DHCP Niggle


T Goddard

Hi Everyone

At work our branch offices (,,
and are connected to the central office ( as

Remote subnet <--> Router <--> VPN <--> Router <--> Local subnet

On the local subnet there is a Windows 2000 server running DHCP which is
working fine for local machines.

Each of the remote routers has a built in DHCP relay agent which has the IP
relay address (aka helper address according to the manual) pointing to the
2000 DHCP server. However DHCP doesn't work on any of the remote segments
and I guess I must be doing something wrong.

So far I have...

- Set up a scope for each of the above subnets, with the router scope option
set for the appropriate remote router's IP address
- Set up the DHCP relay facility of each remote router (as mentioned above)
- Set up subnets in the management console

I'd appreciate any help you can offer on this one.

Many thanks


Oli Restorick

So, your router is RFC1452 compliant and using a feature called Bootp relay,
relay agent, IP Helper or DHCP Relay.

What you have described is how I believe it should be set up. I've just
configured something similar using a layer 3 switch with VPNs and a routing
module. You have two routers where I have one, but that shouldn't make a

The important place to have the relay agent running in on the router
attached to the remote end. The reason DHCP doesn't just "work" is that the
DHCP packet is sent from the workstation as a broadcast and one of the
functions of a router is to block broadcasts. Once the router with the
relay agent running hears a DHCP request, it forwards the packet on as a
unicast (i.e. not broadcast) wherever you have defined. That way, it can
cross any other routers is encounters.

The relay agent also modifies an address field in the packet from
(which is what the workstation sets it to) to the address of the router
itself. That way, the DHCP server knows which subnet the workstation is on
and knows which scope to allocate addresses from.

I would be inclined to turn off the boot relay on the router(s) nearest the
local subnet and see if that makes a difference. I don't think it should,
but it's worth a try.

I wonder if the LAN-side router has some sort of port blocking that's
preventing the DHCP requests from getting to the DHCP server.




You sure that your routing tables are OK?
I mean - everything else wokrs fine - ping, DNS resolution?

Try this - disable the relay agent on the router interface
and setup one on Win2k server and see if it works.

Larry Brasher


If local clients are getting IP addresses and remote ones are not, then
most likely its the routing device.
I am not familiar with the switch/router in use but some devices have not
only the ability to perform DHCP relaying but also DHCP capabilities that
can allocate IP addresses for any clients broadcasting for one. I would
first check on this.

I would suggest the following:

1.)Some switches have the ability (spanning tree protocol) to check for
looping conditions that may hamper DHCP requests. Do you have this enabled.
If so, I would check to see if you really need this. It should only be used
for cascading switches.

2.)I would also check each specific router to ensure that ports TCP/UDP 67
and TCP/UDP 68 are not blocked.

3.)I would then setup Netmon on the DHCP server to see if any DHCPDISCOVER
packets are ever getting to the server. Compare that to the DHCP log found
in WINNT\system32\dhcp to see if there are any descrepencies.

Shane Brasher
MCSE (2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question