IP Helper Address Issue

sschwieterman

I'm labbing and putting together a simple network topology in Boson Netsim just to keep fresh on CCNA topics and have some confusion on how to get the IP helper-address command to work correctly. (Topology pictured below)



All hosts are on separate VLANS corresponding to the PC name (PC1=VLAN10, PC2=VLAN20, etc.), and Router2 is configured as DHCP server. I believe DHCP is configured correctly because PC3 and PC4 are receiving DHCP address no problem, but I'm not sure exactly how to setup Router1 with the IP helper-address command to forward the DHCP requests of PC1 and PC2.

Switch1 is connected to subinterfaces on Router1. One subinterface is set to pass traffic for VLAN10 on PC1 and the other is set to pass traffic on VLAN20 for PC2. The issue is that the ip helper-address command is not given as an option in subinterface configuration mode of that port (e0/1.10 and e0/1.20), and if I use the ip helper-address on the parent port (e0/1) the hosts won't receive DHCP addresses.

Can someone explain to me what I am doing wrong and the correct way to accomplish what I am trying to do?

Thank you!

Techytach

Is it set to 802.1q trunking off r1?
Can you ping?
Do you have pools? ip dhcp pool <vlan> network <range matching vlans> to your dhcp server so that the hosts get the proper ip adds.
Switchport access off switch?

How are the routers connected? etherchannel?

sucanushie

Ip-Helper just forwards a DHCP broadcast to an IP that is not in that broadcast domain.

It sounds like you are doing router on a stick config, in which case if setup properly the DHCP broadcast for each VLAN will make it to the router on the sub interface for that vlan, and if DHCP is setup correctly on the router the PC will get an address.

I hope that makes sense. Let me know if I just confused you more heh.

sschwieterman

Techytach wrote: »

Is it set to 802.1q trunking off r1?
Can you ping?
Do you have pools? ip dhcp pool <vlan> network <range matching vlans> to your dhcp server so that the hosts get the proper ip adds.
Switchport access off switch?

How are the routers connected? etherchannel?

Router1 is set to 802.1q trunking.
If I give PC1/PC2 static IPs they can both ping any other interface in the network via direct connection or OSPF learned routes.
DHCP config below:

Switches are configured correctly.

Routers connected via ethernet ports. Router1 port e0/0 (IP address is 192.168.1.1 255.255.255.252) connected to Router2 port e0/0 (IP address is 192.168.1.2 255.255.255.252).

Command I tried on port connected to Switch 1 was 'Router1(config-if)#ip helper-address 192.168.1.2' which didn't work.
And like I said, it won't let me enter the 'ip helper-address' command on the actual subinterfaces, which if I understand correctly, is how you would configure it correctly.

sucanushie

What is the config on SW1 interface to the router?
Also R1's connection to SW1?

Techytach

edit reread nm

If this still isn't the case maybe provide more show runs/configs. Cause that's pretty strange. I double checked and you can definitely type (tab auto write) ip helper-address on subinterfaces that are trunking.

Do you have no service dhcp anywhere in the config? Try issuing "service dhcp" to make sure its on.

edit Looks like you could try putting it on the switch vlan interface (altho you should totally be able to put it on the router)


SW1(config)#interface vlan 20SW1(config-if)#ip helper-address 10.116.10.1SW1(config-if)#end

sucanushie

On SW1 interface to the Router

Switchport mode trunk
If it's and older switch then you will need the Switchport encapsulation dot1q command

On R1 interface to SW1

Interface Fa 0/1.10
encapsulation dot1Q 100
Ip address whatever it is

Like Techytach said ip helper-address should work on a sub interface, but if the DHCP is running on R1 then you won't need it.

If say your DHCP server was a windows server that was on vlan 50 and a PC from vlan 10 sends a DHCP broadcast it would never get the DHCP request because it's a broadcast. This is why we need the ip helper command so that when the interface on vlan 10 receives the broadcast it will forward it to the DHCP server that is on VLAN 50

sschwieterman

I feel like I've tried everything mentioned in the previous comments but I know it's got to just be something I'm missing. Wondering if it's just the software version? I'm attaching all configs.



Router1 (forwarding router)

!
Version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router1
!
!
username cogsadmin password cogs2010!
!
!
!
ip subnet-zero
!
ip cef
no ip domain-lookup
!
!
!
!
!
!
!
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.252
no ip directed-broadcast
!
interface Ethernet0/1
no ip address
no ip directed-broadcast
!
interface Ethernet0/1.10
encapsulation dot1q 10
ip address 10.1.10.1 255.255.255.0
!
interface Ethernet0/1.20
encapsulation dot1q 20
ip address 10.1.20.1 255.255.255.0
!
!
interface Ethernet0/2
ip address 192.168.1.5 255.255.255.252
no ip directed-broadcast
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
!
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 10.1.10.1 0.0.0.255 area 0
network 10.1.20.1 0.0.0.255 area 0
network 192.168.1.1 0.0.0.3 area 0
network 192.168.1.5 0.0.0.3 area 0
!
!
!
!
ip classless
no ip http server
!
!
!
!
!
!
!
line con 0
login local
line aux 0
line vty 0 4
!
!
no scheduler allocate
end



Router2 (DHCP router)


!
Version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router2
!
!
username cogsadmin password cogs2010!
!
!
!
ip subnet-zero
!
ip cef
no ip domain-lookup
!
!
!
!
!
!
!
ip dhcp excluded-address 10.1.10.0 10.1.10.1
ip dhcp excluded-address 10.1.20.0 10.1.20.1
ip dhcp excluded-address 10.1.30.0 10.1.30.1
ip dhcp excluded-address 10.1.40.0 10.1.40.1
!
ip dhcp pool VLAN_10
network 10.1.10.0 255.255.255.0
default-router 10.1.10.1
ip dhcp pool VLAN_20
network 10.1.20.0 255.255.255.0
default-router 10.1.20.1
ip dhcp pool VLAN_30
network 10.1.30.0 255.255.255.0
default-router 10.1.30.1
ip dhcp pool VLAN_40
network 10.1.40.0 255.255.255.0
default-router 10.1.40.1
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.252
no ip directed-broadcast
!
interface Ethernet0/1
no ip address
no ip directed-broadcast
!
interface Ethernet0/1.30
encapsulation dot1q 30
ip address 10.1.30.1 255.255.255.0
!
interface Ethernet0/1.40
encapsulation dot1q 40
ip address 10.1.40.1 255.255.255.0
!
!
interface Ethernet0/2
ip address 192.168.1.6 255.255.255.252
no ip directed-broadcast
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
!
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 10.1.30.1 0.0.0.255 area 0
network 10.1.40.1 0.0.0.255 area 0
network 192.168.1.1 0.0.0.3 area 0
network 192.168.1.4 0.0.0.3 area 0
!
!
!
!
ip classless
no ip http server
!
!
!
!
!
!
!
line con 0
login local
line aux 0
line vty 0 4
!
ntp authenticate
ntp master
!
no scheduler allocate
end



Switch1



!
Version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch1
!
!
!
!
ip subnet-zero
!
ip cef
no ip domain-lookup
!
ip domain-name test
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 20
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18



Thanks again for taking the time guys!

doctorlexus

You should definitely be able to issue ip helper-address on a subinterface. My guess is your IOS version 12.3 is too old.

Techytach

Looks OK to me. It's either a Derp! moment or software is too old. Just to test, can you issue the ip helper command on the router with the dhcp? Are they the same router? Maybe wipe one or both, only configure a subinterface and see if its possible to issue the command.

As I mentioned before you can also put it on your switch. Although I am pretty curious why as well.

sschwieterman

Techytach wrote: »

Looks OK to me. It's either a Derp! moment or software is too old. Just to test, can you issue the ip helper command on the router with the dhcp? Are they the same router? Maybe wipe one or both, only configure a subinterface and see if its possible to issue the command.

As I mentioned before you can also put it on your switch. Although I am pretty curious why as well.

I did try putting the command on Switch1 as well, but because it is only a layer 2 switch I cannot run the 'interface vlan' command.

I experimented by adding a new host (PC5) to an open ethernet port on Router1, setup a new vlan (VLAN_50), and set encapsulation and ip helper-address on the port connected to PC5. No subinterfaces. PC5 is able to get a DHCP address, so I am going to chalk it up to an old software version...

Does seem kind of weird that Boson Netsim comes with such an old software version installed.

Techytach

sschwieterman wrote: »

I did try putting the command on Switch1 as well, but because it is only a layer 2 switch I cannot run the 'interface vlan' command.

I experimented by adding a new host (PC5) to an open ethernet port on Router1, setup a new vlan (VLAN_50), and set encapsulation and ip helper-address on the port connected to PC5. No subinterfaces. PC5 is able to get a DHCP address, so I am going to chalk it up to an old software version...

Does seem kind of weird that Boson Netsim comes with such an old software version installed.

Not sure how it works with boson but packet tracer doesn't get the full image/full function. I know there are missing commands. Still ip helper you'd think...

doctorlexus

Couldn't find anything conclusive, but this link states DHCP relay per interface VPN ID support was added in IOS 12.4T: Cisco IOS Software Release 12.4T Features and Hardware Support - Cisco

Being that a VLAN is a subcategory of VPN, perhaps they meant it to be all encompassing. But since I haven't worked with anything specifically called a VPN ID in Cisco, I don't know.

sucanushie

Sorry I thought the DHCP was on R1. In that case you do need IP helper and as others said it should be there on routers sub interfaces.

james43026

Yeah, the IP helper-address command is available on sub-interfaces. I'm thinking that it may be the outdated IOS version you are using. You shouldn't be using anything older than 12.4. As that is the absolute earliest IOS that Cisco supports for its exams. And the new exams are going to be all based around IOS 15 I believe.