Client not sending DHCPREQUEST after offer.

Jim Glassford jmglass at iup.edu
Wed Apr 2 13:32:12 UTC 2014 

Hi Ritual,

It would have to be enabled, by default, IP Source Guard is disabled on 
all interfaces.
Would have in the running-config on interface setup:  'ip verify source 
dhcp-snooping'
Check your logs on the n5k, see if any logs for dhcp-snooping blocks if 
it is enabled. Not sure it is logged, we do not use on our n5k, only 
have three in controlled data center so not that much experience.

~IP Source Guard
<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter10.html#con_1097286>

~dhcp snooping;
<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter8.html>

Not that related, (shows the dhcp-snooping/ip source guard is good to 
check), had HP switches that broke PXE booting due to firmware problems 
years ago. To work around disabled dhcp-snooping on HP switches until 
firmware fix released on HP model with the problem. Also if separate PXE 
server on a different port than the dhcp server, have to allow both the 
dhcp server port and PXE server port as trusted. Only matters if using 
dhcp-snooping and have two servers on different ports.

Might be best to Wireshark sniff the wire on each side to see where the 
break down is occurring after checking above.

best!
jim




On 4/2/2014 5:55 AM, ritul guru (riguru) wrote:
>
> How can I check if IP source guard is enabled for a port on switch?
>
> *From:*dhcp-users-bounces+riguru=cisco.com at lists.isc.org 
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] *On Behalf 
> Of *ritul guru (riguru)
> *Sent:* Wednesday, April 02, 2014 2:31 PM
> *To:* Users of ISC DHCP
> *Subject:* RE: Client not sending DHCPREQUEST after offer.
>
> I am not sure, but I am able to do legacy boot on same client port 
> (switch N5k).
>
> So this should not be a concern.
>
> Regards,
>
> Ritul
>
> *From:*dhcp-users-bounces+riguru=cisco.com at lists.isc.org 
> <mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org> 
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] *On Behalf 
> Of *Joseph Bernard
> *Sent:* Sunday, March 30, 2014 4:55 AM
> *To:* Users of ISC DHCP
> *Subject:* Re: Client not sending DHCPREQUEST after offer.
>
> Is the client on a port using IP Source Guard by any chance?
>
> Thanks,
>
> Joseph B.
>
> On Mar 29, 2014, at 3:26 PM, "ritul guru (riguru)" <riguru at cisco.com 
> <mailto:riguru at cisco.com>>
>
>  wrote:
>
> Hi,
>
> I am facing similar problem while trying to boot to uefi rhel6.5 OS 
> through uefi pxe boot.
>
> Pxe client sends DHCPDISCOVER and server is reverting with DHCPOFFER, 
> but this keeps on happening, client is not sending DHCPREQUEST further.
>
> <image001.png>
>
> I tried dumping pxe server on eth2, it looks like pxe client 
> DHCPREQUEST is not reaching the server. What could be the problem?
>
> <image002.png>
>
> Regards,
>
> Ritul
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140402/9cad842f/attachment.html>

More information about the dhcp-users mailing list