取消
显示结果 
搜索替代 
您的意思是: 
cancel
14061
查看次数
94
有帮助
11
回复

2012 dhcp relay架設問題

2012 server 配搭Cisco L3 Switch使用
DHCP能看到成功分配IP地址 和 Client的記錄
但Client方面並一直不能取得IP address
是在vlan里使用dhcp功能的
Server port:
interface GigabitEthernet1/0/15
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,1002-1005
switchport mode trunk
Client port :
Switchport Mode Access
Switchport Access Vlan 2
Global:
service dhcp
ip dhcp snooping information option
interface Vlan2
ip address 192.168.10.254 255.255.255.0
ip helper-address 192.168.1.4
曾經嘗試直接在L3 switch設定dhcp pool能成功分配ip到Client
11 条回复11

ilay
VIP
VIP
看不太明白为什么G1/0/15设置为trunk,是虚拟化平台么?
如果是client -Switch-Server这种连接方式,都设置为access端口就好了啊?
此外建议将所有接PC(Client)的接口配置spanning-tree portfast 避免端口进行stp计算,导致dhcp的包超时

Mansur
Spotlight
Spotlight
server port用access 模式吧,你都配置helper-address了,就没必要再trunk了.
你这种配置下,客户端的dhcp discovery报文是能够直接到达dhcp server,而无需SVI的helper-address中继。然后server回包必然只在192.168.1.0/24所在的VLAN,其他vlan收不到dhcp offer所以客户端没地址。
改成access之后,其他vlan都通过中继获取就没问题了

已更改Client:
interface g1/0/4
switchport access vlan 10
switchport mode access
spanning-tree portfast
Server端:
interface GigabitEthernet1/0/6
switchport mode access
end
還是拿不到dhcp server分配出來的IP
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Autoconfiguration IPv4 Address. . : 169.254.25.141
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :

ilay
VIP
VIP
billywai 发表于 2018-7-20 14:06
已更改Client:
interface g1/0/4

server端口需要配置vlan(server默认在vlan1除外。)
如果你是同网段测试,那么只是保证client与server的所属vlan相同。
如果启用dhcp relay ,那么需要在svi上面配置ip helper-address x.x.x.x,启用dhcp 中继,交换机需要能直接和server通信。

gengchunlin 发表于 2018-7-20 14:31
server端口需要配置vlan(server默认在vlan1除外。)
如果你是同网段测试,那么只是保证client与server ...

server是默認網段的
已在vlan 上開了ip address-helper
interface Vlan10
ip address 192.168.10.254 255.255.255.0
ip helper-address 192.168.1.4
no ip redirects
開始debug 發現以下信息
*Mar 2 05:20:45.547: DHCPD: Sending notification of DISCOVER:
*Mar 2 05:20:45.547: DHCPD: htype 1 chaddr 3c52.82ce.059b
*Mar 2 05:20:45.547: DHCPD: remote id 0006e4d3f1894000
*Mar 2 05:20:45.547: DHCPD: circuit id 0004000a0109
*Mar 2 05:20:45.547: DHCPD: interface = Vlan10
*Mar 2 05:20:45.547: DHCPD: class id 4d53465420352e30
*Mar 2 05:20:45.547: DHCPD: out_vlan_id 0
*Mar 2 05:20:45.555: DHCPD: DHCPOFFER notify setup address 192.168.10.2 mask 255.255.255.0
*Mar 2 05:20:45.555
TestCore#: DHCPD: Forwarding reply on numbered intf
*Mar 2 05:20:45.555: DHCPD: there is no pool for 192.168.10.254.
TestCore#
*Mar 2 05:20:49.473: DHCPD: there is no pool for 192.168.10.254.
TestCore#
*Mar 2 05:20:57.912: DHCPD: there is no pool for 192.168.10.254.
TestCore#
*Mar 2 05:21:07.877: DHCPD: checking for expired leases.

ilay
VIP
VIP
billywai 发表于 2018-7-20 14:49
server是默認網段的
已在vlan 上開了ip address-helper

贴一下配置吧
还有dhcp server上有所涉及的网段的dhcp地址池吧?

交換機的配置:
TestCore#sh run
Building configuration...
Current configuration : 6654 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TestCore
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S/z5$/Mo58mtp2t4zjZ2zgUiYT/
enable password 701100
!
!
!
no aaa new-model
switch 1 provision ws-c3750x-24
system mtu routing 1500
ip routing
!
!
ip dhcp snooping vlan 10-20,30-40
ip dhcp snooping
no ip domain-lookup
ip domain-name test.com
!
!
crypto pki trustpoint TP-self-signed-4052303872
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4052303872
revocation-check none
rsakeypair TP-self-signed-4052303872
!
!
crypto pki certificate chain TP-self-signed-4052303872
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303532 33303338 3732301E 170D3933 30333031 30303031
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30353233
30333837 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AABD DA02E234 FFA184A7 2B9F733A BE4D8441 C32CF169 932D73B5 F5317AE8
9C63E061 DEF7A73D 90596ADB A1894025 392CED34 41245B1F BF4A45F4 40D9C434
2C9BEFD4 27284E4E 4196CBCE 3DA3932B A649DE79 DE230B11 650B844E E496A30F
513F5B79 6ED14506 42744493 15C99C92 FCDDDED0 00DA4860 14939D60 BEF70FE7
1F490203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11546573 74436F72 652E7465 73742E63 6F6D301F 0603551D
23041830 16801465 D88C5854 42BC5DF3 E3397AFD 176C396B F29CE530 1D060355
1D0E0416 041465D8 8C585442 BC5DF3E3 397AFD17 6C396BF2 9CE5300D 06092A86
4886F70D 01010405 00038181 008288A8 E277CB47 5F7F4EC6 ADB6FF71 6160D79E
58120012 1BE8E1C7 8C73F14C FB4E6D67 134D0988 37A782B7 3AF5AF30 D3F437A0
3BA612C0 EA49005D C25A1AA3 12B37406 8FBFBF18 AB81DD16 795E5A4D 87BD8FCD
C04C7904 32650D5B F38EC9C5 45AB8404 29A0655A F9D3D1BC CFEAC78A 36E0D0AB
AB20CC8F 0EED7B71 8841445B FD
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet1/0/6 <<<<< Server port 192.168.1.4
switchport mode access
!
interface GigabitEthernet1/0/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,1002-1005
!
interface GigabitEthernet1/0/9 <<<<<<<<<<< Client port
switchport access vlan 10
switchport mode access
spanning-tree portfast
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan10
ip address 192.168.10.254 255.255.255.0
ip helper-address 192.168.1.4
no ip redirects
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.1.4
!
interface Vlan30
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.1.4
!
interface Vlan40
ip address 192.168.40.254 255.255.255.0
ip helper-address 192.168.1.4
!
router ospf 100
router-id 10.10.10.10
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password 28701100
login
line vty 5 15
password 123456789
login
!
end
DHCP Server:
000449nf7mpt5i3gugjdgg.jpg

13nash
Level 8
Level 8
服务器端口写成access模式就可以

13nash 发表于 2018-7-23 13:48
服务器端口写成access模式就可以

已经改access模式了
还是不可以

謝謝大家
經查看後發現原來是DHCP Server方面開啟了NAP導致的

Yanli Sun
Community Manager
Community Manager
billywai 发表于 2018-7-23 16:42
謝謝大家
經查看後發現原來是DHCP Server方面開啟了NAP導致的

感谢楼主分享解决方案,鉴于问题已解决,已为您移除悬赏。
也感谢大家热心解答。
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接