Wired Intelligent Edge (Campus Switching and Routing)

Reply
Occasional Contributor I

Issues with DHCP relay

Good day,

 

We have a client with a setup where they have multiple DHCP scopes all being assigned from a single Windows server. 

 

They have a 3810M as their core switch that has DHCP relay configured. Any switch that is directly connected to that 3810M relays fine, APs and clients get addresses correctly.

 

However, if you are more than one switch hop from the relaying switch then devices connected to that switch will not get addresses.

 

I am still pretty new to networking so I'm sure I've missed something simple. If anyone is able to assist it would be greatly appreciated. I can request a copy of the switches config from the client if it's needed. 

MVP Guru

Re: Issues with DHCP relay

Could it be that you configured DHCP snooping on one or more of your switches? The DHCP snooping feature is enforcing that DHCP responses are coming from an authorized DHCP server and/or from an authorized (uplink) port. If you just enable snooping, it will block DHCP through a switch.

 

Here is another post on this topic.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor I

Re: Issues with DHCP relay


@Herman Robers wrote:

Could it be that you configured DHCP snooping on one or more of your switches? The DHCP snooping feature is enforcing that DHCP responses are coming from an authorized DHCP server and/or from an authorized (uplink) port. If you just enable snooping, it will block DHCP through a switch.

 

Here is another post on this topic.


Hi Herman, thank you for the information. I think it's unlikely, but not impossible. Let me confirm with the tech onsite and see if it has been configured.

 

Have we followed the correct procedure for configuring DHCP relay? We have a single core switch which has IPs in each VLAN that it will be relaying for. We then configured the IP helper-address for each VLAN. Is there any configuration that we need to do on the access switches? All I have done is tag the VLANs on the switch to switch links, with one VLAN that we want to get DHCP in being untagged on the edge port.

Highlighted
MVP Guru

Re: Issues with DHCP relay

The dhcp-relay/ip-helper has to be on the L3 interface on each VLAN. From your description that is on the core (which is quite common).

 

If the switches are just L2 passing traffic to the core, there does not need to be any configuration for DHCP/relay there. IF you configured the dhcp-snooping, which is good to prevent users on the access ports to become a spoofed dhcp server, only then then you need to configure dhcp-snooping with the right uplinks/VLANs/valid dhcp servers.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor I

Re: Issues with DHCP relay


@Herman Robers wrote:

The dhcp-relay/ip-helper has to be on the L3 interface on each VLAN. From your description that is on the core (which is quite common).

 

If the switches are just L2 passing traffic to the core, there does not need to be any configuration for DHCP/relay there. IF you configured the dhcp-snooping, which is good to prevent users on the access ports to become a spoofed dhcp server, only then then you need to configure dhcp-snooping with the right uplinks/VLANs/valid dhcp servers.


Hi Herman, thanks for your response, that makes sense. I'll speak with the tech onsite tomorrow morning and verify that we haven't accidentally configured DHCP snooping anywhere.

Occasional Contributor I

Re: Issues with DHCP relay


@ciaran wrote:

@Herman Robers wrote:

The dhcp-relay/ip-helper has to be on the L3 interface on each VLAN. From your description that is on the core (which is quite common).

 

If the switches are just L2 passing traffic to the core, there does not need to be any configuration for DHCP/relay there. IF you configured the dhcp-snooping, which is good to prevent users on the access ports to become a spoofed dhcp server, only then then you need to configure dhcp-snooping with the right uplinks/VLANs/valid dhcp servers.


Hi Herman, thanks for your response, that makes sense. I'll speak with the tech onsite tomorrow morning and verify that we haven't accidentally configured DHCP snooping anywhere.


Hi Herman, We have verified that DHCP snooping is not enabled. Do you have an idea of anything else we could try?

MVP Guru

Re: Issues with DHCP relay

What I would do in such a case is start capturing the traffic. Does the DHCP request reach the DHCP server? Does the DHCP server respond? Then from there narrow down where the packets are lost.

 

Also, try with a static IP to rule out that your VLAN may not be connected on your uplinks and the issue is a generic connectivity issue. Does the same client connected directly to the core work?

 

A L2 switch (VLAN) should in general should be transparent and not blocking (except for security features like RA-guard/dhcp-snooping/private-vlan/port-acl).

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: