Re: Configuring dhcp on cisco 3750

From: "Scott Perry" <scottperry@aciscocompany>
Date: Wed, 3 Oct 2007 16:40:53 -0400

VLAN 2 contains a DHCP server and several client computers. The layer 3
switch (Cisco 3750) does not have to do anything for DHCP to work. Remove
the IP helper configuration completely. There is no doubt that IP helper
forwards DHCP requests from a VLAN to another VLAN containing a DHCP server
when the DHCP server and DHCP clients are on different broadcast domains,
such as the case when they are seperated by a router.

Quote from Cisco documentation:
DHCP snooping is a DHCP security feature that provides security by filtering
untrusted DHCP messages and by building and maintaining a DHCP snooping
binding table. An untrusted message is a message that is received from
outside the network or firewall and that can cause traffic attacks within
your network.

Based on your below posted configuration, enter the following:

no ip dhcp snooping vlan 2
no ip helper-address 192.168.2.100

Test that without the IP helper-address. If it works, add DHCP snooping
back in but do not use IP helper-address if the DHCP server is within the
same VLAN on that switch as the DHCP clients.

--

===========
Scott Perry
===========
Indianapolis, Indiana
________________________________________
"Asif" <asif.haswarey@xxxxxxxxx> wrote in message
news:1191365329.553230.243430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I've been trying to configure a simple dhcp setup with the following
topology:

Cisco3750[Port:1] <---> dhcp server 192.168.2.100
Cisco3750[Port:3-5] <---> dhcp clients

I am using tetheral on the dhcp server 192.168.2.100 interface to look
for dhcp requests and the proceeding dhcp traffic.
This is not working!
I connected one of the clients to the dhcp server back-2-back to
verify that dhcp works.
Am I missing something?
I want this to be really simple!
Can anyone help, please?

Here is my cisco3750 running config:

Current configuration : 2208 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$iC8.$yNpSaeY3mfGX16BA7mS5d/
enable password qlogic
!
no aaa new-model
switch 1 provision ws-c3750g-24ts
vtp mode transparent
ip subnet-zero
!
ip dhcp snooping vlan 2
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name vlan-dhcp
!
!
interface GigabitEthernet1/0/1
switchport access vlan 2
switchport mode access
ip dhcp snooping trust
!
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access
ip dhcp snooping trust
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
ip dhcp snooping trust
!
interface GigabitEthernet1/0/4
switchport access vlan 2
switchport mode access
ip dhcp snooping trust
!
interface GigabitEthernet1/0/5
switchport access vlan 2
switchport mode access
ip dhcp snooping trust
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 172.17.141.150 255.255.254.0
no ip route-cache
no ip mroute-cache
shutdown
!
interface Vlan2
ip address 192.168.2.150 255.255.255.0
ip helper-address 192.168.2.100
!
ip default-gateway 172.17.140.1
no ip classless
no ip route static inter-vrf
no ip http server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
password qlogic
login
line vty 5 15
password qlogic
login
!
!
end

Switch#show vlan

VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Gi1/0/6, Gi1/0/7,
Gi1/0/8
Gi1/0/9, Gi1/0/10,
Gi1/0/11
Gi1/0/12, Gi1/0/13,
Gi1/0/14
Gi1/0/15, Gi1/0/16,
Gi1/0/17
Gi1/0/18, Gi1/0/19,
Gi1/0/20
Gi1/0/21, Gi1/0/22,
Gi1/0/23
Gi1/0/24, Gi1/0/25,
Gi1/0/26
Gi1/0/27, Gi1/0/28
2 vlan-dhcp active Gi1/0/1, Gi1/0/2,
Gi1/0/3
Gi1/0/4, Gi1/0/5
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- --------
------ ------
1 enet 100001 1500 - - - - -
0 0
2 enet 100002 1500 - - - - -
0 0
1002 fddi 101002 1500 - - - - -
0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- --------
------ ------
1003 trcrf 101003 4472 1005 3276 - - srb
0 0
1004 fdnet 101004 1500 - - - ieee -
0 0
1005 trbrf 101005 4472 - - 15 ibm -
0 0

VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- -----------------
------------------------------------------

Switch#show ip dhcp snoop
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
2
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
------------------------ ------- ----------------
GigabitEthernet1/0/1 yes unlimited
GigabitEthernet1/0/2 yes unlimited
GigabitEthernet1/0/3 yes unlimited
GigabitEthernet1/0/4 yes unlimited
GigabitEthernet1/0/5 yes unlimited

Follow-Ups:
- Re: Configuring dhcp on cisco 3750
  - From: Asif

References:
- Configuring dhcp on cisco 3750
  - From: Asif

Prev by Date: Cisco 2924 switch
Next by Date: Cisco 2924 switch
Previous by thread: Re: Configuring dhcp on cisco 3750
Next by thread: Re: Configuring dhcp on cisco 3750
Index(es):
- Date
- Thread

Relevant Pages

Cisco 877w: Fa0-3 Interfaces up but no traffic passes
... Data Vlan101 only, no voice vlan required, WPA ... output errors, 0 collisions, 0 interface resets ... switchport trunk native vlan 101 ... bridge-group 101 subscriber-loop-control ...
(comp.dcom.sys.cisco)
cant ping or telnet to or from a cat 3550
... seems to be switching and routing just fine but I can't seem to ping to ... Switchport: Enabled ... Trunking Native Mode VLAN: 1 ... interface FastEthernet0/1 ...
(comp.dcom.sys.cisco)
Need help adding device to new vlan
... The vlan 99 ... - If I assign an ip address to the vlan 199 interface, ... switchport trunk allowed vlan 40,51,99,199,997,998 ... no ip proxy-arp ...
(comp.dcom.sys.cisco)
Re: Need help adding device to new vlan
... The vlan 99 ... - If I assign an ip address to the vlan 199 interface, ... switchport trunk encapsulation dot1q ... switchport trunk allowed vlan 40,51,99,199,997,998 ...
(comp.dcom.sys.cisco)
Re: Configuring dhcp on cisco 3750
... for dhcp requests and the proceeding dhcp traffic. ... interface GigabitEthernet1/0/1 ... switchport access vlan 2 ...
(comp.dcom.sys.cisco)