CommScope RUCKUS Community Forums

eric_iannone_77 · ‎09-25-2019

We have a core ICX-7450 set up as follows:

ve 163 - management
ve 2600 - users

When looking at a capture, we see the source of DHCP requests as x.x.163.1 instead of the ve 2600 ip of x.x.207.254.

The routing table has a static entry for defualt of 0.0.0.0 w/ gateway of x.x.163.2 which is our FW tied to port ve 163.

Looking at a packet capture from the FW, we see the discover sourced from x.x.163.1 but the offer shows sourced from x.x.207.254

Why is the source different between these two parts of the DHCP process?

Thanks for any assistance.

hashim_bharooc1 · ‎09-25-2019

Hi Lynkdev,
Hope you are doing Great!

Can you please do a traceroute to the DHCP Server, I want to see what path it is taking?
Also did you configure helpers on the two VEs. Please show the configuration of the ICX for a better understanding, you can scrub off the ip address if you want.

Thanks
Hashim

eric_iannone_77 · ‎09-26-2019

Hi Hashim,

Thanks for the quick reply on this issue. I've pasted in the requested information.

Traceroute done to our 3 dhcp servers

We have possible loop warning at the bottom showing in the log multiple times, maybe a separate PIM issue.

Also showing multiple ACL blocks for SSH from what looks like end devices which looks strange.

vlan 163 name MGMT-MISC2 by port

tagged ethe 1/2/1 to 1/2/2 lag 10 lag 25

untagged ethe 1/1/16 ethe 1/1/20 to 1/1/24

router-interface ve 163

vlan 2600 name USERS by port

tagged ethe 1/2/1 to 1/2/2

router-interface ve 2600

multicast passive

multicast6 passive

interface ve 163

ip address x.x.163.1 255.255.255.192

interface ve 2600

ip address x.x.207.254 255.255.255.128

ip helper-address 1 x.x.83.250

ip helper-address 2 x.x.103.250

ip helper-address 3 x.x.179.227

Tracing the route to IP node x.x.83.250(x.x.83.250) from 1 to 30 hops

1 <1 ms <1 ms <1 ms x.x.163.2

2 1 ms 1 ms <1 ms x.x.150.169

3 104 ms * 90 ms x.x.150.138

4 90 ms 90 ms 90 ms x.x.83.249

5 90 ms 90 ms 90 ms x.x.83.250

F

#traceroute x.x.103.250

Tracing the route to IP node x.x.103.250(x.x.103.250) from 1 to 30 hops

1 <1 ms <1 ms <1 ms x.x.163.2

2 1 ms <1 ms <1 ms x.x.150.169

3 123 ms 123 ms 123 ms x.x.150.138

4 123 ms 123 ms 123 ms x.x.0.81

5 123 ms 123 ms 123 ms x.x.103.249

6 123 ms 130 ms 126 ms x.x.103.250

#traceroute x.x.179.227

Tracing the route to IP node x.x.179.227(x.x.179.227) from 1 to 30 hops

1 <1 ms <1 ms <1 ms x.x.163.2

2 1 ms <1 ms <1 ms x.x.150.169

3 * * * ?

4 * * * ?

5 183 ms 167 ms 167 ms x.x.178.18

6 * * * ?

7 * * * ?

8 * * * ?

9 * * * ?

10 * * * ?

11 * * * ?

12 * * * ?

13 * * * ?

14 * * * ?

15 * * * ?

16 * * * ?

17 * * * ?

18 * * * ?

19 * * * ?

20 * * * ?

21 * * * ?

22 * * * ?

23 * * * ?

24 * * * ?

25 * * * ?

26 * * * ?

27 * * * ?

28 * * * ?

29 * * * ?

30 * * * ?

#sh ip route

Total number of IP routes: 10

Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric

BGP Codes - i:iBGP e:eBGP

OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2

Destination Gateway Port Cost Type Uptime

1 0.0.0.0/0 x.x.163.2 ve 163 1/1 S 6d16h

2 x.x.91.0/27 DIRECT ve 2626 0/0 D 6d16h

3 x.x.91.32/27 DIRECT ve 2612 0/0 D 6d16h

4 x.x.163.0/26 DIRECT ve 163 0/0 D 6d16h

5 x.x.163.192/26 DIRECT ve 2 0/0 D 6d16h

6 x.x.164.64/26 DIRECT ve 1010 0/0 D 6d16h

7 x.x.164.128/26 DIRECT ve 1050 0/0 D 6d16h

8 x.x.164.192/26 DIRECT ve 1020 0/0 D 6d16h

9 x.x.207.128/25 DIRECT ve 2600 0/0 D 6d16h

10 x.x.0.0/24 DIRECT ve 1030 0/0 D 6d16h

ip dhcp relay information policy keep

ip dhcp-client disable

ip forward-protocol udp bootpc

ip forward-protocol udp bootps

ip route 0.0.0.0/0 x.x.163.2 name DEFAULT-ROUTE

ip add-host-route-first

no ip source-route

no ip icmp unreachable

ip tcp keepalive 3 3 3

ip multicast active

Dynamic Log Buffer (1000 lines):

Sep 26 06:00:09:W:ACL: ACL: List MANAGEMENT denied tcp x.x.207.164(0)( v2600) -> x.x.207.254(22), 4 event(s)

Sep 26 05:56:09:W:ACL: ACL: List MANAGEMENT denied tcp x.x.164.70(0)( v1010) -> x.x.164.65(22), 4 event(s)

Sep 26 05:55:51:W:ACL: ACL: List MANAGEMENT denied tcp x.x.207.164(0)( v2600) -> x.x.207.254(22), 1 event(s)

Sep 26 05:52:39:W:Warning! IGMP receive my own query on VL163 (e1/1/2), possible loop. Conflicting IP: x.x.163.1

Sep 26 05:51:37:W:ACL: ACL: List MANAGEMENT denied tcp x.x.164.70(0)( v1010) -> x.x.164.65(22), 1 event(s)

Sep 26 05:51:09:W:ACL: ACL: List MANAGEMENT denied tcp x.x.207.142(0)( v2600) -> x.x.207.254(22), 4 event(s)

Sep 26 05:46:11:W:ACL: ACL: List MANAGEMENT denied tcp x.x.207.142(0)( v2600) -> x.x.207.254(22), 1 event(s)

Sep 26 05:42:14:W:Warning! IGMP receive my own query on VL163 (e1/1/2), possible loop. Conflicting IP: x.x.163.1

Sep 26 05:36:09:W:ACL: ACL: List MANAGEMENT denied tcp x.x.164.71(0)( v1010) -> x.x.164.65(22), 7 event(s)

Sep 26 05:31:49:W:Warning! IGMP receive my own query on VL163 (e1/1/2), possible loop. Conflicting IP: x.x.163.1

Sep 26 05:31:30:W:ACL: ACL: List MANAGEMENT denied tcp x.x.164.71(0)( v1010) -> x.x.164.65(22), 1 event(s)

Sep 26 05:21:24:W:Warning! IGMP receive my own query on VL163 (e1/1/2), possible loop. Conflicting IP: x.x.163.1

Sep 26 05:12:02:W:ACL: ACL: List 11 denied udp x.x.6.197(0)( v163) -> x.x.163.193(snmp), 1 event(s)

Sep 26 05:11:05:W:ACL: ACL: List MANAGEMENT permitted tcp x.x.163.23(0)( v163) -> x.x.163.1(22), 1 event(s)

Sep 26 05:10:59:W:Warning! IGMP receive my own query on VL163 (e1/1/2), possible loop. Conflicting IP: x.x.163.1

Sep 26 05:00:34:W:Warning! IGMP receive my own query on VL163 (e1/1/2), possible loop. Conflicting IP: x.x.163.1

Sep 26 05:00:09:W:ACL: ACL: List MANAGEMENT denied tcp x.x.207.164(0)( v2600) -> x.x.207.254(22), 4 event(s)

Sep 26 04:56:09:W:ACL: ACL: List MANAGEMENT denied tcp x.x.164.70(0)( v1010) -> x.x.164.65(22), 4 event(s)

Sep 26 04:55:36:W:ACL: ACL: List MANAGEMENT denied tcp x.x.207.164(0)( v2600) -> x.x.207.254(22), 1 event(s)

Sep 26 04:51:33:W:ACL: ACL: List MANAGEMENT denied tcp x.x.164.70(0)( v1010) -> x.x.164.65(22), 1 event(s)

Sep 26 04:50:09:W:ACL: ACL: List MANAGEMENT denied tcp x.x.207.142(0)( v2600) -> x.x.207.254(22), 4 event(s)

netwizz · ‎09-26-2019

Okay, so your management is actually your WAN or uplink and you just sized it with a /26 to have up to 62 usable hosts in that network.

What is not working is getting to DHCP server, x.x.179.227 unless of course you have ICMP/PING disabled, which is just breaking traceroute (we really don't know).

On the device with x.x.178.18, if you check its routing table does it have a next hop (or default route) to get closer to whatever subnet x.x.179.227 is on?

Are you running "router PIM" to run your multicast? If yes, what is the specific purpose in this network because that may be setup wrong to cause...==> IGMP receive my own query on VL163 (e1/1/2), possible loop. Conflicting IP: x.x.163.1

Probably need to know a LOT more to fix this.

hashim_bharooc1 · ‎09-26-2019

Hi Lynkdev,

Seems like you do not have DHCP server on same subnet as ve 163, so this is routed DHCP that's why discover is going out on 163 and offer coming in via ve 2600. Also your default gateway points to x.x.163.2 if unknown route then it will go to default gateway.

interface ve 163

ip address x.x.163.1 255.255.255.192

interface ve 2600

ip address x.x.207.254 255.255.255.128

ip helper-address 1 x.x.83.250

ip helper-address 2 x.x.103.250

ip helper-address 3 x.x.179.227

I agree with Netwizz, best to open up a ticket with us and work the issues. Plus ACL blocking traffic not sure if this was for troubleshooting that you put the ACL.

Thanks

Hashim

CommScope RUCKUS Community Forums

Traffic flow for DHCP requests is showing wrong source