Tuesday, January 31, 2006

 

Troubleshooting Cisco IOS DHCP Relay. (Question #6)

A Cisco IOS router has been configured to act as a DHCP relay bewteen a DHCP client and a DHCP server. Assume that the server and client are configured properly. Given the following configuration on the DHCP relay router, can you determine why the client is unable to obtain an IP address from the DHCP server?

DHCP-RELAY#sh runn
Building configuration...

Current configuration : 660 bytes
!
hostname DHCP-RELAY
!
interface Ethernet0
ip address 20.1.1.1 255.255.255.0
ip access-group 101 in
ip helper-address 10.1.1.254
no keepalive
!
interface Ethernet1
ip address 10.1.1.1 255.255.255.0
no keepalive
!
access-list 101 deny udp any any
!
end

DHCP-RELAY#


Comments:
This is a good site, I hope you keep more of these. I've been answering the easy ones.

You're access-list 101 will deny any UDP packets coming into the E0 interface. This will drop any UDP packets involved in the later stages of DHCP negotiations.
 
Thanks for your kind words regarding this blog!

Your answer is correct. The only clarification I would make is that UDP is used by DHCP from the get-go and not just in the later stages and so all DHCP packets are dropped; not just the later ones.
 
Actually, one quick thing to mention though.. the ACL has an implicit deny! So actually ALL traffic (not just UDP) is blocked! So DHCP or not, nothing would make it through.
 
Ryan, that's a good point. I should have put an explicit statement to allow all IP packets after the deny for the UDP packets for that access list to be practical. Thanks for catching that!
 
Post a Comment

Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?