From: mgreenlee@ipexpert.com
Date: Tue Mar 25 2008 - 17:34:53 ART
On the device doing the forwarding "debug ip dhcp server" will give the
error "relay information exists, but giaddr is zero", and the packet will
not be forwarded.
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
A Cisco Learning Partner - We Accept Learning Credits!
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab
Certifications.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Geert Nijs
Sent: Tuesday, March 25, 2008 10:33 AM
To: Haukur ^srparson <haukur@sensa.is>, <ccielab@groupstudy.com>,
sadiqtanko@gmail.com <sadiqtanko@gmail.com>
Subject: RE: DHCP snooping and ip helper interaction
Haukur,
Thanks very much ! That was it...try to find that using debugging...this
saved my day.
Indeed, it appears from the moment that you enable snooping on the L2 Access
level, this switch inserts Option82 into the DHCP packet.
When the L3 switch sees this DHCP broadcast WITH Option82 inserted, he
doesn't trust it (even if it is received on a "dhcp trusted" interface) and
drops the packet.
You need to expliciclt put "ip dhcp relay information trusted" on the
interface, or globally "ip dhcp relay information trust-all" on the L3
switch.
Man, Cisco documentation isn't very "complete" on this point. (it has
documentation,but it is scattered on several places i have noticed).
regards,
Geert
CCIE#17329
________________________________________
From: Haukur ^srparson [haukur@sensa.is]
Sent: 23 March 2008 23:00
To: Geert Nijs; ccielab@groupstudy.com
Subject: RE: DHCP snooping and ip helper interaction
Hi Geert,
If you add the "ip dhcp relay information trusted" on the interface on the
distribution switch the DHCP service should start working again, this
command allows the L3 interface to forward packets that include DHCP Option
82 informations.
R.
Haukur
CCIE#18026
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Geert Nijs
Sent: 22. mars 2008 15:33
To: ccielab@groupstudy.com
Subject: DHCP snooping and ip helper interaction
All,
Does a DHCP snooping configuration NEED an ip helper address defined on the
same switch ?
In my lab setup, DHCP breaks when i configure dhcp snooping without ip
helper
address.
Setup:
Access = C3750 , 12.2(25)SE2
Distribution= C6500, sup720, 12.2(18)SXF8
ACCESS
int vlan 100
ip address 1.1.1.250 255.255.255.0 <- for management of the
switch !
int gi1/0/49 <--- uplink (is dhcp
trusted)
ip dhcp trust
ip dhcp snooping vlan 100 <- activate snooping
on access
DISTRIBUTION
int vlan 100
ip address 1.1.1.2 255.255.255.0
standby 1 ip 1.1.1.1
ip helper-address 192.168.1.1
Without dhcp snooping on the access, the config works. Clients get an ip
address.
Once i enable dhcp snooping on the access, dhcp doesn't work anymore ??
regards,
Geert Nijs
________________________________
disclaimer : http://webservices.simac.be/disclaimer.htm
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART