Solved

DHCP relay configuration in Windows 2012 for multiple VLANs

Posted on 2014-01-30
13
3,018 Views
Last Modified: 2014-02-07
Have several VLANs setup on a Cisco L3 switch.  Enabled DHCP relay agent on the switch for the following VLANs.  Have a Windows 2012 server that I want to use as my DHCP server.  Installed and enabled DHCP relay agent on the server.  Created scopes, but can only get computers which are on the same VLAN as the server get IP's.
VLAN20  ==>   10.10.20.1
VLAN30 ==>    10.10.30.1
VLAN50 ==>    10.10.50.1

Windows 2012 server = 10.10.50.240
Guessing there may be more configuration needed.
0
Comment
Question by:Webcc
  • 7
  • 4
  • 2
13 Comments
 
LVL 12

Expert Comment

by:Infamus
ID: 39822827
you have to add the following statement to each vlan interface.

ip helper-address 10.10.5.240
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39822830
config t
interface vlan 20
ip helper-address 10.10.5.240
exit

interface vlan 30
ip helper-address 10.10.5.240
exit

interface vlan 50
ip helper-address 10.10.5.240
exit
exit
wr mem
0
 

Author Comment

by:Webcc
ID: 39822899
This the configuration of the SG300 switch.  The relay address appears to be a global option.  No options to specifically set an address only enable relay or disable.  Thought I had it working at one time, but starting messing with the MAC allow list on the DHCP server.  Have disable that and removed any policies configured.  Deleted scopes and rebuilt, stopped and started dhcp server still no go!

ip dhcp relay address 10.10.50.240
ip dhcp relay enable

interface vlan 20
 name Public
 ip address 10.10.20.1 255.255.255.0
 ip dhcp relay enable
!
interface vlan 30
 name Video
 ip address 10.10.30.1 255.255.255.0
 ip dhcp relay enable
!
interface vlan 50
 name Shared
 ip address 10.10.50.1 255.255.255.0
!ip dhcp relay enable
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39822928
Are you able to ping one vlan to another?  (asking if ip routing is enabled)

You don't have ip helper-address command available?
0
 

Author Comment

by:Webcc
ID: 39822948
Yes IP routing is enabled and I can ping, interVlan communications is working fine. Can ping the dhcp server from VLAN20 or 30. Able to set statics and everything is good.  Just tried setting -  ip helper-address any 10.10.50.240, still not working.
Is there anything on the server that needs to be configured?  As I said I have the relay agent running on the server as well.
 Here's the config:


CCSCO1
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 10,20,30,50
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.10.50.240
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname CCSCO1
username cisco password encrypted 9efdc8d527563682731724691b4fbde146005082 privilege 15
username webcc password encrypted 9efdc8d527563682731724691b4fbde146005082 privilege 15
ip ssh server
ip ssh pubkey-auth
ip ssh-client server authentication
clock timezone " " -6
clock summer-time web recurring usa
clock source sntp
!
interface vlan 1
 ip address 192.168.1.1 255.255.255.0
 no ip address dhcp
!
interface vlan 10
 name Private
 ip address 192.168.44.1 255.255.255.0
!
interface vlan 20
 name Public
 ip address 10.10.20.1 255.255.255.0
 ip dhcp relay enable
!
interface vlan 30
 name Video
 ip address 10.10.30.1 255.255.255.0
 ip dhcp relay enable
!
interface vlan 50
 name Shared
 ip address 10.10.50.1 255.255.255.0
 ip dhcp relay enable
!
interface gigabitethernet1
 switchport mode access
!
interface gigabitethernet2
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet4
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet5
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet6
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet7
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet8
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet9
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet10
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet11
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet12
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet13
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet14
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet15
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet16
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet17
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet18
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet19
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet20
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet21
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet22
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet23
 switchport mode access
 switchport access vlan 50
!
interface gigabitethernet24
 switchport mode access
 switchport access vlan 50
!
interface gigabitethernet25
 switchport mode access
 switchport access vlan 50
!
interface gigabitethernet26
 switchport mode access
!
interface gigabitethernet27
 switchport mode access
!
interface gigabitethernet28
 switchport mode access
!
ip helper-address all 10.10.50.240 37 42 49 53 137 138
ip route 0.0.0.0 0.0.0.0 192.168.1.2
snmp-server set  rlSshServerEnablePublicKeyAuthAutoLogin rlSshServerEnablePublicKeyAuthAutoLogin enable
snmp-server set  rlSshServerEnablePasswordAuthentication rlSshServerEnablePasswordAuthentication enable
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39822960
I would try to remove ip relay on the vlan interface and use ip helper-address instead and see what happens.  Since you have ip routing enabled, it should work.

If not, we can start troubleshooting what's going on.

I prefer using ip helper rather than using ip relay.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Webcc
ID: 39823009
Well I decided to reboot the server and like magic everything started working again.   Something must have been hung, no event logs.  Tried removing ip relay and leaving the helper but it wouldn't work.  Had to put the relays back and I removed the helper -everything is good.  Might be a SG300 thing.  Thanks for the help!
0
 
LVL 12

Accepted Solution

by:
Infamus earned 250 total points
ID: 39823023
i'm glad it's working now.  However you might consider this.

ip helper-address and dhcp relay are not the same and there are significant differences.

 
ip helper-address does much more than just DHCP. By default ip helper-address will forward broadcasts for these protocols: UDP 69 (TFTP), UDP 53 (DNS), UDP 37 (time service), UDP 137 (NetBIOS Name Server), UDP 138 (NetBIOS Datagram Server), UDP 67 and 68 (BOOTP client and server/DHCP), UDP 49 (TACACS), and UDP 116 (Name Service). Additional protocols can be enabled for forwarding using the command ip forward-protocol.

 
for DHCP ip helper-address will take the DHCP request from the client and forward it (unchanged) to the DHCP server. DHCP relay the router receives the DHCP request from the client and builds a new request to send to the server (which gives the router an opportunity to add information in the request about the router).
0
 

Author Comment

by:Webcc
ID: 39823158
So I should try to get the helper service working or at least make sure it is running in addition to the relay?  Did not work for DHCP requests on it's own.
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39823580
Just something to note, but I'd remove the DHCP relay service from the Windows server.  You only need the DHCP relay on the Windows server if you want to 'relay' DHCP requests through it - not to it.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39823959
If this is production and everything is working, I would just leave it as is for now and plan on using ip dhcp helper on your maintenance window.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39823991
I agree with that - I'm just talking about removing it from the server.  It'll never be used but could cause issues.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39823997
And yes, you are right craig.

I would remove that as well.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now