DHCP RElay Help

Rhino Lists isplists at duracom.net
Thu Mar 13 16:06:40 UTC 2008


Simon,

Thanks for the help.  I had to put the new subnets into a new shared network
of its own.  Now everything works as expected.  Just out of curiosity why
would having all the subnets in one shared network try to issue wrong IP's
to the other interface?

K 

-----Original Message-----
From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On Behalf
Of Simon Hobson
Sent: Thursday, March 13, 2008 10:15 AM
To: dhcp-users at isc.org
Subject: Re: DHCP RElay Help

Rhino Lists wrote:
>I have an issue.  We have a Cisco router with 2 Ethernet Interfaces F0/0
and
>F0/1. My dhcp server sits on F0/1.  On F0/0 I have the following:
>
>interface FastEthernet0/0
>  ip address xx.xx.xx.177 255.255.255.240
>  ip address xx.xx.xx.161 255.255.255.240 secondary
>  ip address cc.cc.cc.1 255.255.254.0 secondary
>  ip access-group 101 in
>  ip access-group 102 out
>  ip helper-address xx.xx.xx.146
>
>
>When this was set like this I received unknown segment from the DHCP
server?
>So I then changed it like this:
>
>
>interface FastEthernet0/0
>  ip address xx.xx.xx.177 255.255.255.240 secondary
>  ip address xx.xx.xx.161 255.255.255.240 secondary
>  ip address cc.cc.cc.1 255.255.254.0
>  ip access-group 101 in
>  ip access-group 102 out
>  ip helper-address xx.xx.xx.146
>
>
>Now on the router I set cc.cc.cc.1 as the Primary IP on F0/0 and the
unknown
>segment went away?  Why would it matter either way?


Probably you have not properly configured DHCP on the server. You 
should have subnet declarations for all through subnets 
(xx.xx.xx.177/28, xx.xx.xx.161/28, and cc.cc.cc.1.23) - I suspect you 
don't have a subnet declaration for xx.xx.xx.177/28.

Now, this is not enough because these three subnets are a shared 
network - so they MUST be declared as such :

shared-network somename {
   subnet xx.xx.xx.177 ... {
     ...
   }
   subnet xx.xx.xx.161 ... {
     ...
   }
   subnet cc.cc.cc.1 ... {
     ...
   }
}

I would guess that you have a subnet declaration for cc.cc.cc.1/23 
but not for the others. When xx.xx.xx.177 is the primary address for 
the interface, that is what the router will insert into the GIAddr 
(Gateway Interface Address) field of the request packet before 
sending it on to the server. Because the server hasn't been told 
about that subnet, it tells you "unknown segment" for the simple 
reason that it knows nothing about it.

When you switched the primary address to cc.cc.cc.1, then the server 
does know about the segment and "appears" to work.


Assuming you don't want to give out leases in the other subnets, then 
just leave the declarations empty (ie don't define a pool in them).


Lastly, check the archives, because applying "ip helper-address" in a 
Cisco router turns on forwarding of about half a dozen other 
protocols which you almost certainly don't want forwarding. You need 
a pile additional statements (which I can't remember) to turn off the 
forwarding of the other broadcast protocols.



More information about the dhcp-users mailing list