RE: DHCP Question [7:27380]
The ip helper-address is the right direction. Are there any filters on the WAN side, either on your router or at the ISP? You need UDP port 67 enabled for your setup to work. As for the ip forward-protocol command, when you enable the ip helper-address, several protocols get forwarded, not just dhcp. That can result in unnecessary traffic going across your WAN cannection, so you can disable other types of traffic using these commands: no ip forward-protocol udp 37 no ip forward-protocol udp 49 no ip forward-protocol udp 53 no ip forward-protocol udp 69 no ip forward-protocol udp 137 no ip forward-protocol udp 138 But it sounds like your biggest obstacle is something blocking your DHCP traffic on the WAN side. Is this going through a cable provider like @home or roadrunner? I've had headaches in the past as a result of them blocking various types of UDP traffic. Hal Logan Network Specialist / Adjunct Faculty Computing and Engineering Technology Manatee Community College > -Original Message- > From: Rashid Lohiya [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 26, 2001 5:14 PM > To: [EMAIL PROTECTED] > Subject: DHCP Question [7:27380] > > > Hey All, > > I was trying to help a freind get his DHCP working, but got stuck. > > He has a DHCP server set up across the WAN. > > I know that routers drop broadcasts, so I thought I would be > able to turn > the DHCP/UDP broadcasts into unicasts by providing an > ip-helper address, on > the local ethernet pointing to the remote DHCP server, so I > did, but this > did not work. > > Secondly I tried putting on the ip dhcp-server a.b.c.d > command, and thought > maybe this would point incoming traffic towards the DHCP > server, but again > this did not work. > > I even tried doing the old ip forward-protocol udp statement. > > Then when I did a show run, I saw a no ip directed-broadcast > statement, on > the ethernet so I enabled that, but still no difference. > > Pls. Can someone give me a brief nudge in the direction I > should be going > next, or point out where I am going wrong. > > The DHCP server is working OK! I can ping it from the routers > and can get > addresses from the local network. > > The PC's are fine, waiting for an IP Address. > > My brain is tired and any hints would be appreciated. > > Regards, > > Rashid Lohiya > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27462&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP Question [7:27380]
Directly from CCO... To forward the initial DHCP requests from the host to the appropriate DHCP server, you should apply the ip helper-address command to the interface which is receiving the broadcasts. After the broadcasts are received, the Cisco IOS looks at the configuration of the ip helper-address for that interface and forwards those requests in a unicast packet to the appropriate DHCP server whose IP address is specified in ip helper-address. After the DHCP server replies with the IP address, it sends the response to the interface on the router that originally forwarded the request. This is used as the outbound interface to send the DHCP server response to the host that originally requested the service. The router also automatically installs a host route for this address. http://www.cisco.com/warp/customer/794/routed_bridged_encap.html HTH Dwayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gaz Sent: Tuesday, November 27, 2001 5:34 AM To: [EMAIL PROTECTED] Subject: Re: DHCP Question [7:27380] Dave said: "The only reason for this I can fathom is because the DHCP request is no longer a broadcast it now has the source address of the router interface that the helper address is setup on and it seems DHCP will take this into account when dishing out addresses." That's exactly the assumption I've always made, but I'm not totally convinced. I'd like to sniff the packet and actually see whether it's dependant upon the source address or something contained within the packet. As per usual IF I get chance I'll put a sniffer on. Anybody know for sure? Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > As mentioned in an earier reply..you must have your DHCP Scopes > correctly set up > > I've found that with NT4/W2k DHCP servers > that, If for example your DHCP server is set up to dish out addresses > in the > range of 192.168.1.1 to 100 mask 255.255.255.0 and it receives a > request for > an address directed from the helper routers interface which has an > address of 10.1.1.1 (which means your DHCP clients will be on the same > network) it will ignore that request. The only reason for this I can > fathom is because the DHCP request is no longer a broadcast it now has > the source address of the router interface that the helper address is > setup on and it seems DHCP will take this into account when dishing > out addresses. > > I've found that if a scope in the 10.1.1.0 range is setup on the > server my DHCP clients will recieve an IP address in the correct 10. > range with no problem. > > I have two scopes on my DHCP server > 172.16.60.1 - 172.16.61.254 Subnet 255.255.254.0 and 10.222.36.1 > -10.222.37.254 Subnet 255.255.254.0 > > my router interface configured to forward DHCP reqests is set up as follows > .. > ip address 10.222.36.2 255.255.254.0 > ip helper-address 155.131.60.40 (MY DHCP SERVER address ) > my DHCP clients never get an address from the wrong range if i disable > the 10.222.36.0 range my dhcp clients behind the router don't get an > address at all ... > > Hope this make sense and helps and if i'm talking pants please someone > put me straight ... > > Regards Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27447&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP Question [7:27380]
Dave said: "The only reason for this I can fathom is because the DHCP request is no longer a broadcast it now has the source address of the router interface that the helper address is setup on and it seems DHCP will take this into account when dishing out addresses." That's exactly the assumption I've always made, but I'm not totally convinced. I'd like to sniff the packet and actually see whether it's dependant upon the source address or something contained within the packet. As per usual IF I get chance I'll put a sniffer on. Anybody know for sure? Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > As mentioned in an earier reply..you must have your DHCP Scopes correctly > set up > > I've found that with NT4/W2k DHCP servers > that, If for example your DHCP server is set up to dish out addresses in the > range of 192.168.1.1 to 100 mask 255.255.255.0 and it receives a request for > an address directed from the helper routers interface which has an address > of 10.1.1.1 (which means your DHCP clients will be on the same network) it > will ignore that request. > The only reason for this I can fathom is because the DHCP request is no > longer a broadcast it now has the source address of the router interface > that the helper address is setup on and it seems DHCP will take this into > account when dishing out addresses. > > I've found that if a scope in the 10.1.1.0 range is setup on the server my > DHCP clients will recieve an IP address in the correct 10. range with no > problem. > > I have two scopes on my DHCP server > 172.16.60.1 - 172.16.61.254 Subnet 255.255.254.0 and 10.222.36.1 > -10.222.37.254 Subnet 255.255.254.0 > > my router interface configured to forward DHCP reqests is set up as follows > .. > ip address 10.222.36.2 255.255.254.0 > ip helper-address 155.131.60.40 (MY DHCP SERVER address ) > my DHCP clients never get an address from the wrong range if i disable the > 10.222.36.0 range > my dhcp clients behind the router don't get an address at all ... > > Hope this make sense and helps and if i'm talking pants please someone put > me straight > ... > > Regards Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27441&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP Question [7:27380]
As mentioned in an earier reply..you must have your DHCP Scopes correctly set up I've found that with NT4/W2k DHCP servers that, If for example your DHCP server is set up to dish out addresses in the range of 192.168.1.1 to 100 mask 255.255.255.0 and it receives a request for an address directed from the helper routers interface which has an address of 10.1.1.1 (which means your DHCP clients will be on the same network) it will ignore that request. The only reason for this I can fathom is because the DHCP request is no longer a broadcast it now has the source address of the router interface that the helper address is setup on and it seems DHCP will take this into account when dishing out addresses. I've found that if a scope in the 10.1.1.0 range is setup on the server my DHCP clients will recieve an IP address in the correct 10. range with no problem. I have two scopes on my DHCP server 172.16.60.1 - 172.16.61.254 Subnet 255.255.254.0 and 10.222.36.1 -10.222.37.254 Subnet 255.255.254.0 my router interface configured to forward DHCP reqests is set up as follows .. ip address 10.222.36.2 255.255.254.0 ip helper-address 155.131.60.40 (MY DHCP SERVER address ) my DHCP clients never get an address from the wrong range if i disable the 10.222.36.0 range my dhcp clients behind the router don't get an address at all ... Hope this make sense and helps and if i'm talking pants please someone put me straight ... Regards Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27440&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP Question [7:27380]
At 05:14 PM 11/26/01, Rashid Lohiya wrote: >Hey All, > >I was trying to help a freind get his DHCP working, but got stuck. > >He has a DHCP server set up across the WAN. What kind of WAN? Frame, ISDN, leased line, etc.? Who is the service provider? Is it a VPN? It should work, but maybe there's something weird about the WAN. For example ISDN with PPP does its own IP address negotiation. >I know that routers drop broadcasts, so I thought I would be able to turn >the DHCP/UDP broadcasts into unicasts by providing an ip-helper address, on >the local ethernet pointing to the remote DHCP server, so I did, but this >did not work. This should work. Make sure you have a scope set up on the DHCP server for the local Ethernet subnet. >Secondly I tried putting on the ip dhcp-server a.b.c.d command, and thought >maybe this would point incoming traffic towards the DHCP server, but again >this did not work. This shouldn't be necessary. >I even tried doing the old ip forward-protocol udp statement. This shouldn't be necessary. By default, the helper address forwards a bunch of UDP packets, including DHCP. The ip forward-protocol command is used (with no) to get it not to forward ones you don't want. >Then when I did a show run, I saw a no ip directed-broadcast statement, on >the ethernet so I enabled that, but still no difference. That won't help and does represent a minor security problem. (It lets hackers send directed broadcasts, for example, to ping your entire subnet.) >Pls. Can someone give me a brief nudge in the direction I should be going >next, or point out where I am going wrong. We can't look into our crystal balls and psychically determine a solution to your problem. ;-) But with more info, we can hazard some guesses. >The DHCP server is working OK! I can ping it from the routers and can get >addresses from the local network. Make sure you can ping it from the Ethernet subnet. If you use extended ping you can make sure that the source IP address is the router's address on its Ethernet interface. >The PC's are fine, waiting for an IP Address. > >My brain is tired and any hints would be appreciated. > >Regards, > >Rashid Lohiya >[EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27391&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP Question [7:27380]
Can't think of much that would stop it either as long as you have a scope set up for the interface which you put the ip helper address on. Gaz ""Michael Williams"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Try the IP Helper again. That should work for you. I can't think of any > reason why the IP Helper shouldn't work. > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27384&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP Question [7:27380]
Try the IP Helper again. That should work for you. I can't think of any reason why the IP Helper shouldn't work. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27382&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DHCP Question [7:27380]
Hey All, I was trying to help a freind get his DHCP working, but got stuck. He has a DHCP server set up across the WAN. I know that routers drop broadcasts, so I thought I would be able to turn the DHCP/UDP broadcasts into unicasts by providing an ip-helper address, on the local ethernet pointing to the remote DHCP server, so I did, but this did not work. Secondly I tried putting on the ip dhcp-server a.b.c.d command, and thought maybe this would point incoming traffic towards the DHCP server, but again this did not work. I even tried doing the old ip forward-protocol udp statement. Then when I did a show run, I saw a no ip directed-broadcast statement, on the ethernet so I enabled that, but still no difference. Pls. Can someone give me a brief nudge in the direction I should be going next, or point out where I am going wrong. The DHCP server is working OK! I can ping it from the routers and can get addresses from the local network. The PC's are fine, waiting for an IP Address. My brain is tired and any hints would be appreciated. Regards, Rashid Lohiya [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27380&t=27380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]