Helper Address on a ONLY Layer 2 aware Switch

Hi, 
     Been scratching my head for a while now, i don't know why a switch even has the " Ip helper address" command, Dosent it need routing to acomplish this kind of a task? 
I have a switch with 2 SVI's, fair enough, one for Vlan 10 and the other for Vlan 20,
Vlan 10 = 192.168.10.0/24
Vlan 20 = 192.168.20.0/24
I have a DHCP server on vlan 10, with the IP address 192.168.10.1, Now it has scopes for vlan 20 as well, i go into vlan 20 and do this:
# interface vlan 20
# ip address 192.168.20.1 255.255.255.0
#ip helper address 192.168.10.1 
Now this should work right? but it dosen't !( Ive seen in Wireshark that it dosent even forward the DISCOVER Message on to SVI 10's Vlan 10 ports) ..But it does work when we configure a DEFAULT GATEWAY for the switch and the DHCP server is on a REMOTE Location where the switch does not have and interface directly connected to! what is this? its like blowing my mind! please elaborate

If this is a Layer 2 only switch then I cannot see how a helper address would work.
The SVI's you have created are going to be for management, they cannot be the Default Gateways of the Vlans IF the switch is Layer 2 only.
When your clients send out a DHCPDISCOVER message, that frame will hit the SVI address because its a 'host' on that same vlan that the client is on.
If this were a Layer 3 SVI (i.e on a Layer 3 switch) then it would forward that frame to the helper address configured. In order for the Layer 3 switch to forward the frame, it needs to do a lookup in its routing table for the destination subnet.
This is a layer 2 switch, is has no routing table so will be unable to forward the DHCPDISCOVER message to the helper address.
See here (Peters post) for an explanation of why the Layer 2 switch can act as a DHCP relay if the DHCP server is on a remote subnet:
https://supportforums.cisco.com/discussion/11385901/does-ip-helper-address-work-layer-2-switch-2950

Similar Messages

  • PXE across subnets using IP Helper Address

    For 10 years I have been trying to get my network engineers to add an IP Helper address of our SCCM PXE Server in order to provide an Enterprise PXE service for our campus (Large University). And every year they keep telling me
    they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of but I am looking for others who have been in this same situation and have been able to accomplish what has been a never ending exercise in futility for
    me. I am looking for a white paper or a case study that I can use to help build my case and hope that someday I can convince our engineers that the world won't come to an end by adding IP Helper addresses.

    .. they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of..
    You need to get to the bottom of their specific concerns....
    PXE involves the use of TFTP (to download the NBP + boot.sdi + boot.wim).
    TFTP is neither robust/resilient nor particularly secure.
    But I'm guessing that the concern must surely be more related to the payload/content (i.e. what is within the boot image itself) that might be the worry?
    The boot image (potentially) contains licensed products (not directly a security concern), and certificates, accounts, passwords, scripts ?
    If you have the F8 debug feature enabled in your boot image, it could be used to "live boot" a computer, access the filesystem on that computer, and basically provide uncontrolled access to the files/documents/data on that computer (assuming that your computers
    are not using any form of disk encryption).
    For this last reason, F8-debug should not remain enabled for "normal" operation.
    In our organisation, we mitigate that risk with disk encryption. We also don't distribute boot media nor full media - PXE is the only way we deploy OS (well, outside of the datacentre, that is).
    Our networking team were initially concerned about PXE - but not from the security aspect, more from the capacity/bandwidth perspective. So we worked with them to plan/design/place the boot servers, and the DP's placement.
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Search help unavailable in Read-only input field since EHP4

    Dear Experts!
    I have a problem with a Portal page since the deploy of the EHP4. The page has standard input fields with Search Helps. I needed to have the input field non-modifiable so the user would have to use the search help to get the proper information.
    Prior to the EHP4 installation, I set the input field to Read Only in the WebDynpro explorer, this disabled the editing while permitting the user to use the Search Help.
    Since the installation, the search help is no longer visible or accessible on a Read Only standard inputfield.
    Do you know if there is a way to allow the search help on a read only field?
    Thanks so much for your answer,
    Brian Foster.

    >Since the installation, the search help is no longer visible or accessible on a Read Only standard inputfield.
    This was a conscious design decision on SAP's part that disabled or read-only fields should no longer fire value help.  I am aware that this situation was used in the past as you describe.  It is even still used in SE80 for the Web Dynpro ABAP wizards. However usability studies showed that this often confused end users and therefore it is no longer allowed.  The field must be input enabled to fire the attached serach help.

  • Ip helper-address

    Hi All,
    Does ip helper-address work with 2 ip ranges in a VLAN in a catalyst 3750?
    ip forward-protocol udp 6112
    int vlan 1
    ip address 192.168.0.1 255.255.255.0
    int vlan 2
    ip helper-address 192.168.0.100
    ip address 192.168.1.100 255.255.255.0
    ip address 192.168.2.100 255.255.255.0 secondary

    Normally, you need an "IP-Helper" command in the interface that is away from the resource you are trying to reach.
    The broadcast request is received and if there's an IP-Helper established on that interface, the broadcast is passed toward that resource as a unicast ... so that it can pass through any other intermediate routers along the way.
    Since you set that interface up as a "secondary," I believe it will work, since that interface is going to receive the broadcast request from either LAN (primary or secondary).
    What I'm trying to figure out is why you are multi-netting ... it generally complicates things and is usually only used to accommodate transition from "the old address scheme" to "the new address scheme."
    Are you short on ports?
    Good Luck
    Scott
    Are you just short on ports?

  • How to see if an ip helper-address is configured on a VLAN

    Hi - I'm not exactly new to networking but this question will likely say otherwise :)
    I'm trying to figure out the command to show the running-config of a VLAN.  The goal is to see if an ip helper-address has been configured on a VLAN.
    This is both for a Cisco 6509 and Nexus 5k.
    I simply don't know all the commands for VLANs so I can't get this info presented to me.
    Thank You in advance

    Thanks for the prompt reply!  Still no bueno though.
    On the 6509 I get the following:
    6509#show ip interface vlan xxx
                                               ^
    % Invalid input detected at '^' marker.
    On the Nexus 5K I can't complete the command, stops down at show ip interface with the following listed as ? after interface:
    5K# show ip interface ?
      <CR>
      >                    Redirect it to a file
      >>                  Redirect it to a file in append mode
      A.B.C.D       Display interface for local IP address
      brief              Display summary of IP interface status and configuration
      ethernet        Ethernet IEEE 802.3z
      loopback      Loopback interface
      mgmt            Management interface
      operational   Display only interfaces that are administratively enabled
      port-channel  Port Channel interface
      vrf                   Display per-VRF information
      |                      Pipe command output to filter

  • SG300-28 IP Helper Address

    I have learned that by default the ip helper-address will forward the following 8 udp ports
    UDP PORT
    Common Name.
    69
    TFTP
    67
    BOOTP Client
    68
    BOOTP Server
    37
    Time Protocol
    49
    TACACS
    53
    DNS
    137
    NetBios
    138
    NetBios Datagram
    But when I check in cisco SG300-28, only port 37, 42, 49, 53,137 and 138 are in the forwarded list. Does it mean we cannot use ip helper-address to relay DHCP request? Please advise

    Hi Blue, you cannot. The DHCP relay function is designed for that. Therefore it is reserved for that function of the switch.
    -Tom
    Please mark answered for helpful posts

  • Why when I send a picture from my I phone to my email address does it only go to my iPad?

    Why when I send a picture from my iPhone to my email address does it only go to my iPad and not my home computer?

    Are you using the "Mail" app and not the "iMessage" application?
    iMessage as sberman stated is a mac only application. Mail however will send an email and not just a message. Your iPad may have your email attached as your iMessage name, so be careful that you don't get the two applications confused because one is universal and one is not.
    Hope this helps!

  • Command precedence ip helper-address ip directed-broadcast

    Of the two commands ip helper-address ip directed-broadcast, which takes precedence when a broadcast arrives?
    Posted by WebUser Lance Macdonald from Cisco Support Community App

    I think there is not really any precedence.
    The usage guidelines of the ip helper-address command states:
    The following conditions must be met for a UDP or IP packet to be able to use the ip helper-address command: The MAC address of the received frame must be all-ones broadcast address (ffff.ffff.ffff). The IP destination address must be one of the following: all-ones broadcast (255.255.255.255), subnet broadcast for the receiving interface (...)
    That means that the ip helper has no effect when a directed broadcast is received from another subnet; it has to be a layer-2 broadcast from the local subnet.
    If you enable directed broadcasts and send a UDP packet to the subnet's broadcast address as a layer-2 broadcast frame and UDP forwarding is enabled for the port I'd assume that
    - an ip unicast packet is send to the configured helper
    - an all-ones broadcast is send within the local subnet
    Best regards
    Rolf
    Btw: Why did you post that in the Data Center - Application Networking section?

  • Problems working with ip helper-address command

    I have 2 switches L3 4507 working in HA with HSRP, so in the active switch I have the following interface configuration:
    interface Vlan2
    ip address 10.1.0.2 255.255.254.0
    standby 2 ip 10.1.0.1
    standby 2 priority 150
    standby 2 preempt
    interface Vlan4
    ip address 10.1.4.2 255.255.255.0
    ip helper-address 10.1.0.8
    standby 4 ip 10.1.4.1
    standby 4 priority 150
    standby 4 preempt
    interface Vlan15
    ip address 10.1.5.2 255.255.255.128
    ip helper-address 10.1.0.8
    standby 15 ip 10.1.5.1
    standby 15 priority 150
    standby 15 preempt!
    And, in my standby switch I have this configuration:
    interface Vlan2
    ip address 10.1.0.3 255.255.254.0
    standby 2 ip 10.1.0.1
    interface Vlan4
    ip address 10.1.4.3 255.255.255.0
    ip helper-address 10.1.0.8
    standby 4 ip 10.1.4.1
    standby 4 priority 50
    interface Vlan15
    ip address 10.1.5.3 255.255.255.128
    ip helper-address 10.1.0.8
    standby 15 ip 10.1.5.1
    standby 15 priority 50
    So, the problem is that in some ports belonging to a particular vlan, for example to the vlan 15 most to take an IP address form the network 10.1.5.0 /25, but that port are takenig an ip from the network 10.1.0.0 /23…
    I’ll apreciate your help, thank’s

    I guess the issue will be related to the DHCP server alone and its settings since you said your clients get an IP from the DHCP server. That confirms that your ip-helper is working fine and its routing the DHCP broadcasts and then assigns an IP from the DHCP server.
    So the only possible reason i can think of should be the settings of the DHCP scope.
    Do you have the same problem with all the scopes, i mean whether all the different vlans get incorrect IP or ???, is this issue is related to only one VLAN ??
    Also check whether you have any other DHCP servers other than the allowed since its some times possible in your network other DHCP servers unknowingly which you can find by shutting this DHCP :)

  • HT4436 Why don't all my contacts and calendar events on my iMac (version 10.7.4) stream onto iCloud? For instance, there are 470 entries in my address book but only 270 on iCloud. And not all my appointments in iCal are transferred.

    Why don't all my contacts and calendar events on my iMac (version 10.7.4) stream onto iCloud? For instance, there are 470 entries in my address book but only 270 on iCloud. And not all my appointments in iCal are transferred either.
    I have the same problem transfering Address book on iMac to contacts on iPhone (old version 3G - on iCloud). this is a hard wired connection

    Might you have 200 entries in On My Mac groups and some of your appointments in On My Mac calendars?

  • How to call hr_location_api.create_location for different address style with only those fields that belongs specific to  that address style.

    How to call hr_location_api.create_location for different address style with only those fields that belongs specific to  that address style. It should decide at run time means at run time it will come to know the type of address style and based on that only the fields which belong to address details mapped to calling hr_location_api.create_location.
    Thanks in advance.

    You can create a wrapper package on top of the API (hr_location_api.create_location)
    In the wrapper package you set all the values dynamically based on your requirements(say the style and add_line columns are populated on your conditions) and then you call the API.
    Does that not work ?

  • Reset all settings means password it is asking.....restrictions its on.....i do not know password......my ipod its USA model....pls help me oct 12th only my uncle gave a new ipod to me......

    reset all settings means password it is asking.....restrictions its on.....i do not know password......my ipod its USA model....pls help me oct 12th only my uncle gave a new ipod to me......apps and game it is not working......

    If you forgot your restrictions passcode then yuou have to:
    - Restore from a backup that was make before you added the Restrictions passcode. If you restore from a backup made with the Restrictions passcode the Restrictions passcode is also restored.
    - Restore to factory settings/new iPod.
    - If you are up to it see:
    How to reset forgotten Restrictions...: Apple Support Communities
    How to reset forgotten Restrictions...: Apple Support Communities

  • When I send a mail from my iPhone, it displays the mail server name to the receiver if the mail and does nog display my name or e mail address. This only since upgrading my iPhone5 to iOS7

    When I send a mail from my iPhone, it displays the mail server name to the receiver if the mail and does not display my name or e mail address. This only since upgrading my iPhone5 to iOS7. I've checked all settings etc. anyone have a solution please?

    Rectory wrote:
    Please can someone tell me how  I can change this so when I send a mail from my phone and from the IPad that it reads from me.
    You need a separate email address but you've already ruled out that solution.

  • We are unable to have iPhoto books shipped into Canada, because the shipping address field will only accept US zip codes. Any solutions?

    We are unable to have iPhoto books shipped into Canada because the shipping address field will only accept US zip codes. Any solutions?

    Have you set the Print Products Store to Canada in the iPhoto Preferences > Advanced Panel? 
    This determines the address format.
    And your billing address and shipping address must be in the same country, as defined for your AppleID and credit card.

  • Ship to party search help address not display

    Hi,
    Using 'Edit internal address' We added one plant address, and the address no also generated. plant having several address.
    But when we creating shopping cart, trying to select the ship to address from the search help, address not displaying in the list.
    even we tried adding this address in the attributes as delivary address also .but the address not displaying in ship to party search help.
    If any one faced this problem let us know how to proceed.
    Thanks in advance,
    prasad.s

    it is strange .
    whatever you have defaulted ship to adress has to come.
    did you maintain at position level and make ensure that you have really inherited.
    FM bbp_read_attributes
    for your user execute and make ensure that you have inheited ship to address
    when you create ship to address . did you check this box Ship-to Address  in Use Address as:
    muthu

Maybe you are looking for