DHCP design guidance

Peter Rathlev peter at rathlev.dk
Mon May 21 22:37:38 UTC 2012 

On Mon, 2012-05-21 at 16:37 -0400, Jason Lixfeld wrote:
> I have a Cisco switch with a bunch of clients hanging off of it, and
> my DHCP server lives on the other side of the network, so I use the ip
> helper-address hook in IOS to relay DHCP requests to the off-subnet
> DHCP server.
...
> subnet 10.0.0.0 netmask 255.255.255.0 {
>  not authoritative;

Probably not relevant, but are you sure you want it to not be
authoritative?

> [root at dhcp01 ~]# ifconfig | egrep "encap|inet "
> eth0      Link encap:Ethernet  HWaddr 00:0C:29:46:FE:E9  
>           inet addr:10.219.51.135  Bcast:10.219.51.159  Mask:255.255.255.224
...
> The local interface that I'm using to allow dhcpd to start without it
> complaining about not having an interface within a configured address
> range is also the interface that is receiving the discover and sending
> the offer.  The problem is that this interface actually goes nowhere
> and is actually just an alias acting as an anchor.  Offers directed
> out this interface will get sent out on the wire which has no
> knowledge of how to actually reach 10.0.0.0/24.

The server needs to at least be able to reach whatever the switch have
selected as source address for the requests, which should be some
address in the "management" VRF. According to your logs that seems to be
10.0.0.1, though the "helper-address vrf" command shouldn't select the
client facing interface.

The switch of course normally takes the local broadcast and converts
into a unicast packet with the source set to the primary address of the
interface facing the client (10.0.0.1) and the destination set to the
helper-address.

As I understand the "ip helper-address vrf" command[0] it actually
instead selects a source address from the specified helper-address VRF
and includes a "subnet selection" option to let the server decide what
address to give the client. The DHCP server should send replies directly
back to the source address that the switch selected.

What should the source address on the switch be towards the server in
the "management" VRF? Can the switch contact the server in this VRF e.g.
via ping?

Can you see (via wireshark) what source address the packets arrive with?
Does a dump of the packets give any hints when compared to the DHCP
logs?

[0]: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftdhmpls.html

-- 
Peter

More information about the dhcp-users mailing list