Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: Re: thnaks RE: [ActiveDir] DHCP in ACtve directory
Prev Next
You are not authorized to post a reply.

AuthorMessages
sbdcunhaUser is Offline

Posts:52

05/26/2010 6:54 AM  
Dear Chris


> That looks absolutely fine, the ip helper-address is defined exactly as it
> should be.
>
> Is IPv6 enabled on the requesting client?
>
IPv6 not enabled on client

> Are you able to monitor traffic flow through the switch? For client-side
> and
> server-side traffic you might consider installing WireShark.
>
> DHCP requests can be captured by monitoring data sent to 255.255.255.255
> on
> the client subnet. I have a script that can generate and send DHCP
> Discover
> requests if that helps at all:
>
> http://www.indented.co.uk/index.php/2010/02/17/dhcp-discovery/
>
> DHCPLoc will do much the same thing. Either of those may make it a bit
> easier to monitor requests and responses on the client-side.
>

I download the DHPLOC utility and when I run it nothing happens but
pressing any key will give me options D==> discover q==> quit h==> help
but on pressing d nothin happens and q works
I tried the same on one client pc which is on the same vlan as the dhcp
server and on pressing d shows OFFER(IP) client pc IP (S) DHCP server IP


> For the server-side it should be Unicast so you would have to watch either
> the switch or the server. It's most likely that the request is not being
> passed at all.
>
you are right I guess i feel that the request is not being passed by the
switch i jus dig on more about dhcp snooping since when I checked the
(show ip dhcp snooping):

there is no option as snooping

probably I guess the IOS needs to be upgraded. i will check on that.
also if you could share some more ideas on troubleshooting this stuff i
would highly apprecite


regards

simon

> You might take a look at DHCP snooping, I believe it's disabled by
> default,
> but you should check that really is the case (show ip dhcp snooping):
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/snoodhcp.html#wp1074087
>
> Chris
>
> 2010/5/25 Benedict simon <simon@kmun.gov.kw>
>
>> Dear Chris,
>>
>> Thanks for your quick reply
>> Actually i did not know how to check the IP helper if its working
>> but what i did is
>>
>> I open my DHCP console and started the client in vlan11 and opened the
>> under scope==>address leases window and I see that nothing gets
>> dispalyed
>> I also logged on to the AD succesfully which is also acts as my DHCP
>> server but no address or any dhcp activity can be seen in the scope==>
>> address leases window
>>
>> there is no firewall between the 2 vlans
>>
>> just for your information paste the vlan configs on my MFSC
>>
>> interface Vlan10
>> description computer-room
>> ip address 172.16.2.254 255.255.255.0 secondary
>> ip address 10.1.1.3 255.255.255.0
>> no ip redirects
>> no ip unreachables
>> no ip proxy-arp
>> bridge-group 5
>>
>> As you see the Vlan in which my win2003 AD/DHCP server reside has dual
>> ip
>> also note that i am able to log on to the AD server from any vlan with
>> static IP as it is currently now
>>
>> interface Vlan11
>> description infocenter-network
>> ip address 172.16.11.254 255.255.255.0
>> ip helper-address 172.16.2.228----> ip address of DHCP server
>> no ip redirects
>> no ip unreachables
>> bridge-group 5
>>
>> Is there any thing I could check or any troubleshooting tips
>> would apprecite you help
>> pls do let me know if you would like more details
>>
>>
>> regards
>>
>> simon
>>
>>
>> > Are you able to verify the helper is working? You should see the DHCP
>> > Discover packet arrive at your DHCP server with the GIADDR field
>> filled
>> in
>> > with the relay IP.
>> >
>> > Is there firewalling between thw two VLANs?
>> >
>> > Chris
>> >
>> > 2010/5/24 Benedict simon <simon@kmun.gov.kw>
>> >
>> >>
>> >>
>> >> Thanks guys for your quick reply
>> >> really apprecite
>> >>
>> >> but I already had ip helper-address in Vlan 11 and it was not working
>> so
>> >> i
>> >> added it to vlan 10 but it wasthe same problem.
>> >>
>> >> am i missing something or is there anyother thing to be done or any
>> >> checks
>> >> I should carry out to debug
>> >>
>> >> regards
>> >>
>> >> simon
>> >>
>> >> > 172.16.11.x does not need to be in a super scope. It will work just
>> >> fine
>> >> > as a separate scope in the DHCP server.
>> >> >
>> >> >
>> >> > Todd Lemmiksoo
>> >> >
>> >> >
>> >> >
>> >> > ________________________________
>> >> >
>> >> > From: activedir-owner@mail.activedir.org
>> >> > [mailto:activedir-owner@mail.activedir.org] On Behalf Of Chris Dent
>> >> > Sent: Monday, May 24, 2010 3:25 PM
>> >> > To: activedir@mail.activedir.org
>> >> > Subject: Re: [ActiveDir] DHCP in ACtve directory
>> >> >
>> >> >
>> >> >
>> >> > The 172.16.11.x scope must be part of a Super Scope (this doesn't
>> >> exist
>> >> > by default, but can be very easily created).
>> >> >
>> >> > A DHCP relay (IP Helper) should be configured on VLAN 11 to relay
>> >> > requests for that range to the DHCP server.
>> >> >
>> >> > The IP Helper on VLAN 10 is not necessary, the DHCP server is in
>> the
>> >> > same Broadcast Domain (IP Subnet).
>> >> >
>> >> > HTH
>> >> >
>> >> > Chris
>> >> >
>> >> >
>> >> > 2010/5/24 Benedict simon <simon@kmun.gov.kw>
>> >> >
>> >> >
>> >> >
>> >> > Dear All,
>> >> >
>> >> > I am sorry for this post down here but i do hope n trust that
>> >> > there are
>> >> > guys out there who gonna help me me their wise reply
>> >> >
>> >> > I have the below setup
>> >> >
>> >> > 6502 Core switch with MSFC and Giga fibre modules
>> >> > 10 cisco 2950 switches each on separate vlan
>> >> > vlan 10 to vlan 19
>> >> > usng right now static Ips and working fne
>> >> >
>> >> > Now recently I have installed on my windows 2003 AD server a
>> >> > DHCP role on
>> >> > the server the server is in vlan 10 and vlan 10 is
>> 172.16.10.x
>> >> > network
>> >> > respectively vlan11 is 172.16.11.x network and so on for
>> other
>> >> > vlans
>> >> >
>> >> > to start with I have on my DHCP server a scope defined for
>> >> > 172.16.10.x
>> >> > network and also for 172.16.11.x network but see that the
>> >> > clients in vlan
>> >> > 10 gets IPs for DHCP server but the clients in VLAN 11 do not
>> >> >
>> >> > on the MSFC I have for Vlan 10 interface the ip helper
>> command
>> >> > stating the
>> >> > ip address of the dhcp server and also done the same for vlan
>> 11
>> >> >
>> >> > I was googling ar but yielded no much help
>> >> >
>> >> > I really would apprecite your help as to where and what could
>> be
>> >> > done
>> >> >
>> >> >
>> >> > Regards
>> >> >
>> >> >
>> >> > simon
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Network ADMIN
>> >> > -------------
>> >> > KUWAIT MUNICIPALITY:
>> >> >
>> >> >
>> >> > --
>> >> > This message has been scanned for viruses and
>> >> > dangerous content by MailScanner, and is
>> >> > believed to be clean.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > This message has been scanned for viruses and
>> >> > dangerous content by MailScanner, and is
>> >> > believed to be clean.
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> Network ADMIN
>> >> -------------
>> >> KUWAIT MUNICIPALITY:
>> >>
>> >>
>> >> --
>> >> This message has been scanned for viruses and
>> >> dangerous content by MailScanner, and is
>> >> believed to be clean.
>> >>
>> >>
>> >>
>> >
>> > --
>> > This message has been scanned for viruses and
>> > dangerous content by MailScanner, and is
>> > believed to be clean.
>> >
>> >
>>
>>
>> --
>> Network ADMIN
>> -------------
>> KUWAIT MUNICIPALITY:
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>


--
Network ADMIN
-------------
KUWAIT MUNICIPALITY:


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > Re: thnaks RE: [ActiveDir] DHCP in ACtve directory



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:32
MembersMembers:0
TotalTotal:32
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use