RE: DHCP Question [7:27380]

2001-11-27 Thread Logan, Harold

The ip helper-address is the right direction. Are there any filters on
the WAN side, either on your router or at the ISP? You need UDP port 67
enabled for your setup to work. As for the ip forward-protocol command,
when you enable the ip helper-address, several protocols get forwarded,
not just dhcp. That can result in unnecessary traffic going across your
WAN cannection, so you can disable other types of traffic using these
commands: 

no ip forward-protocol udp 37
no ip forward-protocol udp 49
no ip forward-protocol udp 53
no ip forward-protocol udp 69
no ip forward-protocol udp 137
no ip forward-protocol udp 138

But it sounds like your biggest obstacle is something blocking your DHCP
traffic on the WAN side. Is this going through a cable provider like
@home or roadrunner? I've had headaches in the past as a result of them
blocking various types of UDP traffic.

Hal Logan
Network Specialist / Adjunct Faculty
Computing and Engineering Technology
Manatee Community College


> -Original Message-
> From: Rashid Lohiya [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 26, 2001 5:14 PM
> To: [EMAIL PROTECTED]
> Subject: DHCP Question [7:27380]
> 
> 
> Hey All,
> 
> I was trying to help a freind get his DHCP working, but got stuck.
> 
> He has a DHCP server set up across the WAN.
> 
> I know that routers drop broadcasts, so I thought I would be 
> able to turn
> the DHCP/UDP broadcasts into unicasts by providing an 
> ip-helper address, on
> the local ethernet pointing to the remote DHCP server, so I 
> did, but this
> did not work.
> 
> Secondly I tried putting on the ip dhcp-server a.b.c.d 
> command, and thought
> maybe this would point incoming traffic towards the DHCP 
> server, but again
> this did not work.
> 
> I even tried doing the old ip forward-protocol udp statement.
> 
> Then when I did a show run, I saw a no ip directed-broadcast 
> statement, on
> the ethernet so I enabled that, but still no difference.
> 
> Pls. Can someone give me a brief nudge in the direction I 
> should be going
> next, or point out where I am going wrong.
> 
> The DHCP server is working OK! I can ping it from the routers 
> and can get
> addresses from the local network.
> 
> The PC's are fine, waiting for an IP Address.
> 
> My brain is tired and any hints would be appreciated.
> 
> Regards,
> 
> Rashid Lohiya
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27462&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



RE: DHCP Question [7:27380]

2001-11-27 Thread K Dwayne Ernsbarger

Directly from CCO...
To forward the initial DHCP requests from the host to the appropriate
DHCP server, you should apply the ip helper-address command to the
interface which is receiving the broadcasts. After the broadcasts are
received, the Cisco IOS looks at the configuration of the ip
helper-address for that interface and forwards those requests in a
unicast packet to the appropriate DHCP server whose IP address is
specified in ip helper-address. After the DHCP server replies with the
IP address, it sends the response to the interface on the router that
originally forwarded the request. This is used as the outbound interface
to send the DHCP server response to the host that originally requested
the service. The router also automatically installs a host route for
this address.
http://www.cisco.com/warp/customer/794/routed_bridged_encap.html

HTH

Dwayne

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Gaz
Sent: Tuesday, November 27, 2001 5:34 AM
To: [EMAIL PROTECTED]
Subject: Re: DHCP Question [7:27380]


Dave said:

"The only reason for this I can fathom is because the DHCP request is no
longer a broadcast it now has the source address of the router interface
that the helper address is setup on and it seems DHCP will take this
into account when dishing out addresses."

That's exactly the assumption I've always made, but I'm not totally
convinced. I'd like to sniff the packet and actually see whether it's
dependant upon the source address or something contained within the
packet. As per usual IF I get chance I'll put a sniffer on.

Anybody know for sure?

Gaz

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> As mentioned in an earier reply..you must have your DHCP Scopes 
> correctly set up
>
> I've found that with NT4/W2k DHCP servers
> that, If for example your DHCP server is set up to dish out addresses 
> in
the
> range of 192.168.1.1 to 100 mask 255.255.255.0 and it receives a 
> request
for
> an address directed from the helper routers interface which has an 
> address of 10.1.1.1 (which means your DHCP clients will be on the same

> network) it will ignore that request. The only reason for this I can 
> fathom is because the DHCP request is no longer a broadcast it now has

> the source address of the router interface that the helper address is 
> setup on and it seems DHCP will take this into account when dishing 
> out addresses.
>
> I've found that if a scope in the 10.1.1.0 range is setup on the 
> server my DHCP clients will recieve an IP address in the correct 10. 
> range with no problem.
>
> I have two scopes on my DHCP server
> 172.16.60.1 - 172.16.61.254 Subnet 255.255.254.0 and 10.222.36.1 
> -10.222.37.254 Subnet 255.255.254.0
>
> my router interface configured to forward DHCP reqests is set up as
follows
> ..
> ip address 10.222.36.2 255.255.254.0
> ip helper-address 155.131.60.40 (MY DHCP SERVER address )
> my DHCP clients never get an address from the wrong range if i disable

> the 10.222.36.0 range my dhcp clients behind the router don't get an 
> address at all ...
>
> Hope this make sense and helps and if i'm talking pants please someone

> put me straight ...
>
> Regards Dave




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27447&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Re: DHCP Question [7:27380]

2001-11-27 Thread Gaz

Dave said:

"The only reason for this I can fathom is because the DHCP request is no
longer a broadcast it now has the source address of the router interface
that the helper address is setup on and it seems DHCP will take this into
account when dishing out addresses."

That's exactly the assumption I've always made, but I'm not totally
convinced. I'd like to sniff the packet and actually see whether it's
dependant upon the source address or something contained within the packet.
As per usual IF I get chance I'll put a sniffer on.

Anybody know for sure?

Gaz

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> As mentioned in an earier reply..you must have your DHCP Scopes correctly
> set up
>
> I've found that with NT4/W2k DHCP servers
> that, If for example your DHCP server is set up to dish out addresses in
the
> range of 192.168.1.1 to 100 mask 255.255.255.0 and it receives a request
for
> an address directed from the helper routers interface which has an address
> of 10.1.1.1 (which means your DHCP clients will be on the same network) it
> will ignore that request.
> The only reason for this I can fathom is because the DHCP request is no
> longer a broadcast it now has the source address of the router interface
> that the helper address is setup on and it seems DHCP will take this into
> account when dishing out addresses.
>
> I've found that if a scope in the 10.1.1.0 range is setup on the server my
> DHCP clients will recieve an IP address in the correct 10. range with no
> problem.
>
> I have two scopes on my DHCP server
> 172.16.60.1 - 172.16.61.254 Subnet 255.255.254.0 and 10.222.36.1
> -10.222.37.254 Subnet 255.255.254.0
>
> my router interface configured to forward DHCP reqests is set up as
follows
> ..
> ip address 10.222.36.2 255.255.254.0
> ip helper-address 155.131.60.40 (MY DHCP SERVER address )
> my DHCP clients never get an address from the wrong range if i disable the
> 10.222.36.0 range
> my dhcp clients behind the router don't get an address at all ...
>
> Hope this make sense and helps and if i'm talking pants please someone put
> me straight
> ...
>
> Regards Dave




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27441&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



RE: DHCP Question [7:27380]

2001-11-27 Thread [EMAIL PROTECTED]

As mentioned in an earier reply..you must have your DHCP Scopes correctly
set up

I've found that with NT4/W2k DHCP servers 
that, If for example your DHCP server is set up to dish out addresses in the
range of 192.168.1.1 to 100 mask 255.255.255.0 and it receives a request for
an address directed from the helper routers interface which has an address
of 10.1.1.1 (which means your DHCP clients will be on the same network) it
will ignore that request.
The only reason for this I can fathom is because the DHCP request is no
longer a broadcast it now has the source address of the router interface
that the helper address is setup on and it seems DHCP will take this into
account when dishing out addresses.

I've found that if a scope in the 10.1.1.0 range is setup on the server my
DHCP clients will recieve an IP address in the correct 10. range with no
problem.

I have two scopes on my DHCP server 
172.16.60.1 - 172.16.61.254 Subnet 255.255.254.0 and 10.222.36.1
-10.222.37.254 Subnet 255.255.254.0

my router interface configured to forward DHCP reqests is set up as follows
..
ip address 10.222.36.2 255.255.254.0
ip helper-address 155.131.60.40 (MY DHCP SERVER address )
my DHCP clients never get an address from the wrong range if i disable the
10.222.36.0 range
my dhcp clients behind the router don't get an address at all ...

Hope this make sense and helps and if i'm talking pants please someone put
me straight
...

Regards Dave




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27440&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Re: DHCP Question [7:27380]

2001-11-26 Thread Priscilla Oppenheimer

At 05:14 PM 11/26/01, Rashid Lohiya wrote:
>Hey All,
>
>I was trying to help a freind get his DHCP working, but got stuck.
>
>He has a DHCP server set up across the WAN.

What kind of WAN? Frame, ISDN, leased line, etc.? Who is the service 
provider? Is it a VPN? It should work, but maybe there's something weird 
about the WAN. For example ISDN with PPP does its own IP address negotiation.


>I know that routers drop broadcasts, so I thought I would be able to turn
>the DHCP/UDP broadcasts into unicasts by providing an ip-helper address, on
>the local ethernet pointing to the remote DHCP server, so I did, but this
>did not work.

This should work. Make sure you have a scope set up on the DHCP server for 
the local Ethernet subnet.


>Secondly I tried putting on the ip dhcp-server a.b.c.d command, and thought
>maybe this would point incoming traffic towards the DHCP server, but again
>this did not work.

This shouldn't be necessary.


>I even tried doing the old ip forward-protocol udp statement.

This shouldn't be necessary. By default, the helper address forwards a 
bunch of UDP packets, including DHCP. The ip forward-protocol command is 
used (with no) to get it not to forward ones you don't want.


>Then when I did a show run, I saw a no ip directed-broadcast statement, on
>the ethernet so I enabled that, but still no difference.

That won't help and does represent a minor security problem. (It lets 
hackers send directed broadcasts, for example, to ping your entire subnet.)


>Pls. Can someone give me a brief nudge in the direction I should be going
>next, or point out where I am going wrong.

We can't look into our crystal balls and psychically determine a solution 
to your problem. ;-) But with more info, we can hazard some guesses.


>The DHCP server is working OK! I can ping it from the routers and can get
>addresses from the local network.

Make sure you can ping it from the Ethernet subnet. If you use extended 
ping you can make sure that the source IP address is the router's address 
on its Ethernet interface.


>The PC's are fine, waiting for an IP Address.
>
>My brain is tired and any hints would be appreciated.
>
>Regards,
>
>Rashid Lohiya
>[EMAIL PROTECTED]


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27391&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Re: DHCP Question [7:27380]

2001-11-26 Thread Gaz

Can't think of much that would stop it either as long as you have a scope
set up for the interface which you put the ip helper address on.

Gaz


""Michael Williams""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Try the IP Helper again.  That should work for you.  I can't think of any
> reason why the IP Helper shouldn't work.
>
> Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27384&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



RE: DHCP Question [7:27380]

2001-11-26 Thread Michael Williams

Try the IP Helper again.  That should work for you.  I can't think of any
reason why the IP Helper shouldn't work.

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27382&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



DHCP Question [7:27380]

2001-11-26 Thread Rashid Lohiya

Hey All,

I was trying to help a freind get his DHCP working, but got stuck.

He has a DHCP server set up across the WAN.

I know that routers drop broadcasts, so I thought I would be able to turn
the DHCP/UDP broadcasts into unicasts by providing an ip-helper address, on
the local ethernet pointing to the remote DHCP server, so I did, but this
did not work.

Secondly I tried putting on the ip dhcp-server a.b.c.d command, and thought
maybe this would point incoming traffic towards the DHCP server, but again
this did not work.

I even tried doing the old ip forward-protocol udp statement.

Then when I did a show run, I saw a no ip directed-broadcast statement, on
the ethernet so I enabled that, but still no difference.

Pls. Can someone give me a brief nudge in the direction I should be going
next, or point out where I am going wrong.

The DHCP server is working OK! I can ping it from the routers and can get
addresses from the local network.

The PC's are fine, waiting for an IP Address.

My brain is tired and any hints would be appreciated.

Regards,

Rashid Lohiya
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27380&t=27380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]