Consider the following scenario:
- DHCP NAP is enabled in the environment
- There are two HSRP routers configured as DHCP relay agent (IP Helper-Address) for failover
- Client connects to corporate network
In this scenario, clients get a restricted IP address instead full access IP.
This issue occurs because both DHCP Relay Agents responds to the DHCP requests and they don't work as fail over.
- The client sends a DHCP request and both Relay Agent send the requests to the DHCP server
- DHCP server responds to the request with restricted IP address
- The client get the response from one of the DHCP relay agent and it then send a request with SOH
- Now the response from the second DHCP relay agent comes and the client assume the IP address with restricted IP and discard the response from the both relay agent with full access IP
In the network trace, you will see:
16754 0.0000000 <Time><Date> 0.0.0.0 255.255.255.255 DHCP DHCP:Request, MsgType = REQUEST, TransactionID = 0x401B504D
16784 0.0085968 <Time><Date> 192.168.100.3 DS-CLIENTDHCP DHCP:Reply, MsgType = ACK, TransactionID = 0x401B504D
16793 0.0003589 <Time><Date> 0.0.0.0 255.255.255.255 DHCP DHCP:Request, MsgType = REQUEST, TransactionID = 0x401B504D, SOH:Vendor = Microsoft, Version 2, Request
16804 0.0004382 <Time><Date> 192.168.100.2 DS-CLIENTDHCP DHCP:Reply, MsgType = ACK, TransactionID = 0x401B504D - The client gets response from second DHCP relay agent after it sends the request with SOH and the client assumes that IP address and discard the following acknowledge.
16985 0.0201080 <Time><Date> 192.168.100.2 DS-CLIENTDHCP DHCP:Reply, MsgType = ACK, TransactionID = 0x401B504D, SOH:Vendor = Microsoft, Version 2, Response
16994 0.0153142 <Time><Date> 192.168.100.3 DS-CLIENTDHCP DHCP:Reply, MsgType = ACK, TransactionID = 0x401B504D, SOH:Vendor = Microsoft, Version 2, Response.
Cisco has fixed the issue of duplicate DHCP forwarding in a later release of IOS. Basically IP helpers were not “HSRP aware” till this fix.
See Cisco documentation at http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-udp-vrg.html#GUID-45267FAA-2D78-40AB-A010-30F5289C6D88
Benefits of the UDP Forwarding Support for Virtual Router Groups Feature
Forwarding is limited to the active router in the VRG instead of all routers within the VRG. Prior to the implementation of this feature, the only VRG support was HSRP. Within a VRG that is formed by HSRP, the forwarding of UDP-based broadcast and multicast packets is done by all the routers within the VRG. This process can cause some DHCP servers to operate incorrectly. The UDP Forwarding Support for VRGs feature limits forwarding to the active router in the VRG.
for other considerations.
Article ID: 2889130 - Last Review: September 24, 2013 - Revision: 7.0
- Microsoft Windows XP Professional
- Windows Vista Enterprise
- Windows Vista Ultimate
- Windows 7 Enterprise
- Windows 7 Professional
- Windows 7 Ultimate
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard x64 Edition
- Windows Server 2008 Enterprise
- Windows Server 2008 R2 Enterprise
- Windows Server 2008 R2 Standard
- Windows Server 2008 Standard
- Windows 8