简介
本文档介绍如何对Catalyst 9000交换机上的DHCP进行故障排除。
先决条件
要求
Cisco 建议您了解以下主题:
- Catalyst 9000系列交换机架构。
- 动态主机配置协议(DHCP)。
使用的组件
本文档中的信息基于以下软件和硬件版本:
- C9200
- C9300
- C9500
- C9400
- C9600
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
相关产品
本文档也可用于以下硬件和软件版本:
- 采用Cisco IOS® XE 16.x的Catalyst 3650/3850系列交换机
故障排除
当您排除DHCP故障时,必须确认一些重要信息,以便找出问题的根源。绘制从源到目的地的网络拓扑并确定设备及其角色非常重要。
根据这些角色,可以采取一些操作来开始故障排除。
配置为第2层网桥的交换机
在此场景中,交换机无需任何修改即可接收和转发DHCP数据包。
步骤1:确认数据包的路径。
- 确定连接DHCP服务器的客户端和下一跳设备的接口。
- 确定受影响的VLAN。
示例:请考虑以下拓扑,其中连接到C9300交换机VLAN 10中接口Gigabitethernet1/0/12的客户端无法通过DHCP获取IP地址。DHCP服务器也连接到VLAN 10上的接口Gigabitethernet1/0/1。
连接到第2层交换机的客户端。
提示:如果问题影响多个设备和VLAN,请选择一个客户端执行故障排除。
第二步:检查第2层路径
c9300#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7
Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/24
10 users active Gi1/0/12
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
interface GigabitEthernet1/0/12
description Client Port
switchport access vlan 10
switchport mode access
interface GigabitEthernet1/0/1
description DHCP SERVER
switchport mode trunk
c9300#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 1-4094
Port Vlans allowed and active in management domain
Gi1/0/1 1,10
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1,10
- 交换机必须在正确的VLAN中获知客户端的mac地址。
c9300-01#show mac address interface gi1/0/12
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 7018.a7e8.4f46 DYNAMIC Gi1/0/12
第三步:确保交换机在客户端端口上接收DHCP发现数据包。
- 您可以使用嵌入式数据包捕获(EPC)工具。
- 要仅过滤DHCP数据包,请配置ACL。
c9300(config)#ip access-list extended DHCP
c9300(config-ext-nacl)#permit udp any any eq 68
c9300(config-ext-nacl)#permit udp any any eq 67
c9300(config-ext-nacl)#end
c9300#show access-lists DHCP
Extended IP access list DHCP
10 permit udp any any eq bootpc
20 permit udp any any eq bootps
c9300#monitor capture cap interface GigabitEthernet1/0/12 in access-list DHCP
c9300#monitor capture cap start
Started capture point : cap
c9300#monitor capture cap stop
Capture statistics collected at software:
Capture duration - 66 seconds
Packets received - 5
Packets dropped - 0
Packets oversized - 0
Bytes dropped in asic - 0
Stopped capture point : cap
c9300#show monitor capture cap buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x9358003
2 3.653608 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x935800
注意:在正常情况下,如果在客户端端口上采用双向的EPC,则可以看到已完成DORA进程。
第四步:确保交换机转发DHCP发现。
c9300#monitor capture cap interface GigabitEthernet1/0/1 out access-list DHCP
c9300#show monitor capture cap buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x4bf2a30e
2 0.020893 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xe4331741
提示:要确认在捕获中收集的DHCP发现属于要进行故障排除的客户端,可以使用display-filter选项将过滤器dhcp.hw.mac_addr应用到EPC。
此时,我们已确认交换机正在转发DHCP数据包,而且故障排除可以转移到DHCP服务器。
配置为中继代理的交换机
当客户端和DHCP服务器不属于同一广播域时,使用中继代理。
当交换机配置为中继代理时,交换机中会修改DHCP数据包,对于从客户端发送的数据包,交换机会向数据包添加自己的信息(IP地址和mac地址),并将其发送到通往DHCP服务器的下一跳。从DHCP服务器接收的数据包将指向中继代理,然后交换机将这些数据包转发回客户端。
继续上述场景中的示例,我们有一个连接到VLAN 10上的接口Gigabitethernet1/0/12的客户端无法通过DHCP获取IP地址,现在C9000交换机是VLAN 10的默认网关并配置为中继代理,DHCP服务器连接到VLAN 20上的接口Gigabitethernet1/0/1。
连接到配置为中继代理的第3层交换机的客户端。
步骤1:确认交换机正在接收DHCP发现。
- 在面向客户端的接口上运行数据包捕获。请参阅上一个场景中的步骤3。
第二步:检查IP帮助程序配置。
show run all | in dhcp
service dhcp
- VLAN 10 SVI下的IP helper命令。
interface vlan10
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.20.1
第三步:检查与DHCP服务器的连接。
- 交换机必须具有从客户端VLAN到DHCP服务器的单播连接。您可以使用ping进行测试。
c9300-01#ping 192.168.20.1 source vlan 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
第四步:确认交换机正在将DHCP数据包转发到下一跳。
- 您可以运行debug ip dhcp server packet detail。
*Feb 2 23:14:20.435: DHCPD: tableid for 192.168.10.1 on Vlan10 is 0
*Feb 2 23:14:20.435: DHCPD: client's VPN is .
*Feb 2 23:14:20.435: DHCPD: No option 125
*Feb 2 23:14:20.435: DHCPD: No option 124
*Feb 2 23:14:20.435: DHCPD: Option 125 not present in the msg.
*Feb 2 23:14:20.435: DHCPD: using received relay info.
*Feb 2 23:14:20.435: DHCPD: Looking up binding using address 192.168.10.1
*Feb 2 23:14:20.435: DHCPD: setting giaddr to 192.168.10.1.
*Feb 2 23:14:20.435: DHCPD: BOOTREQUEST from 0170.18a7.e84f.46 forwarded to 192.168.20.1.
monitor capture cap control-plane both access-list DHCP
monitor capture cap [start | stop]
Monitor session 1 source interface Gi1/0/1 tx
Monitor session 1 destination interface [interface ID] encapsulation replicate
配置为DHCP服务器的交换机
在此场景中,交换机在本地配置了DHCP作用域。
步骤1:检查基本配置。
- 必须创建地址池,并配置网络、子网掩码和默认路由器。
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
show run all | in dhcp
service dhcp
ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ip dhcp excluded-address 192.168.10.1
注意:如果交换机配置为DHCP服务器或中继代理,则必须启用服务DHCP。
第二步:检验交换机是否正在租用IP地址。
- 您可以使用debug ip dhcp server packet detail。
示例1:客户端直接连接到VLAN 10上配置为DHCP服务器的Catalyst 9000交换机。
连接到配置为DHCP服务器的第3层交换机的客户端。
Feb 16 19:03:33.828: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 on interface Vlan10.DHCPD: Setting only requested parameters
*Feb 16 19:03:33.828: DHCPD: Option 125 not present in the msg.
*Feb 16 19:03:33.828: DHCPD: egress Interfce Vlan10
*Feb 16 19:03:33.828: DHCPD: broadcasting BOOTREPLY to client 9c54.16b7.7d64.
*Feb 16 19:03:33.828: Option 82 not present
*Feb 16 19:03:33.828: DHCPD: tableid for 192.168.10.1 on Vlan10 is 0
*Feb 16 19:03:33.828: DHCPD: client's VPN is .
*Feb 16 19:03:33.828: DHCPD: No option 125
*Feb 16 19:03:33.828: DHCPD: Option 124: Vendor Class Information
*Feb 16 19:03:33.828: DHCPD: Enterprise ID: 9
*Feb 16 19:03:33.829: DHCPD: Vendor-class-data-len: 10
*Feb 16 19:03:33.829: DHCPD: Data: 4339333030582D313259
*Feb 16 19:03:33.829: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 on interface Vlan10
*Feb 16 19:03:33.829: DHCPD: Client is Selecting (DHCP Request with Requested IP = 192.168.10.2, Server ID = 192.168.10.1)
*Feb 16 19:03:33.829: DHCPD: Option 125 not present in the msg.
*Feb 16 19:03:33.829: DHCPD: No default domain to append - abort updateDHCPD: Setting only requested parameters
*Feb 16 19:03:33.829: DHCPD: Option 125 not present in the msg.
*Feb 16 19:03:33.829: DHCPD: egress Interfce Vlan10
*Feb 16 19:03:33.829: DHCPD: broadcasting BOOTREPLY to client 9c54.16b7.7d64
示例2:客户端未直接连接到配置为DHCP服务器的Catalyst 9000交换机。
在此场景中,客户端连接到一台设置为默认网关和中继代理的L3交换机,并且DHCP服务器托管在VLAN 20上的相邻Catalyst 9000交换机上。
不直接连接到第3层交换机的客户端充当DHCP服务器。
*Feb 16 19:56:35.783: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 through relay 192.168.10.1.
*Feb 16 19:56:35.783: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.783: Option 82 not present
*Feb 16 19:56:35.783: Option 82 not present
*Feb 16 19:56:35.783: DHCPD: Option 125 not present in the msg.DHCPD: Setting only requested parameters
*Feb 16 19:56:35.783: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.783: DHCPD: egress Interfce Vlan20
*Feb 16 19:56:35.783: DHCPD: unicasting BOOTREPLY for client 9c54.16b7.7d64 to relay 192.168.10.1.
*Feb 16 19:56:35.785: Option 82 not present
*Feb 16 19:56:35.785: DHCPD: tableid for 192.168.20.1 on Vlan20 is 0
*Feb 16 19:56:35.785: DHCPD: client's VPN is .
*Feb 16 19:56:35.785: DHCPD: No option 125
*Feb 16 19:56:35.785: DHCPD: Option 124: Vendor Class Information
*Feb 16 19:56:35.785: DHCPD: Enterprise ID: 9
*Feb 16 19:56:35.785: DHCPD: Vendor-class-data-len: 10
*Feb 16 19:56:35.785: DHCPD: Data: 4339333030582D313259
*Feb 16 19:56:35.785: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d39.6335.342e.3136.6237.2e37.6436.342d.5477.6531.2f30.2f31 on interface Vlan20
*Feb 16 19:56:35.785: DHCPD: Client is Selecting (DHCP Request with Requested IP = 192.168.10.2, Server ID = 192.168.20.1)
*Feb 16 19:56:35.785: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.785: DHCPD: No default domain to append - abort updateDHCPD: Setting only requested parameters
*Feb 16 19:56:35.785: DHCPD: Option 125 not present in the msg.
*Feb 16 19:56:35.785: DHCPD: egress Interfce Vlan20
*Feb 16 19:56:35.785: DHCPD: unicasting BOOTREPLY for client 9c54.16b7.7d64 to relay 192.168.10.1.
注意:如果将交换机配置为同一VLAN的DHCP服务器和中继代理,则DHCP服务器优先。
相关信息