Troubleshooting de DHCP Externo en EVPN VxLAN Cat9000
Contenido
Introducción
Este documento describe cómo resolver problemas de DHCP en entornos externos VxLAN EVPN en plataformas Cat9000.
Prerequisites
Requirements
Cisco recomienda que tenga conocimiento sobre estos temas:
- LAN virtual extensible en plataformas Cat9000
- Protocolos de configuración de host de detección en entornos VxLAN
- Border Gateway Protocol (BGP)
Para obtener más información sobre estos temas, consulte:
- Capítulo: Configuración de DHCP Relay en un Fabric BGP EVPN VXLAN Cat9300
- Capítulo: Configuración de DHCP Relay en un Fabric BGP EVPN VXLAN Cat9400
- Capítulo: Configuración de DHCP Relay en un Fabric BGP EVPN VXLAN Cat9500
- Capítulo: Configuración de DHCP Relay en un Fabric BGP EVPN VXLAN Cat9600
Componentes Utilizados
La información de este documento se basa en el software Cisco IOS XE.
La información que contiene este documento se creó a partir de los dispositivos en un ambiente de laboratorio específico. Todos los dispositivos que se utilizan en este documento se pusieron en funcionamiento con una configuración verificada (predeterminada). Si tiene una red en vivo, asegúrese de entender el posible impacto de cualquier comando.
Diagrama de la red
Topología DHCP VxLAN
Caso Práctico 1: No se puede obtener una dirección IP del servidor externo (puerta de enlace centralizada dentro del fabric)
Esta topología utiliza la capa 2 de VxLAN para la VLAN 250. El host requiere direcciones IP del servidor DHCP externo.
Verificación de hoja 01
Paso 1. En la hoja 1, verifique el aprendizaje de la dirección MAC para los hosts locales.
Paso 2. Además, confirme que se aprende la dirección MAC de la puerta de enlace predeterminada. Asegúrese de que tanto las direcciones MAC aprendidas como la dirección IP de gateway predeterminada estén correctamente instaladas como entradas en la tabla BGP.
Leaf-1#show mac address-table address 10b3.d68b.3be3 (host mac address)
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
250 10b3.d68b.3be3 DYNAMIC Twe1/0/1
Centralized-Gateway#show interface vlan 250 | include bia (remote mac address)
Hardware is Ethernet SVI, address is 3473.2db8.bee3 (bia 3473.2db8.bee3)
Leaf-1#show bgp l2vpn evpn 10b3.d68b.3be3 (local mac address)
BGP routing table entry for [2][203.0.113.1:250][0][48][10B3D68B3BE3][0][*]/20, version 3
Paths: (1 available, best #1, table evi_250)
Advertised to update-groups:
2
Refresh Epoch 1
Local
0.0.0.0 (via default) from 0.0.0.0 (203.0.113.1)
Origin incomplete, localpref 100, weight 32768, valid, sourced, local, best
EVPN ESI: 00000000000000000000, Label1 10250
Extended Community: RT:10:250 ENCAP:8
Local irb vxlan vtep:
vrf:not found, l3-vni:0
local router mac:0000.0000.0000
core-irb interface:(not found)
vtep-ip:203.0.113.1
rx pathid: 0, tx pathid: 0x0
Updated on Oct 14 2025 22:27:32 UTC
Leaf-1#show bgp l2vpn evpn 3473.2db8.bee3 (remote mac address)
BGP routing table entry for [2][203.0.113.1:250][0][48][34732DB8BEE3][32][192.0.2.254]/24, version 9
Paths: (1 available, best #1, table evi_250)
Flag: 0x100
Not advertised to any peer
Refresh Epoch 4
Local, imported path from [2][203.0.113.4:250][0][48][34732DB8BEE3][32][192.0.2.254]/24 (global)
203.0.113.4 (metric 3) (via default) from 203.0.113.3 (203.0.113.3)
Origin incomplete, metric 0, localpref 100, valid, internal, best
EVPN ESI: 00000000000000000000, Label1 10250
Extended Community: RT:10:250 ENCAP:8 EVPN DEF GW:0:0
Originator: 203.0.113.4, Cluster list: 203.0.113.3
rx pathid: 0, tx pathid: 0x0
Updated on Oct 14 2025 14:48:35 UTC
BGP routing table entry for [2][203.0.113.4:250][0][48][34732DB8BEE3][32][192.0.2.254]/24, version 8
Paths: (1 available, best #1, table EVPN-BGP-Table)
Flag: 0x100
Not advertised to any peer
Refresh Epoch 4
Local
203.0.113.4 (metric 3) (via default) from 203.0.113.3 (203.0.113.3)
Origin incomplete, metric 0, localpref 100, valid, internal, best
EVPN ESI: 00000000000000000000, Label1 10250
Extended Community: RT:10:250 ENCAP:8 EVPN DEF GW:0:0
Originator: 203.0.113.4, Cluster list: 203.0.113.3
rx pathid: 0, tx pathid: 0x0
Updated on Oct 14 2025 14:48:35 UTC
Paso 3. Valide el aprendizaje de la dirección MAC entre Leaf-1 y la puerta de enlace predeterminada. Leaf-1 aprende las direcciones MAC locales a través del puerto trunk y las direcciones MAC remotas a través de BGP.
Leaf-1#show l2route evpn mac
EVI ETag Prod Mac Address Next Hop(s) Seq Number
----- ---------- ----- -------------- ---------------------------------------------------- ----------
250 0 L2VPN 10b3.d68b.3b81 Twe1/0/1:250 0
250 0 L2VPN 10b3.d68b.3be3 Twe1/0/1:250 0 (Host local mac address)
250 0 BGP 3473.2db8.bee3 V:10250 203.0.113.4 0 (CGW SVI mac address)
Paso 4. Verifique el aprendizaje del gateway predeterminado en el switch Leaf-1 dentro de la instancia L2VPN EVPN.
Leaf-1#show l2vpn evpn default-gateway
Valid Default Gateway Address EVI VLAN MAC Address Source
----- --------------------------------------- ----- ----- -------------- -----------
Y 192.0.2.254 250 250 3473.2db8.bee3 203.0.113.4
Paso 5. Si la perspectiva de VxLAN es correcta, continúe con DHCP para resolver problemas.
Paso 6. Confirme el proceso DORA desde la hoja 1 hasta el gateway DHCP. En Leaf-01, habilite debug the ip dhcp snooping packet y verifique si Discovery genera entradas de registro. Si no se produce la generación de registros, habilite las capturas de paquetes en la interfaz que se conecta al PC.
Leaf-1#debug ip dhcp snooping packet
DHCP Snooping Packet debugging is on
Leaf-1#
*Oct 21 19:33:16.358: DHCP_SNOOPING: received new DHCP packet from input interface (TwentyFiveGigE1/0/1)
*Oct 21 19:33:16.358: DHCP Memory dump is printed for process packet
<snip>
*Oct 21 19:33:16.367: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Twe1/0/1, MAC da: ffff.ffff.ffff, MAC sa: 10b3.d68b.3be3, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.3be3, efp_id: -1865499306, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Oct 21 19:33:16.367: DHCP_SNOOPING: add relay information option.
*Oct 21 19:33:16.367: DHCP_SNOOPING: Encoding opt82 CID in vlan-mod-port format
*Oct 21 19:33:16.367: DHCP_SNOOPING:VxLAN : vlan_id 250 VNI 10250 mod 1 port 1
*Oct 21 19:33:16.367: DHCP_SNOOPING: Encoding opt82 RID in MAC address format
*Oct 21 19:33:16.367: DHCP_SNOOPING: binary dump of relay info option, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x1 0x1 0x0 0x0 0x2 0x8 0x0 0x6 0x4C 0x5D 0x3C 0xEB 0x43 0x40
*Oct 21 19:33:16.367: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Oct 21 19:33:16.367: DHCP_SNOOPING: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (250)
*Oct 21 19:33:16.367: DHCP_SNOOPING: L2RELAY: sent unicast packet to default gw: 3473.2db8.bee3 vlan 0 src intf TwentyFiveGigE1/0/1
*Oct 21 19:33:20.058: DHCP_SNOOPING: received new DHCP packet from input interface (TwentyFiveGigE1/0/1)
*Oct 21 19:33:20.058: DHCP Memory dump is printed for process packet
Paso 7. Si no se activa la depuración, realice una captura de paquetes para la validación. Utilice la sintaxis especificada para capturar los paquetes de detección de entrada:
monitor capture <name> interface <int> in match ipv4 protocol udp any range 67 68 any range 67 68 start
monitor capture <name> stop
monitor capture export file flash:<name>.pcap
show monitor capture <name> buffer display-filter "eth.addr==[mac address]" detailed
Nota: Capture las cadenas de filtros de visualización que se adhieren a la sintaxis del filtro de Wireshark.
Leaf-1#monitor capture cap interface twe1/0/1 in match ipv4 protocol udp any range 67 68 any range 67 68 start
Started capture point : cap
Leaf-1#
*Oct 21 22:57:04.719: %BUFCAP-6-ENABLE: Capture Point cap enabled.
Leaf-1#
Leaf-1#monitor capture cap stop
Capture statistics collected at software:
Capture duration - 96 seconds
Packets received - 10
Packets dropped - 0
Packets oversized - 0
Bytes dropped in asic - 0
Capture buffer will exists till exported or cleared
Stopped capture point : cap
*Oct 21 22:58:40.810: %BUFCAP-6-DISABLE: Capture Point cap disabled.
Leaf-1#show monitor capture cap buffer display-filter "eth,addr==10:b3:d6:8b:3b:e3" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 371 bytes on wire (2968 bits), 371 bytes captured (2968 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
Interface name: /tmp/epc_ws/wif_to_ts_pipe
Encapsulation type: Ethernet (1)
Arrival Time: Oct 21, 2025 22:57:07.843851000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1761087427.843851000 seconds
<snip>
[Protocols in frame: eth:ethertype:vlan:ethertype:ip:udp:dhcp]
Ethernet II, Src: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
Address: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 250
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 0000 1111 1010 = ID: 250
Type: IPv4 (0x0800)
<snip>
User Datagram Protocol, Src Port: 68, Dst Port: 67
Source Port: 68
Destination Port: 67
Length: 333
Checksum: 0xdf55 [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x3bd7aadb
Seconds elapsed: 7
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
<snip>
Paso 8. Valide la encapsulación de paquetes VxLAN mediante la captura de paquetes. Aplique varios filtros para esta validación. VxLAN utiliza el puerto UDP 4789.
monitor capture cap interface <outgoing interface > out match ipv4 protocol udp any any eq 4789 (Interface that is pointing to the RR or VTEP via BGP)
Leaf-1#show ip bgp all summary
For address family: L2VPN E-VPN
<snip>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
203.0.113.3 4 10 4204 4122 365 0 0 2d13h 2
Leaf-1#show ip route 203.0.113.3
Routing entry for 203.0.113.3/32
Known via "ospf 1", distance 110, metric 2, type intra area
Last update from 172.x.x.2 on TwentyFiveGigE1/0/2, 2d13h ago
Routing Descriptor Blocks:
* 172.x.x.2, from 203.0.113.3, 2d13h ago, via TwentyFiveGigE1/0/2
Leaf-1#monitor capture cap interface twe1/0/2 out match ipv4 protocol udp any any eq 4789 start
*Oct 21 23:51:07.689: %BUFCAP-6-ENABLE: Capture Point cap enabled.
Leaf-1#show monitor capture cap buffer display-filter "eth.addr==10:b3:d6:8b:3b:e3" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 443 bytes on wire (3544 bits), 443 bytes captured (3544 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
Interface name: /tmp/epc_ws/wif_to_ts_pipe
Encapsulation type: Ethernet (1)
Arrival Time: Oct 21, 2025 23:51:34.848693000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1761090694.848693000 seconds
<snip>
[Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:udp:dhcp]
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00)
Destination: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 203.0.113.1, Dst: 203.0.113.4
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
<snip>
User Datagram Protocol, Src Port: 65479, Dst Port: 4789
Source Port: 65479
Destination Port: 4789
Length: 409
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
0... .... .... .... = GBP Extension: Not defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 10250
Reserved: 0
<snip>
User Datagram Protocol, Src Port: 68, Dst Port: 67
Source Port: 68
Destination Port: 67
Length: 359
Checksum: 0x767d [unverified]
[Checksum Status: Unverified]
[Stream index: 1]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xd4c42ec1
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Verificación de gateway centralizada
Paso 1. Valide la dirección MAC del host aprendida en las rutas BGP y L2 EVPN (este paso refleja el procedimiento de verificación de hoja inicial).
Centralized-Gateway#show bgp l2vpn evpn 10b3.d68b.3be3 (remote host mac address)
BGP routing table entry for [2][203.0.113.1:250][0][48][10B3D68B3BE3][0][*]/20, version 12
Paths: (1 available, best #1, table EVPN-BGP-Table)
Not advertised to any peer
Refresh Epoch 1
Local
203.0.113.1 (metric 3) (via default) from 203.0.113.3 (203.0.113.3) (learned via RR)
Origin incomplete, metric 0, localpref 100, valid, internal, best
EVPN ESI: 00000000000000000000, Label1 10250
Extended Community: RT:10:250 ENCAP:8
Originator: 203.0.113.1, Cluster list: 203.0.113.3
rx pathid: 0, tx pathid: 0x0
Updated on Oct 27 2025 17:53:37 UTC
BGP routing table entry for [2][203.0.113.4:250][0][48][10B3D68B3BE3][0][*]/20, version 14
Paths: (1 available, best #1, table evi_250)
Not advertised to any peer
Refresh Epoch 1
Local, imported path from [2][203.0.113.1:250][0][48][10B3D68B3BE3][0][*]/20 (global)
203.0.113.1 (metric 3) (via default) from 203.0.113.3 (203.0.113.3)
Origin incomplete, metric 0, localpref 100, valid, internal, best
EVPN ESI: 00000000000000000000, Label1 10250
Extended Community: RT:10:250 ENCAP:8
Originator: 203.0.113.1, Cluster list: 203.0.113.3
rx pathid: 0, tx pathid: 0x0
Updated on Oct 27 2025 17:53:37 UTC
Centralized-Gateway#show l2route evpn mac mac-address 10b3.d68b.3be3
EVI ETag Prod Mac Address Next Hop(s) Seq Number
----- ---------- ----- -------------- ---------------------------------------------------- ----------
250 0 BGP 10b3.d68b.3be3 V:10250 203.0.113.1 0
Paso 2. Verifique la información de retransmisión DHCP y la configuración de snooping DHCP en el gateway centralizado.
Centralized-Gateway#show running-config | section dhcp
ip dhcp-relay source-interface Loopback0
ip dhcp relay information option vpn
ip dhcp relay information option
ip dhcp compatibility suboption link-selection standard
ip dhcp compatibility suboption server-override standard
ip dhcp snooping vlan 250
ip dhcp snooping
Paso 3. Verifique la conectividad con el servidor DHCP y obtenga un ping desde la interfaz VLAN 250.
Centralized-Gateway#ping 198.51.100.10 source vlan 250
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 198.51.100.10, timeout is 2 seconds:
Packet sent with a source address of 192.0.2.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Paso 4. Realice una captura de paquetes para validar si los mensajes de detección de los hosts remotos llegan al gateway centralizado.
Centralized-Gateway#monitor capture cap interface vlan250 in match ipv4 protocol udp any range 67 68 any range 67 68
Centralized-Gateway#monitor capture cap start
Started capture point : cap
Centralized-Gateway#show monitor capture cap buffer display-filter "eth.addr==10:b3:d6:8b:3b:e3" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 401 bytes on wire (3208 bits), 401 bytes captured (3208 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
Interface name: /tmp/epc_ws/wif_to_ts_pipe
Encapsulation type: Ethernet (1)
Arrival Time: Oct 27, 2025 20:43:30.774923000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1761597810.774923000 seconds
<snip>
[Protocols in frame: eth:ethertype:cmd:ethertype:ip:udp:dhcp]
Ethernet II, Src: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3), Dst: 34:73:2d:b8:be:e3 (34:73:2d:b8:be:e3)
Destination: 34:73:2d:b8:be:e3 (34:73:2d:b8:be:e3)
Address: 34:73:2d:b8:be:e3 (34:73:2d:b8:be:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
Address: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: CiscoMetaData (0x8909)
<snip>
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 379
Identification: 0x0230 (560)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment Offset: 0
Time to Live: 255
Protocol: UDP (17)
Header Checksum: 0xb842 [validation disabled]
[Header checksum status: Unverified]
Source Address: 0.0.0.0
Destination Address: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Source Port: 68
Destination Port: 67
Length: 359
Checksum: 0x8f64 [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (351 bytes)
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xf23af863
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Length: 1
DHCP: Discover (1)
Option: (57) Maximum DHCP Message Size
Length: 2
Maximum DHCP Message Size: 1200
Option: (61) Client identifier
Length: 27
Type: 0
Client Identifier: cisco-10b3.d68b.3be3-Vl250
<snip>
Paso 5. Realice una captura de paquetes subsiguiente en el switch. Verifique la salida de detección y ofrezca la entrada.
Centralized-Gateway#no monitor capture cap
Centralized-Gateway#monitor capture cap interface vlan 75 both match ipv4 protocol udp any range 67 68 any range 67 68
Centralized-Gateway#monitor capture cap start
Started capture point : cap
Centralized-Gateway#monitor capture cap stop
Capture statistics collected at software:
Capture duration - 78 seconds
Packets received - 0
Packets dropped - 0
Packets oversized - 0
Bytes dropped in asic - 0
Paso 6. Si la captura de paquetes no muestra paquetes, continúe con la depuración DHCP y valide el estado del paquete en la plataforma.
Centralized-Gateway#debug ip dhcp snooping packet
<snip>
*Oct 27 22:20:24.444: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Tu0, MAC da: 3473.2db8.bee3, MAC sa: 10b3.d68b.3be3, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.3be3, efp_id: -1137609462, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Oct 27 22:20:24.445: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Oct 27 22:20:24.445: DHCP_SNOOPING: Packet destined to SVI Mac:3473.2db8.bee3
*Oct 27 22:20:24.445: DHCP_SNOOPING: bridge packet send packet to cpu port: Vlan250.
*Oct 27 22:20:24.445: DHCP_SNOOPING: bridge packet send packet to port: GigabitEthernet1/0/2, pak_vlan 250.
*Oct 27 22:20:27.952: DHCP_SNOOPING: received new DHCP packet from input interface (Tunnel0)
*Oct 27 22:20:27.952: DHCP Memory dump is printed for process packet.
Centralized-Gateway#debug ip dhcp server packet detail
*Oct 27 22:27:58.009: DHCPD: BOOTREQUEST from 0063.6973.636f.2d31.3062.332e.6436.3862.2e33.6265.332d.566c.3235.30 forwarded to 198.51.100.10.
*Oct 27 22:28:02.008: DHCPD: tableid for 192.0.2.254 on Vlan250 is 0
*Oct 27 22:28:02.008: DHCPD: client's VPN is .
*Oct 27 22:28:02.008: DHCPD: No option 125
*Oct 27 22:28:02.008: DHCPD: Option 124: Vendor Class Information
*Oct 27 22:28:02.008: DHCPD: Enterprise ID: 9
*Oct 27 22:28:02.008: DHCPD: Vendor-class-data-len: 13
*Oct 27 22:28:02.008: DHCPD: Data: 43393330304C2D3234502D3447
*Oct 27 22:28:02.008: DHCPD: Option 125 not present in the msg.
*Oct 27 22:28:02.008: DHCPD: Option 125 not present in the msg.
*Oct 27 22:28:02.008: DHCPD: Looking up binding using address 192.0.2.254
*Oct 27 22:28:02.008: DHCPD: setting giaddr to 192.0.2.254.
*Oct 27 22:28:02.008: DHCPD: relay information option before replacing suboptions
*Oct 27 22:28:02.008: DHCPD: 5218010c010a00080000280a01010000020800064c5d3ceb4340
*Oct 27 22:28:02.008: DHCPD: replacing suboptions in relay information option.
*Oct 27 22:28:02.008: DHCPD: relay information option content (add/replace):
*Oct 27 22:28:02.008: DHCPD: 52060504c00002fe
*Oct 27 22:28:02.008: DHCPD: giaddr changed to 203.0.113.4
Paso 7. Verifique que las interfaces que se conectan al servidor DHCP incluyen el comando especificado (esto evita la pérdida de paquetes DHCP).
Centralized-Gateway#sh running-config interface gi1/0/2
Building configuration...
Current configuration : 149 bytes
!
interface GigabitEthernet1/0/2
description to L2_switch
switchport trunk allowed vlan 75,250
switchport mode trunk
ip dhcp snooping trust
end
Nota: El comando ip dhcp snooping trust sólo se aplica a las interfaces troncales de capa 2.
Solución del problema
La configuración de VxLAN funciona como se esperaba. Sin embargo, la retransmisión del servidor DHCP envía respuestas DHCP a la dirección IP 203.0.113.4. El servidor DHCP no puede alcanzar esta dirección IP. Esta falta de conectividad dio lugar a pérdidas de paquetes de unidifusión en la puerta de enlace centralizada.
Para resolver este problema, se configuró una nueva interfaz Loopback 1 y se estableció una ruta para la dirección IP para proporcionar conectividad con esta dirección de relé de loopback.
Registros de DHCP:
DHCP-Server#debug ip dhcp server packet detail
DHCP server packet detail debugging is on.
*Oct 28 00:23:43.464: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d31.3062.332e.6436.3862.2e33.6265.332d.566c.3235.30 through relay 203.0.113.4.DHCPD: Setting only requested parameters
*Oct 28 00:23:43.464: DHCPD: Option 125 not present in the msg.
*Oct 28 00:23:43.465: DHCPD: egress Interfce GigabitEthernet0/0/4.75
*Oct 28 00:23:43.465: DHCPD: unicasting BOOTREPLY for client 10b3.d68b.3be3 to relay 203.0.113.4.
DHCP-Server#ping 203.0.113.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.0.113.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
DHCP-Server#
Gateway centralizado: Configure la conectividad con la nueva interfaz de loopback para la función de retransmisión.
Centralized-Gateway#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Centralized-Gateway(config)#interface loopback 1
Centralized-Gateway(config-if)#ip address 198.51.100.25 255.255.255.255
Centralized-Gateway(config-if)#router eigrp 1
Centralized-Gateway(config-router)#network 198.51.100.25 0.0.0.0
Centralized-Gateway(config-router)#exit
Centralized-Gateway(config)#no ip dhcp-relay source-interface Loopback0
Centralized-Gateway(config)#ip dhcp-relay source-interface Loopback1
DHCP-Server#ping 198.51.100.25
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 198.51.100.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
DHCP-Server#
Caso Práctico 2: No se puede obtener una dirección IP del servidor externo (puerta de enlace centralizada fuera del fabric)
Esta topología utiliza la capa 2 de VXLAN para la VLAN 250. El host obtiene su dirección IP de un servidor DHCP externo ubicado fuera del fabric.
Topología DHCP VxLAN externa
Verificación de hoja 01
Paso 1. En Leaf-1, verifique el anuncio correcto en default-gateway. Dado que el servidor DHCP se encuentra fuera del fabric VxLAN, este es un requisito clave para la funcionalidad correcta de la asignación de direcciones IP.
Leaf-1#show l2vpn evpn default-gateway
Valid Default Gateway Address EVI VLAN MAC Address Source
----- --------------------------------------- ----- ----- -------------- -----------
Paso 2. Si el resultado anterior está vacío, continúe con la resolución de problemas de DHCP. Verifique que las configuraciones de snooping DHCP relevantes estén presentes en los dispositivos Leaf.
Leaf-1#show running-config | section dhcp
ip dhcp relay information option vpn
ip dhcp relay information option
ip dhcp compatibility suboption link-selection standard
ip dhcp compatibility suboption server-override standard
ip dhcp snooping vlan 250
ip dhcp snooping
Leaf-2#show running-config | section dhcp
ip dhcp relay information option vpn
ip dhcp relay information option
ip dhcp compatibility suboption link-selection standard
ip dhcp compatibility suboption server-override standard
ip dhcp snooping vlan 250
ip dhcp snooping
Paso 3. Si un dispositivo solicita activamente una dirección IP mediante DHCP, habilite el comando de depuración apropiado para validar el estado del paquete en la plataforma.
*Dec 6 22:42:19.568: DHCP_SNOOPING: received new DHCP packet from input interface (TwentyFiveGigE1/0/1)
*Dec 6 22:42:19.568: DHCP Memory dump is printed for process packet
<snip>
*Dec 6 22:42:19.578: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Twe1/0/1, MAC da: ffff.ffff.ffff, MAC sa: 10b3.d68b.3be3, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.3be3, efp_id: 1984524378, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 6 22:42:19.578: DHCP_SNOOPING: add relay information option.
*Dec 6 22:42:19.578: DHCP_SNOOPING: Encoding opt82 CID in vlan-mod-port format
*Dec 6 22:42:19.578: DHCP_SNOOPING:VxLAN : vlan_id 250 VNI 10250 mod 1 port 1
*Dec 6 22:42:19.578: DHCP_SNOOPING: Encoding opt82 RID in MAC address format
*Dec 6 22:42:19.578: DHCP_SNOOPING: binary dump of relay info option, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x1 0x1 0x0 0x0 0x2 0x8 0x0 0x6 0x4C 0x5D 0x3C 0xEB 0x43 0x40
*Dec 6 22:42:19.579: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Dec 6 22:42:19.579: DHCP_SNOOPING: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (250)
*Dec 6 22:42:19.579: DHCP_SNOOPING: L2RELAY: cannot find default gw for bd 250: src intf TwentyFiveGigE1/0/1
Nota: El mensaje de depuración final indica que el dispositivo no pudo identificar el gateway predeterminado para la VLAN 250.
Verificación de hoja 02
Dado que Leaf-2 es la hoja de borde activa dentro del entramado VxLAN, es responsable de reenviar la información relacionada con el gateway predeterminado.
Paso 1. Proceda a validar la capacidad de L2VPN EVPN para anunciar el gateway predeterminado.
Leaf-2#show l2vpn evpn summary
L2VPN EVPN
EVPN Instances (excluding point-to-point): 1
VLAN Based: 1
Vlans: 1
BGP: ASN 65000, address-family l2vpn evpn configured
Router ID: 203.0.113.2
Global Replication Type: Ingress
ARP/ND Flooding Suppression: Enabled
Connectivity to Core: UP
MAC Duplication: seconds 180 limit 5
MAC Addresses: 5
Local: 3
Remote: 2
Duplicate: 0
IP Duplication: seconds 180 limit 5
IP Addresses: 2
Local: 2
Remote: 0
Duplicate: 0
Advertise Default Gateway: No
Default Gateway Addresses: 0
Local: 0
Remote: 0
Maximum number of Route Targets per EAD-ES route: 200
Multi-home aliasing: Enabled
Multi-home send proxy MAC/IP: Enabled
Multi-home device ID: 0000.5e00.0101
Global IP Local Learn: Enabled
IP local learning limits
IPv4: 4 addresses per-MAC
IPv6: 12 addresses per-MAC
IP local learning timers
Down: 10 minutes
Poll: 1 minutes
Reachable: 5 minutes
Stale: 30 minutes
Auto route-target: vni-based
Advertise Multicast: No
Global Anycast Gateway MAC: No
Paso 2. El resultado anterior valida que Leaf-2 no anuncia el Default-Gateway hacia el otro Leaf-1 dentro del mismo Fabric VxLAN. Continúe con la configuración necesaria para realizar el anuncio correcto.
Leaf-2(config)#l2vpn evpn
Leaf-2(config-evpn)#default-gateway advertise
Paso 3. Una vez agregada la configuración, la capacidad L2VPN EVPN debe estar habilitada.
Leaf-2#show l2vpn evpn summary
--snip--
Advertise Default Gateway: Yes
Paso 4. Una vez habilitado, configure el anuncio adecuado para el gateway predeterminado a la otra hoja dentro del entramado VxLAN.
Solución del problema 1
L2VPN EVPN y funciones de configuración de indagación DHCP como se esperaba. Sin embargo, no se está realizando el anuncio de gateway predeterminado. Por lo tanto, los dispositivos finales conectados a Leaf-1 no pueden recibir una dirección IP del servidor DHCP.
Para resolver este problema, se debe configurar el anuncio.
Paso 1. Configure una ACL, junto con un route-map para anunciar el gateway predeterminado a través de BGP a los otros dispositivos Leaf en la red.
Leaf-2(config)#ip access-list extended GW250
Leaf-2(config-ext-nacl)#10 permit ip host 192.0.2.254 any (permit the IP address if the GW)
Leaf-2(config)#route-map CGW
Leaf-2(config-route-map)#match ip address GW250
Leaf-2(config-route-map)#match evpn route-type 2-mac-ip
Leaf-2(config-route-map)#set extcommunity default-gw
Leaf-2(config)#router bgp 65000
Leaf-2(config-router)#address-family l2vpn evpn
Leaf-2(config-router-af)#neighbor 203.0.113.3 route-map CGW out
Paso 2. Después de agregar la configuración anterior, verifique Leaf-1 para ver el anuncio de gateway predeterminado correcto.
Leaf-1#show l2vpn evpn default-gateway
Valid Default Gateway Address EVI VLAN MAC Address Source
----- --------------------------------------- ----- ----- -------------- -----------
Y 192.0.2.254 250 250 3473.2db8.bee3 203.0.113.2
Nota: En VTEP de borde, al comprobar la puerta de enlace predeterminada, se muestra un valor vacío. Se trata de un comportamiento esperado, ya que la puerta de enlace centralizada está conectada directamente al VTEP fronterizo.
Leaf-2#show l2vpn evpn default-gateway
Valid Default Gateway Address EVI VLAN MAC Address Source
----- --------------------------------------- ----- ----- -------------- -----------
Ahora los dispositivos Leaf muestran correctamente el anuncio de gateway predeterminado. Verifique si los dispositivos finales están recibiendo correctamente la dirección IP de DHCP.
Verificación de host 1
Paso 1. En el Host 1, solicite una dirección IP a través de DHCP:
Host1#show running-config interface vlan 250
Building configuration...
Current configuration : 42 bytes
!
interface Vlan250
ip address dhcp
end
Paso 2. Valide si la dirección IP se asignó correctamente:
Host1#show ip interface brief | include DHCP
Vlan250 unassigned YES DHCP up up
Paso 3. Si la dirección IP no se asigna correctamente después de que la hoja de borde haya anunciado correctamente la puerta de enlace predeterminada, continúe con la resolución de problemas de DHCP.
Verificación de hoja 2
Paso 1. Habilite la depuración para DHCP, específicamente para la indagación DHCP, para observar cómo el dispositivo procesa los paquetes cuando los reenvía fuera del entramado VXLAN.
Leaf-2#debug ip dhcp snooping packet
DHCP Snooping Packet debugging is on
Paso 2. Reinicie el proceso DHCP en el dispositivo Host y revise los registros:
Leaf-2#debug ip dhcp snooping packet
*Dec 12 20:11:43.891: DHCP_SNOOPING: received new DHCP packet from input interface (Tunnel0)
*Dec 12 20:11:43.891: DHCP Memory dump is printed for process packet
<snip>
*Dec 12 20:11:43.902: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Tu0, MAC da: 3473.2db8.bee3, MAC sa: 10b3.d68b.3be3, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.3be3, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 20:11:43.902: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Dec 12 20:11:43.902: DHCP_SNOOPING: bridge packet output port set is null, packet is dropped.
Paso 3. Los registros anteriores indican que el paquete se está descartando. Este mensaje significa que la función de indagación DHCP en el switch ha recibido un paquete DHCP que no se puede reenviar porque el puerto de salida no es válido. Esto suele ocurrir cuando la indagación DHCP no puede determinar el puerto de salida adecuado para reenviar el paquete DHCP.
Paso 4. Para solucionar este problema, la interfaz que apunta hacia la puerta de enlace centralizada debe configurarse como de confianza.
Leaf-2(config)#interface fortyGigabitEthernet 2/0/1
Leaf-2(config-if)#ip dhcp snooping trust
Paso 5. Valide si la asignación de dirección IP a través de DHCP funciona ahora como se espera.
Leaf-2#debug ip dhcp snooping packet
*Dec 12 20:33:54.156: DHCP Memory dump is printed for process packet
<snip>
*Dec 12 20:33:54.167: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Tu0, MAC da: 3473.2db8.bee3, MAC sa: 10b3.d68b.3be3, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.3be3, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 20:33:54.167: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Dec 12 20:33:54.167: DHCP_SNOOPING: bridge packet send packet to port: FortyGigabitEthernet2/0/1, pak_vlan 250.
Paso 6. La evidencia indica que el dispositivo ahora identifica correctamente la interfaz física a través del paquete DHCPDISCOVER y debe ser reenviado ya que la interfaz está marcada como de confianza desde la perspectiva de indagación DHCP. Sin embargo, la asignación de la dirección IP sigue sin funcionar como se esperaba.
Verificación de gateway centralizada
Paso 1. Ahora que el Border Leaf reenvía paquetes DHCP a través de la interfaz apropiada, si la asignación de dirección IP continúa fallando, continúe con los procedimientos estándar de solución de problemas de DHCP.
Centralized-Gateway#debug ip dhcp server packet
DHCP server packet debugging is on.
*Dec 12 20:39:36.029: DHCPD: tableid for 192.0.2.254 on Vlan250 is 0
*Dec 12 20:39:36.029: DHCPD: client's VPN is .
*Dec 12 20:39:36.029: DHCPD: No option 125
*Dec 12 20:39:36.029: DHCPD: Option 124: Vendor Class Information
*Dec 12 20:39:36.029: DHCPD: Enterprise ID: 9
*Dec 12 20:39:36.029: DHCPD: Vendor-class-data-len: 13
*Dec 12 20:39:36.029: DHCPD: Data: 43393330304C2D3234502D3447
*Dec 12 20:39:36.029: DHCPD: inconsistent relay information.
*Dec 12 20:39:36.029: DHCPD: relay information option exists, but giaddr is zero
Paso 2. Según la salida de depuración de la puerta de enlace centralizada y los resultados de la captura de paquetes, se requiere una configuración adicional para evitar que el dispositivo descarte paquetes cuando el campo giaddr se establece en cero.
Cuando se recibe un paquete DHCP con la opción de información de retransmisión presente pero la dirección IP de la puerta de enlace (giaddr) está establecida en todos ceros, el agente de retransmisión DHCP, de forma predeterminada, descarta el paquete. Para abordar este comportamiento, configure el comando ip dhcp relay information trusted.
Paso 3. Para verificar que el dispositivo está recibiendo el paquete, realice una captura de paquetes:
Configure an Access-list to filter the interested traffic.
Extended IP access list dhcp
10 permit udp any any eq 67
20 permit udp any eq 67 any
Configure the capture.
Centralized-Gateway#monitor capture tac interface gigabitethernet1/0/1 both access-list dhcp buffer size 10
Centralized-Gateway#monitor capture cap start
Started capture point : cap
Centralized-Gateway#monitor capture cap stop
Capture statistics collected at software:
Capture duration - 58 seconds
Packets received - 6
Packets dropped - 0
Packets oversized - 0
Bytes dropped in asic - 0
Centralized-Gateway#show monitor capture cap buffer display-filter "eth.addr==10:b3:d6:8b:3b:e3" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 397 bytes on wire (3176 bits), 397 bytes captured (3176 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
Interface name: /tmp/epc_ws/wif_to_ts_pipe
Encapsulation type: Ethernet (1)
Arrival Time: Dec 12, 2025 18:35:21.821468000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1765564521.821468000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 397 bytes (3176 bits)
Capture Length: 397 bytes (3176 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:vlan:ethertype:ip:udp:dhcp]
Ethernet II, Src: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3), Dst: 34:73:2d:b8:be:e3 (34:73:2d:b8:be:e3)
Destination: 34:73:2d:b8:be:e3 (34:73:2d:b8:be:e3)
Address: 34:73:2d:b8:be:e3 (34:73:2d:b8:be:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
Address: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 250
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 0000 1111 1010 = ID: 250
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 379
Identification: 0x4b04 (19204)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment Offset: 0
Time to Live: 255
Protocol: UDP (17)
Header Checksum: 0x6f6e [validation disabled]
[Header checksum status: Unverified]
Source Address: 0.0.0.0
Destination Address: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Source Port: 68
Destination Port: 67
Length: 359
Checksum: 0x2ae5 [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (351 bytes)
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xe9986585
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 10:b3:d6:8b:3b:e3 (10:b3:d6:8b:3b:e3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Length: 1
DHCP: Discover (1)
Option: (57) Maximum DHCP Message Size
Length: 2
Maximum DHCP Message Size: 1200
Option: (61) Client identifier
Length: 27
Type: 0
Client Identifier: cisco-10b3.d68b.3be3-Vl250
Paso 4. Según la captura de paquetes anterior, el dispositivo recibe correctamente el paquete DHCP.
Solución del problema 2
Paso 1. Según la salida de depuración de la puerta de enlace centralizada y los resultados de la captura de paquetes, se requiere una configuración adicional para evitar que el dispositivo descarte paquetes cuando el campo giaddr se establece en cero.
Cuando se recibe un paquete DHCP con la opción de información de retransmisión presente, pero la dirección IP de la puerta de enlace (giaddr) se establece en todos los ceros, el agente de retransmisión DHCP normalmente descarta el paquete.
Para abordar este comportamiento, configure el comando ip dhcp relay information trusted.
Centralized-Gateway(config)#interface vlan 250
Centralized-Gateway(config-if)#ip dhcp relay information trusted
Paso 2. Continúe con la verificación solicitando una dirección IP al Host 1.
Host1#
*Dec 12 21:32:12.659: %DHCP-6-ADDRESS_ASSIGN: Interface Vlan250 assigned DHCP address 192.0.2.1, mask 255.255.255.0, hostname Host1
Leaf-2#
*Dec 12 21:36:03.232: DHCP_SNOOPING: received new DHCP packet from input interface (Tunnel0)
<snip>
*Dec 12 21:36:03.243: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Tu0, MAC da: 3473.2db8.bee3, MAC sa: 10b3.d68b.3be3, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.3be3, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 21:36:03.243: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Dec 12 21:36:03.243: DHCP_SNOOPING: bridge packet send packet to port: FortyGigabitEthernet2/0/1, pak_vlan 250.
*Dec 12 21:36:03.245: DHCP_SNOOPING: received new DHCP packet from input interface (FortyGigabitEthernet2/0/1)
<snip>
*Dec 12 21:36:03.255: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Fo2/0/1, MAC da: ffff.ffff.ffff, MAC sa: 3473.2db8.bee3, IP da: 255.255.255.255, IP sa: 192.0.2.254, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 192.0.2.1, DHCP siaddr: 0.0.0.0, DHCP giaddr: 192.0.2.254, DHCP chaddr: 10b3.d68b.3be3, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 21:36:03.255: DHCP_SNOOPING: binary dump of option 82, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x1 0x1 0x0 0x0 0x2 0x8 0x0 0x6 0x4C 0x5D 0x3C 0xEB 0x43 0x40
*Dec 12 21:36:03.256: DHCP_SNOOPING: binary dump of extracted circuit id, length: 14 data:
0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x1 0x1 0x0 0x0
*Dec 12 21:36:03.256: DHCP_SNOOPING: binary dump of extracted remote id, length: 10 data:
0x2 0x8 0x0 0x6 0x4C 0x5D 0x3C 0xEB 0x43 0x40
*Dec 12 21:36:03.256: actual_fmt_cid OPT82_FMT_CID_VXLAN_MOD_PORT_INTF global_opt82_fmt_rid OPT82_FMT_RID_DEFAULT_GLOBAL global_opt82_fmt_cid OPT82_FMT_CID_DEFAULT_GLOBAL cid: sub_option_length 12
*Dec 12 21:36:03.256: dhcp_snooping_platform_is_local_dhcp_packet: VXLAN-MOD-PORT opt82 vni 10250, vlan_id 250
*Dec 12 21:36:03.256: DHCP_SNOOPING: opt82 data indicates not a local packet
*Dec 12 21:36:03.256: DHCP_SNOOPING: EVPN enabled Ex GW:fabric relay can't parse option 82 data of the message,it is either in wrong format or not inserted by local switch
*Dec 12 21:36:03.256: DHCP_SNOOPING: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff
*Dec 12 21:36:03.256: DHCP_SNOOPING: lookup packet destination port failed to get mat entry for mac: 10b3.d68b.3be3 vlan_id 250
*Dec 12 21:36:03.256: DHCP_SNOOPING: L2RELAY: Ex GW unicast bridge packet to fabric: vlan id 250 from Fo2/0/1
<snip>
*Dec 12 21:36:03.401: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Tu0, MAC da: 3473.2db8.bee3, MAC sa: 10b3.d68b.3be3, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.3be3, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 21:36:03.401: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Dec 12 21:36:03.401: DHCP_SNOOPING: bridge packet send packet to port: FortyGigabitEthernet2/0/1, pak_vlan 250.
*Dec 12 21:36:03.402: DHCP_SNOOPING: received new DHCP packet from input interface (FortyGigabitEthernet2/0/1)
<snip>
*Dec 12 21:36:03.413: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK, input interface: Fo2/0/1, MAC da: ffff.ffff.ffff, MAC sa: 3473.2db8.bee3, IP da: 255.255.255.255, IP sa: 192.0.2.254, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 192.0.2.1, DHCP siaddr: 0.0.0.0, DHCP giaddr: 192.0.2.254, DHCP chaddr: 10b3.d68b.3be3, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 21:36:03.413: DHCP_SNOOPING: binary dump of option 82, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x1 0x1 0x0 0x0 0x2 0x8 0x0 0x6 0x4C 0x5D 0x3C 0xEB 0x43 0x40
*Dec 12 21:36:03.413: DHCP_SNOOPING: binary dump of extracted circuit id, length: 14 data:
0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x1 0x1 0x0 0x0
*Dec 12 21:36:03.413: DHCP_SNOOPING: binary dump of extracted remote id, length: 10 data:
0x2 0x8 0x0 0x6 0x4C 0x5D 0x3C 0xEB 0x43 0x40
*Dec 12 21:36:03.413: actual_fmt_cid OPT82_FMT_CID_VXLAN_MOD_PORT_INTF global_opt82_fmt_rid OPT82_FMT_RID_DEFAULT_GLOBAL global_opt82_fmt_cid OPT82_FMT_CID_DEFAULT_GLOBAL cid: sub_option_length 12
*Dec 12 21:36:03.413: dhcp_snooping_platform_is_local_dhcp_packet: VXLAN-MOD-PORT opt82 vni 10250, vlan_id 250
*Dec 12 21:36:03.413: DHCP_SNOOPING: opt82 data indicates not a local packet
*Dec 12 21:36:03.413: DHCP_SNOOPING: EVPN enabled Ex GW:fabric relay can't parse option 82 data of the message,it is either in wrong format or not inserted by local switch
*Dec 12 21:36:03.413: DHCP_SNOOPING: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff
*Dec 12 21:36:03.413: DHCP_SNOOPING: lookup packet destination port failed to get mat entry for mac: 10b3.d68b.3be3 vlan_id 250
*Dec 12 21:36:03.413: DHCP_SNOOPING: can't find client's destination port, packet is assumed to be not from local switch, no binding update is needed.
*Dec 12 21:36:03.413: DHCP_SNOOPING: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff
*Dec 12 21:36:03.413: DHCP_SNOOPING: lookup packet destination port failed to get mat entry for mac: 10b3.d68b.3be3 vlan_id 250
*Dec 12 21:36:03.413: DHCP_SNOOPING: L2RELAY: Ex GW unicast bridge packet to fabric: vlan id 250 from Fo2/0/1
Paso 3. La dirección IP se ha asignado correctamente y se sugiere validar el mismo comportamiento desde la perspectiva del Host 2.
Host2#
*Dec 12 21:13:03.926: %DHCP-6-ADDRESS_ASSIGN: Interface Vlan250 assigned DHCP address 192.0.2.2, mask 255.255.255.0, hostname Host2
Leaf-2#
*Dec 12 22:08:15.417: DHCP_SNOOPING: received new DHCP packet from input interface (FortyGigabitEthernet2/0/2)
<snip>
*Dec 12 22:08:15.428: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fo2/0/2, MAC da: ffff.ffff.ffff, MAC sa: 10b3.d68b.1963, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.1963, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 22:08:15.428: DHCP_SNOOPING: add relay information option.
*Dec 12 22:08:15.428: DHCP_SNOOPING: Encoding opt82 CID in vlan-mod-port format
*Dec 12 22:08:15.428: DHCP_SNOOPING:VxLAN : vlan_id 250 VNI 10250 mod 2 port 2
*Dec 12 22:08:15.428: DHCP_SNOOPING: Encoding opt82 RID in MAC address format
*Dec 12 22:08:15.428: DHCP_SNOOPING: binary dump of relay info option, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x2 0x2 0x0 0x0 0x2 0x8 0x0 0x6 0x68 0x7D 0xB4 0xA8 0xAF 0x0
*Dec 12 22:08:15.428: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Dec 12 22:08:15.428: DHCP_SNOOPING: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (250)
*Dec 12 22:08:15.428: DHCP_SNOOPING: L2RELAY: cannot find default gw for bd 250: src intf FortyGigabitEthernet2/0/2
*Dec 12 22:08:15.430: DHCP_SNOOPING: received new DHCP packet from input interface (FortyGigabitEthernet2/0/1)
<snip>
*Dec 12 22:08:15.440: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Fo2/0/1, MAC da: ffff.ffff.ffff, MAC sa: 3473.2db8.bee3, IP da: 255.255.255.255, IP sa: 192.0.2.254, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 192.0.2.2, DHCP siaddr: 0.0.0.0, DHCP giaddr: 192.0.2.254, DHCP chaddr: 10b3.d68b.1963, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 22:08:15.440: DHCP_SNOOPING: binary dump of option 82, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x2 0x2 0x0 0x0 0x2 0x8 0x0 0x6 0x68 0x7D 0xB4 0xA8 0xAF 0x0
*Dec 12 22:08:15.440: DHCP_SNOOPING: binary dump of extracted circuit id, length: 14 data:
0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x2 0x2 0x0 0x0
*Dec 12 22:08:15.440: DHCP_SNOOPING: binary dump of extracted remote id, length: 10 data:
0x2 0x8 0x0 0x6 0x68 0x7D 0xB4 0xA8 0xAF 0x0
*Dec 12 22:08:15.440: actual_fmt_cid OPT82_FMT_CID_VXLAN_MOD_PORT_INTF global_opt82_fmt_rid OPT82_FMT_RID_DEFAULT_GLOBAL global_opt82_fmt_cid OPT82_FMT_CID_DEFAULT_GLOBAL cid: sub_option_length 12
*Dec 12 22:08:15.440: dhcp_snooping_platform_is_local_dhcp_packet: VXLAN-MOD-PORT opt82 vni 10250, vlan_id 250
*Dec 12 22:08:15.440: DHCP_SNOOPING: opt82 data indicates local packet
*Dec 12 22:08:15.440: DHCP_SNOOPING: remove relay information option.
*Dec 12 22:08:15.440: DHCP_SNOOPING opt82_fmt_cid_intf OPT82_FMT_CID_VXLAN_MOD_PORT_INTF opt82_fmt_cid_global OPT82_FMT_CID_DEFAULT_GLOBAL cid: sub_option_length 12
*Dec 12 22:08:15.440: DHCP_SNOOPING: VxLAN vlan_id 250 VNI 10250 mod 2 port 2
*Dec 12 22:08:15.440: DHCP_SNOOPING: mod 2 port 2 idb Fo2/0/2 found for 10b3.d68b.1963
*Dec 12 22:08:15.441: DHCP_SNOOPING: calling forward_dhcp_reply
*Dec 12 22:08:15.441: platform lookup dest vlan for input_if: FortyGigabitEthernet2/0/1, is NOT tunnel, if_output: NULL, if_output->vlan_id: 99999, pak->vlan_id: 250
*Dec 12 22:08:15.441: DHCP_SNOOPING opt82_fmt_cid_intf OPT82_FMT_CID_VXLAN_MOD_PORT_INTF opt82_fmt_cid_global OPT82_FMT_CID_DEFAULT_GLOBAL cid: sub_option_length 12
*Dec 12 22:08:15.441: DHCP_SNOOPING: VxLAN vlan_id 250 VNI 10250 mod 2 port 2
*Dec 12 22:08:15.441: DHCP_SNOOPING: mod 2 port 2 idb Fo2/0/2 found for 10b3.d68b.1963
*Dec 12 22:08:15.441: DHCP_SNOOPING: vlan 250 after pvlan check
<snip>
*Dec 12 22:08:15.930: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Fo2/0/2, MAC da: ffff.ffff.ffff, MAC sa: 10b3.d68b.1963, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 10b3.d68b.1963, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 22:08:15.930: DHCP_SNOOPING: add relay information option.
*Dec 12 22:08:15.930: DHCP_SNOOPING: Encoding opt82 CID in vlan-mod-port format
*Dec 12 22:08:15.930: DHCP_SNOOPING:VxLAN : vlan_id 250 VNI 10250 mod 2 port 2
*Dec 12 22:08:15.930: DHCP_SNOOPING: Encoding opt82 RID in MAC address format
*Dec 12 22:08:15.930: DHCP_SNOOPING: binary dump of relay info option, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x2 0x2 0x0 0x0 0x2 0x8 0x0 0x6 0x68 0x7D 0xB4 0xA8 0xAF 0x0
*Dec 12 22:08:15.930: DHCPS BRIDGE PAK: vlan=250 platform_flags=1
*Dec 12 22:08:15.930: DHCP_SNOOPING: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (250)
*Dec 12 22:08:15.930: DHCP_SNOOPING: L2RELAY: cannot find default gw for bd 250: src intf FortyGigabitEthernet2/0/2
*Dec 12 22:08:15.932: DHCP_SNOOPING: received new DHCP packet from input interface (FortyGigabitEthernet2/0/1)
<snip>
*Dec 12 22:08:15.940: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK, input interface: Fo2/0/1, MAC da: ffff.ffff.ffff, MAC sa: 3473.2db8.bee3, IP da: 255.255.255.255, IP sa: 192.0.2.254, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 192.0.2.2, DHCP siaddr: 0.0.0.0, DHCP giaddr: 192.0.2.254, DHCP chaddr: 10b3.d68b.1963, efp_id: -2136403878, vlan_id: 250, bootpflag:0x32768(Broadcast)
*Dec 12 22:08:15.943: DHCP_SNOOPING: binary dump of option 82, length: 26 data:
0x52 0x18 0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x2 0x2 0x0 0x0 0x2 0x8 0x0 0x6 0x68 0x7D 0xB4 0xA8 0xAF 0x0
*Dec 12 22:08:15.943: DHCP_SNOOPING: binary dump of extracted circuit id, length: 14 data:
0x1 0xC 0x1 0xA 0x0 0x8 0x0 0x0 0x28 0xA 0x2 0x2 0x0 0x0
<snip>
Historial de revisiones
| Revisión | Fecha de publicación | Comentarios |
|---|---|---|
1.0 |
15-Jun-2026
|
Versión inicial |
ComentariosContacte a Cisco
- Abrir un caso de soporte
- (Requiere un Cisco Service Contract)