DHCP Helper question

Hi there,
I'm having an issue with my laptop not being able to get an I.P from a DHCP server. The DHCP client and server are in different subnets and am usign the I.P helper-address command but still not helping.

VLAN 1 = 10.152.0.0/24
VLAN 2 = 10.152.1.224/27
DHCP Server = 10.152.0.102/24

My PC is connected to switch (access port / vlan 2) which is then connected to Router on vlan 2 interface . I.P address on the Router 2's VLAN 2 Interface is 10.152.1.254 and this will be the gateway of all the DHCP clients in vlan 2 subnet. In the DHCP server file, I specify the I.P address for my Laptop to be 10.152.1.246/27.

Since DHCP client (my laptop) and DHCP server are in different subnet, I issued the command of "ip helper-address 10.152.0.102" on vlan 2 interface of the router. But am not getting the I.P address at all. Default Gateway on switch is set to 10.152.0.126 (which is the Router 1 vlan 1 I.P address) but I don't think that maybe an issue. Rest, traffic from other PC's in the vlan 1 subnet range is just fine and getting the I.P's from DHCP server but its just the vlan 2 interfaces not being able to get the I.P address. Can you please suggest what maybe wrong ?
nabeel92Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ken BooneNetwork ConsultantCommented:
Post the router's config.  Make sure that the vlan 2 interface on the router has a /27 mask as well.  Also, make sure your scope on the dhcp server is set to the proper mask as well.  Is the scope activated?
0
nabeel92Author Commented:
Given below is the router configuration.


Building configuration...

Current configuration : 3060 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gg14wentworthave2
!
boot-start-marker
boot-end-marker
!
no logging console
enable password cisco
!
no aaa new-model
!
!
dot11 syslog
ip cef
!
!
!
!
ip name-server 10.152.0.104
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username admin privilege 15 password 0 xxx
!
!
archive
 log config
  hidekeys
!
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 list boolean or
 object 1
 object 2
!
!
!
class-map match-any voice
 match protocol rtp audio
 match access-group 101
!
!
policy-map network_policy
 class voice
  priority percent 25
  set dscp ef
 class class-default
  fair-queue
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
 switchport access vlan 2
!
interface FastEthernet4
 ip address 172.16.0.74 255.255.255.252
 speed auto
 full-duplex
!
interface Vlan1
 ip address 10.152.0.122 255.255.255.0
 standby 1 ip 10.152.0.126
 standby 1 priority 95
 standby 1 preempt
 standby 1 track FastEthernet0
!
interface Vlan2
 ip address 10.152.1.252 255.255.255.224
 ip helper-address 10.152.0.102
 standby 2 ip 10.152.1.254
 standby 2 preempt
 standby 2 track FastEthernet3
!
router eigrp 1
 network 10.152.0.0 0.0.0.255
 network 10.152.1.224 0.0.0.31
 network 172.16.0.72 0.0.0.3
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.0.73
ip route 10.100.100.0 255.255.255.128 10.152.0.121
ip route 10.152.1.224 255.255.255.224 10.152.0.126
!
ip flow-export version 5
!
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip sla 1
 icmp-echo 4.2.2.2 source-ip 172.16.0.74
 frequency 15
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 4.2.2.3 source-ip 172.16.0.74
 frequency 15
ip sla schedule 2 life forever start-time now
access-list 101 permit ip 10.152.0.0 0.0.0.255 10.0.16.0 0.0.0.255
no cdp run
!
!
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use
.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login local
!
scheduler max-task-time 5000
end


Below is the DHCP server configuration file (/etc/dhcpd.config) file. I've copy pasted the relevant section of 10.152.1.224 subnet. My host is nminhas-laptop but I've hashed it out right now. Let me know if I need to make changes to this file as well ? What's DHCP scope, I haven't heard of that before !

# VoIP subnet
subnet 10.152.1.0 netmask 255.255.255.0 {
        filename           "pxelinux.0";

        # default settings for all access to network
        default-lease-time 3600;
        max-lease-time 28800;
        option ip-forwarding off;
        option domain-name-servers 10.152.0.104, 10.0.8.18;
        option domain-name "globalgossip.net";
        option routers 10.152.1.254;

        group pbx {
                option subnet-mask 255.255.255.224;
                host switchvox-hot      {hardware ethernet 00:30:48:9a:c4:de; fixed-address 10.152.1.248; }
        }

        group phones {
                option boot-server "ftp://x:x@10.152.0.102";
                option ntp-servers 202.174.101.10;
                option subnet-mask 255.255.255.224;
                option routers 10.152.1.230;
                #host nminhas-ltop       {hardware ethernet 00:1F:29:96:47:16; fixed-address 10.152.1.246; }
                host p-test1            {hardware ethernet 00:04:f2:17:16:a9; fixed-address 10.152.1.247; }
                #host p-test2           {hardware ethernet 00:04:f2:17:17:df; fixed-address 10.152.1.247; }



0
Ken BooneNetwork ConsultantCommented:
Ok I can't comment on the dhcp part as I am not familiar with the setup under linux.  However, I did notice this:

I see you have this route in there:

ip route 10.152.1.224 255.255.255.224 10.152.0.126

That is a route going to .126, but that network is directly attached on vlan2.  Could traffic coming back to that network be taking  a left turn?   Now I noticed that vlan 2 has a standby so that means that there is another router as well.  If you do a show standby which one is active?  Do both routes have the ip helper defined?

I would set up a sniffer to sniff the DHCP server and determine whether or not the DHCP request is making it there.  If it is it will rule out the router.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

nabeel92Author Commented:
Ok, I see your point. I just removed that route and it didn't make any difference. 10.152.0.126 is the virtual I.P on this router (since it is active) so it wont make the left turn but would go straight into it. But anyhow, that static route shouldnt have been there at the first place since its directly connected. This router is the active one right now for both vlan 1 and vlan 2 networks.

I'll run Ethereal tomorrow and see if I can find anything relating to DHCP server. But if it makes it to the router, then that means DHCP server is fine and something wrong b/w the router and switch ?

Also, on the switch port where ive connected my PC, switchport is in access mode and in vlan 2. Is that correct ?

Other than that, do you think the Cisco router config is fine ? I think I've to add the ip helper-address command and that's it really !
0
Ken BooneNetwork ConsultantCommented:
Yes put the pc on a switchport in in vlan 2.  The router config looks fine.  Yes that should be all you typically have to do.  When the broadcast hits the router he will send a directed packet to the dhcp server.  That is how its supposed to work.  oh.. wait I think i got it.  You are using switchports in the router right?  So when you plug your PC into that port, the switchport is blocking traffic for the first 30 seconds while spanning tree does its thing taking that port through its different phases before it starts to allow traffic to flow.  DHCP is probably timing out during that timeframe.  Add the following command to inteface fastethernet3 - I am assuming this is where the PC is:

spanning-tree portfast

That lets the switchport bypass the first two phases of spanning tree and starts forwarding traffic.  You don't want this on ports that connect switches to each other, just end devices to switches.
0
nabeel92Author Commented:
No,
the topology is setup like this
PC ---- Switch ----- Router
But to rule that out, ill go tomorrow and change switchport to portfast but i doubt spanning-tree would kick in because as long as we can do ipconfig /release and renew commands on PC, it would attempt to communicate with the DHCP server again to get the offer/ack messages. I'll clear the Linux configuration file as there seems to be some subnetting mistakes in it.
0
Ken BooneNetwork ConsultantCommented:
Ok.  Describe to me the connection(s) between the router and the switch.  What ports are connected to what?  We may have an issue with how that is setup.  
0
greg wardSystems EngineerCommented:
does the remote router know how to send the dhcp back?
is there a static route?
this link explains how ip helper works
http://routergod.com/trinity/
0
nabeel92Author Commented:
Attached is the scenario diagram. My Laptop is connected to Switch 2 (whose access port is in vlan 2) and the router's vlan 2 interface has the command "ip helper-address 10.152.0.102".
scenario.JPG
0
Ken BooneNetwork ConsultantCommented:
It looks good to me.. Set up a sniffer on switch 1 to examine the dhcp port.  Lets see if the dhcp request is getting there...  I guess first set a sniffer on switch 2 on the port where router 1 is plugged in.  Let see if he sees the dhcp request first.  Then if he is move it to switch 1 and see if the dhcp server is getting it.
0
nabeel92Author Commented:
I havent run the sniffer as yet but i noticed smthg ... The switch 2 port that connects to Router 2 is in vlan 1 right now ... At the router end, its in vlan 2 but on switch i just seen that the particular port is in vlan 1 (default). I think I need to change that to VLAN 2 ? What about if i just make them trunk links so that it carries traffic for both vlan 1 and vlan 2 ? I just tested this scenario in GNS3 network simulator and it worked fine.
Yet to run the sniffer, will post results tomorrow when i run sniifer
0
greg wardSystems EngineerCommented:
the links betweem routers should be trunk links
also you might find drivers for your network card where you can run a trunk link to that too which should solve your problem without using  the ip helper.
0
nabeel92Author Commented:
ill change them to trunk tomorrow and post the results ... thnx
0
Ken BooneNetwork ConsultantCommented:
Since there are two physical connections from each switch to each router, there is not a need for trunk.  The purpose of the trunk is to carry multiple vlans through one physical port.  In this case all of the ports need to be set up on the appropriate vlans and the network should be fine.  You might use a trunk if the network was like this:

Rtr1 ---trunk both vlans to switch 1 ---trunk both vlans to switch 2 ----trunk both vlans to rtr2.

Slightly different topology with a similar affect.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nabeel92Author Commented:
and what abt the switch 2 port that connects to rtr 2 ... rtr 2's port is in vlan 2 but the connecting switch port is in default vlan 1 ... i think tht might be problematic ?
0
Ken BooneNetwork ConsultantCommented:
It depends.. Are these managed switches, if so what kind?  Since the switches are not connected to each other all ports on both switches could be set to default, as long as the ports on the router have the correct vlan set.  Now if you have made vlan assignments on ports on switch 2 to be in vlan 2, you should have made everything in switch 2 to be vlan 2.  So check that and see what you got.
0
nabeel92Author Commented:
I had some basic trunk port issues but that's over since we've decided to use only 1 vlan now .... thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.