IP helper question

borumas

I was talking to a co-worker and he is trying to setup a test network with multiple vlans and have all the host from the vlans get their addresses from the same DHCP server. We already have an ip helper address used for BootP so clients can connect to a Zenworks server for imaging but he is having a hard time getting clients on other vlans to see the DHCP server. Can you only use one ip helper and the others are just backups or can you set it up differently is my question? We would like to keep the Zenworks ip helper but also have the DHCP ip helper work. Thanks for any input in advance.

dtlokee

You can specify multiple ip helper-address commands on a single interface and it will forward all of the broadcasts (bootp, tftp, dhcp ect.) to all configured helper addresses. You can also use the "ip forward-protocol" (or "no ip forward-protocol") command to add or remove protocols you wish to forward with the helper address.

borumas

Thanks, I'll let him try that out.

Paul Boz

Here is more thorough reading on IP Helper. It's what he needs to do.

http://routergod.com/trinity/

http://www.ciscopress.com/articles/article.asp?p=330807&seqNum=9&rl=1

Cisco UniverCD on IP Helper addressing

Cisco Press Article

borumas

dtlokee wrote:

You can specify multiple ip helper-address commands on a single interface and it will forward all of the broadcasts (bootp, tftp, dhcp ect.) to all configured helper addresses. You can also use the "ip forward-protocol" (or "no ip forward-protocol") command to add or remove protocols you wish to forward with the helper address.

Is this true, that you can have more than one ip helper address and that it will use them? They told me that a CCNP said that only 1 helper address could be in use. Also the existing helper address is listed under the vlan configuration and not on an interface, should the ip helper address be put on the router port also or is it ok listing it under the vlan? It currently works for imaging using Bootp for Zenworks but apparently it isn't working for DHCP from what they were telling me. This is being done on a Cat6500 switch (has layer 3 capability). Thanks a bunch for the info guys.

dtlokee

borumas wrote:

Also the existing helper address is listed under the vlan configuration and not on an interface, should the ip helper address be put on the router port also or is it ok listing it under the vlan?

Ok, if the interface physical interface is a Layer 3 interface (configured with the "no switchport" command and the "ip address x.x.x.x x.x.x.x" command) then yes the helper address should be on the physical interface. If the interface is a layer 2 interface (configured with the "switchport mode access" and "switchport acccess vlan xx" commands) then the helper address should be put on the SVI (the "interface vlan xx" where xx is the same vlan the physical interface is on)

borumas wrote:

They told me that a CCNP said that only 1 helper address could be in use

According to the Cisco documentation and what I have observed in production that is not true. Check this link http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt1/1rdipadr.htm#wp1018606
and make sure the traffic meets all the requirements of the helper address and also make sure the configuration of the "ip helper protocol" has not been changed from the default (by default the ip helper address will forward: DHCP, BOOTP, DNS, NetBIOS ports 137 + 138, TFTP, Time, and TACACS.

It may not be a Cisco issue at all in that you are forwarding BOOTP to a different server than the DHCP server it may be possible that is causing the issues. Is it possible to use somthing like wireshark to see if the BOOTP/DHCP packets are hitting the DHCP server at all? You may need to modify the DHCP server to only respond to DHCP requests only or BOOTP only or somthing like that.

HTH

Netstudent

I believe this is the making of a very interesting Lab..Got servers anyone?

dtlokee

Ok, time to put this to bed. I did this on a 3560. Interface vlan 109 is connected to a DHCP client, Interface vlan 111 is conected to DHCP server 1 and Interface vlan 112 is connected to DHCP server 2

DHCP Server 1 has an IP address of 10.20.20.2
DHCP Server 2 has an IP address of 10.20.30.2

Relevant Switch Config:

interface FastEthernet0/9
switchport access vlan 109
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 111
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 112
switchport mode access
!
interface Vlan109
ip address 10.20.10.1 255.255.255.0
ip helper-address 10.20.30.2
ip helper-address 10.20.20.2
!
interface Vlan111
ip address 10.20.30.1 255.255.255.0
!
interface Vlan112
ip address 10.20.20.1 255.255.255.0
!

When I configure the client to obtain it's IP address via DHCP the client is sending a DHCP discover message wich is received on both server 1 and server 2

Client Output:

No. Time Source Destination Protocol Info
57 34.111813 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x203a6819

Frame 57 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: 00:16:d4:0b:44:c0, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 0.0.0.0 (0.0.0.0), Dst Addr: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68 ), Dst Port: bootps (67)
Bootstrap Protocol

Server 1:

No. Time Source Destination Protocol Info
13 12.522696 10.20.10.1 10.20.20.2 DHCP DHCP Discover - Transaction ID 0x203a6819

Frame 13 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: 00:1a:e3:a8:8f:46, Dst: 00:11:11:c6:2e:b2
Internet Protocol, Src Addr: 10.20.10.1 (10.20.10.1), Dst Addr: 10.20.20.2 (10.20.20.2)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol


Server 2:

No. Time Source Destination Protocol Info
19 19.778193 10.20.10.1 10.20.30.2 DHCP DHCP Discover - Transaction ID 0x203a6819

Frame 19 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: 10.20.20.1 (00:1a:e3:a8:8f:45), Dst: 10.20.30.2 (00:11:11:a2:65:12)
Internet Protocol, Src: 10.20.10.1 (10.20.10.1), Dst: 10.20.30.2 (10.20.30.2)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol


As you can see the client sent a DHCPDISCOVER packet with the source address of 0.0.0.0 and the destination of 255.255.255.255

This was picked up by the switch vlan interface and was forwarded to both servers using the switch interface as the source (DHCP relay) and the destination was that of Server 1 and Server 2

Also note the DHCPDISCOVER transaction ID is the same in all of the frames

This is your network. this is your network on etheral. any questions?

Netstudent

HAHA thats great!

But in the real world, would we want our clients broadcasting to both DHCP's????? Unless the DHCP servers were both superscoping and one was a replicated backup.

borumas

Thanks for the help guys, I really appreciate it, turns out the guy fat fingered the ip address of the DHCP server, lol, so of course it didn't work untill he figured that out.