Client not sending DHCPREQUEST after offer.

Joseph Bernard jhb at clemson.edu
Wed Apr 2 13:53:08 UTC 2014


The issue with IP Source Guard is with older code on IOS switches.  The Nexus doesn't have the same issue that I know of.  I would also suggest using Wireshark as it has been instrumental in troubleshooting my issues with PXE booting in the past.  I have an interesting setup where I use VMware Fusion and USB ethernet adapters and give each VM its own real NIC.  This should also work with VMware Workstation and possibly Player.  It allows me to watch the traffic without having to install Wireshark on the guest VM or have to make a span session on the switch.

Thanks,
Joseph B.

On Apr 2, 2014, at 9:32 AM, Jim Glassford <jmglass at iup.edu<mailto:jmglass at iup.edu>>
 wrote:

Hi Ritual,

It would have to be enabled, by default, IP Source Guard is disabled on all interfaces.
Would have in the running-config on interface setup:  'ip verify source dhcp-snooping'
Check your logs on the n5k, see if any logs for dhcp-snooping blocks if it is enabled. Not sure it is logged, we do not use on our n5k, only have three in controlled data center so not that much experience.

~IP Source Guard
<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter10.html#con_1097286><http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter10.html#con_1097286>

~dhcp snooping;
<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter8.html><http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter8.html>

Not that related, (shows the dhcp-snooping/ip source guard is good to check), had HP switches that broke PXE booting due to firmware problems years ago. To work around disabled dhcp-snooping on HP switches until firmware fix released on HP model with the problem. Also if separate PXE server on a different port than the dhcp server, have to allow both the dhcp server port and PXE server port as trusted. Only matters if using dhcp-snooping and have two servers on different ports.

Might be best to Wireshark sniff the wire on each side to see where the break down is occurring after checking above.

best!
jim




On 4/2/2014 5:55 AM, ritul guru (riguru) wrote:
How can I check if IP source guard is enabled for a port on switch?

From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of ritul guru (riguru)
Sent: Wednesday, April 02, 2014 2:31 PM
To: Users of ISC DHCP
Subject: RE: Client not sending DHCPREQUEST after offer.

I am not sure, but I am able to do legacy boot on same client port (switch N5k).
So this should not be a concern.


Regards,
Ritul

From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of Joseph Bernard
Sent: Sunday, March 30, 2014 4:55 AM
To: Users of ISC DHCP
Subject: Re: Client not sending DHCPREQUEST after offer.

Is the client on a port using IP Source Guard by any chance?

Thanks,
Joseph B.

On Mar 29, 2014, at 3:26 PM, "ritul guru (riguru)" <riguru at cisco.com<mailto:riguru at cisco.com>>
 wrote:

Hi,
I am facing similar problem while trying to boot to uefi rhel6.5 OS through uefi pxe boot.

Pxe client sends DHCPDISCOVER and server is reverting with DHCPOFFER, but this keeps on happening, client is not sending DHCPREQUEST further.

<image001.png>

I tried dumping pxe server on eth2, it looks like pxe client DHCPREQUEST is not reaching the server. What could be the problem?

<image002.png>




Regards,
Ritul

_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/dhcp-users




_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140402/d0d95789/attachment-0001.html>


More information about the dhcp-users mailing list