SG300 Vlan IP-Helper Address issues

Similar Messages

• DHCP server and ip helper-address issue

  Question,
  By accident I had configured an IP HELPER-ADDRESS on a VLAN interface pointing to a DHCP server with an IP addrees in the same VLAN ( ip subnet ).
  Some users had complaints and there were BAD ADDRESS entries in our DHCP server registered.
  Can anyone explain to me why this is an issue please ?
  My guess is that the the DHCP server receives the DHCPREQUEST from the client via the braodcast request and via the unicast request from the ip helper-address configuration. But does this really interfere with the DHCPACK and DHCPOFFER packets afterwards ?

  Alex,
  I've not been able to capture the network packets but I can understand if the server would send DHCPNACK requests ( wxhich would be a normal process ).
  I just don't understand why so many users suddenly have issues and my DHCP scope is filling up with BAD ADDRESSES.
  My assumption is that the client receives 2 valid DHCP responses ( one form the actual DHCP server and another one from the router, acting as DHCP relay agent ) and acknowledges them, but the DHCP process is somewhere corrupted ( either on the DHCP server or the DHCP client ).
  I want a technical explanation for this issue :-)

• SG300-28 IP Helper Address

  I have learned that by default the ip helper-address will forward the following 8 udp ports
  UDP PORT
  Common Name.
  69
  TFTP
  67
  BOOTP Client
  68
  BOOTP Server
  37
  Time Protocol
  49
  TACACS
  53
  DNS
  137
  NetBios
  138
  NetBios Datagram
  But when I check in cisco SG300-28, only port 37, 42, 49, 53,137 and 138 are in the forwarded list. Does it mean we cannot use ip helper-address to relay DHCP request? Please advise

  Hi Blue, you cannot. The DHCP relay function is designed for that. Therefore it is reserved for that function of the switch.
  -Tom
  Please mark answered for helpful posts

• Switches that do dhcp relay (ip helper address)

  Hi all,
  I'm looking at this switch the 1810 24g and I was wondering whether it dose dhcp relay (ip helper address) ie forward dhcp addresses from the dhcp server to the switch?
  Many thanks
  Rob

  Hi,
  on all the vlan interfaces where the DHCP server doesn't reside you must configure
  interface Vlan
  description Client VLAN
  ip helper-address
  When a client now sends DHCP request, the router
  forwards this request to the ip helper-address.
  Because the router also puts in its own interface ip address as source ip, the packet finds the way back.
  DHCP uses UDP port 67 and 68. With the command ip helper-address, there are also some other ports which are opened for udp. To close this ports you configure (global command)
  no ip forward-protocol udp tftp
  no ip forward-protocol udp nameserver
  no ip forward-protocol udp domain
  no ip forward-protocol udp time
  no ip forward-protocol udp netbios-ns
  no ip forward-protocol udp netbios-dgm
  no ip forward-protocol udp tacacs
  On your DHCP Server you have to configure a scope for each ip subnet.
  If your dhcp server is located at ther server vlan, do NOT configure a helper-address there.
  For the migration I would suggest to use two different ip subnets. Image all your clients are now in VLAN2 10.2.0.0/16. If you have this IP subnet on your Router you can't add a new VLAN with 10.2.1.0/24, because this overlaps.
  So make the new VLANs with 10.3.1.0/24, 10.3.2.0/24, ... and move the clients to the new
  vlans by change the vlan of the port where the PC is conneted to. When you then reboot the PC it shoud get a new ip from the dhcp and everything sould be fine.
  Bye
  Jo

• How to see if an ip helper-address is configured on a VLAN

  Hi - I'm not exactly new to networking but this question will likely say otherwise :)
  I'm trying to figure out the command to show the running-config of a VLAN.  The goal is to see if an ip helper-address has been configured on a VLAN.
  This is both for a Cisco 6509 and Nexus 5k.
  I simply don't know all the commands for VLANs so I can't get this info presented to me.
  Thank You in advance

  Thanks for the prompt reply!  Still no bueno though.
  On the 6509 I get the following:
  6509#show ip interface vlan xxx
                                             ^
  % Invalid input detected at '^' marker.
  On the Nexus 5K I can't complete the command, stops down at show ip interface with the following listed as ? after interface:
  5K# show ip interface ?
    <CR>
    >                    Redirect it to a file
    >>                  Redirect it to a file in append mode
    A.B.C.D       Display interface for local IP address
    brief              Display summary of IP interface status and configuration
    ethernet        Ethernet IEEE 802.3z
    loopback      Loopback interface
    mgmt            Management interface
    operational   Display only interfaces that are administratively enabled
    port-channel  Port Channel interface
    vrf                   Display per-VRF information
    |                      Pipe command output to filter

• Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper

  Hope that somebody can help me with the setup in the screenshot. 
  Planning to use Auto-Voice VLAN and Smartports to configure VOIP
  LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right? 
  Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
  Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
  But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
  Normal data should pass  the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
  Still confused on how to set it up, hope that someone can point me in the right direction

  If you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
  On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
  For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS.

• Problems working with ip helper-address command

  I have 2 switches L3 4507 working in HA with HSRP, so in the active switch I have the following interface configuration:
  interface Vlan2
  ip address 10.1.0.2 255.255.254.0
  standby 2 ip 10.1.0.1
  standby 2 priority 150
  standby 2 preempt
  interface Vlan4
  ip address 10.1.4.2 255.255.255.0
  ip helper-address 10.1.0.8
  standby 4 ip 10.1.4.1
  standby 4 priority 150
  standby 4 preempt
  interface Vlan15
  ip address 10.1.5.2 255.255.255.128
  ip helper-address 10.1.0.8
  standby 15 ip 10.1.5.1
  standby 15 priority 150
  standby 15 preempt!
  And, in my standby switch I have this configuration:
  interface Vlan2
  ip address 10.1.0.3 255.255.254.0
  standby 2 ip 10.1.0.1
  interface Vlan4
  ip address 10.1.4.3 255.255.255.0
  ip helper-address 10.1.0.8
  standby 4 ip 10.1.4.1
  standby 4 priority 50
  interface Vlan15
  ip address 10.1.5.3 255.255.255.128
  ip helper-address 10.1.0.8
  standby 15 ip 10.1.5.1
  standby 15 priority 50
  So, the problem is that in some ports belonging to a particular vlan, for example to the vlan 15 most to take an IP address form the network 10.1.5.0 /25, but that port are takenig an ip from the network 10.1.0.0 /23…
  I’ll apreciate your help, thank’s

  I guess the issue will be related to the DHCP server alone and its settings since you said your clients get an IP from the DHCP server. That confirms that your ip-helper is working fine and its routing the DHCP broadcasts and then assigns an IP from the DHCP server.
  So the only possible reason i can think of should be the settings of the DHCP scope.
  Do you have the same problem with all the scopes, i mean whether all the different vlans get incorrect IP or ???, is this issue is related to only one VLAN ??
  Also check whether you have any other DHCP servers other than the allowed since its some times possible in your network other DHCP servers unknowingly which you can find by shutting this DHCP :)

• Ip helper-address

  Hi All,
  Does ip helper-address work with 2 ip ranges in a VLAN in a catalyst 3750?
  ip forward-protocol udp 6112
  int vlan 1
  ip address 192.168.0.1 255.255.255.0
  int vlan 2
  ip helper-address 192.168.0.100
  ip address 192.168.1.100 255.255.255.0
  ip address 192.168.2.100 255.255.255.0 secondary

  Normally, you need an "IP-Helper" command in the interface that is away from the resource you are trying to reach.
  The broadcast request is received and if there's an IP-Helper established on that interface, the broadcast is passed toward that resource as a unicast ... so that it can pass through any other intermediate routers along the way.
  Since you set that interface up as a "secondary," I believe it will work, since that interface is going to receive the broadcast request from either LAN (primary or secondary).
  What I'm trying to figure out is why you are multi-netting ... it generally complicates things and is usually only used to accommodate transition from "the old address scheme" to "the new address scheme."
  Are you short on ports?
  Good Luck
  Scott
  Are you just short on ports?

• Ip helper address and WLC

  Hi Everyone,
  WLC  has IP 10.10.10.5
  AP has IP 10.10.10.6
  AP is connected to switch which has say vlan 10 IP  192.168.50.2
  AP manager interface has IP 192.168.50.1
  USer is getting IP from ASA which has pool in subnet 192.168.50.x
  Do i need to config ip helper command under the switch vlan 10?
  Regards
  MAhesh

  But WLC has interface called Wireless_visitor that has IP in the subnet 192.168.50.x.
  We want wireless user to have 192.168.50.x.
  Interface Wireless_visitor is dynamic interface with IP 192.168.50.1.
  Switch has vlan that also has IP in subnet 192.168.50.x.
  Uhhhh ... Your Wireless_Visitor dynamic interface has the same IP address subnet as your switch?   I don't think this is going to work well.  Your switch, ideally, should have the same management IP address as the WLC management IP address.  
  Your Dynamic Interface should have an IP Helper address in the configuration.  

• Helper Address on a ONLY Layer 2 aware Switch

  Hi, 
       Been scratching my head for a while now, i don't know why a switch even has the " Ip helper address" command, Dosent it need routing to acomplish this kind of a task? 
  I have a switch with 2 SVI's, fair enough, one for Vlan 10 and the other for Vlan 20,
  Vlan 10 = 192.168.10.0/24
  Vlan 20 = 192.168.20.0/24
  I have a DHCP server on vlan 10, with the IP address 192.168.10.1, Now it has scopes for vlan 20 as well, i go into vlan 20 and do this:
  # interface vlan 20
  # ip address 192.168.20.1 255.255.255.0
  #ip helper address 192.168.10.1 
  Now this should work right? but it dosen't !( Ive seen in Wireshark that it dosent even forward the DISCOVER Message on to SVI 10's Vlan 10 ports) ..But it does work when we configure a DEFAULT GATEWAY for the switch and the DHCP server is on a REMOTE Location where the switch does not have and interface directly connected to! what is this? its like blowing my mind! please elaborate

  If this is a Layer 2 only switch then I cannot see how a helper address would work.
  The SVI's you have created are going to be for management, they cannot be the Default Gateways of the Vlans IF the switch is Layer 2 only.
  When your clients send out a DHCPDISCOVER message, that frame will hit the SVI address because its a 'host' on that same vlan that the client is on.
  If this were a Layer 3 SVI (i.e on a Layer 3 switch) then it would forward that frame to the helper address configured. In order for the Layer 3 switch to forward the frame, it needs to do a lookup in its routing table for the destination subnet.
  This is a layer 2 switch, is has no routing table so will be unable to forward the DHCPDISCOVER message to the helper address.
  See here (Peters post) for an explanation of why the Layer 2 switch can act as a DHCP relay if the DHCP server is on a remote subnet:
  https://supportforums.cisco.com/discussion/11385901/does-ip-helper-address-work-layer-2-switch-2950

• System Clean Install because of IP address issues

  HI,
  I just did a clean re-install of Snow Leopard as I had been having the self-assigned IP address issues that so many snow leopard users have been having. Before doing this I used time machine to make a backup of my HD on an external HD and synced my iphone 4 with the computer.
  Now I am hoping to get all of my music back, as well as my contacts, but can't seem to access either of those individually on my external HD using time machine or manually.
  Also I am worried about plugging in my iPhone to the computer and syncing with iTunes, as if I do, I may lose my lifetime's collection of music altogether. Clearly I should have backed up this music on an extra external HD in addition to the time machine backup, but didn't think to do that.
  What are my options? Will it erase the music on my iphone if I sync, or will it pull the music off of it and back into my library? What about Mail and Address book etc?
  any help would be appreciated

  Normal iTunes syncing with an iPhone is one-way - computer to iPhone. If you try to sync the iPhone without your old library then you will indeed wipe everything off the iPhone. There are numerous utilities around such as Pod To Mac - VersionTracker or MacUpdate - that can be used to transfer from the iPhone/iPod to the computer as well as ones that can mount the iPhone/iPod as a disk drive so you can transfer data between computer and iPhone/iPod. For example, PhoneDisk.

• Need a bit of guidance with ip helper-address on a L3 switch

  Hi All,
  Happy New Year!
  Could some one be kind enough to have a look at a PT file for me and tell me where I am going wrong please?.
  It's a practice one for a college assignment I am working on, for which I have to submit an original network, and then suggest some possible improvements. My first PT file consists of 3 LANs, all using L2 switches configured with VLANs and routing on a stick, with ip helper-address pointing to a DHCP server on one of the LANs. That all works fine.
  Now I am trying to create a test network that uses a L3 switch that has VLANs, I want the end user devices to obtain addressing from a DHCP server on a separate network, I have configured the VLANs, gave them IP addresses, entered the ip helper-address, the link between the switch and router has had the "no switchport" command executed on the switch, I given the connected port on the switch a relevant IP address to the router interface it is connected to, both router and switch have OSPF configured with network statements, but DHCP requests are failing.
  In simulation mode the packets are reaching the DHCP server but are not returning, and I'm a little confused as to what I have done wrong.
  Attached is the PT file, please bear in mind this is just a test PT file that I have been practicing with before creating the final PT file for submission.
  Any advice would be greatly appreciated.
  Kind regards
  Jon

  Hello Haihua,
  Thank you very much for that, I do feel a little stupid now..., I completely forgot about the DG on the server.
  Thanks again.
  Jon

• PXE Boot/Ip helper address for staging OS-es

  Hi,
  In our production environment there is already a PXE-server SCCM 2007. Now, we're setting up an SCCM 2012-server which we would like to test staging/OS-deployment also.
  Is it safe to say we need to add the ip  of the SCCM 2012 "066 Boot Server Host Name" to stage. Note: on switches (Cisco) this is ip helper address,  correct?
  Please clarify.
  NOTE: is there an option to make it work WITHOUT needing a new VLAN?
  J.
  Jan Hoedt

  DHCP options and IP helper addresses have the same end goal but are completely different things.
  IP Helpers automatically forward broadcast requests to a destination system thus "bridging" subnets for services like DHCP and PXE.
  DHCP scope options directly instruct the NIC to boot from a specific PXE server.
  So, yes, it is possible to manipulate where a client PXE boots from, but it takes an integral understanding of how PXE works, of how IP Helpers work, and of how NICs initiate a PXE boot when either IP Helpers or DHCP scope options are in place (and
  thus DHCP also). Because *none* of this really has anything to do with ConfigMgr or even Microsoft itself, there really is no Microsoft guidance except that IP Helpers are preferred and are the Microsoft supported solution. A great starting reference
  is at http://en.wikipedia.org/wiki/Preboot_Execution_Environment
  Jason | http://blog.configmgrftw.com
  Is there any official Microsoft documentation that outlines why IP Helpers are preferred over scope options?

• IPv6 Duplicate Address issue

  I'm having a problem involving IPv6 with stateless autoconfig on my network. I have a Cisco 800 series router and we have several VLAN interfaces each configured with an IPv6 prefix. The problem I'm noticing is that whenever any host on the network tries to start up with stateless autoconfig they immediately detect a duplicate address for whatever address they are trying to use.
  I performed a packet capture and what I'm seeing is that when the host selects an IPv6 address to use, it performs the Neighbor Solicitation to check if the address is in use. I immediately see the exact same Neighbor Solicitation message echo'd back with the source MAC being the Cisco router. This causes the host to reject the address as a duplicate since it is receiving a Neigbor Soliciation for the same address it is attempting to use.
  This happens on all of the VLANs I have configured for IPv6. The basic VLAN config is like this:
  interface Vlan109
   description Engineering VLAN
   ip address .....
   ip helper-address .....
   ip nat inside
   ip virtual-reassembly in
   ip tcp adjust-mss 1300
   ipv6 address HE-ENG ::/64 eui-64
   ipv6 enable
   ipv6 nd ra interval 60
  Attached is a PCAP with some ICMPv6 traffic. You can see that the NS messages are duplicated and the source of the duplicates seems to be the Cisco router (70:ca:9b:e0:94:2e). Does anyone know what is going on here?

  Hi,
  Under you interface val config can you try adding:-
  int vlan 109
  ipv6 address autoconfig
  Worth a try
  Regards
  Alex

• MAC address issue----Spearman

  Saw your comments on this in the post about the 1.9 bios for neo2platty ....
  I can confirm that My MAC address issue was caused by the bios that you sited in your comments....all F's were written to My nvidia lan too...
  only solution from what I have read is too rma it...'bummer'
  just thought You would like to know....  Your not alone

  I had the same problem yesterday and after many hours searching the web I ended up with this post that made me really desperate... But I didn't give up and while trying a new bios flash because of random crashes when in the bios, I noticed the obvious: you can change the MAC address when flashing 
  use the last version of the dos flasher with the parameters /nvmac:xxxxxxxxxxxx/wb after the name of the bios file; it's explained if you ask the help with the /help parameter. You can find the mac address on a stick on the parallel port.