1/0/24
    > > > > !
    > > > > interface GigabitEthernet1/0/25
    > > > > !
    > > > > interface GigabitEthernet1/0/26
    > > > > !
    > > > > interface GigabitEthernet1/0/27
    > > > > !
    > > > > interface GigabitEthernet1/0/28
    > > > > !
    > > > > interface Vlan1
    > > > > ip address 172.17.141.150 255.255.254.0
    > > > > no ip route-cache
    > > > > no ip mroute-cache
    > > > > shutdown
    > > > > !
    > > > > interface Vlan2
    > > > > ip address 192.168.2.150 255.255.255.0
    > > > > ip helper-address 192.168.2.100
    > > > > !
    > > > > ip default-gateway 172.17.140.1
    > > > > no ip classless
    > > > > no ip route static inter-vrf
    > > > > no ip http server
    > > > > !
    > > > > !
    > > > > !
    > > > > control-plane
    > > > > !
    > > > > !
    > > > > line con 0
    > > > > line vty 0 4
    > > > > password qlogic
    > > > > login
    > > > > line vty 5 15
    > > > > password qlogic
    > > > > login
    > > > > !
    > > > > !
    > > > > end

    >
    > > > > Switch#show vlan

    >
    > > > > VLAN Name Status Ports
    > > > > ---- -------------------------------- ---------
    > > > > -------------------------------
    > > > > 1 default active Gi1/0/6, Gi1/0/7,
    > > > > Gi1/0/8
    > > > > Gi1/0/9, Gi1/0/10,
    > > > > Gi1/0/11
    > > > > Gi1/0/12, Gi1/0/13,
    > > > > Gi1/0/14
    > > > > Gi1/0/15, Gi1/0/16,
    > > > > Gi1/0/17
    > > > > Gi1/0/18, Gi1/0/19,
    > > > > Gi1/0/20
    > > > > Gi1/0/21, Gi1/0/22,
    > > > > Gi1/0/23
    > > > > Gi1/0/24, Gi1/0/25,
    > > > > Gi1/0/26
    > > > > Gi1/0/27, Gi1/0/28
    > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > > > Gi1/0/3
    > > > > Gi1/0/4, Gi1/0/5
    > > > > 1002 fddi-default act/unsup
    > > > > 1003 trcrf-default act/unsup
    > > > > 1004 fddinet-default act/unsup
    > > > > 1005 trbrf-default act/unsup

    >
    > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > Trans1 Trans2
    > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > ------ ------
    > > > > 1 enet 100001 1500 - - - - -
    > > > > 0 0
    > > > > 2 enet 100002 1500 - - - - -
    > > > > 0 0
    > > > > 1002 fddi 101002 1500 - - - - -
    > > > > 0 0

    >
    > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > Trans1 Trans2
    > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > ------ ------
    > > > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > > > 0 0
    > > > > 1004 fdnet 101004 1500 - - - ieee -
    > > > > 0 0
    > > > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > > > 0 0

    >
    > > > > VLAN AREHops STEHops Backup CRF
    > > > > ---- ------- ------- ----------
    > > > > 1003 7 7 off

    >
    > > > > Remote SPAN VLANs
    > > > > ------------------------------------------------------------------------------

    >
    > > > > Primary Secondary Type Ports
    > > > > ------- --------- -----------------
    > > > > ------------------------------------------

    >
    > > > > Switch#show ip dhcp snoop
    > > > > Switch DHCP snooping is disabled
    > > > > DHCP snooping is configured on following VLANs:
    > > > > 2
    > > > > Insertion of option 82 is enabled
    > > > > Option 82 on untrusted port is not allowed
    > > > > Verification of hwaddr field is enabled
    > > > > Interface Trusted Rate limit (pps)
    > > > > ------------------------ ------- ----------------
    > > > > GigabitEthernet1/0/1 yes unlimited
    > > > > GigabitEthernet1/0/2 yes unlimited
    > > > > GigabitEthernet1/0/3 yes unlimited
    > > > > GigabitEthernet1/0/4 yes unlimited
    > > > > GigabitEthernet1/0/5 yes unlimited

    >
    > > > Why do you have an IP-helper on VLAN 2? While I would think this
    > > > wouldn't hinder anything, I would definitely remove that first,
    > > > especially since the switch sees those frames before anything else.....

    >
    > > At first I did a shutdown cmd on the default vlan 1 and simply
    > > connected
    > > the dhcp server and the clients. I did not configure the helper-
    > > address though.
    > > Then I decided that I want an isolated subnet, in which I want to
    > > perform
    > > dhcp operations. All this is for testing network boot by-the-way. So
    > > now I
    > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    > > docs
    > > and used the ip helper-address cmd, the directions were to configure
    > > the helper-address
    > > per vlan. I tried do the helper-address per interfaces connected to
    > > the clients and this
    > > is unsupported by the cisco f/w I have 12.2(25)SEB4.

    >
    > Ip-helper is only needed for subnets that do not have a directly
    > connected dhcp server. Additionally, you are saying your dhcp server
    > is .100, and your ip-helper says .150. I would either make that
    > match, or get rid of it, especially since these clients are on the
    > same vlan. Let me know how you fare and we can move to the next phase
    > of looking at your issue.


    I'm sorry, the helper address does match. Regardless, you shouldn't
    need it on the same vlan as the dhcp server, so I'd still try to
    remove and test. Additionally, your show ip int brief show all ports
    as up/active as needed?
     
    Trendkill, Oct 3, 2007
    #6
  7. Asif

    Trendkill Guest

    On Oct 2, 8:00 pm, Trendkill <> wrote:
    > On Oct 2, 7:41 pm, Trendkill <> wrote:
    >
    >
    >
    > > On Oct 2, 7:39 pm, Asif <> wrote:

    >
    > > > On Oct 2, 4:29 pm, Trendkill <> wrote:

    >
    > > > > On Oct 2, 6:48 pm, Asif <> wrote:

    >
    > > > > > I've been trying to configure a simple dhcp setup with the following
    > > > > > topology:

    >
    > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > > > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > > > > for dhcp requests and the proceeding dhcp traffic.
    > > > > > This is not working!
    > > > > > I connected one of the clients to the dhcp server back-2-back to
    > > > > > verify that dhcp works.
    > > > > > Am I missing something?
    > > > > > I want this to be really simple!
    > > > > > Can anyone help, please?

    >
    > > > > > Here is my cisco3750 running config:

    >
    > > > > > Current configuration : 2208 bytes
    > > > > > !
    > > > > > version 12.2
    > > > > > no service pad
    > > > > > service timestamps debug uptime
    > > > > > service timestamps log uptime
    > > > > > no service password-encryption
    > > > > > !
    > > > > > hostname Switch
    > > > > > !
    > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > > > > enable password qlogic
    > > > > > !
    > > > > > no aaa new-model
    > > > > > switch 1 provision ws-c3750g-24ts
    > > > > > vtp mode transparent
    > > > > > ip subnet-zero
    > > > > > !
    > > > > > ip dhcp snooping vlan 2
    > > > > > !
    > > > > > !
    > > > > > !
    > > > > > no file verify auto
    > > > > > spanning-tree mode pvst
    > > > > > spanning-tree extend system-id
    > > > > > !
    > > > > > vlan internal allocation policy ascending
    > > > > > !
    > > > > > vlan 2
    > > > > > name vlan-dhcp
    > > > > > !
    > > > > > !
    > > > > > interface GigabitEthernet1/0/1
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > ip dhcp snooping trust
    > > > > > !
    > > > > > interface GigabitEthernet1/0/2
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > ip dhcp snooping trust
    > > > > > !
    > > > > > interface GigabitEthernet1/0/3
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > ip dhcp snooping trust
    > > > > > !
    > > > > > interface GigabitEthernet1/0/4
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > ip dhcp snooping trust
    > > > > > !
    > > > > > interface GigabitEthernet1/0/5
    > > > > > switchport access vlan 2
    > > > > > switchport mode access
    > > > > > ip dhcp snooping trust
    > > > > > !
    > > > > > interface GigabitEthernet1/0/6
    > > > > > !
    > > > > > interface GigabitEthernet1/0/7
    > > > > > !
    > > > > > interface GigabitEthernet1/0/8
    > > > > > !
    > > > > > interface GigabitEthernet1/0/9
    > > > > > !
    > > > > > interface GigabitEthernet1/0/10
    > > > > > !
    > > > > > interface GigabitEthernet1/0/11
    > > > > > !
    > > > > > interface GigabitEthernet1/0/12
    > > > > > !
    > > > > > interface GigabitEthernet1/0/13
    > > > > > !
    > > > > > interface GigabitEthernet1/0/14
    > > > > > !
    > > > > > interface GigabitEthernet1/0/15
    > > > > > !
    > > > > > interface GigabitEthernet1/0/16
    > > > > > !
    > > > > > interface GigabitEthernet1/0/17
    > > > > > !
    > > > > > interface GigabitEthernet1/0/18
    > > > > > !
    > > > > > interface GigabitEthernet1/0/19
    > > > > > !
    > > > > > interface GigabitEthernet1/0/20
    > > > > > !
    > > > > > interface GigabitEthernet1/0/21
    > > > > > !
    > > > > > interface GigabitEthernet1/0/22
    > > > > > !
    > > > > > interface GigabitEthernet1/0/23
    > > > > > !
    > > > > > interface GigabitEthernet1/0/24
    > > > > > !
    > > > > > interface GigabitEthernet1/0/25
    > > > > > !
    > > > > > interface GigabitEthernet1/0/26
    > > > > > !
    > > > > > interface GigabitEthernet1/0/27
    > > > > > !
    > > > > > interface GigabitEthernet1/0/28
    > > > > > !
    > > > > > interface Vlan1
    > > > > > ip address 172.17.141.150 255.255.254.0
    > > > > > no ip route-cache
    > > > > > no ip mroute-cache
    > > > > > shutdown
    > > > > > !
    > > > > > interface Vlan2
    > > > > > ip address 192.168.2.150 255.255.255.0
    > > > > > ip helper-address 192.168.2.100
    > > > > > !
    > > > > > ip default-gateway 172.17.140.1
    > > > > > no ip classless
    > > > > > no ip route static inter-vrf
    > > > > > no ip http server
    > > > > > !
    > > > > > !
    > > > > > !
    > > > > > control-plane
    > > > > > !
    > > > > > !
    > > > > > line con 0
    > > > > > line vty 0 4
    > > > > > password qlogic
    > > > > > login
    > > > > > line vty 5 15
    > > > > > password qlogic
    > > > > > login
    > > > > > !
    > > > > > !
    > > > > > end

    >
    > > > > > Switch#show vlan

    >
    > > > > > VLAN Name Status Ports
    > > > > > ---- -------------------------------- ---------
    > > > > > -------------------------------
    > > > > > 1 default active Gi1/0/6, Gi1/0/7,
    > > > > > Gi1/0/8
    > > > > > Gi1/0/9, Gi1/0/10,
    > > > > > Gi1/0/11
    > > > > > Gi1/0/12, Gi1/0/13,
    > > > > > Gi1/0/14
    > > > > > Gi1/0/15, Gi1/0/16,
    > > > > > Gi1/0/17
    > > > > > Gi1/0/18, Gi1/0/19,
    > > > > > Gi1/0/20
    > > > > > Gi1/0/21, Gi1/0/22,
    > > > > > Gi1/0/23
    > > > > > Gi1/0/24, Gi1/0/25,
    > > > > > Gi1/0/26
    > > > > > Gi1/0/27, Gi1/0/28
    > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > > > > Gi1/0/3
    > > > > > Gi1/0/4, Gi1/0/5
    > > > > > 1002 fddi-default act/unsup
    > > > > > 1003 trcrf-default act/unsup
    > > > > > 1004 fddinet-default act/unsup
    > > > > > 1005 trbrf-default act/unsup

    >
    > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > Trans1 Trans2
    > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > ------ ------
    > > > > > 1 enet 100001 1500 - - - - -
    > > > > > 0 0
    > > > > > 2 enet 100002 1500 - - - - -
    > > > > > 0 0
    > > > > > 1002 fddi 101002 1500 - - - - -
    > > > > > 0 0

    >
    > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > Trans1 Trans2
    > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > ------ ------
    > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > > > > 0 0
    > > > > > 1004 fdnet 101004 1500 - - - ieee -
    > > > > > 0 0
    > > > > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > > > > 0 0

    >
    > > > > > VLAN AREHops STEHops Backup CRF
    > > > > > ---- ------- ------- ----------
    > > > > > 1003 7 7 off

    >
    > > > > > Remote SPAN VLANs
    > > > > > ------------------------------------------------------------------------------

    >
    > > > > > Primary Secondary Type Ports
    > > > > > ------- --------- -----------------
    > > > > > ------------------------------------------

    >
    > > > > > Switch#show ip dhcp snoop
    > > > > > Switch DHCP snooping is disabled
    > > > > > DHCP snooping is configured on following VLANs:
    > > > > > 2
    > > > > > Insertion of option 82 is enabled
    > > > > > Option 82 on untrusted port is not allowed
    > > > > > Verification of hwaddr field is enabled
    > > > > > Interface Trusted Rate limit (pps)
    > > > > > ------------------------ ------- ----------------
    > > > > > GigabitEthernet1/0/1 yes unlimited
    > > > > > GigabitEthernet1/0/2 yes unlimited
    > > > > > GigabitEthernet1/0/3 yes unlimited
    > > > > > GigabitEthernet1/0/4 yes unlimited
    > > > > > GigabitEthernet1/0/5 yes unlimited

    >
    > > > > Why do you have an IP-helper on VLAN 2? While I would think this
    > > > > wouldn't hinder anything, I would definitely remove that first,
    > > > > especially since the switch sees those frames before anything else.....

    >
    > > > At first I did a shutdown cmd on the default vlan 1 and simply
    > > > connected
    > > > the dhcp server and the clients. I did not configure the helper-
    > > > address though.
    > > > Then I decided that I want an isolated subnet, in which I want to
    > > > perform
    > > > dhcp operations. All this is for testing network boot by-the-way. So
    > > > now I
    > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    > > > docs
    > > > and used the ip helper-address cmd, the directions were to configure
    > > > the helper-address
    > > > per vlan. I tried do the helper-address per interfaces connected to
    > > > the clients and this
    > > > is unsupported by the cisco f/w I have 12.2(25)SEB4.

    >
    > > Ip-helper is only needed for subnets that do not have a directly
    > > connected dhcp server. Additionally, you are saying your dhcp server
    > > is .100, and your ip-helper says .150. I would either make that
    > > match, or get rid of it, especially since these clients are on the
    > > same vlan. Let me know how you fare and we can move to the next phase
    > > of looking at your issue.

    >
    > I'm sorry, the helper address does match. Regardless, you shouldn't
    > need it on the same vlan as the dhcp server, so I'd still try to
    > remove and test. Additionally, your show ip int brief show all ports
    > as up/active as needed?


    Ok, I saw your latest post. Can you ping the dhcp server from the
    switch? What happens when you do an extended ping (and choose a
    source interface of the VLAN 2 IP address)? If ping is successful,
    can you try to set one of the clients to a hard coded IP and do the
    same test? Can you ping between the static IPed client and the dhcp
    server? Does show mac-address-table show macs for the clients when
    they first connect as they should?
     
    Trendkill, Oct 3, 2007
    #7
  8. Asif

    Asif Guest

    On Oct 2, 5:02 pm, Trendkill <> wrote:
    > On Oct 2, 8:00 pm, Trendkill <> wrote:
    >
    >
    >
    > > On Oct 2, 7:41 pm, Trendkill <> wrote:

    >
    > > > On Oct 2, 7:39 pm, Asif <> wrote:

    >
    > > > > On Oct 2, 4:29 pm, Trendkill <> wrote:

    >
    > > > > > On Oct 2, 6:48 pm, Asif <> wrote:

    >
    > > > > > > I've been trying to configure a simple dhcp setup with the following
    > > > > > > topology:

    >
    > > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > > > > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > > > > > for dhcp requests and the proceeding dhcp traffic.
    > > > > > > This is not working!
    > > > > > > I connected one of the clients to the dhcp server back-2-back to
    > > > > > > verify that dhcp works.
    > > > > > > Am I missing something?
    > > > > > > I want this to be really simple!
    > > > > > > Can anyone help, please?

    >
    > > > > > > Here is my cisco3750 running config:

    >
    > > > > > > Current configuration : 2208 bytes
    > > > > > > !
    > > > > > > version 12.2
    > > > > > > no service pad
    > > > > > > service timestamps debug uptime
    > > > > > > service timestamps log uptime
    > > > > > > no service password-encryption
    > > > > > > !
    > > > > > > hostname Switch
    > > > > > > !
    > > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > > > > > enable password qlogic
    > > > > > > !
    > > > > > > no aaa new-model
    > > > > > > switch 1 provision ws-c3750g-24ts
    > > > > > > vtp mode transparent
    > > > > > > ip subnet-zero
    > > > > > > !
    > > > > > > ip dhcp snooping vlan 2
    > > > > > > !
    > > > > > > !
    > > > > > > !
    > > > > > > no file verify auto
    > > > > > > spanning-tree mode pvst
    > > > > > > spanning-tree extend system-id
    > > > > > > !
    > > > > > > vlan internal allocation policy ascending
    > > > > > > !
    > > > > > > vlan 2
    > > > > > > name vlan-dhcp
    > > > > > > !
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/1
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > ip dhcp snooping trust
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/2
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > ip dhcp snooping trust
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/3
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > ip dhcp snooping trust
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/4
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > ip dhcp snooping trust
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/5
    > > > > > > switchport access vlan 2
    > > > > > > switchport mode access
    > > > > > > ip dhcp snooping trust
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/6
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/7
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/8
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/9
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/10
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/11
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/12
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/13
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/14
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/15
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/16
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/17
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/18
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/19
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/20
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/21
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/22
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/23
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/24
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/25
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/26
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/27
    > > > > > > !
    > > > > > > interface GigabitEthernet1/0/28
    > > > > > > !
    > > > > > > interface Vlan1
    > > > > > > ip address 172.17.141.150 255.255.254.0
    > > > > > > no ip route-cache
    > > > > > > no ip mroute-cache
    > > > > > > shutdown
    > > > > > > !
    > > > > > > interface Vlan2
    > > > > > > ip address 192.168.2.150 255.255.255.0
    > > > > > > ip helper-address 192.168.2.100
    > > > > > > !
    > > > > > > ip default-gateway 172.17.140.1
    > > > > > > no ip classless
    > > > > > > no ip route static inter-vrf
    > > > > > > no ip http server
    > > > > > > !
    > > > > > > !
    > > > > > > !
    > > > > > > control-plane
    > > > > > > !
    > > > > > > !
    > > > > > > line con 0
    > > > > > > line vty 0 4
    > > > > > > password qlogic
    > > > > > > login
    > > > > > > line vty 5 15
    > > > > > > password qlogic
    > > > > > > login
    > > > > > > !
    > > > > > > !
    > > > > > > end

    >
    > > > > > > Switch#show vlan

    >
    > > > > > > VLAN Name Status Ports
    > > > > > > ---- -------------------------------- ---------
    > > > > > > -------------------------------
    > > > > > > 1 default active Gi1/0/6, Gi1/0/7,
    > > > > > > Gi1/0/8
    > > > > > > Gi1/0/9, Gi1/0/10,
    > > > > > > Gi1/0/11
    > > > > > > Gi1/0/12, Gi1/0/13,
    > > > > > > Gi1/0/14
    > > > > > > Gi1/0/15, Gi1/0/16,
    > > > > > > Gi1/0/17
    > > > > > > Gi1/0/18, Gi1/0/19,
    > > > > > > Gi1/0/20
    > > > > > > Gi1/0/21, Gi1/0/22,
    > > > > > > Gi1/0/23
    > > > > > > Gi1/0/24, Gi1/0/25,
    > > > > > > Gi1/0/26
    > > > > > > Gi1/0/27, Gi1/0/28
    > > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > > > > > Gi1/0/3
    > > > > > > Gi1/0/4, Gi1/0/5
    > > > > > > 1002 fddi-default act/unsup
    > > > > > > 1003 trcrf-default act/unsup
    > > > > > > 1004 fddinet-default act/unsup
    > > > > > > 1005 trbrf-default act/unsup

    >
    > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > > Trans1 Trans2
    > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > > ------ ------
    > > > > > > 1 enet 100001 1500 - - - - -
    > > > > > > 0 0
    > > > > > > 2 enet 100002 1500 - - - - -
    > > > > > > 0 0
    > > > > > > 1002 fddi 101002 1500 - - - - -
    > > > > > > 0 0

    >
    > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > > Trans1 Trans2
    > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > > ------ ------
    > > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > > > > > 0 0
    > > > > > > 1004 fdnet 101004 1500 - - - ieee -
    > > > > > > 0 0
    > > > > > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > > > > > 0 0

    >
    > > > > > > VLAN AREHops STEHops Backup CRF
    > > > > > > ---- ------- ------- ----------
    > > > > > > 1003 7 7 off

    >
    > > > > > > Remote SPAN VLANs
    > > > > > > ------------------------------------------------------------------------------

    >
    > > > > > > Primary Secondary Type Ports
    > > > > > > ------- --------- -----------------
    > > > > > > ------------------------------------------

    >
    > > > > > > Switch#show ip dhcp snoop
    > > > > > > Switch DHCP snooping is disabled
    > > > > > > DHCP snooping is configured on following VLANs:
    > > > > > > 2
    > > > > > > Insertion of option 82 is enabled
    > > > > > > Option 82 on untrusted port is not allowed
    > > > > > > Verification of hwaddr field is enabled
    > > > > > > Interface Trusted Rate limit (pps)
    > > > > > > ------------------------ ------- ----------------
    > > > > > > GigabitEthernet1/0/1 yes unlimited
    > > > > > > GigabitEthernet1/0/2 yes unlimited
    > > > > > > GigabitEthernet1/0/3 yes unlimited
    > > > > > > GigabitEthernet1/0/4 yes unlimited
    > > > > > > GigabitEthernet1/0/5 yes unlimited

    >
    > > > > > Why do you have an IP-helper on VLAN 2? While I would think this
    > > > > > wouldn't hinder anything, I would definitely remove that first,
    > > > > > especially since the switch sees those frames before anything else.....

    >
    > > > > At first I did a shutdown cmd on the default vlan 1 and simply
    > > > > connected
    > > > > the dhcp server and the clients. I did not configure the helper-
    > > > > address though.
    > > > > Then I decided that I want an isolated subnet, in which I want to
    > > > > perform
    > > > > dhcp operations. All this is for testing network boot by-the-way. So
    > > > > now I
    > > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    > > > > docs
    > > > > and used the ip helper-address cmd, the directions were to configure
    > > > > the helper-address
    > > > > per vlan. I tried do the helper-address per interfaces connected to
    > > > > the clients and this
    > > > > is unsupported by the cisco f/w I have 12.2(25)SEB4.

    >
    > > > Ip-helper is only needed for subnets that do not have a directly
    > > > connected dhcp server. Additionally, you are saying your dhcp server
    > > > is .100, and your ip-helper says .150. I would either make that
    > > > match, or get rid of it, especially since these clients are on the
    > > > same vlan. Let me know how you fare and we can move to the next phase
    > > > of looking at your issue.

    >
    > > I'm sorry, the helper address does match. Regardless, you shouldn't
    > > need it on the same vlan as the dhcp server, so I'd still try to
    > > remove and test. Additionally, your show ip int brief show all ports
    > > as up/active as needed?

    >
    > Ok, I saw your latest post. Can you ping the dhcp server from the
    > switch? What happens when you do an extended ping (and choose a
    > source interface of the VLAN 2 IP address)? If ping is successful,
    > can you try to set one of the clients to a hard coded IP and do the
    > same test? Can you ping between the static IPed client and the dhcp
    > server? Does show mac-address-table show macs for the clients when
    > they first connect as they should?


    Did several of these from the switch and it works:

    Switch#ping 192.168.2.100
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds:
    !!!!!

    On the dhcp client system:

    # ping 192.168.2.100
    192.168.2.100 is alive

    As I understand, broadcast pkts to 255.255.255.255 are not allowed
    to be propagate across the switch ports by default and my guess is
    that this is the problem I am facing with the dhcp operation.
    But then I though that the ip helper-address was meant to address
    this issue. But you are saying that the helper-address is used for
    subnet to subnet traffic flow in particular for dhcp.
    Anyway, I do appreciate your help so far.
    All the checks you suggested work so far. I tried the dhcp boot
    and it still fails. I have not changed anything yet.
     
    Asif, Oct 3, 2007
    #8
  9. Asif

    Merv Guest

    On Oct 2, 8:28 pm, Asif <> wrote:
    > On Oct 2, 5:02 pm, Trendkill <> wrote:
    >
    > > On Oct 2, 8:00 pm, Trendkill <> wrote:

    >
    > > > On Oct 2, 7:41 pm, Trendkill <> wrote:

    >
    > > > > On Oct 2, 7:39 pm, Asif <> wrote:

    >
    > > > > > On Oct 2, 4:29 pm, Trendkill <> wrote:

    >
    > > > > > > On Oct 2, 6:48 pm, Asif <> wrote:

    >
    > > > > > > > I've been trying to configure a simple dhcp setup with the following
    > > > > > > > topology:

    >
    > > > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > > > > > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > > > > > > for dhcp requests and the proceeding dhcp traffic.
    > > > > > > > This is not working!
    > > > > > > > I connected one of the clients to the dhcp server back-2-back to
    > > > > > > > verify that dhcp works.
    > > > > > > > Am I missing something?
    > > > > > > > I want this to be really simple!
    > > > > > > > Can anyone help, please?

    >
    > > > > > > > Here is my cisco3750 running config:

    >
    > > > > > > > Current configuration : 2208 bytes
    > > > > > > > !
    > > > > > > > version 12.2
    > > > > > > > no service pad
    > > > > > > > service timestamps debug uptime
    > > > > > > > service timestamps log uptime
    > > > > > > > no service password-encryption
    > > > > > > > !
    > > > > > > > hostname Switch
    > > > > > > > !
    > > > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > > > > > > enable password qlogic
    > > > > > > > !
    > > > > > > > no aaa new-model
    > > > > > > > switch 1 provision ws-c3750g-24ts
    > > > > > > > vtp mode transparent
    > > > > > > > ip subnet-zero
    > > > > > > > !
    > > > > > > > ip dhcp snooping vlan 2
    > > > > > > > !
    > > > > > > > !
    > > > > > > > !
    > > > > > > > no file verify auto
    > > > > > > > spanning-tree mode pvst
    > > > > > > > spanning-tree extend system-id
    > > > > > > > !
    > > > > > > > vlan internal allocation policy ascending
    > > > > > > > !
    > > > > > > > vlan 2
    > > > > > > > name vlan-dhcp
    > > > > > > > !
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/1
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > ip dhcp snooping trust
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/2
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > ip dhcp snooping trust
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/3
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > ip dhcp snooping trust
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/4
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > ip dhcp snooping trust
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/5
    > > > > > > > switchport access vlan 2
    > > > > > > > switchport mode access
    > > > > > > > ip dhcp snooping trust
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/6
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/7
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/8
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/9
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/10
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/11
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/12
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/13
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/14
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/15
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/16
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/17
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/18
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/19
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/20
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/21
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/22
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/23
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/24
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/25
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/26
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/27
    > > > > > > > !
    > > > > > > > interface GigabitEthernet1/0/28
    > > > > > > > !
    > > > > > > > interface Vlan1
    > > > > > > > ip address 172.17.141.150 255.255.254.0
    > > > > > > > no ip route-cache
    > > > > > > > no ip mroute-cache
    > > > > > > > shutdown
    > > > > > > > !
    > > > > > > > interface Vlan2
    > > > > > > > ip address 192.168.2.150 255.255.255.0
    > > > > > > > ip helper-address 192.168.2.100
    > > > > > > > !
    > > > > > > > ip default-gateway 172.17.140.1
    > > > > > > > no ip classless
    > > > > > > > no ip route static inter-vrf
    > > > > > > > no ip http server
    > > > > > > > !
    > > > > > > > !
    > > > > > > > !
    > > > > > > > control-plane
    > > > > > > > !
    > > > > > > > !
    > > > > > > > line con 0
    > > > > > > > line vty 0 4
    > > > > > > > password qlogic
    > > > > > > > login
    > > > > > > > line vty 5 15
    > > > > > > > password qlogic
    > > > > > > > login
    > > > > > > > !
    > > > > > > > !
    > > > > > > > end

    >
    > > > > > > > Switch#show vlan

    >
    > > > > > > > VLAN Name Status Ports
    > > > > > > > ---- -------------------------------- ---------
    > > > > > > > -------------------------------
    > > > > > > > 1 default active Gi1/0/6, Gi1/0/7,
    > > > > > > > Gi1/0/8
    > > > > > > > Gi1/0/9, Gi1/0/10,
    > > > > > > > Gi1/0/11
    > > > > > > > Gi1/0/12, Gi1/0/13,
    > > > > > > > Gi1/0/14
    > > > > > > > Gi1/0/15, Gi1/0/16,
    > > > > > > > Gi1/0/17
    > > > > > > > Gi1/0/18, Gi1/0/19,
    > > > > > > > Gi1/0/20
    > > > > > > > Gi1/0/21, Gi1/0/22,
    > > > > > > > Gi1/0/23
    > > > > > > > Gi1/0/24, Gi1/0/25,
    > > > > > > > Gi1/0/26
    > > > > > > > Gi1/0/27, Gi1/0/28
    > > > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > > > > > > Gi1/0/3
    > > > > > > > Gi1/0/4, Gi1/0/5
    > > > > > > > 1002 fddi-default act/unsup
    > > > > > > > 1003 trcrf-default act/unsup
    > > > > > > > 1004 fddinet-default act/unsup
    > > > > > > > 1005 trbrf-default act/unsup

    >
    > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > > > Trans1 Trans2
    > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > > > ------ ------
    > > > > > > > 1 enet 100001 1500 - - - - -
    > > > > > > > 0 0
    > > > > > > > 2 enet 100002 1500 - - - - -
    > > > > > > > 0 0
    > > > > > > > 1002 fddi 101002 1500 - - - - -
    > > > > > > > 0 0

    >
    > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > > > Trans1 Trans2
    > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > > > ------ ------
    > > > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > > > > > > 0 0
    > > > > > > > 1004 fdnet 101004 1500 - - - ieee -
    > > > > > > > 0 0
    > > > > > > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > > > > > > 0 0

    >
    > > > > > > > VLAN AREHops STEHops Backup CRF
    > > > > > > > ---- ------- ------- ----------
    > > > > > > > 1003 7 7 off

    >
    > > > > > > > Remote SPAN VLANs
    > > > > > > > ---------------------------------------------------------------------------­---

    >
    > > > > > > > Primary Secondary Type Ports
    > > > > > > > ------- --------- -----------------
    > > > > > > > ------------------------------------------

    >
    > > > > > > > Switch#show ip dhcp snoop
    > > > > > > > Switch DHCP snooping is disabled
    > > > > > > > DHCP snooping is configured on following VLANs:
    > > > > > > > 2
    > > > > > > > Insertion of option 82 is enabled
    > > > > > > > Option 82 on untrusted port is not allowed
    > > > > > > > Verification of hwaddr field is enabled
    > > > > > > > Interface Trusted Rate limit (pps)
    > > > > > > > ------------------------ ------- ----------------
    > > > > > > > GigabitEthernet1/0/1 yes unlimited
    > > > > > > > GigabitEthernet1/0/2 yes unlimited
    > > > > > > > GigabitEthernet1/0/3 yes unlimited
    > > > > > > > GigabitEthernet1/0/4 yes unlimited
    > > > > > > > GigabitEthernet1/0/5 yes unlimited

    >
    > > > > > > Why do you have an IP-helper on VLAN 2? While I would think this
    > > > > > > wouldn't hinder anything, I would definitely remove that first,
    > > > > > > especially since the switch sees those frames before anything else.....

    >
    > > > > > At first I did a shutdown cmd on the default vlan 1 and simply
    > > > > > connected
    > > > > > the dhcp server and the clients. I did not configure the helper-
    > > > > > address though.
    > > > > > Then I decided that I want an isolated subnet, in which I want to
    > > > > > perform
    > > > > > dhcp operations. All this is for testing network boot by-the-way. So
    > > > > > now I
    > > > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    > > > > > docs
    > > > > > and used the ip helper-address cmd, the directions were to configure
    > > > > > the helper-address
    > > > > > per vlan. I tried do the helper-address per interfaces connected to
    > > > > > the clients and this
    > > > > > is unsupported by the cisco f/w I have 12.2(25)SEB4.

    >
    > > > > Ip-helper is only needed for subnets that do not have a directly
    > > > > connected dhcp server. Additionally, you are saying your dhcp server
    > > > > is .100, and your ip-helper says .150. I would either make that
    > > > > match, or get rid of it, especially since these clients are on the
    > > > > same vlan. Let me know how you fare and we can move to the next phase
    > > > > of looking at your issue.

    >
    > > > I'm sorry, the helper address does match. Regardless, you shouldn't
    > > > need it on the same vlan as the dhcp server, so I'd still try to
    > > > remove and test. Additionally, your show ip int brief show all ports
    > > > as up/active as needed?

    >
    > > Ok, I saw your latest post. Can you ping the dhcp server from the
    > > switch? What happens when you do an extended ping (and choose a
    > > source interface of the VLAN 2 IP address)? If ping is successful,
    > > can you try to set one of the clients to a hard coded IP and do the
    > > same test? Can you ping between the static IPed client and the dhcp
    > > server? Does show mac-address-table show macs for the clients when
    > > they first connect as they should?

    >
    > Did several of these from the switch and it works:
    >
    > Switch#ping 192.168.2.100
    > Type escape sequence to abort.
    > Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds:
    > !!!!!
    >
    > On the dhcp client system:
    >
    > # ping 192.168.2.100
    > 192.168.2.100 is alive
    >
    > As I understand, broadcast pkts to 255.255.255.255 are not allowed
    > to be propagate across the switch ports by default and my guess is
    > that this is the problem I am facing with the dhcp operation.
    > But then I though that the ip helper-address was meant to address
    > this issue. But you are saying that the helper-address is used for
    > subnet to subnet traffic flow in particular for dhcp.
    > Anyway, I do appreciate your help so far.
    > All the checks you suggested work so far. I tried the dhcp boot
    > and it still fails. I have not changed anything yet.



    Suggest you remove the DHCPP snooping commands from all VLAN 2 in case
    there is an IOS bug.

    Post the output of show version.

    Broadcast packets must be received by all active devices in the same
    VLAN.

    Is the DHCP server known to be working - what DHCP server prodcut is
    it ?

    You could also try connecting a DHCP client PC and the DHCP server
    back to back using a crossover cable to see if the DHCP cient get a
    lease
     
    Merv, Oct 3, 2007
    #9
  10. Asif

    Asif Guest

    On Oct 3, 12:39 am, Merv <> wrote:
    > On Oct 2, 8:28 pm, Asif <> wrote:
    >
    > > On Oct 2, 5:02 pm, Trendkill <> wrote:

    >
    > > > On Oct 2, 8:00 pm, Trendkill <> wrote:

    >
    > > > > On Oct 2, 7:41 pm, Trendkill <> wrote:

    >
    > > > > > On Oct 2, 7:39 pm, Asif <> wrote:

    >
    > > > > > > On Oct 2, 4:29 pm, Trendkill <> wrote:

    >
    > > > > > > > On Oct 2, 6:48 pm, Asif <> wrote:

    >
    > > > > > > > > I've been trying to configure a simple dhcp setup with the following
    > > > > > > > > topology:

    >
    > > > > > > > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > > > > > > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > > > > > > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > > > > > > > for dhcp requests and the proceeding dhcp traffic.
    > > > > > > > > This is not working!
    > > > > > > > > I connected one of the clients to the dhcp server back-2-back to
    > > > > > > > > verify that dhcp works.
    > > > > > > > > Am I missing something?
    > > > > > > > > I want this to be really simple!
    > > > > > > > > Can anyone help, please?

    >
    > > > > > > > > Here is my cisco3750 running config:

    >
    > > > > > > > > Current configuration : 2208 bytes
    > > > > > > > > !
    > > > > > > > > version 12.2
    > > > > > > > > no service pad
    > > > > > > > > service timestamps debug uptime
    > > > > > > > > service timestamps log uptime
    > > > > > > > > no service password-encryption
    > > > > > > > > !
    > > > > > > > > hostname Switch
    > > > > > > > > !
    > > > > > > > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > > > > > > > enable password qlogic
    > > > > > > > > !
    > > > > > > > > no aaa new-model
    > > > > > > > > switch 1 provision ws-c3750g-24ts
    > > > > > > > > vtp mode transparent
    > > > > > > > > ip subnet-zero
    > > > > > > > > !
    > > > > > > > > ip dhcp snooping vlan 2
    > > > > > > > > !
    > > > > > > > > !
    > > > > > > > > !
    > > > > > > > > no file verify auto
    > > > > > > > > spanning-tree mode pvst
    > > > > > > > > spanning-tree extend system-id
    > > > > > > > > !
    > > > > > > > > vlan internal allocation policy ascending
    > > > > > > > > !
    > > > > > > > > vlan 2
    > > > > > > > > name vlan-dhcp
    > > > > > > > > !
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/1
    > > > > > > > > switchport access vlan 2
    > > > > > > > > switchport mode access
    > > > > > > > > ip dhcp snooping trust
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/2
    > > > > > > > > switchport access vlan 2
    > > > > > > > > switchport mode access
    > > > > > > > > ip dhcp snooping trust
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/3
    > > > > > > > > switchport access vlan 2
    > > > > > > > > switchport mode access
    > > > > > > > > ip dhcp snooping trust
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/4
    > > > > > > > > switchport access vlan 2
    > > > > > > > > switchport mode access
    > > > > > > > > ip dhcp snooping trust
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/5
    > > > > > > > > switchport access vlan 2
    > > > > > > > > switchport mode access
    > > > > > > > > ip dhcp snooping trust
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/6
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/7
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/8
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/9
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/10
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/11
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/12
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/13
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/14
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/15
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/16
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/17
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/18
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/19
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/20
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/21
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/22
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/23
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/24
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/25
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/26
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/27
    > > > > > > > > !
    > > > > > > > > interface GigabitEthernet1/0/28
    > > > > > > > > !
    > > > > > > > > interface Vlan1
    > > > > > > > > ip address 172.17.141.150 255.255.254.0
    > > > > > > > > no ip route-cache
    > > > > > > > > no ip mroute-cache
    > > > > > > > > shutdown
    > > > > > > > > !
    > > > > > > > > interface Vlan2
    > > > > > > > > ip address 192.168.2.150 255.255.255.0
    > > > > > > > > ip helper-address 192.168.2.100
    > > > > > > > > !
    > > > > > > > > ip default-gateway 172.17.140.1
    > > > > > > > > no ip classless
    > > > > > > > > no ip route static inter-vrf
    > > > > > > > > no ip http server
    > > > > > > > > !
    > > > > > > > > !
    > > > > > > > > !
    > > > > > > > > control-plane
    > > > > > > > > !
    > > > > > > > > !
    > > > > > > > > line con 0
    > > > > > > > > line vty 0 4
    > > > > > > > > password qlogic
    > > > > > > > > login
    > > > > > > > > line vty 5 15
    > > > > > > > > password qlogic
    > > > > > > > > login
    > > > > > > > > !
    > > > > > > > > !
    > > > > > > > > end

    >
    > > > > > > > > Switch#show vlan

    >
    > > > > > > > > VLAN Name Status Ports
    > > > > > > > > ---- -------------------------------- ---------
    > > > > > > > > -------------------------------
    > > > > > > > > 1 default active Gi1/0/6, Gi1/0/7,
    > > > > > > > > Gi1/0/8
    > > > > > > > > Gi1/0/9, Gi1/0/10,
    > > > > > > > > Gi1/0/11
    > > > > > > > > Gi1/0/12, Gi1/0/13,
    > > > > > > > > Gi1/0/14
    > > > > > > > > Gi1/0/15, Gi1/0/16,
    > > > > > > > > Gi1/0/17
    > > > > > > > > Gi1/0/18, Gi1/0/19,
    > > > > > > > > Gi1/0/20
    > > > > > > > > Gi1/0/21, Gi1/0/22,
    > > > > > > > > Gi1/0/23
    > > > > > > > > Gi1/0/24, Gi1/0/25,
    > > > > > > > > Gi1/0/26
    > > > > > > > > Gi1/0/27, Gi1/0/28
    > > > > > > > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > > > > > > > Gi1/0/3
    > > > > > > > > Gi1/0/4, Gi1/0/5
    > > > > > > > > 1002 fddi-default act/unsup
    > > > > > > > > 1003 trcrf-default act/unsup
    > > > > > > > > 1004 fddinet-default act/unsup
    > > > > > > > > 1005 trbrf-default act/unsup

    >
    > > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > > > > Trans1 Trans2
    > > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > > > > ------ ------
    > > > > > > > > 1 enet 100001 1500 - - - - -
    > > > > > > > > 0 0
    > > > > > > > > 2 enet 100002 1500 - - - - -
    > > > > > > > > 0 0
    > > > > > > > > 1002 fddi 101002 1500 - - - - -
    > > > > > > > > 0 0

    >
    > > > > > > > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > > > > > > > Trans1 Trans2
    > > > > > > > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > > > > > > > ------ ------
    > > > > > > > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > > > > > > > 0 0
    > > > > > > > > 1004 fdnet 101004 1500 - - - ieee -
    > > > > > > > > 0 0
    > > > > > > > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > > > > > > > 0 0

    >
    > > > > > > > > VLAN AREHops STEHops Backup CRF
    > > > > > > > > ---- ------- ------- ----------
    > > > > > > > > 1003 7 7 off

    >
    > > > > > > > > Remote SPAN VLANs
    > > > > > > > > ---------------------------------------------------------------------------­---

    >
    > > > > > > > > Primary Secondary Type Ports
    > > > > > > > > ------- --------- -----------------
    > > > > > > > > ------------------------------------------

    >
    > > > > > > > > Switch#show ip dhcp snoop
    > > > > > > > > Switch DHCP snooping is disabled
    > > > > > > > > DHCP snooping is configured on following VLANs:
    > > > > > > > > 2
    > > > > > > > > Insertion of option 82 is enabled
    > > > > > > > > Option 82 on untrusted port is not allowed
    > > > > > > > > Verification of hwaddr field is enabled
    > > > > > > > > Interface Trusted Rate limit (pps)
    > > > > > > > > ------------------------ ------- ----------------
    > > > > > > > > GigabitEthernet1/0/1 yes unlimited
    > > > > > > > > GigabitEthernet1/0/2 yes unlimited
    > > > > > > > > GigabitEthernet1/0/3 yes unlimited
    > > > > > > > > GigabitEthernet1/0/4 yes unlimited
    > > > > > > > > GigabitEthernet1/0/5 yes unlimited

    >
    > > > > > > > Why do you have an IP-helper on VLAN 2? While I would think this
    > > > > > > > wouldn't hinder anything, I would definitely remove that first,
    > > > > > > > especially since the switch sees those frames before anything else.....

    >
    > > > > > > At first I did a shutdown cmd on the default vlan 1 and simply
    > > > > > > connected
    > > > > > > the dhcp server and the clients. I did not configure the helper-
    > > > > > > address though.
    > > > > > > Then I decided that I want an isolated subnet, in which I want to
    > > > > > > perform
    > > > > > > dhcp operations. All this is for testing network boot by-the-way. So
    > > > > > > now I
    > > > > > > have the vlan #2 (192.168.2.x). By-the-way, when I looked at the cisco
    > > > > > > docs
    > > > > > > and used the ip helper-address cmd, the directions were to configure
    > > > > > > the helper-address
    > > > > > > per vlan. I tried do the helper-address per interfaces connected to
    > > > > > > the clients and this
    > > > > > > is unsupported by the cisco f/w I have 12.2(25)SEB4.

    >
    > > > > > Ip-helper is only needed for subnets that do not have a directly
    > > > > > connected dhcp server. Additionally, you are saying your dhcp server
    > > > > > is .100, and your ip-helper says .150. I would either make that
    > > > > > match, or get rid of it, especially since these clients are on the
    > > > > > same vlan. Let me know how you fare and we can move to the next phase
    > > > > > of looking at your issue.

    >
    > > > > I'm sorry, the helper address does match. Regardless, you shouldn't
    > > > > need it on the same vlan as the dhcp server, so I'd still try to
    > > > > remove and test. Additionally, your show ip int brief show all ports
    > > > > as up/active as needed?

    >
    > > > Ok, I saw your latest post. Can you ping the dhcp server from the
    > > > switch? What happens when you do an extended ping (and choose a
    > > > source interface of the VLAN 2 IP address)? If ping is successful,
    > > > can you try to set one of the clients to a hard coded IP and do the
    > > > same test? Can you ping between the static IPed client and the dhcp
    > > > server? Does show mac-address-table show macs for the clients when
    > > > they first connect as they should?

    >
    > > Did several of these from the switch and it works:

    >
    > > Switch#ping 192.168.2.100
    > > Type escape sequence to abort.
    > > Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds:
    > > !!!!!

    >
    > > On the dhcp client system:

    >
    > > # ping 192.168.2.100
    > > 192.168.2.100 is alive

    >
    > > As I understand, broadcast pkts to 255.255.255.255 are not allowed
    > > to be propagate across the switch ports by default and my guess is
    > > that this is the problem I am facing with the dhcp operation.
    > > But then I though that the ip helper-address was meant to address
    > > this issue. But you are saying that the helper-address is used for
    > > subnet to subnet traffic flow in particular for dhcp.
    > > Anyway, I do appreciate your help so far.
    > > All the checks you suggested work so far. I tried the dhcp boot
    > > and it still fails. I have not changed anything yet.

    >
    > Suggest you remove the DHCPP snooping commands from all VLAN 2 in case
    > there is an IOS bug.
    >
    > Post the output of show version.
    >
    > Broadcast packets must be received by all active devices in the same
    > VLAN.
    >
    > Is the DHCP server known to be working - what DHCP server prodcut is
    > it ?
    >
    > You could also try connecting a DHCP client PC and the DHCP server
    > back to back using a crossover cable to see if the DHCP cient get a
    > lease


    dhcp server: Internet Systems Consortium DHCP Server V3.0.4b2

    Cisco 3750 VERSION (reformatted):
    Switch = 1
    Ports = 28
    Model = WS-C3750G-24TS
    SW Version = 12.2(25)SEB4
    SW Image = C3750-IPSERVICES-M

    Back2Back: If you look in my earlier posts, you'll see that I've
    conformed that it works.
    Anyway, I reconfirmed again, and back2back works.

    Got rid of the ip dhcp snooping, and it still does not work!
    I am running out of ideas here.
     
    Asif, Oct 3, 2007
    #10
  11. Asif

    Scott Perry Guest

    VLAN 2 contains a DHCP server and several client computers. The layer 3
    switch (Cisco 3750) does not have to do anything for DHCP to work. Remove
    the IP helper configuration completely. There is no doubt that IP helper
    forwards DHCP requests from a VLAN to another VLAN containing a DHCP server
    when the DHCP server and DHCP clients are on different broadcast domains,
    such as the case when they are seperated by a router.

    Quote from Cisco documentation:
    DHCP snooping is a DHCP security feature that provides security by filtering
    untrusted DHCP messages and by building and maintaining a DHCP snooping
    binding table. An untrusted message is a message that is received from
    outside the network or firewall and that can cause traffic attacks within
    your network.

    Based on your below posted configuration, enter the following:

    no ip dhcp snooping vlan 2
    no ip helper-address 192.168.2.100

    Test that without the IP helper-address. If it works, add DHCP snooping
    back in but do not use IP helper-address if the DHCP server is within the
    same VLAN on that switch as the DHCP clients.

    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
    "Asif" <> wrote in message
    news:...
    > I've been trying to configure a simple dhcp setup with the following
    > topology:
    >
    > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > Cisco3750[Port:3-5] <---> dhcp clients
    >
    > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > for dhcp requests and the proceeding dhcp traffic.
    > This is not working!
    > I connected one of the clients to the dhcp server back-2-back to
    > verify that dhcp works.
    > Am I missing something?
    > I want this to be really simple!
    > Can anyone help, please?
    >
    > Here is my cisco3750 running config:
    >
    > Current configuration : 2208 bytes
    > !
    > version 12.2
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname Switch
    > !
    > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > enable password qlogic
    > !
    > no aaa new-model
    > switch 1 provision ws-c3750g-24ts
    > vtp mode transparent
    > ip subnet-zero
    > !
    > ip dhcp snooping vlan 2
    > !
    > !
    > !
    > no file verify auto
    > spanning-tree mode pvst
    > spanning-tree extend system-id
    > !
    > vlan internal allocation policy ascending
    > !
    > vlan 2
    > name vlan-dhcp
    > !
    > !
    > interface GigabitEthernet1/0/1
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/2
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/3
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/4
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/5
    > switchport access vlan 2
    > switchport mode access
    > ip dhcp snooping trust
    > !
    > interface GigabitEthernet1/0/6
    > !
    > interface GigabitEthernet1/0/7
    > !
    > interface GigabitEthernet1/0/8
    > !
    > interface GigabitEthernet1/0/9
    > !
    > interface GigabitEthernet1/0/10
    > !
    > interface GigabitEthernet1/0/11
    > !
    > interface GigabitEthernet1/0/12
    > !
    > interface GigabitEthernet1/0/13
    > !
    > interface GigabitEthernet1/0/14
    > !
    > interface GigabitEthernet1/0/15
    > !
    > interface GigabitEthernet1/0/16
    > !
    > interface GigabitEthernet1/0/17
    > !
    > interface GigabitEthernet1/0/18
    > !
    > interface GigabitEthernet1/0/19
    > !
    > interface GigabitEthernet1/0/20
    > !
    > interface GigabitEthernet1/0/21
    > !
    > interface GigabitEthernet1/0/22
    > !
    > interface GigabitEthernet1/0/23
    > !
    > interface GigabitEthernet1/0/24
    > !
    > interface GigabitEthernet1/0/25
    > !
    > interface GigabitEthernet1/0/26
    > !
    > interface GigabitEthernet1/0/27
    > !
    > interface GigabitEthernet1/0/28
    > !
    > interface Vlan1
    > ip address 172.17.141.150 255.255.254.0
    > no ip route-cache
    > no ip mroute-cache
    > shutdown
    > !
    > interface Vlan2
    > ip address 192.168.2.150 255.255.255.0
    > ip helper-address 192.168.2.100
    > !
    > ip default-gateway 172.17.140.1
    > no ip classless
    > no ip route static inter-vrf
    > no ip http server
    > !
    > !
    > !
    > control-plane
    > !
    > !
    > line con 0
    > line vty 0 4
    > password qlogic
    > login
    > line vty 5 15
    > password qlogic
    > login
    > !
    > !
    > end
    >
    > Switch#show vlan
    >
    > VLAN Name Status Ports
    > ---- -------------------------------- ---------
    > -------------------------------
    > 1 default active Gi1/0/6, Gi1/0/7,
    > Gi1/0/8
    > Gi1/0/9, Gi1/0/10,
    > Gi1/0/11
    > Gi1/0/12, Gi1/0/13,
    > Gi1/0/14
    > Gi1/0/15, Gi1/0/16,
    > Gi1/0/17
    > Gi1/0/18, Gi1/0/19,
    > Gi1/0/20
    > Gi1/0/21, Gi1/0/22,
    > Gi1/0/23
    > Gi1/0/24, Gi1/0/25,
    > Gi1/0/26
    > Gi1/0/27, Gi1/0/28
    > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > Gi1/0/3
    > Gi1/0/4, Gi1/0/5
    > 1002 fddi-default act/unsup
    > 1003 trcrf-default act/unsup
    > 1004 fddinet-default act/unsup
    > 1005 trbrf-default act/unsup
    >
    > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > Trans1 Trans2
    > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > ------ ------
    > 1 enet 100001 1500 - - - - -
    > 0 0
    > 2 enet 100002 1500 - - - - -
    > 0 0
    > 1002 fddi 101002 1500 - - - - -
    > 0 0
    >
    > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > Trans1 Trans2
    > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > ------ ------
    > 1003 trcrf 101003 4472 1005 3276 - - srb
    > 0 0
    > 1004 fdnet 101004 1500 - - - ieee -
    > 0 0
    > 1005 trbrf 101005 4472 - - 15 ibm -
    > 0 0
    >
    >
    > VLAN AREHops STEHops Backup CRF
    > ---- ------- ------- ----------
    > 1003 7 7 off
    >
    > Remote SPAN VLANs
    > ------------------------------------------------------------------------------
    >
    >
    > Primary Secondary Type Ports
    > ------- --------- -----------------
    > ------------------------------------------
    >
    > Switch#show ip dhcp snoop
    > Switch DHCP snooping is disabled
    > DHCP snooping is configured on following VLANs:
    > 2
    > Insertion of option 82 is enabled
    > Option 82 on untrusted port is not allowed
    > Verification of hwaddr field is enabled
    > Interface Trusted Rate limit (pps)
    > ------------------------ ------- ----------------
    > GigabitEthernet1/0/1 yes unlimited
    > GigabitEthernet1/0/2 yes unlimited
    > GigabitEthernet1/0/3 yes unlimited
    > GigabitEthernet1/0/4 yes unlimited
    > GigabitEthernet1/0/5 yes unlimited
    >
     
    Scott Perry, Oct 3, 2007
    #11
  12. Asif

    Asif Guest

    On Oct 3, 1:40 pm, "Scott Perry" <scottperry@aciscocompany> wrote:
    > VLAN 2 contains a DHCP server and several client computers. The layer 3
    > switch (Cisco 3750) does not have to do anything for DHCP to work. Remove
    > the IP helper configuration completely. There is no doubt that IP helper
    > forwards DHCP requests from a VLAN to another VLAN containing a DHCP server
    > when the DHCP server and DHCP clients are on different broadcast domains,
    > such as the case when they are seperated by a router.
    >
    > Quote from Cisco documentation:
    > DHCP snooping is a DHCP security feature that provides security by filtering
    > untrusted DHCP messages and by building and maintaining a DHCP snooping
    > binding table. An untrusted message is a message that is received from
    > outside the network or firewall and that can cause traffic attacks within
    > your network.
    >
    > Based on your below posted configuration, enter the following:
    >
    > no ip dhcp snooping vlan 2
    > no ip helper-address 192.168.2.100
    >
    > Test that without the IP helper-address. If it works, add DHCP snooping
    > back in but do not use IP helper-address if the DHCP server is within the
    > same VLAN on that switch as the DHCP clients.
    >
    > --
    >
    > ===========
    > Scott Perry
    > ===========
    > Indianapolis, Indiana
    > ________________________________________"Asif" <> wrote in message
    >
    > news:...
    >
    > > I've been trying to configure a simple dhcp setup with the following
    > > topology:

    >
    > > Cisco3750[Port:1] <---> dhcp server 192.168.2.100
    > > Cisco3750[Port:3-5] <---> dhcp clients

    >
    > > I am using tetheral on the dhcp server 192.168.2.100 interface to look
    > > for dhcp requests and the proceeding dhcp traffic.
    > > This is not working!
    > > I connected one of the clients to the dhcp server back-2-back to
    > > verify that dhcp works.
    > > Am I missing something?
    > > I want this to be really simple!
    > > Can anyone help, please?

    >
    > > Here is my cisco3750 running config:

    >
    > > Current configuration : 2208 bytes
    > > !
    > > version 12.2
    > > no service pad
    > > service timestamps debug uptime
    > > service timestamps log uptime
    > > no service password-encryption
    > > !
    > > hostname Switch
    > > !
    > > enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
    > > enable password qlogic
    > > !
    > > no aaa new-model
    > > switch 1 provision ws-c3750g-24ts
    > > vtp mode transparent
    > > ip subnet-zero
    > > !
    > > ip dhcp snooping vlan 2
    > > !
    > > !
    > > !
    > > no file verify auto
    > > spanning-tree mode pvst
    > > spanning-tree extend system-id
    > > !
    > > vlan internal allocation policy ascending
    > > !
    > > vlan 2
    > > name vlan-dhcp
    > > !
    > > !
    > > interface GigabitEthernet1/0/1
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/2
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/3
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/4
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/5
    > > switchport access vlan 2
    > > switchport mode access
    > > ip dhcp snooping trust
    > > !
    > > interface GigabitEthernet1/0/6
    > > !
    > > interface GigabitEthernet1/0/7
    > > !
    > > interface GigabitEthernet1/0/8
    > > !
    > > interface GigabitEthernet1/0/9
    > > !
    > > interface GigabitEthernet1/0/10
    > > !
    > > interface GigabitEthernet1/0/11
    > > !
    > > interface GigabitEthernet1/0/12
    > > !
    > > interface GigabitEthernet1/0/13
    > > !
    > > interface GigabitEthernet1/0/14
    > > !
    > > interface GigabitEthernet1/0/15
    > > !
    > > interface GigabitEthernet1/0/16
    > > !
    > > interface GigabitEthernet1/0/17
    > > !
    > > interface GigabitEthernet1/0/18
    > > !
    > > interface GigabitEthernet1/0/19
    > > !
    > > interface GigabitEthernet1/0/20
    > > !
    > > interface GigabitEthernet1/0/21
    > > !
    > > interface GigabitEthernet1/0/22
    > > !
    > > interface GigabitEthernet1/0/23
    > > !
    > > interface GigabitEthernet1/0/24
    > > !
    > > interface GigabitEthernet1/0/25
    > > !
    > > interface GigabitEthernet1/0/26
    > > !
    > > interface GigabitEthernet1/0/27
    > > !
    > > interface GigabitEthernet1/0/28
    > > !
    > > interface Vlan1
    > > ip address 172.17.141.150 255.255.254.0
    > > no ip route-cache
    > > no ip mroute-cache
    > > shutdown
    > > !
    > > interface Vlan2
    > > ip address 192.168.2.150 255.255.255.0
    > > ip helper-address 192.168.2.100
    > > !
    > > ip default-gateway 172.17.140.1
    > > no ip classless
    > > no ip route static inter-vrf
    > > no ip http server
    > > !
    > > !
    > > !
    > > control-plane
    > > !
    > > !
    > > line con 0
    > > line vty 0 4
    > > password qlogic
    > > login
    > > line vty 5 15
    > > password qlogic
    > > login
    > > !
    > > !
    > > end

    >
    > > Switch#show vlan

    >
    > > VLAN Name Status Ports
    > > ---- -------------------------------- ---------
    > > -------------------------------
    > > 1 default active Gi1/0/6, Gi1/0/7,
    > > Gi1/0/8
    > > Gi1/0/9, Gi1/0/10,
    > > Gi1/0/11
    > > Gi1/0/12, Gi1/0/13,
    > > Gi1/0/14
    > > Gi1/0/15, Gi1/0/16,
    > > Gi1/0/17
    > > Gi1/0/18, Gi1/0/19,
    > > Gi1/0/20
    > > Gi1/0/21, Gi1/0/22,
    > > Gi1/0/23
    > > Gi1/0/24, Gi1/0/25,
    > > Gi1/0/26
    > > Gi1/0/27, Gi1/0/28
    > > 2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
    > > Gi1/0/3
    > > Gi1/0/4, Gi1/0/5
    > > 1002 fddi-default act/unsup
    > > 1003 trcrf-default act/unsup
    > > 1004 fddinet-default act/unsup
    > > 1005 trbrf-default act/unsup

    >
    > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > Trans1 Trans2
    > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > ------ ------
    > > 1 enet 100001 1500 - - - - -
    > > 0 0
    > > 2 enet 100002 1500 - - - - -
    > > 0 0
    > > 1002 fddi 101002 1500 - - - - -
    > > 0 0

    >
    > > VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    > > Trans1 Trans2
    > > ---- ----- ---------- ----- ------ ------ -------- ---- --------
    > > ------ ------
    > > 1003 trcrf 101003 4472 1005 3276 - - srb
    > > 0 0
    > > 1004 fdnet 101004 1500 - - - ieee -
    > > 0 0
    > > 1005 trbrf 101005 4472 - - 15 ibm -
    > > 0 0

    >
    > > VLAN AREHops STEHops Backup CRF
    > > ---- ------- ------- ----------
    > > 1003 7 7 off

    >
    > > Remote SPAN VLANs
    > > ------------------------------------------------------------------------------

    >
    > > Primary Secondary Type Ports
    > > ------- --------- -----------------
    > > ------------------------------------------

    >
    > > Switch#show ip dhcp snoop
    > > Switch DHCP snooping is disabled
    > > DHCP snooping is configured on following VLANs:
    > > 2
    > > Insertion of option 82 is enabled
    > > Option 82 on untrusted port is not allowed
    > > Verification of hwaddr field is enabled
    > > Interface Trusted Rate limit (pps)
    > > ------------------------ ------- ----------------
    > > GigabitEthernet1/0/1 yes unlimited
    > > GigabitEthernet1/0/2 yes unlimited
    > > GigabitEthernet1/0/3 yes unlimited
    > > GigabitEthernet1/0/4 yes unlimited
    > > GigabitEthernet1/0/5 yes unlimited


    Ok got rid of ip helper-address and dhcp snooping.
    It works. But interestingly it takes a long time.
    Here is an example dhcp session on a Sun SPARC at the OBP ok prompt:

    ok load net:dhcp,192.168.2.100,hello
    Boot device: /pci@1f,700000/network@2:dhcp,192.168.2.100,hello File
    and args:
    -v
    1000 Mbps FDX Link up
    Timeout waiting for BOOTP/DHCP reply. Retrying ...
    Timeout waiting for BOOTP/DHCP reply. Retrying ...
    Timeout waiting for BOOTP/DHCP reply. Retrying ...

    Server IP address: 192.168.2.100
    Client IP address: 192.168.2.130
    Router IP address: 192.168.2.1
    Subnet Mask : 255.255.255.0
    ok
     
    Asif, Oct 3, 2007
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alireza Dabagh [MS]

    3750 G 24TS vs. 3750 G 12S

    Alireza Dabagh [MS], Sep 28, 2004, in forum: Cisco
    Replies:
    4
    Views:
    2,559
    Alireza Dabagh [MS]
    Sep 29, 2004
  2. Replies:
    0
    Views:
    557
  3. Vimokh
    Replies:
    3
    Views:
    5,798
    Vimokh
    Sep 6, 2006
  4. jayesh
    Replies:
    0
    Views:
    769
    jayesh
    Mar 14, 2007
  5. Adam Przestroga

    DHCP on Cisco 3750

    Adam Przestroga, Jul 30, 2009, in forum: Cisco
    Replies:
    8
    Views:
    6,710
    bod43
    Aug 1, 2009
Loading...

Share This Page