Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco 3550 switch as DHCP relay agent with Windows 2000 server dhcp server

Posted on 2004-08-26
7
Medium Priority
?
10,666 Views
Last Modified: 2007-12-19
         


  10.4.0.0/16 ------------CISCO 3550 SWITCH --------10.1.0.0/16---------------FW-------->Internet
                                            |                           main DHCP server          
                                            |
                                            |
                                    10.3.0.0/16
                                   test DHCP server



I have a Cisco 3550 switch sitting on a 10.1.0.0 network. The switch has two VLANs on it , 10.4.0.0 and 10.3.0.0. I'm trying to get clients on these VLANs to obtain their IP addresses form the DHCP server on the 10.1.0.0/16 network.

The switch acts as a router for inter-vlan traffic.
There are no ACLs between the VLANs.
The Default gateway for the Switch is the FW and the FW routes back any traffic destined for the 10.4.0.0 / 10.3.0.0 networks that comes from the 10.1.0.0 network to the switch IP address.

All this works fine.

The main DHCP server (a windows 2000 type) has three scopes on it, one for each of the subnets. I belive the switch should have a dhcp relay agent on it by default. However none of the clients on either of the VLANs can find the main DHCP server, clients on the 10.1.0.0 network have no such problem.

As a test I configured a test DHCP server on the 10.3.0.0 VLAN. Again, although clients on the same VLAN can get DHCP IPs. Clients on the 10.4.0.0 VLAN cannot.

Do I need to configure the Switch in to forward DHCP requests? Or is my proposed scenario impossible?

Many thanks for any help given.


0
Comment
Question by:mattdunn1264
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 5

Expert Comment

by:Big5250
ID: 11903720
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 1500 total points
ID: 11904244
> The Default gateway for the Switch is the FW and the FW routes back any traffic destined for the 10.4.0.0 / 10.3.0.0
> networks that comes from the 10.1.0.0 network to the switch IP address.

The DHCP relay needs to happen at the router between the VLANs.  It looks like you're trying to have the firewall do that, and ignoring the layer 3 capabilities of the switch -- although I don't see how that can actually work if you expect the switch's 10.1.0.0 address to be able to deliver packets to the other VLANs.  (If the switch has VLAN interfaces on these networks, traffic to those networks will go there directly and NOT visit the firewall at all, since direct connections take precedence over the default route.)

Anyway, I believe "ip helper-address" is the command you want.  Add it to the VLAN interfaces of the 3550, telling them to forward broadcast DHCP requests to the server's address.  (The forwarded requests will carry the address of the interface that forwarded them, so the server will know which scope should respond.)





0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11904264
You need to add the following to your VLAN interfaces:

interface vlan3
ip helper-address 10.1.0.x  <---specify the DHCP server address.

Do the same thing for VLAN 4:

interface vlan4
ip helper-address 10.1.0.x
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:mattdunn1264
ID: 11955690
IP helper-address was indeed the command I was after.. thanks
0
 
LVL 2

Expert Comment

by:Miki18
ID: 12151308
Hello

I was looking for answers for configuration of my catalyst 3550 and came across your problem.
I have same scenario at my company. (even same ip adreses)... I also configured separate VLANs and different DHCP scopes on my 2003 server, but I still can't get IP addresses on other VLANs but the one that server is on. I tried IP helper-address...
Is the problem at my cisco or something wrong with my DHCP configuration? :-(
I'm new at  cisco configurations (my first cisco switch)
Would it be too much if I asked you to send me configuration of your 3500 switch?

Thanks
Miki
0
 

Author Comment

by:mattdunn1264
ID: 12155344
Miki,

i cant send you the config but I'll try and help with a few pointers. You've probably already thought of it all anyway.

Is it just that the DHCP that isnt working? Can you access the 10.3.0.0 or 10.4.0.0 from the 10.1.0.0 network on any port at all?Because anything on the 10.1.0.0/16 network has a default gateway of the FW, you will have to set up a static route that tells traffic from this network that reaches the FW to go back to the switch.

On the switch itself, have you set up any access lists? you will need to permit DHCP (or bootps) protocol, port 67 on UDP i think, to be permitted from any to any, otherwise DHCP will be blocked.

On win 2k dhcp server, the scopes for other subnets are identical to scopes on the same subnet as the server, except for..

a different IP range (obviously) and a differnt defaut gateway.plus anything else you need to cater for that subnet.


Try using the Cisco CMS interface, you can download it from their site (its tough to find though) and use it as a gui to configue quite alot of your switch. You'll still have to use the command line for the ip helper-address.

Sorry I couldnt help more!

Matt
0
 

Expert Comment

by:jrmullis8977
ID: 12768982
service DHCP
ip dhcp smart-relay
ip dhcp relay forward spanning-tree

interface GigabitEthernet0/11
 description To Gateway
 no switchport
 ip helper-address 10.1.21.3
 ip address X.X.X.X 255.255.255.0
 ip dhcp relay information trusted
 no shut

interface vlan 300
 description Staff_Vlan
 ip helper-address 10.1.21.3
 ip address 10.1.24.1 255.255.255.0
 no shut
 exit

this is what I did and it worked.  Now I cant seem to get it to pull it from the correct scope.  Ill keep u posted
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question