Re: Conflicting uses of "ip dhcp-server" -- design flaw?
- From: <Anthrax>
- Date: Sun, 14 Aug 2005 14:30:12 -0500
Well, i have to say that i understand your frustration. The problem is not
that all of us are CCIEs or not, techonolgies (in side of cisco) are a world
literally, everyone is soo much specialized (needed for the job) that
sometimes knowledge for some other areas are overlooked.
from our docs...
http://www.cisco.com/en/US/products/ps6441/products_command_reference_chapter09186a00804a955c.html#wp1195367
" Defaults
The IP limited broadcast address of 255.255.255.255 is used for transactions
if no DHCP server is specified. This default allows automatic detection of
DHCP servers."
It is "expected" that your interface will try to get an ip address from the
dhcp server specified (since you had specified with that command). As the
coding goes once you add the ip address-pool dhcp-proxy-client, the proxy
client status will be added only to all async interfaces (and not to the
ethernet and that' the reason why is droped). Share your thoughts!
P.S. If you don't mind i would like you to comment that clsalaza helped you
on this. The feedback is important for *me*.
kenw@xxxxxxxx <kenw@xxxxxxxx> wrote:
> Well, it'd be nice to know how to reach someone at Cisco who knows
> what he's talking about. It's frustrating when I get that kind of
> answer. I guess they can't have CCIEs manning the phones, but the
> escalation could be a lot more effective.
>
> Had a problem with your "resource-pool disable" -- this router doesn't
> recognize "resource-pool". Guess that means it's permanently
> disabled, eh?. I'm running C1841-ADVSECURITYK9-M, Version 12.4(1a),
> which is what the router was shipped with. The configuration does
> list a "resource policy" line with no options. Digging through the
> docs isn't very illuminating, and certainly doesn't lead to anything
> appropriate for a single-router site.
>
> Further testing/sniffing: if I use "ip dhcp-server x.x.x.x", the WAN
> interface sends DHCP requests but ignores the responses. As soon as I
> removed it, the interface picked up an address. Once I added "ip
> address-pool dhcp-proxy-client" and tried a VPN connection, the VPN
> picked up an appropriate address from the LAN DHCP-server. WAN DHCP
> still works fine.
>
> Interestingly, I saw a VPN-triggered DHCP request packet on the WAN
> interface, with source IP address of the router's LAN interface.
> Looks like that command caused the router to proxy-forward the query
> on both WAN and LAN interfaces. Not at all clear from the docs I
> read.
>
> This reinforces my impression that Cisco documentation is chronically,
> miserably unclear. I'm beginning to wonder whether IOS is just a
> monster nobody can grasp. The various aspects of DHCP are spread all
> over, with little interconnection, and no reference at all to the
> kind of issue I encountered.
>
> And it looks like a bit of filtering is in order: I'm running NAT, so
> there's no way that inside source address should have gone outside.
>
> Thanks for your help!
>
> /kenw
>
>
>
> <Anthrax> wrote:
>
>> It can and it has. I do not know which of my colleages told you that
>> but maybe he was tripping in our world of cases.
>>
>> 1) You do not have to specify the second dhcp server address for the
>> ethernet interface to be able to get its ip.
>>
>> 2) add this...
>>
>>
>> resource-pool disable ip address-pool dhcp-proxy-client (this will
>> do the proxy for your windows server)3) let me know if worked (of
>> course i'll be not here until tomorrow hehe)4) if didn't work i will
>> need an sniffer capture (in .cap format) fro the ethernet (wan side)
>> and ethernet (lan side)when the negotiation is in proceeding. let us
>> know........... kenw@xxxxxxxx <kenw@xxxxxxxx> wrote:
>>
>>> I have a 1841 I'm trying to configure as a VPN server to access a
>>> Windows domain-based network from the Internet.
>>>
>>> The key points:
>>>
>>> 1) the WAN Ethernet interface _must_ be configured as a DHCP client
>>> of the ISP. They do not assign true statics.
>>>
>>> 2) I'd much prefer that my VPN clients receive their settings via
>>> the DHCP server on the Windows domain controller on the LAN.
>>>
>>> I can do one or the other, but not both. The reason boils down to
>>> having to use "ip dhcp-server" to specify the LAN DHCP server for
>>> the VPN, and when I do that, the WAN Ethernet interface cannot
>>> receive its assignment from the ISP.
>>>
>>> I've been talking to Cisco support, but the people I'm getting seem
>>> to have trouble understanding the problem, let alone resolving it.
>>> They say things like IOS can't do point 2, which I've done for
>>> years.
>>>
>>> A bit more detail:
>>>
>>> Configuring a DHCP server for _serving_ my VPN clients:
>>>
>>> ip dhcp-server x.x.x.x
>>> interface Virtual-Template1
>>> peer default ip address dhcp
>>>
>>> COnfiguring my Ethernet WAN interface to act as a DHCP _client_ of
>>> my ISP:
>>>
>>> ip dhcp-server y.y.y.y
>>> interface FastEthernet0/1
>>> ip address dhcp
>>>
>>> Unfortunately, it appears it never occurred to Cisco's developers
>>> that a router might play both roles. The command "ip dhcp-server"
>>> has two uses which conflict with each other.
>>>
>>> I've looked at helper-address stuff, but it appears to be quite
>>> inappropriate.
>>>
>>> Anybody got any ideas for a workaround?
>>>
>>> /kenw
>>> Ken Wallewein
>>> K&M Systems Integration
>>> Phone (403)274-7848
>>> Fax (403)275-4535
>>> kenw@xxxxxxxx
>>> www.kmsi.net
> Ken Wallewein
> K&M Systems Integration
> Phone (403)274-7848
> Fax (403)275-4535
> kenw@xxxxxxxx
> www.kmsi.net
--
2nd Law of Thermodynamics: Chaos will Reign.
///////////////////
--Anthrax--
//////////////////
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com
.
- Follow-Ups:
- References:
- Prev by Date: Re: PIX 6.3 - capture command
- Next by Date: Re: PIX 6.3.4 - Hide NAT before VPN
- Previous by thread: Re: Conflicting uses of "ip dhcp-server" -- design flaw?
- Next by thread: Re: Conflicting uses of "ip dhcp-server" -- design flaw?
- Index(es):
Relevant Pages
|
|
