Cisco Switching/Routing :: 3550 / 2950 DHCP Relay Option To Router Handing Out DHCP
Apr 3, 2012
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
Had a problem with a 3750 this morning not handing out DHCP addresses. The following is a sanitized config of what the switch is using. [code] The IOS installed on the switch is c3750-ipbasek9-mz.122-55.SE1.bin. What got my attention was that the sh ip dhcp pool PC showed 180 addresses being excluded. In doing the math from the dhcp excluded addresses, only 64 should be excluded.
My next step was to remove the second dhcp excluded-address line above. Doing a clear ip dhcp binding * started letting the DHCP service hand out addresses but the sh ip dhcp pool PC stil showed 180 addresses excluded.
It finally took removing the dhcp pool and putting it back in to drop the number of excluded addresses down to a value that matches the first excluded-address line. Didnt see a dhcp bug in the bug database that would explain this.
I tried re-entering the second excluded-address line from above and saw the number of excluded addresses rise as expected. When I negated the line, the number of excluded addresses dropped back to its previous value.
I have a DHCP server for a subnet that has only lightweight WAP's in it. The DHCP server is running on the gateway for this subnet which is a 3750X 2 switch stack running 12.2(53r)se2.I have the following configured:
ip dhcp excluded-address 10.1.10.161 10.1.10.162 ip dhcp pool DHCP-VL20 network 10.1.10.160 255.255.255.224 domain-name mydomain.net dns-server 10.11.11.30 10.11.11.40 default-router 10.1.10.161 ease 3
The server hands out up to 18 IP addresses and no more, with 20 devices on the subnet. Scanning the subnet with a 3rd party network management system I see the following IP's never get handed out or used:
and of course 2 IP's I have manually excluded, 11 IP's in all that wont get handed out. It should only be 2 that don't get handed out. I've double and triple checked the exclusion and thats the only one. so I run a 'sh ip dhcp pool' and see this:
Pool DHCP-VL20 : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 30
[code]....
[edit]I should also mention that "sh ip dhcp bind" does not show these randomly excluded IP's in use. They also do not show up in any arp table I can find.I have looked all over the config and I cant find where these extra 9 addresses are being excluded. how to free up these 9 seemingly random exclusions? Haven't issued a reload and I haven't deleted and rebuilt the DHCP server yet, production network.
Haveing issue with DHCP server handing out IP addresses to client connected to VLAN5 interface.ISP Router>Firewall -(WatchGuard Drop-in mode) I have several 3750 switches and one acting as a L3 switch. The L3 is configured as follow: [code]
If I connect a laptop to int fa1/0/10 I DO NOT get an IP address from the 10.100.0.8 scope. If I connect to another interface within the VLAN 1, I get an address from the 10.100.0.0 range.
I am trying to get an understanding of some behaviour I am seeing on my N7Ks regarding DHCP relay.I have two identically configured Vlans interfaces both configured with the same two dhcp relay servers in the same order. The only difference between the two vlans is that one is HSRP active on the A side switch and the other is active on B side switch. All clients in Vlan136 (active on B side) are getting DHCP leases from the first of the two dhcp relay servers configured while all clients on Vlan 137 (active on A side) are getting DHCP leases from the second of the two dhcp relay servers. I would expect that all clients on both vlans would get leases from the first relay server configured unless that device was unavailable.
Would like to impliment VLAN's on Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(25)SEB4...But I need a DHCP Realy to my Windows Based DHCP Server. How do I enable DHCP Relay on the 3560?
I have a 2921 with 4 segments: [code] My DHCP server is 172.16.5.2 and I need to serve clients from 172.16.2.0/23 by MAC address and only to that segment.
Windows Server 2008 R2 has two DHCP scopes 192.168.1.x (for data) and 192.168.2.x (for VOIP). The Catalyst 2960-S has Vlan1 for the Data V LAN and V lan 2 for the VOIP network. How do I setup DHCP relay for Vlan2 to get their IPs from the scope on the Windows server?
Used to doing ip helper-address x.x.x.x in other Catalyst switches, but not available here.
I have upgraded a C3750G-12S-E to c3750-ipserviceslmk9-tar.122-55.SE5This switch is a distribution layer switch for one of my remote sites. it contains an ip helper-address on the site vlan's SVI.DHCP relay is no longer functioning for client PCs. Static address assignment allows full network functionality. I enabled debug ip dhcp server packet. [code] Actually I am betting you upgraded your IOS from something before 12.2(50)SE to 12.2(50)SE or later. We added enhancement CSCso19800 which will validate DHCP options when we are a relay agent.
I am trying to configure two 3845 routers to act as dhcp server and dhcp relay. Clients are connected to the router that relays all dhcp requests to the vrf instance which is used to connect it to the router wich is running dhcp server.
Router1 ip vrf dhcp_dns rd 8:1 int gi0/0 ip vrf forwarding dhcp_dns ip address 192.168.200.5 255.255.255.248
[code]...
So far I can see dhcp requests coming from the R1 and dhcp server on R2 replies with the dhcp offer but PC is not getting any ip.
I have a very simple setup containing 3 C2960S switches:switch 1: central switch, acting as router between VLAN 1 en VLAN 2switch 2+3: edge switches, connected via 1 link to central switch, both on VLAN 2,Clients connect to switch 2 and 3 using dhcp, switch 1 uses dhcp relay to forward requests from VLAN 2 to the dhcp server on VLAN 1. So far so good.Now I want switch 1 to add option 82 to the dhcp requests so the dhcp server can see whether the request came through switch 2 or switch 3. I tried turning on dhcp option 82 support on switch 1 by doing.
In RFC 951, the format of BOOTP packet was legislated, but the vendor information was not legislated in this document, so the authors of this document had described that :"If the 'vend' field is used, it is recommended that a 4 byte 'magic number' be the first item within 'vend'. This lets a server determine what kind of information it is seeing in this field. "
I think it meant that the format of vendor information wasn't fixed in RFC 951, and any vendor can legislate a new format of vendor information by itself. And the value in "magic cookie" can be set by any vendor.But in RFC 2131, the format of DHCP packet was legislated, and the "magic cooke" was fixed to values 99, 130, 83 and 99, I think it meant that the format of option information in DHCP packet was fixed absolutely and any vendor can't legislate a new format by itself.
Since the format of option information in DHCP packet was fixed absolutely, why the network device needs "magic cookie" to identify the mode in which the succeeding data is to be interpreted ? I think the magic cookie is not useful in DHCP packet because the format of option information is fixed. In other words, there is only one format of option information forever.
How to configure cisco 3560 to force the client only can get ip by dhcp-relay server ?
The company i am working in has 5 vlans which have been set an lay-3 switch(3560), uses the dhcp-relay server .(in svi configuration: ip helper-address X.X.X.X) well , that works ok~
Now , I got my problem: I need to force the client only can get ip by dhcp-relay server, that means if anyone set static IP manunally , he can't really access to anywhere (to provent anyone set static IP with malignancy )
I know if a h3c router , how to set this configuration n svi configuration : dhcp relay security address-check enable ) the how to configure on a cisco 3560 ?
I faced with issue on ME3800. [code] With that configuration there is no problem with DHCP Relay packets.But if I add on interface #xconnect 82.199.1 19.1 77 encapsulation mpls it will stop forward DHCP relay packets immediately. All other traffic transfers without problem.
Stumped again with my Catalyst 2950. Everything is working perfectly with wan/dhcp/router on fa 0/1 with all ports assigned to vlan1. All devices plugged in connect to the router correctly with ip's being assigned via dhcp.Instead of hooking up by console port I want to be able to SSH or telnet in to the switch using any port while still maintaining the above functionallity. Is it possible to assign a dhcp assigned ip address to vlan 2 and have vlan1 and 2 bridged? Or is there a better way of doing this ?
I have a Belkin model F9K1102 router supplying WAN/LAN connection to three PCs and 2 laptops. Two of the PCs are hardwired with the remainder PC and laptops are wireless. I'm using the default router IP of 192.168.2.1 and my ISP is Charter Cable (if that's of significance). The router is picking up all the dynamic IP information from my ISP and internal DHCP is enabled. Here's the issue though - when I connect a PC, laptop or iTouch (wired or wireless) with obtain IP settings automatically enabled the IP address it receives an IP address on a different subnet ie, 192.168.3.x and thus won't have WAN/LAN connection. I have tried to set the router IP to 192.168.3.1 and set the scope in the .3 subnet but the IP obtained by the device is .4! This makes no sense to me at all. The router is on the latest firmware (according to Belkin) and there doesn't seem to be any other update I can find. I have also tried another Belkin router (older model: F5D8236) and it does the same thing.
I'm not sure if this is related but I upgraded my service with Charter to a 18MB connection and a D3.0 Ubee cable modem - this issue seem to have began after this upgrade but I don't see how that would have any bearing on what is happening on my LAN IP scope and Charter tech support is pretty useless. My workaround is that I've static assigned an IP for each device in the same subnet as the router but it would be nice for the DHCP to function correctly.
I am wondering if it has its own DHCP router and if theres a command to enable it?Also Random side question. it hands out ip addresses to other devices (the 2950 im using infront of a router) but when I hook up another switch to this switch it doesnt initialize the port or try to connect? why.
Is there a way to configure a DHCP server for my internal subnet of 192.168.20.1 which is on a 3550 layer 3 switch from my 5505 ASA Firewall.My subnet of 10.1.1.0/30 is connecting my 5505 to 3550. All I'm trying to do is run a DHCP server down to my hosts. The only options on ASA 5505 is
dhcpd address 192.168.20.1 - 192.168.20.254 outside or inside, which conflicts with my subnet of 10.1.1.0 used to connect my internal subnet of 192.168.20.1 for the whole network.
When I used my router it did not need the (inside, outside) keywords and just an ip helper-address command. How do I configure my my firewall DHCP server to propagate the 192.168.20.0 network through my 10.1.1.0 connection.
I've created a tonne of dhcp scopes on my routers before never had any issues, however this one will not hand out any addresses at all, i even give the router a reload to see if any magic happened but nothing, ive ended having to put a temp server in with just dhcp installed until i get the router diong what it should my config below, its something simple i havent seen, as ive compared it to plenty of my working DHCP configs and seen nothing.
I have a LAN with about 200 computers (192.168.10.0/24) with a DHCP Server on Windows server 2003.The problem is that my company have acquired 100 others computers that I have connected on this network.Some computer does not get IP address from the DHCP server. When I investigated the log of the DHCP server, I realized that the DHCP server was out of addresses.
We have a core switch Catalyst 3550-24-PWR Connected are 2 Catalyst 2960 PoE-24 and one Catalyst 2950-24
3550 together 2960 works well 2960 together 2950 works well 3550 connected with 2950 refuse to establish connection. Port goes down immediately.
Example 3550 Fe0/19+Fe0/20 -> 2960 G0/1+G0/2 status OK 3550 Fe0/21+Fe0/22 -> 2960 G0/1+G0/2 status OK 2960 Fe0/12 -> 2950 Fe0/24 status OK 3550 Fe0/8 -> 2950 Fe0/24 status down
I own a Nanostation5 Loco, and I have a router behind it.I would like to add a DHCP Lease to that router and do a port forward to the router.I can not find the DHCP Lease option in Nanostation settings, but if I choose to see DHCP Leases in "Extra info" on main page I can see some MAC and IP addresses there.When it comes to port forwarding, I fill the form slots with info, and when I press OK to save it a pop-up comes saying "Please fill out this field", a field for another forward rule.
I'm trying to configure my Cisco Router 2811 which is also acting as the DHCP server for my branch office for DHCP option 60 and 43 so Aruba AP's at my branch can discover it's master Controller? What is the command I need to enter in the Cisco router?
I'm having a problem getting DHCP working with an ASR9k as shown in this document. I've successfully implemented very similar setups with some Cisco IOS routers, but the IOS XR on the ASR seems to be defeating me. Router A (happens to be a 3750)A DHCP/BOOTP/TFTP server, connected to router ARouter B - this is the ASR, running software version 4.0.3.Router A and B are connected by a layer-3 link.Router C (happens to be a Broadcom embedded router). It's connected to Router B by a VLAN trunk link.Device 1, this one needs to get its configuration by DHCP/BOOTP/TFTP. It's connected to Router C by a VLAN trunk link.Device 2, this one doesn't need any DHCP/BOOTP/TFTP. It's connected to Router C by a VLAN trunk link (its port is the same as Device 1's) Device 2 works great - it can ping the DHCP/BOOTP/TFTP server (and vice versa) and everything else it needs.
I have a firewall that I want acting as a DHCP relay. This firewall has a number of VLAN interfaces serving clients. The DHCP relay destination is the IP address of a Windows 2012 Server running Microsoft DHCP which has multiple scopes configured, one for each client VLAN.What I'm finding confusing is how the DHCP will identify the client. Does the DHCP relay insert an identifier of some sort (opt. 54?) based on which VLAN the DHCPREQUEST comes from and then this identifier can be configured to be recognized on the DHCP server?
I have a data center with virtual desktops and other shared infrastructure serving remote sites, some of which are connected to the data center with GRE over IPsec.
IP address management including DHCP is centralized in my architecture, but I simply cannot figure out how to relay DHCP requests through GRE over IPsec to my DHCP server cluster. I am working with Cisco 800 series VPN peers, and the VPNs are terminated either on a 1841 or a Juniper SRX. Everything else is just fine and dandy, but DHCP is not forwarded across the GRE tunnel.
As a workaround I am forced to use local DHCP pools on the VPN peers, which is extra work from a management point of view, and also precludes static IP address assignment where a local DHCP pool is in a VRF. My LAN devices are mostly thin clients, so I don't care if DHCP stops working when the WAN link fails. As such local pools have no upsides, they are only a tremendous hassle.
My config is very basic, public WAN in global routing table and WAN + GRE tunnel in a VRF. NAT is not used. Here are the DHCP-related configs I have tried:ip helper-address on the LAN gateway, both with and without ip forward-protocol udp bootpcip dhcp pool with relay options configured
In every case, I can see the UDP broadcasts hit the LAN gateway, but relayed packets never arrive at the other GRE tunnel endpoint let alone the DHCP server.
I have defined several V LAN's and the corresponding IP Addresses on the SGE2000. The static routing works fine. On one V LAN there is a Windows 2003 DHCP Server which I have defined as DHCP Relay Server (Option 82), but no packets are relayed. Has anyone a functional setup, with dhcp relay?
