Cisco IP Helper-address

[me19562]

Hi:

Ok reconfigure all the routers in the network from static routing to EIGRP routing protocol and after the reconfigured the ip help-address
stop working. I know that the router is forwarding that DHCP broadcast but the response from the DHCP server is not coming back. This is layout:








(SUBNET 172.31.2.0)-------------------------------ROUTER---------------------------------ROUTER-----------------------(SUBNET 172.31.4.0)
DHCP-SERVER IP 172.31.2.254 IP 172.31.3.63 IP 172.31.3.64 IP 172.31.4.254
IP 172.31.2.5



Any idea or suggestion will be appreciate

 

[Santa]

What did your static mappings before look like?
What subnet mask are you using for each subnet?
Do you mean to say you have multiple DHCP servers?
1) 172.31.2.254
2) 172.31.3.63
3) 172.31.3.64
4) 172.31.4.254
5) 172.31.2.5


Are there 5 DHCP servers?

Where do these DHCP server(s) sit?
What are the subnet mask of the servers?
What is your DHCP pool and which clients do you want to assign which pool?

Try doing a "sh ip route" and listing the results here.

"sh ip eigrp top" may also assist.

There needs to be more detail to correctly diagnose the problem.

 

[me19562]

There is only 1 DHCP, the subnet 172.31.3.62 is 30bit mask and the rest r 24bit mask. The routing table looks fine.
The static mapping were like the normal ip route 172.31.2.0 255.255.255.0 172.31.2.63 for give u and example.

 

[spidey07]

What is your ip helper-address command?
On the router type "show ip forward protocol"
Do you have a route to the DHCP server? do you have a route back?
Can you ping it?

 

[me19562]

on the ethernet 0 the command is "ip helper-address ip address of the DHCP server"
for the sh ip forward protocol, the router is running IOS 11.2(16)(2501). The routing is find, I can ping and trace from both sides.
I found a doc from cisco that the ip no directed-broadcast can't be on any outbound interface that the UDP broadcast packet have to traverse.

 

[me19562]

bump

 

[spidey07]

do "debug ip packet xxx" where xxx is an access list you have setup for just the DHCP server.

run this on every router in the path and see what is going on with your DHCP requests. Can you run a sniffer on the segment the DHCP server is on?

a sniffer might be the only way to diagnose this.

-edit- I figure you knew the dangers of "debug ip packet" and what you can do to a router with it.

 

[me19562]

I fix it. What to know what was it?
this "no ip bootp server"
the ip bootp server command enable the DHCP server and DHCP Relay Agent on the cisco routers.
What do you think?
and thx for the help.

 

[spidey07]

So you had ip bootp enabled?

Darn 11.3 code. It was great back then but once you're used to 12 you'll never go back.

oh well, good catch!

 

[me19562]

nope, I disabled the bootp, you know for security. But what i didn't know was that I need it enable to forward the DHCP packets.
Every day we learn something new.

 

[spidey07]

here's a list of the defaults for the "ip forward-protocol udp"
jdbott-2620(config)#ip forward-protocol udp ?
<0-65535> Port number
biff Biff (mail notification, comsat, 512)
bootpc Bootstrap Protocol (BOOTP) client (68)
bootps Bootstrap Protocol (BOOTP) server (67)
discard Discard (9)
dnsix DNSIX security protocol auditing (195)
domain Domain Name Service (DNS, 53)
echo Echo (7)
isakmp Internet Security Association and Key Management Protocol (500)
mobile-ip Mobile IP registration (434)
nameserver IEN116 name service (obsolete, 42)
netbios-dgm NetBios datagram service (138)
netbios-ns NetBios name service (137)
netbios-ss NetBios session service (139)
ntp Network Time Protocol (123)
pim-auto-rp PIM Auto-RP (496)
rip Routing Information Protocol (router, in.routed, 520)
snmp Simple Network Management Protocol (161)
snmptrap SNMP Traps (162)
sunrpc Sun Remote Procedure Call (111)
syslog System Logger (514)
tacacs TAC Access Control System (49)
talk Talk (517)
tftp Trivial File Transfer Protocol (69)
time Time (37)
who Who service (rwho, 513)
xdmcp X Display Manager Control Protocol (177)

In my standard router setups I ensure bootp is forwarded and netbios is not. Maybe you just need to modigy the ip forward-protocol instead of worrying about the security of enabling ip bootp?

don't know, its been so long since I've touched 11.3

 

[me19562]

This r the protocol I'm blocking

no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs