DHCP Relay issue - N1124P-ON Switches

Hello,

The DHCP discover packets are broadcast packets and will reach the L3 switch where IP helper address is configured (L3 relay) which will do the job of forwarding the packet to DHCP server. In your case the IP helper is configured on the firewall.  Will need to make sure that the vlan that the client is connected to is passed on all trunk ports to the firewall. You should not need “dhcp l2relay” configuration and in fact it may cause a problem if you have it configured but the DHCP reply from the server does not have Option-82 configured.

              console(config)#no dhcp l2relay

You can enable packet capture on the DHCP sever to see if DHCP requests are reaching it.

Please refer to the chapter starting on Page 1225 for further information on Layer-2 DHCP relay, Layer-3 DHCP relay and IP Helper

User’s Configuration Guide

https://dell.to/3ATqNcC

Hi thanks,

Its really weird behaviour, we did try updating the edge switch firmware but we had issues with it. we switched back to 6.6.0.10 to see if that helped. If it was a

IP Phone 1 > Wall Port 1 > Edge Switch > Core Switch > Firewall > Core Switch > Server = Gets IP Address

IP Phone 2 > >Wall Port 1 > Edge Switch > Core Switch > Firewall > Core Switch > Server = No IP address

IP Phone 2 > Cable > Core Switch > Firewall > Core Switch > Server = Gets IP Address

So one phone on a port would get an IP address on the correct range, but a different one on the same port wont get an IP address at all.

But the same phone that wouldn't get an IP address plugged into a different port will get an IP address on the correct range.

In the logs of the firewall (Barracuda) and a PCAP for the firewall shows the DHCP Relay records for the phone that does get an IP address from the DHCP server but nothing is in the network traffic when the device can't pick up an IP address

So from that it looks like the DHCP discover is not reaching the firewall for the one phone, but is for the other.

It likely the edge switch that is causing the issue but I can't see what would be causing it. I can see the MAC on the edge switch address tables on the web interface. 

Hello,

There is a difference between the 2 IP phones when they are plugged onto the same Wall Port 1 on Edge Switch. Most likely it has something to do with the vlan the phones appear to be when connected to that Wall Port 1.

You can check the mac address table on the Edge switch and then on the Core switch, and look for the mac address of IP phone 1 and then the mac address of IP phone 2. Compare if they show to be in the same vlans ( the mac will show in the untagged vlan for data traffic and in voice vlan for voice traffic). This will confirm the connection to the Core switch is the same and the broadcast DHCP discover packet should reach the Core switch because the vlan that the phone is in spans to the Core.

After that may be able to look for the mac addresses on the firewall. The untagged vlan should be configured the same on both ends of the connections between the Edge and the Core. and the Core and the firewall. Can also compare the settings inside the phones and the firmware release on the phones.

You can try this command "debug ip dhcp server packet" to see if it will display DHCP Discover packets. Also check counters:   “show ip dhcp server statistics”

You can also try port mirroring which would mirror traffic from gi1/0/1 to gi1/0/2 as an example:

monitor session 1 source interface Gi1/0/1

monitor session 1 destination interface Gi1/0/2