Hello,
My simple configuration:
ip helper per-vlan only
ip helper address 10.10.100.10 vlan 36
ip helper address 10.10.100.10 vlan 50
ip helper address 10.20.100.10 vlan 36
ip helper address 10.20.100.10 vlan 50
ip helper address 10.200.100.10 vlan 36
ip helper address 10.200.100.10 vlan 50
ip helper forward delay 0
each dhcp client request is forwarded only to first ip helper (10.100.100.10), on the other two I don’t see any dhcp traffic. It is a typical acatel switch behaviour? Only first ip helper will handle dhcp requests?
I can't change the order of dhcp servers, switch automatically rearranges dhcp servers, from the lowest ip to the highest. Is there any possibility to change priority for ip helper addresses ?
I want to use 10.200.100.10 as first not 10.10.100.10.
thanks!
sequence of ip helper addresses
-
one6f
Re: sequence of ip helper addresses
Hi,
clients forwards a DHCP request frame to the DHCP server using the local broadcast address. Hence for locally attached stations(10.10.100.0), the frame will simply be switched and not processed by the relay agent, other DHCP servers do not seen these frames. For this the DHCP server and clients must be members of the same VLAN. If the clients are not members of the same VLAN as the DHCP server, they must request an IP address via the DHCP Relay routing entity in the switch. DHCP request will be forwarded by the relay to DHCP server(or servers in same time!). You can control it by:
show ip helper stats
The counts must be simultaneously grow for different ip helpers.
For debugging use this to see packets to 10.20.100.10 and 10.200.100.10:
debug ip packet protocol udp port 67 start timeout 30
You can also try to remove 10.10.100.10 and see when 10.20.100.10 and 10.200.100.10 will be requested.
clients forwards a DHCP request frame to the DHCP server using the local broadcast address. Hence for locally attached stations(10.10.100.0), the frame will simply be switched and not processed by the relay agent, other DHCP servers do not seen these frames. For this the DHCP server and clients must be members of the same VLAN. If the clients are not members of the same VLAN as the DHCP server, they must request an IP address via the DHCP Relay routing entity in the switch. DHCP request will be forwarded by the relay to DHCP server(or servers in same time!). You can control it by:
show ip helper stats
The counts must be simultaneously grow for different ip helpers.
For debugging use this to see packets to 10.20.100.10 and 10.200.100.10:
debug ip packet protocol udp port 67 start timeout 30
You can also try to remove 10.10.100.10 and see when 10.20.100.10 and 10.200.100.10 will be requested.
-
suprys
Re: sequence of ip helper addresses
Hi,
In this case, 10.200.100.10 is local dhcp server in different vlan. 10.10.100.10 10.20.100.10 are outside the network. I would be great If dhcp requests would be handled by local server first.
switch-> debug ip packet ip-address 10.200.100.10 start timeout 30
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.14 UDP 67,68
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.19 UDP 67,68
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.38 UDP 67,68
switch-> debug ip packet ip-address 10.10.100.10 start timeout 30
1 R 1/1 (00235ead43e1)->(00e0b1fdd35c) IP 10.10.100.10 ->10.201.100.87 UDP 67,68
1 R 1/48 (001c2329464e)->(00e0b1fdd35c) IP 10.201.100.24 ->10.10.100.10 UDP 68,67
1 R 1/1 (00235ead43e1)->(00e0b1fdd35c) IP 10.10.100.10 ->10.201.100.24 UDP 67,68
as you see on the first debug, there is traffic between dhcp server and host but why host’s mac is presented as 00e0b1fdd35c (switch mac address).
on the second debug I see the real hosts mac-addresses.
I guess if the first dhcp server respond with ip address then second dhcp server respond is finished on the switch (so I see mac of switch).
Anyway I will remove the first, then I see what happen.
Thanks for your respond.
In this case, 10.200.100.10 is local dhcp server in different vlan. 10.10.100.10 10.20.100.10 are outside the network. I would be great If dhcp requests would be handled by local server first.
switch-> debug ip packet ip-address 10.200.100.10 start timeout 30
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.14 UDP 67,68
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.19 UDP 67,68
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.38 UDP 67,68
switch-> debug ip packet ip-address 10.10.100.10 start timeout 30
1 R 1/1 (00235ead43e1)->(00e0b1fdd35c) IP 10.10.100.10 ->10.201.100.87 UDP 67,68
1 R 1/48 (001c2329464e)->(00e0b1fdd35c) IP 10.201.100.24 ->10.10.100.10 UDP 68,67
1 R 1/1 (00235ead43e1)->(00e0b1fdd35c) IP 10.10.100.10 ->10.201.100.24 UDP 67,68
as you see on the first debug, there is traffic between dhcp server and host but why host’s mac is presented as 00e0b1fdd35c (switch mac address).
on the second debug I see the real hosts mac-addresses.
I guess if the first dhcp server respond with ip address then second dhcp server respond is finished on the switch (so I see mac of switch).
Anyway I will remove the first, then I see what happen.
Thanks for your respond.
-
one6f
Re: sequence of ip helper addresses
Hi,
If the relay is configured with multiple IP addresses, then the packet will be sent to all IP address destinations. The DHCP Relay also verifies that the maximum hop count has not been exceeded. If the forward delay time is not met or the maximum hop count is exceeded, the BOOTP/DHCP packet will be discarded by the DHCP Relay. You can try to use forward delay 0.
The show ip helper stats CLI command lists the total number of DHCP packets sent by both the client and the server. It also lists forward delay violations and violations for maximum hop count. This command is especially useful to determine if the client is not incrementing its forward delay variable or if DHCP request packets are looping through the network. And it also gives you a clear sense if the UDP Relay agent is forwarding packets to or from either the client or the server. If there are incrementing Delay of Hops Violations, this would explain why a pc is unable to get a DHCP address. A sniffer trace would be useful in this instance. There are also show ip udp relay statistics command.
Are your destination clients (10.201.100.X) not direct to this switch attached, but to another AOS switch?as you see on the first debug, there is traffic between dhcp server and host but why host’s mac is presented as 00e0b1fdd35c (switch mac address).
If the relay is configured with multiple IP addresses, then the packet will be sent to all IP address destinations. The DHCP Relay also verifies that the maximum hop count has not been exceeded. If the forward delay time is not met or the maximum hop count is exceeded, the BOOTP/DHCP packet will be discarded by the DHCP Relay. You can try to use forward delay 0.
The show ip helper stats CLI command lists the total number of DHCP packets sent by both the client and the server. It also lists forward delay violations and violations for maximum hop count. This command is especially useful to determine if the client is not incrementing its forward delay variable or if DHCP request packets are looping through the network. And it also gives you a clear sense if the UDP Relay agent is forwarding packets to or from either the client or the server. If there are incrementing Delay of Hops Violations, this would explain why a pc is unable to get a DHCP address. A sniffer trace would be useful in this instance. There are also show ip udp relay statistics command.
-
suprys
Re: sequence of ip helper addresses
Some of them are connected to another AOS switch but the most of them are connected to big stack (6 switches).
Mac 00e0b1fdd35c is the address of stacked switches. Another thing, most stations are connected via alcatel ip phones.
Even that some stations are connected to another AOS, I don't see mac of these switches but only this local one.
Remote address is pointed to local mac-address:
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.19 UDP 67,68
10.201.100.19 is on another AOS, but as you see this address is represented by local mac 00e0b1fdd35c
- so, others connected AOS's/IP phones are represented by local mac ?
I used: show ip helper stats, looks pretty good, the same with debug commands - I see traffic in and out towards local DHCP server.
I haven't tried to remove external dhcp servers from config - but now, I'm sure, local server will work fine.
Thanks again for your help.
Mac 00e0b1fdd35c is the address of stacked switches. Another thing, most stations are connected via alcatel ip phones.
Even that some stations are connected to another AOS, I don't see mac of these switches but only this local one.
Remote address is pointed to local mac-address:
2 R 2/4 (005056952f3f)->(00e0b1fdd35c) IP 10.200.100.10 ->10.201.100.19 UDP 67,68
10.201.100.19 is on another AOS, but as you see this address is represented by local mac 00e0b1fdd35c
- so, others connected AOS's/IP phones are represented by local mac ?
I used: show ip helper stats, looks pretty good, the same with debug commands - I see traffic in and out towards local DHCP server.
I haven't tried to remove external dhcp servers from config - but now, I'm sure, local server will work fine.
Thanks again for your help.
-
one6f
Re: sequence of ip helper addresses
Hi,
here is my udp debugging for one ip phone on port 1/9 sending to two DHCP servers(10.77.21.15 and 10.155.33.15):
1 R 1/9 (68597f208b5f)->(ffffffffffff) ARP Request 169.254.217.20->169.254.217.20
1 R 1/9 (68597f208b5f)->(ffffffffffff) ARP Request 169.254.217.20->169.254.217.20
C S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.77.21.15 UDP 67,67
C S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.155.33.15 UDP 67,67
1 R CMM (00e0df2a513e)->(00e0df2a2ac2) IP 192.168.21.98->10.77.21.15 UDP 67,67
1 S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.77.21.15 UDP 67,67
1 R CMM (00e0df2a513e)->(00e0df2a2ac2) IP 192.168.21.98->10.155.33.15 UDP 67,67
1 S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.155.33.15 UDP 67,67
I can see both packets in same time, hence the switch uses both dhcp helper. But these packets are on uplink (1/1) and mac addresses are from Alcatel(00e0df2a513e is this 6850(local-192.168.21.98) and 00e0df2a2ac2 is remote site).
For more info I use normally wireshark.
here is my udp debugging for one ip phone on port 1/9 sending to two DHCP servers(10.77.21.15 and 10.155.33.15):
1 R 1/9 (68597f208b5f)->(ffffffffffff) ARP Request 169.254.217.20->169.254.217.20
1 R 1/9 (68597f208b5f)->(ffffffffffff) ARP Request 169.254.217.20->169.254.217.20
C S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.77.21.15 UDP 67,67
C S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.155.33.15 UDP 67,67
1 R CMM (00e0df2a513e)->(00e0df2a2ac2) IP 192.168.21.98->10.77.21.15 UDP 67,67
1 S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.77.21.15 UDP 67,67
1 R CMM (00e0df2a513e)->(00e0df2a2ac2) IP 192.168.21.98->10.155.33.15 UDP 67,67
1 S 1/1 00e0df2a513e->00e0df2a2ac2 IP 192.168.21.98->10.155.33.15 UDP 67,67
I can see both packets in same time, hence the switch uses both dhcp helper. But these packets are on uplink (1/1) and mac addresses are from Alcatel(00e0df2a513e is this 6850(local-192.168.21.98) and 00e0df2a2ac2 is remote site).
For more info I use normally wireshark.
