Announcement

Collapse
No announcement yet.

DHCP Mystery

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DHCP Mystery

    Hallo!
    we have a problem...
    in a specific v-lan scope our dhcp is not leasing any addresses.
    (with static ip address all works fine)
    in other V-lans the dhcp works fine...
    all the configurations are correct' and firewall roles are valid and correct...
    we do not have a clue what went wrong here.

    i Would appreciate any help!
    Thanks!

  • #2
    Re: DHCP Mystery

    Do you have a dhcp relay agent setup, or Ip Helper which forwards requests from clients on the vlan to the dhcp server?
    Please remember to award reputation points if you have received good advice.
    I do tend to think 'outside the box' so others may not always share the same views.

    MCITP -W7,
    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

    Comment


    • #3
      Re: DHCP Mystery

      Is the DHCP server in the same subnet as the VLan?
      If not, do you have a DHCP relay agent in place?
      Has it ever worked?
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: DHCP Mystery

        as far as i know, and its not much.., we need to use the relay agent in case of 2 different networks.. there is a PrtScn of the dhcp if it will help...
        Attached Files

        Comment


        • #5
          Re: DHCP Mystery

          and one more thing, some clients in the scope are getting address! and some not...

          Comment


          • #6
            Re: DHCP Mystery

            Can you clarify your first and most recent post

            In the problem VLAN, are any clients getting IPs or not - in your first post you say not, then you say "some clients" are getting addresses

            Are there problems in any other VLANs?

            Do you have enough free leases?
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: DHCP Mystery

              im sorry for the disinformation.
              the thing is that some clients do work but we not sure if its the 8 days lease - in other words, if we release the address i cant be sure it will be posible to renew..
              it is important that the clients will continue to work, so i cant try release/renew.
              the problem is on a specific VLAN. we did a test and we changed the interface of a switch port from one Vlan to another ant BOOM we got dhcp address..

              we did migrate from FG firewall to CP.. with CP experts that told us "all configured properly"

              the FW is our DHCP relay agent
              maybe somthing to check there ?

              Ps
              sorry for my spelling issues

              Comment


              • #8
                Re: DHCP Mystery

                Can you please review the various questions you have been asked and make sure they are all answered?

                Can you also post an IPConfig from a problem computer and from one that is OK?
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: DHCP Mystery

                  Originally posted by ido hamdi View Post
                  all the configurations are correct' and firewall roles are valid and correct...
                  Well, if all the devices involved were configured correctly, your setup should work. Since it doesn't, something is obviously misconfigured or broken.

                  When you say "some clients in the scope get addresses", do you mean to say that some clients in the problem VLAN are in fact getting IP addresses in the correct scope for that VLAN, while others don't? If so, what do the working client systems have in common? Same hardware, same OS, same physical location, same uplink switch, or something else entirely?

                  If I understand you correctly, you have confirmed that the layer 2/3 setup is working by configuring clients with static IP addresses. If that is the case, no further troubleshooting of network cabling, VLAN memberships, trunk definitions or IP routing is necessary.

                  If on the other hand clients with static IP addresses are having issues as well, you should run a simple ping/arp test against the gateway IP. If that fails, the problem lies with the VLAN setup (wrong VLAN number, trunk not allowing the VLAN in question, missing VLAN definition on a switch somewhere between the client and the gateway) or there's a physical problem (bad cable, defective switch port).

                  Assuming the layer 2 connections are working and IP routing is properly configured, check that the firewall rule allows incoming UDP packets (broadcasts from from 0.0.0.0 to 255.255.255.255) from UDP port 68 to UDP port 67 on the (VLAN) interface in question.

                  A common mistake is to create a rule that allows traffic from the IP network in that VLAN instead of the interface or the IP address "0.0.0.0". Allowing the IP network won't work, since a DHCP client that's just come online by definition doesn't have an IP address, and therefore belongs to no network or subnet. Also, make sure nothing's preventing the firewall from sending broadcast replies (to 255.255.255.255) to these requests.

                  Next, verify that the DHCP Relay Agent is configured to forward the requests to the IP address of the DHCP server, and that the firewall allows both outbound traffic from the Relay Agent, and the inbound unicast replies that will come from the DHCP server.

                  On some Relay Agents you can specify what the source IP address of the relayed packets should be. Make sure the address matches the firewall rule(s), and that packets from the DHCP server to that address will be routed properly.

                  If you have a packet sniffing tool (like Wireshark) on either the server or a client PC, you should be able to verify connectivity pretty easily. On the server, you should see unicast packets from and to the IP address of the firewall (the Relay Agent), while the client should be transmitting DHCP Discover messages and receiving DHCP Offers from the Relay Agent/gateway.

                  It may be possible to inspect network traffic on the switches or the firewall as well, but I'd have to know the make/model of these devices to be more specific.

                  Comment

                  Working...
                  X