SG300-28 IP Helper Address

Similar Messages

• SG300 Vlan IP-Helper Address issues

  hi,
  I am trying to set a ip-helper address on my sg300 though getting the following.
  DNSWITCH01#configure
  DNSWITCH01(config)#interface vlan2
  DNSWITCH01(config-if)#ip helper-address 192.168.1.1
  % missing mandatory parameter
  DNSWITCH01(config-if)#DNSWITCH01#
  DHCP server is server 2008 R2 and the range is active for that vlan and can route to vlan and devices set statically fine

  Hi Konrad, DHCP cannot be used for IP helper since the switch has a DHCP-RELAY service.
  -Tom
  Please mark answered for helpful posts

• PXE across subnets using IP Helper Address

  For 10 years I have been trying to get my network engineers to add an IP Helper address of our SCCM PXE Server in order to provide an Enterprise PXE service for our campus (Large University). And every year they keep telling me
  they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of but I am looking for others who have been in this same situation and have been able to accomplish what has been a never ending exercise in futility for
  me. I am looking for a white paper or a case study that I can use to help build my case and hope that someday I can convince our engineers that the world won't come to an end by adding IP Helper addresses.

  .. they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of..
  You need to get to the bottom of their specific concerns....
  PXE involves the use of TFTP (to download the NBP + boot.sdi + boot.wim).
  TFTP is neither robust/resilient nor particularly secure.
  But I'm guessing that the concern must surely be more related to the payload/content (i.e. what is within the boot image itself) that might be the worry?
  The boot image (potentially) contains licensed products (not directly a security concern), and certificates, accounts, passwords, scripts ?
  If you have the F8 debug feature enabled in your boot image, it could be used to "live boot" a computer, access the filesystem on that computer, and basically provide uncontrolled access to the files/documents/data on that computer (assuming that your computers
  are not using any form of disk encryption).
  For this last reason, F8-debug should not remain enabled for "normal" operation.
  In our organisation, we mitigate that risk with disk encryption. We also don't distribute boot media nor full media - PXE is the only way we deploy OS (well, outside of the datacentre, that is).
  Our networking team were initially concerned about PXE - but not from the security aspect, more from the capacity/bandwidth perspective. So we worked with them to plan/design/place the boot servers, and the DP's placement.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Ip helper-address

  Hi All,
  Does ip helper-address work with 2 ip ranges in a VLAN in a catalyst 3750?
  ip forward-protocol udp 6112
  int vlan 1
  ip address 192.168.0.1 255.255.255.0
  int vlan 2
  ip helper-address 192.168.0.100
  ip address 192.168.1.100 255.255.255.0
  ip address 192.168.2.100 255.255.255.0 secondary

  Normally, you need an "IP-Helper" command in the interface that is away from the resource you are trying to reach.
  The broadcast request is received and if there's an IP-Helper established on that interface, the broadcast is passed toward that resource as a unicast ... so that it can pass through any other intermediate routers along the way.
  Since you set that interface up as a "secondary," I believe it will work, since that interface is going to receive the broadcast request from either LAN (primary or secondary).
  What I'm trying to figure out is why you are multi-netting ... it generally complicates things and is usually only used to accommodate transition from "the old address scheme" to "the new address scheme."
  Are you short on ports?
  Good Luck
  Scott
  Are you just short on ports?

• How to see if an ip helper-address is configured on a VLAN

  Hi - I'm not exactly new to networking but this question will likely say otherwise :)
  I'm trying to figure out the command to show the running-config of a VLAN.  The goal is to see if an ip helper-address has been configured on a VLAN.
  This is both for a Cisco 6509 and Nexus 5k.
  I simply don't know all the commands for VLANs so I can't get this info presented to me.
  Thank You in advance

  Thanks for the prompt reply!  Still no bueno though.
  On the 6509 I get the following:
  6509#show ip interface vlan xxx
                                             ^
  % Invalid input detected at '^' marker.
  On the Nexus 5K I can't complete the command, stops down at show ip interface with the following listed as ? after interface:
  5K# show ip interface ?
    <CR>
    >                    Redirect it to a file
    >>                  Redirect it to a file in append mode
    A.B.C.D       Display interface for local IP address
    brief              Display summary of IP interface status and configuration
    ethernet        Ethernet IEEE 802.3z
    loopback      Loopback interface
    mgmt            Management interface
    operational   Display only interfaces that are administratively enabled
    port-channel  Port Channel interface
    vrf                   Display per-VRF information
    |                      Pipe command output to filter

• Ship to party search help address not display

  Hi,
  Using 'Edit internal address' We added one plant address, and the address no also generated. plant having several address.
  But when we creating shopping cart, trying to select the ship to address from the search help, address not displaying in the list.
  even we tried adding this address in the attributes as delivary address also .but the address not displaying in ship to party search help.
  If any one faced this problem let us know how to proceed.
  Thanks in advance,
  prasad.s

  it is strange .
  whatever you have defaulted ship to adress has to come.
  did you maintain at position level and make ensure that you have really inherited.
  FM bbp_read_attributes
  for your user execute and make ensure that you have inheited ship to address
  when you create ship to address . did you check this box Ship-to Address  in Use Address as:
  muthu

• Ip helper address and WLC

  Hi Everyone,
  WLC  has IP 10.10.10.5
  AP has IP 10.10.10.6
  AP is connected to switch which has say vlan 10 IP  192.168.50.2
  AP manager interface has IP 192.168.50.1
  USer is getting IP from ASA which has pool in subnet 192.168.50.x
  Do i need to config ip helper command under the switch vlan 10?
  Regards
  MAhesh

  But WLC has interface called Wireless_visitor that has IP in the subnet 192.168.50.x.
  We want wireless user to have 192.168.50.x.
  Interface Wireless_visitor is dynamic interface with IP 192.168.50.1.
  Switch has vlan that also has IP in subnet 192.168.50.x.
  Uhhhh ... Your Wireless_Visitor dynamic interface has the same IP address subnet as your switch?   I don't think this is going to work well.  Your switch, ideally, should have the same management IP address as the WLC management IP address.  
  Your Dynamic Interface should have an IP Helper address in the configuration.  

• Helper Address on a ONLY Layer 2 aware Switch

  Hi, 
       Been scratching my head for a while now, i don't know why a switch even has the " Ip helper address" command, Dosent it need routing to acomplish this kind of a task? 
  I have a switch with 2 SVI's, fair enough, one for Vlan 10 and the other for Vlan 20,
  Vlan 10 = 192.168.10.0/24
  Vlan 20 = 192.168.20.0/24
  I have a DHCP server on vlan 10, with the IP address 192.168.10.1, Now it has scopes for vlan 20 as well, i go into vlan 20 and do this:
  # interface vlan 20
  # ip address 192.168.20.1 255.255.255.0
  #ip helper address 192.168.10.1 
  Now this should work right? but it dosen't !( Ive seen in Wireshark that it dosent even forward the DISCOVER Message on to SVI 10's Vlan 10 ports) ..But it does work when we configure a DEFAULT GATEWAY for the switch and the DHCP server is on a REMOTE Location where the switch does not have and interface directly connected to! what is this? its like blowing my mind! please elaborate

  If this is a Layer 2 only switch then I cannot see how a helper address would work.
  The SVI's you have created are going to be for management, they cannot be the Default Gateways of the Vlans IF the switch is Layer 2 only.
  When your clients send out a DHCPDISCOVER message, that frame will hit the SVI address because its a 'host' on that same vlan that the client is on.
  If this were a Layer 3 SVI (i.e on a Layer 3 switch) then it would forward that frame to the helper address configured. In order for the Layer 3 switch to forward the frame, it needs to do a lookup in its routing table for the destination subnet.
  This is a layer 2 switch, is has no routing table so will be unable to forward the DHCPDISCOVER message to the helper address.
  See here (Peters post) for an explanation of why the Layer 2 switch can act as a DHCP relay if the DHCP server is on a remote subnet:
  https://supportforums.cisco.com/discussion/11385901/does-ip-helper-address-work-layer-2-switch-2950

• Ip helper-address with two dhcp server

  I have two dhcp server running on vlan1, which serving our workstation on vlan2. 10.10.10.51 is our primary and 10.10.10.52 is secondary server.
  My question is:
  - Which server would my workstation get the dhcp from?
  - If the primary server is down, could I reach the second dhcp server? and if the primary server back online.. Which server would be serving our dhcp client?
  interface Vlan1
  ip address 10.10.10.1 255.255.255.0
  no ip redirects
  ip directed-broadcast
  interface Vlan2
  ip address 10.10.20.1 255.255.255.0
  ip helper-address 10.10.10.51
  ip helper-address 10.10.10.52
  no ip redirects
  ip directed-broadcast

  Hi,
  I don't agree.
  AFAIK, using two ip helper-address entries in a router config will cause the dhcp request being sent to BOTH dhcp servers.
  So both the primary and secondary dhcp server will send a dhcp offer to the workstation. The workstation will choose one of the offers and confirm it to the server.
  So ip helper-address command will not help you to choose if dhcp server is primary or secondary.
  You can either use different dynamic address pools on primary and secondary dhcp server (and the same static entries) or to arrange some kind of dhcp server failover:
  See
  http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_DHCP_imp_ClusteringSupport.htm
  There is also RFC 2131 describing DHCP Failover Protocol.
  Regards,
  Milan

• Best Practice for ip helper-address

  I have 2 dhcp servers on same subnet 192.168.1.0
  I'm trying to setup my SVI
  Gateway 192.168.6.1
  How should the ip helper-address be setup?
  ip helper-address 192.168.1.0
  or
  ip helper-address 192.168.1.1 <- dhcp 1
  ip helper-address 192.168.1.2 <- dhcp 2
  2 Dhcp servers setup each to handle half the scope of a given subnet.

  Sparky
  Generally I believe that the best practice for this is to use two helper address statements. This will send two unicaast packets, one to each server. The other alternative is to send a directed broadcast (which would actually be ip helper-address 192.168.1.255). To do this you would also have to be sure that ip directed-broadcast was enabled on the router interface connecting to the 192.168.1.0 subnet. Many people reguard ip directed-broadcast as a security vulnerability and do not want it enabled. If your environment is comfortable with enabling this function then both alternatives would work. The advantage of the directed broadcast is that it transmits one packet rather than transmitting two packets. If it were me I would use two helper address statements.
  HTH
  Rick

• Helper address IOS XR ASR9000

  Hi
  Everyone I have a doubt about the configuration for the helper address on ASR9000, mainly I try to configure the helper address in this way:
  configure
  interface type number
  ipv4 helper-address vrf vrf_name address 
  However it doesnt work.
  What is the correct way to apply an helper address on my ASR9000 ???
  Regards !!!!

  Hi,
  Correct configuration is:
  dhcp ipv4
  profile DHCP-HELP relay
  helper-address vrf <VRF> <IP address>
  interface <interface> relay profile DHCP-HELP
  Florian

• Need a bit of guidance with ip helper-address on a L3 switch

  Hi All,
  Happy New Year!
  Could some one be kind enough to have a look at a PT file for me and tell me where I am going wrong please?.
  It's a practice one for a college assignment I am working on, for which I have to submit an original network, and then suggest some possible improvements. My first PT file consists of 3 LANs, all using L2 switches configured with VLANs and routing on a stick, with ip helper-address pointing to a DHCP server on one of the LANs. That all works fine.
  Now I am trying to create a test network that uses a L3 switch that has VLANs, I want the end user devices to obtain addressing from a DHCP server on a separate network, I have configured the VLANs, gave them IP addresses, entered the ip helper-address, the link between the switch and router has had the "no switchport" command executed on the switch, I given the connected port on the switch a relevant IP address to the router interface it is connected to, both router and switch have OSPF configured with network statements, but DHCP requests are failing.
  In simulation mode the packets are reaching the DHCP server but are not returning, and I'm a little confused as to what I have done wrong.
  Attached is the PT file, please bear in mind this is just a test PT file that I have been practicing with before creating the final PT file for submission.
  Any advice would be greatly appreciated.
  Kind regards
  Jon

  Hello Haihua,
  Thank you very much for that, I do feel a little stupid now..., I completely forgot about the DG on the server.
  Thanks again.
  Jon

• PXE Boot/Ip helper address for staging OS-es

  Hi,
  In our production environment there is already a PXE-server SCCM 2007. Now, we're setting up an SCCM 2012-server which we would like to test staging/OS-deployment also.
  Is it safe to say we need to add the ip  of the SCCM 2012 "066 Boot Server Host Name" to stage. Note: on switches (Cisco) this is ip helper address,  correct?
  Please clarify.
  NOTE: is there an option to make it work WITHOUT needing a new VLAN?
  J.
  Jan Hoedt

  DHCP options and IP helper addresses have the same end goal but are completely different things.
  IP Helpers automatically forward broadcast requests to a destination system thus "bridging" subnets for services like DHCP and PXE.
  DHCP scope options directly instruct the NIC to boot from a specific PXE server.
  So, yes, it is possible to manipulate where a client PXE boots from, but it takes an integral understanding of how PXE works, of how IP Helpers work, and of how NICs initiate a PXE boot when either IP Helpers or DHCP scope options are in place (and
  thus DHCP also). Because *none* of this really has anything to do with ConfigMgr or even Microsoft itself, there really is no Microsoft guidance except that IP Helpers are preferred and are the Microsoft supported solution. A great starting reference
  is at http://en.wikipedia.org/wiki/Preboot_Execution_Environment
  Jason | http://blog.configmgrftw.com
  Is there any official Microsoft documentation that outlines why IP Helpers are preferred over scope options?

• CCP doesn't show ip helper-address

  I am running CCP 2.1 on both a Vista and Server 2008 machine. I am connected to an 1841 router. If I telnet into router, and show run, it says I have an ip helper-address. If I open CCP and view that same interface, it doesn't show an ip helper-address. If I then click OK, it wants to send a command to the router to remove the ip helper-address. Any ideas would be appreciated.

  Hi Joe,
    Please pickup the latest CCP version (v2.5 posted on 29th June 2011). Let me know if the problem is resolved. CCP supports configuration of single helper address. If multiple addresses are configured, then they are read in, but shall not be editable.
  Thanks,
  Chaitra

• IP Helper address on 6509

  I have 2 vlans(Vlan1 & Vlan305) on 6509
  on vlan1 i have my dhcp server and i am trying my vlan305 network computers to get ip address from my server which is in vlan1
  i configuried the following on my 6509
  on my msfc
  ip dhcp server 10.x.x.201
  on vlan interface 305
  ip helper-address 10.x.x.201
  my users are not able to get IP. but if i use 6509 as dhcp server ist working fine.
  is there any other configuration i need to do.
  Thanks
  Sridhar

  Sri,
  The main point has be pointed out by the poster above. Just make sure that your inter-vlan routing is working fine and you are able to reach DHCP server from Vlan 305.Try to set up a static IP address on any one of the host in Vlan 305 and try to reach DHCP server.Its it works OK and you config is fine, somewhere the problem is in DHCP server.
  Try to set different scope for each vlan and also try to use a different DHCP server.
  regards,
  -amit singh