DHCP-discover with HSRP

Hello

I have a general question about DHCP and HSRP.

I configured two redundant CISCO routers with (active) address IP 10.0.0.2 and 10.0.0.3 (standby).

Their virtual HSRP address is 10.0.0.1.

When my clients send DHCP package to the DHCP server on the routers, they send a DHCP-discover 10.0.0.2 and 10.0.0.3 discovery but not 10.0.0.1.

What is the right way or shouldn´t that the package go to the HSRP address?

Thanks for your help.

Hello

DHCP detects are usually broadcast, not targeted on a specific IP address?

If clients attempt to renew and do not get a response from something they are unicast to, they'll do a DHCP Discover broadcast and get picked up by what on the local subnet that is interested in their service... so it shouldn't matter.

Aaron

Tags: Cisco Network

Similar Questions

  • Cisco IOS IPSec failover | Route based VPN with HSRP

    I can find the redundancy of vpn IPSec using policy based VPN with HSRP.

    Any document which ensures redundancy of the road-base-vpn with HSRP?

    OK, I now understand the question. Sorry, I have no documents for this task.

    I can see in the crypto ipsec profile that you will use under the Tunnel interface configuration to enable the protection, you can configure the redundancy:

    cisco(config)#crypto ipsec profile VTIcisco(ipsec-profile)#?Crypto Map configuration commands: default Set a command to its defaults description Description of the crypto map statement policy dialer Dialer related commands exit Exit from crypto map configuration mode no Negate a command or set its defaults redundancy Configure HA for this ipsec profile responder-only Do not initiate SAs from this device set Set values for encryption/decryption
    cisco(ipsec-profile)#redundancy ? WORD Redundancy group name
    cisco(ipsec-profile)#redundancy MRT ? stateful enable stateful failover
    I suggest that it is the same as redundancy card crypto. But no documentation or examples found...

  • Problems with HSRP output

    Hello dear!

    I have the following topology:

    Cisco 3845 gi0/0 - switch Foundry - fa0/0 Cisco 7206VXR

    CISCO 3845 *.

    interface GigabitEthernet0/0
    IP 192.168.80.90 255.255.255.128
    no ip proxy-arp
    IP accounting output-packets
    full duplex
    Speed 100
    media type rj45
    standby 2 ip 192.168.80.89
    standby priority 2 130
    LAN service-policy input

    CISCO 7206 *.

    interface FastEthernet0/0
    IP 192.168.80.91 255.255.255.128
    no ip proxy-arp
    Summary-address eigrp 100 IP 172.31.255.0 255.255.255.0 5
    full duplex
    Speed 100
    No cdp enable
    standby 2 ip 192.168.80.89
    standby priority 2 150
    2 standby preempt delay minimum 60
    standby 2 track Serial6/0 80
    LAN service-policy input

    This devices run HSRP, but I been out following diagnosis in two routers using 'show Eve '.

    See the day before

    Cisco 3845 *.

    FastEthernet0/0 - group 2
    The State is active
    2 state changes, last state change 5w6d
    Virtual IP address is 192.168.80.89
    Active virtual MAC address is 0000.0c07.ac02
    Local virtual MAC address is 0000.0c07.ac02 (the default value of the v1)
    Hello time 3 sec, hold time 10 sec
    Next Hello sent to 1.488 seconds
    Enabled, preemption delay dry 60 min
    Active router is local
    Standby router is unknown?
    Priority 150 (150 configured)
    Follow the State of Serial6/0 interface Up decrement 80
    The name of IP redundancy is 'hsrp-Fa0/0-2' (default)

    See the day before

    Cisco 7206VXR *.

    GigabitEthernet0/0 - group 2
    The State is Init (interface to the bottom)
    Virtual IP address is 192.168.80.89
    Active virtual MAC address is unknown
    Local virtual MAC address is 0000.0c07.ac02 (the default value of the v1)
    Hello time 3 sec, hold time 10 sec
    Pre-emption turned off
    Active router is unknown?
    Standby router is unknown?
    Priority 130 (130 configured)
    The group name is "hsrp-Gi0/0-2" (default)

    I can ping to both devices using the virtual ip address.
    The work around to solve the lines ' active router is unknown and standby router is unknown "are remove the hsrp configuration in the watch system, after the issue is resolved, but came on after a few days.
    The problem is that I have not access to the Foundry switch but I think that HSRP configuration have no problem, even in the buffer, I did not see any problem with HSRP.

    Someone have similar problem or any idea?

    Thank you more

    Hello

    I would try

    (a) using HSRP worm 2 (see http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_hsrp_ps6922_TSD_Products_Configuration_Guide_Chapter.html#wp1102891 )

    (b) looks a little stange me have first refusal configured on a router only.

    (c) there could be some problems with your multicasts to send/receive of Foundry switch used by HSRP?

    HTH,

    Milan

  • How can we solve problem of DHCP server with event ID 1041

    . Currently, there is a NETWORK adapter with a static IP address, but we can link into it on the DHCP server. What seems to be the problem and how we can solve this problem. We are using Windows Server 2003

    Hello

    Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. Please post your question in the Windows Server 2003 forum.

    http://social.technet.Microsoft.com/forums/en-us/1355/threads

  • 7048 routing/DHCP relay with 5548

    Hello

    I have a problem with the 5548 do not relay the query DHCP for PXE (SCCM), 5548 is connected to 7048 (trunk). We shop Cisco, this is the first time that I am using DELL. Any help is appreciated.

    --------7048--------

!Current Configuration:!System Description "PowerConnect 7048, 4.2.2.3, VxWorks 6.6"!System Software Version 4.2.2.3!System Operational Mode "Normal"!configuregvrp enablevlan databasevlan 2,10-11,21,50-52,156vlan routing 1 1vlan routing 10 2vlan routing 21 3vlan routing 50 4vlan routing 51 5vlan routing 52 6vlan routing 156 7vlan routing 2 8vlan routing 11 9vlan association subnet 10.112.0.0 255.255.252.0 10vlan association subnet 10.112.4.0 255.255.255.0 11vlan association subnet 10.116.4.0 255.255.252.0 21slot 1/0 5    ! PowerConnect 7048slot 1/1 11   ! SFP+ Cardslot 1/2 9    ! CX4 Cardslot 2/0 6    ! PowerConnect 7048Pslot 2/1 11   ! SFP+ Cardslot 2/2 9    ! CX4 Cardstackmember 1 5    ! PCT7048member 2 6    ! PCT7048Pip routingip route 0.0.0.0 0.0.0.0 192.168.1.58ip route 10.0.0.0 255.0.0.0 192.168.1.58interface vlan 1exitinterface vlan 2ip address 192.168.1.57 255.255.255.252ip local-proxy-arpno ip redirectsexitinterface vlan 10ip address 10.112.0.1 255.255.252.0no ip redirectsexitinterface vlan 11ip address 10.112.4.1 255.255.255.0ip helper-address 10.112.1.50ip local-proxy-arpno ip redirectsexitinterface vlan 21ip address 10.116.4.1 255.255.252.0ip helper-address 10.112.1.50ip helper-address 10.112.1.51exitinterface Te1/1/2description 'F2_NTR_4'gvrp enablespanning-tree portfastswitchport mode trunkdot1x port-control force-authorizedexit

------5548------

vlan databasevlan 10-11,21exit

gvrp enable

ip dhcp relay enable

stack master unit 1!interface vlan 1 ip address dhcp!interface vlan 10 ip address 10.112.0.4 255.255.252.0 ip dhcp relay enable ip proxy-arp

interface gigabitethernet1/0/18 spanning-tree portfast switchport access vlan 21

ip route 0.0.0.0 0.0.0.0 10.112.0.1

interface tengigabitethernet1/0/1 description F2_NTM gvrp enable spanning-tree portfast auto switchport mode trunkSW version 4.1.0.1 (date  05-Apr-2012 time  15:03:04)

Gigabit Ethernet Ports=============================no shutdownspeed 1000duplex fullnegotiationflow-control onmdix autono back-pressurespanning-treespanning-tree mode RSTP

qos basicqos trust coseee enable

    SCCM PXE server is fine, tested on Cisco gear.

    It's weird, PXE starts working when I hard code the fiber connecting switches to full-duplex, even if they show the full duplex in automatic. Thanks for your help.

  • DHCP fails with two subnets and RV325 and SG300 - 28 p

    DHCP fails to issue addresses in double subnet environment.  Please see attached.

    Hello

    Mr. Ezzell, after reviewing all the screenshots and have a look at your configuration and you are not able to change the arrangement for VIRTUAL LANs, you can try this:

    As a work-around to use the router as DHCP VLAN 2 server, you can enable the DHCP server on the router for the VLAN 1, leave 2 IP addresses available, lets say 192.168.1.253 to 192.168.1.254 then go to static DHCP under network and the local network and hire two false addresses to these two IP addresses, so they will not be assigned to all devices. This way you will always be able to use your DHCP server without having to disable the DHCP server on the router

    Thank you for pointing out the firmware version very low on your switch, you actually run the firmware that came out of the unit.

    Here is a link to the firmware download page:

    https://software.Cisco.com/download/release.html?mdfid=283019669&flowid=...

    Please upgrade to the following firmware versions:

    1.2.9.44
    1.3.0.62
    1.3.5.58
    1.4.0.88

    Keep in mind that on the 1.3.5.58 version, you must also upgrade the bootcode using TFTP software.

    Once you are done with the upgrade of the connection check and see if it works.

  • How to configure the FWSM with HSRP support

    Hi all

    We have 2 * 6500 Series switches with each FWSM core installed.

    There are some users of VLANs (each floor) and a lot of servers inside that belong to some other VLANs.

    Basic switches have been configured with redundancy HSRP (active/passive).

    Today, I am picky with FWSM routed mode configuration.

    There is no problem with the default configuration and testing,

    I mean assigning VLANS to FWSM and delete addresses IP of MSFC.

    But unfortunately whenever I have such a configuration, do I lose naturally redundancy between switches.

    In our situation HSRP is a must.

    Is it possible to fix this design in routed mode, with support HSRP. ?

    Thank you

    Erdem.

    Hi Erdem,

    (correct me if I'm wrong, Jon) - If you remove all the Lass you must route all traffic of course the FWSM.

    What we did was to create a transfer network (VLAN) with a SVI and FWSM inside external interface. Now, the default gateway on the FWSM is on the IP address of the SVI. So most of the range is configured on the switch.

    Kind regards

    Jürgen

  • DMVPN spoke with HSRP sells HUB

    I have a basic DMVPN with an IPSEC config protect profile.

    On the shelves, I use the VIP HSRP for (192.168.1.1) configuration and traffic stops treatment

    map of PNDH 10.29.32.1 IP 192.168.1.1

    If I use the real IP address of the HUB 192.168.1.2 interface, it works fine.

    I changed the mode of multipoint gre tunnel and changed to point to the real or VIP and seems not in line with the VIP HSRP.

    Is this a supported configuration, or am I missing something?

    The end result is routers DMVPN HUB running HSRP and we talked, pointing to the VIP address.

    I feel that, since then, IPSec, the communication breaks when you use the VIP

    Thank you

    Juan

    Spoke about config below

    interface Tunnel100

    Description

    bandwidth 6000

    IP 10.29.47.254 255.255.240.0

    no ip redirection

    IP 1400 MTU

    property intellectual PNDH authentication nhrpdomain

    map of PNDH IP 192.168.1.2 multicast

    map of PNDH 10.29.32.1 IP 192.168.1.2

    PNDH id network IP-100

    property intellectual PNDH holdtime 360

    property intellectual PNDH nhs 10.29.32.1

    IP tcp adjust-mss 1360

    load-interval 30

    QoS before filing

    source of tunnel GigabitEthernet0/2

    multipoint gre tunnel mode

    tunnel key 1000

    Protection ipsec DMVPN tunnel profile

    end

    Hello

    The hub does not generate the packages using the VIP.

    If the RADIUS is trying to connect to 192.168.1.1 while the hub will respond with 192.168.1.2.

    For redundancy, you can create two tunnels on the RADIUS. 1 for every router and use eigrp to decide the best option.

    You can still use hsrp to the internal network on the hubs (the network doesn't not facing rays) so the right router will be the gateway for internal routers.

  • BGP multihomed with HSRP

    Hello

    Is it possible with elegance the convergent eBGP neighbor stopped to the other CE router connection with zero drop package or power failure?

    We have 2 CES linked together using iBGP and eBGP that both connect to the different EPP but on the same you.

    CE1-> PPE1 - AS12345

    iBGP and HSRP between these

    CE2-> PPE2 - AS12345

    I tried using the command ' neighbor 10.10.10.10 stop ' but I have a blackout for a few seconds.

    Thank you

    Hello

    Latest IOSes are supported a feature called BGP soft stop that is described here:

    http://www.Cisco.com/c/en/us/TD/docs/iOS-XML/iOS/iproute_bgp/configuration/XE-3s/IRG-XE-3s-book/configuring_bgp_graceful_shutdown.html

    You might be interested in checking if this device can be used on your devices.

    In general, however, a phasing out of a neighbour in BGP usually is possible in making sure these routers stop to consider the routes learned from each other as usable routes before going down. This can be done in several ways in BGP - change local preference in iBGP, changing the MED or, better, the AS_PATH in eBGP, filtering the routes so marked with a specific Community (progressive shutdown of BGP relies on the use of a specific community to do it this way).

    HSRP is out of the question - its placement is to end hosts, not between routers.

    Best regards
    Peter

  • ASA5510: dhcp-pool with another address interface range

    Hi all!

    I currently installs an asa5510 for VPN access:

    I want the ASA acting as DHCP server for the remote user, now I have an external Interface with an official IP address and the remote user must obtain a private address additional 192.168.x.x for the VPN connection.

    So if I want to configure the pool of addresses on the outside interface, it is not allowed, because the pool addresses are not in the same network as the IP address of the interface.

    Y at - it no trick or tip to get something like this race?

    I have not it's very exotic?

    Thanks for your help

    Karl

    Hi Karl,

    So if I understand correctly, you have only 20 Ip addresses, in the pool and also want to provide an ip address to the DNS server for the hosts.

    This can be accomplished by:

    hostname(config)# isakmp policy 1 authentication pre-share

    hostname(config)# isakmp policy 1 encryption 3des
    hostname(config)# isakmp policy 1 hash sha
    


    hostname(config)# isakmp policy 1 group 2
    
    
    hostname(config)# isakmp policy 1 lifetime 43200
    
    
    hostname(config)# isakmp enable outside
    
    
    hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.30
    

    !the 20 ip addresses would be mentioned in the pool above!
    

    hostname(config)# username testuser password 12345678
    
    
    hostname(config)# crypto ipsec transform set FirstSet esp-3des esp-md5-hmac
    
    hostname(config)# group-policy dns-policy internal
    
    hostname(config)# group-policy dns-policy attributes
    
    hostname(config-group-policy)# dns-server
    
    hostname(config-group-policy)# exit
    
    
    hostname(config)# tunnel-group testgroup type ipsec-ra
    
    
    hostname(config)# tunnel-group testgroup general-attributes
    
    
    hostname(config-general)# address-pool testpool
    
    hostname(config-general)# default-group-policy dns-policy
    
    
    hostname(config)# tunnel-group testgroup ipsec-attributes
    
    
    hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx
    
    
    hostname(config)# crypto dynamic-map dyn1 1 set transform-set FirstSet
    
    
    hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
    
    
    hostname(config)# crypto map mymap 1 ipsec-isakmp dynamic dyn1
    
    
    hostname(config)# crypto map mymap interface outside
    

    This will give the DNS ip from the dns-policy, and a client ip from one of the 20 ip addresses in the pool.
    
    Hope this helps.
    

    -Shrikant
    

    P.S.: Please mark this question as answered, if it has been resolved. Do rate helpful posts. Thanks.
    
    
    

    		   
    •  
            
           
  •  
		     
    Network/DNS/DHCP issues with testlab - virtual network Editor is killing me!
     
			 
    Hey all - a little new with workstation and have been messing around trying to get this to work for so long, I want to just set up my lab already but can't find the catch here.
    So, here is what I tried to do:
    Have a hand of Windows Server 2008 R2 (Controller/DHCP/DNS/Active Directory domain / IIS) addresses/leases DHCP of an internal network (which means, I want some Windows 7 Ultimate customers to assign IPs to the DC and NOT of VMWare offers integrated DHCP). I want clients to be able to use only one NIC (preferably) and both authenticate to AD and connect to the Internet (so I think I'll pass on DNS to resolve external domains?). I'm having a pretty hard time trying to understand what...
    My physical network is an active router Linksys with DHCP, so them to assign an IP address to the PC that I'm looking for this laboratory-perhaps it is a problem as well and must also be configured or have my VMNet reflecting?
    I tried to use NAT, a bridge connection, etc... and even then, when I got my DC with an active internet connection, how would I configure my clients (Win7 devices) to join the network even on my domain controller is? I tried some configurations in these forums as well, but none seems to for what I'm trying (which seems very simple!). Can anyone offer some advice? I am not opposed to the fresh start. Thanks for taking a peek.
    			 
    Here is an example of configuration when all the virtual machines are configured for NAT.
    

    Virtual network Editor:
    

    DHCP disabled for NAT
    

    For an example, I assume that the NAT subnet in 192.168. 100. x. You can change this if you wish.
    

    DC:
    

    IP address: 192.168.100.10
    

    Subnet mask: 255.255.255.0
    

    Gateway: 192.168.100.2
    

    DNS server: 127.0.0.1
    

    Configuration of the DHCP server:
    

    Range: 192.168.100.150... 200
    

    Subnet: 255.255.255.0
    

    Gateway: 192.168.100.2
    

    DNS server: 192.168.100.10
    

    The DNS server configuration:
    

    DNS forwarding to: 192.168.100.2 (for other than the own domain URLS)
    

    Other servers or systems with static IP settings:
    

    IP address: 192.168.100.11... 149
    

    Subnet mask: 255.255.255.0
    

    Gateway: 192.168.100.2
    

    DNS server: 192.168.100.10
    

    Customer:
    

    Networking will be set to automatic.
    

    In this way, the domain controller will be the only DHCP and DNS server, but each virtual computer will be able to access directly to the Internet. And because the domain controller is the primary DNS, your ad cannot function properly.
    

    André
    		   
    •  
            
           
  •  
		     
    Discover with esxi 4.1
     
			 
    Someone at - he completed this upgrade yet? Are there problems of compatibility with 4.1 and discovered 4?
    			 
    Watch this topics:
    

    http://communities.VMware.com/thread/278301?TSTART=15
    

    http://communities.VMware.com/thread/278054?TSTART=15
    		   
    •  
            
           
  •  
		     
    Why the nodes are placed on web sites that I discovered with fire fox but not other browsers
     
			 
    When you view the web page with fire fox is someone changing words and inserting nodes on the site. This does not happen with chrome or explorer. When I inspect the element it is HTML not allowed more written on the site. I have remove the node (a commercial that redirects the browser), but they pop up.
    			 
    You can check the suspicious extensions or recently installed unknowns.
    


    Make a check of malware with several malware scanning of programs on the Windows computer.
    Please scan with all programs, because each program detects a different malicious program.
    All of these programs have free versions.
    

    Make sure that you update each program to get the latest version of their databases before scanning.
    


    Alternatively, you can write a check for an infection rootkit TDSSKiller.
    


    See also:
    
		   
    •  
            
           
  •  
		     
    Can DHCP server with two scopes - I have reservations in doubles in the two staves?
     
			 
    Hi all
    

    Not really a guru of DHCP, so be nice :)
    

    Currently, we run a DHCP service from one of our domain controllers (win 2008R2). The domain controller is the segment of a network (10.10.120.0/24), the computers making DHCP requests are on a separate network (10.10.103.0/22). We use our ip-helper routers setting to say the devices on the network, how to reach the DHCP server. This has worked well for years.  I should also point out it is company policy for PCs/servers have a static IP, so for the PC, we create reservations for each PC. Servers are assigned static mmanually.
    

    The question is now we have overflowed into a new building and put in a black 1 GB fiber that connects the two buildings. The network in the new building is using a different network (10.10.104.0/24) address. Implementation of a 2nd scope on the DHCP server for this address range went well and once the ip-to support additional parameter has been done on the router the PCs in the new building could fine DHCP to the domain controller in the main building. Everything is good.
    

    The question is now, we are moving PC between the two buildings, I was wondering if it is ok to keep the existing reserves for the PC in one scope and have a duplicate for her in the new scope assign the new IP address. Of course, the PC cannot be in two places at once and the DHCP console doesn't; "t seem to complain about the same MAC address used in two staves, but I don't really know whether it is advisable or not. Basically, our operations staff become a little miffed at having to remove a single scope of reservations and recreate them in the 2nd scope when the PC to move between buildings.
    

    So the questions is safe / advisable to do it or not?
    

    Kind regards
    

    Craig
    			 
    Support is located in the Windows Server Forums:
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/
    		   
    •  
            
           
  •  
		     
    client DHCP issues with 4400 WLC
     
			 
    The ACS authentication works very well.
    

    Clients cannot obtain an IP address from the DHCP server.
    

    DHCP server is configured on a dynamic interface but is on a different subnet located in a branch office. The DHCP scope is running on a switch 4500 in the branch.
    

    It is preferable to have DHCP works on internal WLC or near the WLC, rather than DHCP server at the remote location?
    

    TIA
    			 
    Generally, you don't want to have a dhcp server on a remote site, but it should also work as wired users are able to get an IP address from the remote dhcp server. Preferred, as I have said, is to have a local dhcp server, but if this does not work for you, then by configuring the wlc to bbe a dhcp server is not a bad thought either. Some, like to have more control over the dhcp.
    		   
    •  
          
 
         
 
        
 
		
 
          
Maybe you are looking for
 
          
     
           
  •  
		     
    How dop to block senders using the method in the article which adds to the red list?
     
			 
    I followed the instructions in the article block a sender but I can not enter the address of the sender in the list of created block filter. What I need to type in the field (after clicking on +) manually or if not how do I get it to the sender field
     
		   
    •  
           
  •  
		     
    Anyone know how I can stop firefox 25.0.1 to plant several times a day?
     
			 
    During the two weeks Firefox 25.0.1 started crashing randomly, especially when I try to open a page at random on the BBC Web site. When she does she loses all my open tabs and restore previous session greys out and becomes unusable. I've updated all 
     
		   
    •  
           
  •  
		     
    Update are not available with this identifier Apple - iPhoto
     
			 
    Hello I bought a MacBook Pro 13 "and for awhile, I had problems with the update of the application iPhoto. I used to have the "Update not available with this Apple ID" problem with updated Garageband and Pages too, but it somehow sorted on itself and
     
		   
    •  
           
  •  
		     
    How to sit interface with matlab 2010A and labview 2010
     
			 
    I use tools of simulation interface 5.0 with matlab 2010A and labview 2010, I want to take my cue from matlab, labview but signal transfer, I am facing a problem. I want to know is there any compatibility issue in sit 5.0 or I do something wrong?phot
     
		   
    •  
           
  •  
		     
    It will also be "TS450"?
     
			 
    A question for Lenovo guys: -given that Lenovo is supported, will there still be "TS450" (uniprocesor, E3-1200 v4)? If so, when? -If Yes, we would really like to see a return of the actual management processor - AMT is simply not the right solution f
     
		   
    •