簡介
本文說明如何對Catalyst 9000交換器上的DHCP進行疑難排解。
必要條件
需求
思科建議您瞭解以下主題:
- Catalyst 9000系列交換器架構。
- 動態主機設定通訊協定(DHCP)。
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- C9200
- C9300
- C9500
- C9400
- C9600
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
相關產品
本文件也適用於以下硬體和軟體版本:
- 採用Cisco IOS® XE 16.x的Catalyst 3650/3850系列交換器。
疑難排解
當您排除DHCP故障時,必須確認一些重要資訊,才能確定問題的來源。從源到目的地繪製網路拓撲並確定裝置及其角色非常重要。
根據這些角色,可以採取一些操作來開始故障排除。
配置為第2層網橋的交換機
在此場景中,交換機需要接收和轉發DHCP資料包,不需要進行任何修改。
步驟 1.確認封包的路徑。
- 確定客戶端和指向DHCP伺服器的下一跳裝置連線的介面。
- 確定受影響的VLAN。
示例:請考慮以下拓撲,其中連線到C9300交換機VLAN 10中介面Gigabitethernet1/0/12的客戶端無法通過DHCP獲取IP地址。DHCP伺服器連線在VLAN 10上的介面Gigabitethernet1/0/1上。
連線到第2層交換機的客戶端。
提示:如果問題影響多個裝置和VLAN,請選擇一個客戶端執行故障排除。
步驟 2.檢查第2層路徑
c9300#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7
Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/24
10 users active Gi1/0/12
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
interface GigabitEthernet1/0/12
description Client Port
switchport access vlan 10
switchport mode access
interface GigabitEthernet1/0/1
description DHCP SERVER
switchport mode trunk
c9300#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 1-4094
Port Vlans allowed and active in management domain
Gi1/0/1 1,10
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1,10
- 交換機必須在正確的VLAN中獲知客戶端的mac地址。
c9300-01#show mac address interface gi1/0/12
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 7018.a7e8.4f46 DYNAMIC Gi1/0/12
步驟 3.確保交換機在客戶端埠上接收DHCP發現資料包。
- 您可以使用嵌入式資料包捕獲(EPC)工具。
- 要僅過濾DHCP資料包,請配置ACL。
c9300(config)#ip access-list extended DHCP
c9300(config-ext-nacl)#permit udp any any eq 68
c9300(config-ext-nacl)#permit udp any any eq 67
c9300(config-ext-nacl)#end
c9300#show access-lists DHCP
Extended IP access list DHCP
10 permit udp any any eq bootpc
20 permit udp any any eq bootps
c9300#monitor capture cap interface GigabitEthernet1/0/12 in access-list DHCP
c9300#monitor capture cap start
Started capture point : cap
c9300#monitor capture cap stop
Capture statistics collected at software:
Capture duration - 66 seconds
Packets received - 5
Packets dropped - 0
Packets oversized - 0
Bytes dropped in asic - 0
Stopped capture point : cap
c9300#show monitor capture cap buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x9358003
2 3.653608 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x935800
注意:在正常情況下,如果您在客戶端埠上雙向採用EPC,則可以看到已完成DORA進程。
步驟 4.確保交換機正在轉發DHCP發現。
c9300#monitor capture cap interface GigabitEthernet1/0/1 out access-list DHCP
c9300#show monitor capture cap buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x4bf2a30e
2 0.020893 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xe4331741
提示:要確認在捕獲中收集的DHCP發現屬於正在故障排除的客戶端,可以使用display-filter選項將過濾器dhcp.hw.mac_addr應用到EPC。
此時,我們已經確認交換機正在轉發DHCP資料包,故障排除可以轉移到DHCP伺服器。
配置為中繼代理的交換機
當客戶端和DHCP伺服器不屬於同一廣播域時,使用中繼代理。
當交換器設定為中繼代理時,會在交換器中修改DHCP封包,對於從使用者端傳送的封包,交換器會將自己的資訊(IP位址和mac位址)新增到封包中,並將其傳送到前往DHCP伺服器的下一個躍點。從DHCP伺服器收到的資料包將指向中繼代理,然後交換機會將這些資料包轉發回客戶端。
繼續以上場景中的示例,我們看到連線到VLAN 10介面Gigabitethernet1/0/12的客戶端無法通過DHCP獲取IP地址,現在C9000交換機是VLAN 10的預設網關,並被配置為中繼代理,DHCP伺服器連線到VLAN 20上的介面Gigabitethernet1/0/1。
連線到配置為中繼代理的第3層交換機的客戶端。
步驟 1.確認交換機正在接收DHCP發現。
- 在面向客戶端的介面上運行資料包捕獲。請參閱上一情境中的步驟3。
步驟 2.檢查IP幫助程式配置。
show run all | in dhcp
service dhcp
- VLAN 10 SVI下的IP helper命令。
interface vlan10
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.20.1
步驟 3.檢查與DHCP伺服器的連線。
- 交換機必須具有從客戶端VLAN到DHCP伺服器的單播連線。您可以使用ping進行測試。
c9300-01#ping 192.168.20.1 source vlan 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
步驟 4.確認交換機正在將DHCP資料包轉發到下一跳。
- 您可以運行debug ip dhcp server packet detail。
*Feb 2 23:14:20.435: DHCPD: tableid for 192.168.10.1 on Vlan10 is 0
*Feb 2 23:14:20.435: DHCPD: client's VPN is .
*Feb 2 23:14:20.435: DHCPD: No option 125
*Feb 2 23:14:20.435: DHCPD: No option 124
*Feb 2 23:14:20.435: DHCPD: Option 125 not present in the msg.
*Feb 2 23:14:20.435: DHCPD: using received relay info.
*Feb 2 23:14:20.435: DHCPD: Looking up binding using address 192.168.10.1
*Feb 2 23:14:20.435: DHCPD: setting giaddr to 192.168.10.1.
*Feb 2 23:14:20.435: DHCPD: BOOTREQUEST from 0170.18a7.e84f.46 forwarded to 192.168.20.1.
monitor capture cap control-plane both access-list DHCP
monitor capture cap [start | stop]
Monitor session 1 source interface Gi1/0/1 tx
Monitor session 1 destination interface [interface ID] encapsulation replicate
交換機配置為DHCP伺服器
在此場景中,交換機在本地配置了DHCP作用域。
步驟 1.檢查基本配置。
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
show run all | in dhcp
service dhcp
ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ip dhcp excluded-address 192.168.10.1
注意:如果交換機配置為DHCP伺服器或中繼代理,則必須啟用服務DHCP。
步驟 2.驗證交換機是否租用IP地址。
- 您可以使用debug ip dhcp server packet detail。
示例1:客戶端直接連線到配置為VLAN 10上的DHCP伺服器的Catalyst 9000交換機。
連線到配置為DHCP伺服器的第3層交換機的客戶端。
Feb 16 19:03:33.828: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 on interface Vlan10.DHCPD: Setting only requested parameters
*Feb 16 19:03:33.828: DHCPD: Option 125 not present in the msg.
*Feb 16 19:03:33.828: DHCPD: egress Interfce Vlan10
*Feb 16 19:03:33.828: DHCPD: broadcasting BOOTREPLY to client 9c54.16b7.7d64.
*Feb 16 19:03:33.828: Option 82 not present
*Feb 16 19:03:33.828: DHCPD: tableid for 192.168.10.1 on Vlan10 is 0
*Feb 16 19:03:33.828: DHCPD: client's VPN is .
*Feb 16 19:03:33.828: DHCPD: No option 125
*Feb 16 19:03:33.828: DHCPD: Option 124: Vendor Class Information
*Feb 16 19:03:33.828: DHCPD: Enterprise ID: 9
*Feb 16 19:03:33.829: DHCPD: Vendor-class-data-len: 10
*Feb 16 19:03:33.829: DHCPD: Data: 4339333030582D313259
*Feb 16 19:03:33.829: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 on interface Vlan10
*Feb 16 19:03:33.829: DHCPD: Client is Selecting (DHCP Request with Requested IP = 192.168.10.2, Server ID = 192.168.10.1)
*Feb 16 19:03:33.829: DHCPD: Option 125 not present in the msg.
*Feb 16 19:03:33.829: DHCPD: No default domain to append - abort updateDHCPD: Setting only requested parameters
*Feb 16 19:03:33.829: DHCPD: Option 125 not present in the msg.
*Feb 16 19:03:33.829: DHCPD: egress Interfce Vlan10
*Feb 16 19:03:33.829: DHCPD: broadcasting BOOTREPLY to client 9c54.16b7.7d64
示例2:客戶端未直接連線到配置為DHCP伺服器的Catalyst 9000交換機。
在此案例中,使用者端連線到設定為預設閘道和中繼代理的L3交換器,而DHCP伺服器則託管在VLAN 20上的相鄰Catalyst 9000交換器上。
未直接連線到第3層交換機的客戶端使用DHCP伺服器。
*Feb 16 19:56:35.783: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 through relay 192.168.10.1.
*Feb 16 19:56:35.783: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.783: Option 82 not present
*Feb 16 19:56:35.783: Option 82 not present
*Feb 16 19:56:35.783: DHCPD: Option 125 not present in the msg.DHCPD: Setting only requested parameters
*Feb 16 19:56:35.783: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.783: DHCPD: egress Interfce Vlan20
*Feb 16 19:56:35.783: DHCPD: unicasting BOOTREPLY for client 9c54.16b7.7d64 to relay 192.168.10.1.
*Feb 16 19:56:35.785: Option 82 not present
*Feb 16 19:56:35.785: DHCPD: tableid for 192.168.20.1 on Vlan20 is 0
*Feb 16 19:56:35.785: DHCPD: client's VPN is .
*Feb 16 19:56:35.785: DHCPD: No option 125
*Feb 16 19:56:35.785: DHCPD: Option 124: Vendor Class Information
*Feb 16 19:56:35.785: DHCPD: Enterprise ID: 9
*Feb 16 19:56:35.785: DHCPD: Vendor-class-data-len: 10
*Feb 16 19:56:35.785: DHCPD: Data: 4339333030582D313259
*Feb 16 19:56:35.785: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 on interface Vlan20
*Feb 16 19:56:35.785: DHCPD: Client is Selecting (DHCP Request with Requested IP = 192.168.10.2, Server ID = 192.168.20.1)
*Feb 16 19:56:35.785: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.785: DHCPD: No default domain to append - abort updateDHCPD: Setting only requested parameters
*Feb 16 19:56:35.785: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.785: DHCPD: egress Interfce Vlan20
*Feb 16 19:56:35.785: DHCPD: unicasting BOOTREPLY for client 9c54.16b7.7d64 to relay 192.168.10.1.
注意:如果交換機配置為同一VLAN的DHCP伺服器和中繼代理,則DHCP伺服器優先。
相關資訊