Courseiva
Exam ScenariosCCNA 200-301

DHCP Relay Agent ip helper-address Placement on Exam

Presenting Symptom

Clients on a remote VLAN are unable to obtain an IP address from the DHCP server located on a different subnet.

Network Context

A small branch office with a Layer 3 switch (Cisco Catalyst 3560 running IOS 15.0) acting as the default gateway for multiple VLANs. The DHCP server is located in the data center on VLAN 100 (10.10.100.0/24). Clients in VLAN 200 (192.168.200.0/24) cannot get IP addresses. The network engineer has configured 'ip helper-address 10.10.100.5' on the VLAN 200 SVI, but the issue persists.

Diagnostic Steps

1

Verify DHCP client activity on the VLAN

show ip dhcp binding
No entries or only entries for other VLANs.

If no bindings for VLAN 200, the DHCP server is not receiving or responding to requests from that subnet.

2

Check DHCP relay configuration on the VLAN interface

show running-config interface vlan 200
interface Vlan200
 ip address 192.168.200.1 255.255.255.0
 ip helper-address 10.10.100.5

Verify the helper-address is present. If missing, DHCP relay is not configured.

3

Verify IP routing and reachability to DHCP server

ping 10.10.100.5 source 192.168.200.1
!!!!! (successful ping)

If ping fails, there is a routing issue between the Layer 3 switch and the DHCP server. Check routing table and ACLs.

4

Check if DHCP snooping is blocking relayed packets

show ip dhcp snooping
Switch DHCP snooping is enabled
 DHCP snooping is configured on following VLANs:
 100,200
 Insertion of option 82 is enabled
 Interface                 Trusted         Rate limit (pps)
 -----------------------   -------         ----------------
 GigabitEthernet0/1        yes             unlimited
 GigabitEthernet0/2        no              10

If DHCP snooping is enabled and the interface connecting to the DHCP server is not trusted, DHCP replies may be dropped. Ensure the uplink port to the DHCP server is trusted.

Root Cause

The 'ip helper-address' command was configured on the wrong interface. It was placed on the VLAN 200 SVI (the client VLAN) instead of the interface facing the DHCP server. The helper-address should be on the interface that receives the client broadcast and needs to forward it to the DHCP server. In this topology, the correct placement is on the VLAN 200 SVI, but the engineer mistakenly placed it on the VLAN 100 SVI, which does not receive client broadcasts.

Resolution

Remove the helper-address from the wrong interface and apply it to the correct SVI: Switch(config)# interface vlan 100 Switch(config-if)# no ip helper-address 10.10.100.5 Switch(config-if)# exit Switch(config)# interface vlan 200 Switch(config-if)# ip helper-address 10.10.100.5 Switch(config-if)# end This ensures that DHCP broadcasts from VLAN 200 are relayed as unicasts to the DHCP server at 10.10.100.5.

Verification

After applying the fix, verify DHCP bindings: show ip dhcp binding Expected output includes entries for VLAN 200 clients: Bindings from all matching pools: IP address Client-ID/ Lease expiration Type Hardware address 192.168.200.10 0100.1a2b.3c4d.5e Mar 01 2025 12:00 PM Automatic Also verify that clients can obtain an IP address by checking the DHCP server logs or using a test client.

Prevention

1. Always place the 'ip helper-address' on the interface that receives the client broadcast (the client VLAN SVI or access interface). 2. Use a consistent naming convention and document the DHCP relay configuration. 3. Verify DHCP relay functionality by checking 'show ip dhcp relay' statistics after configuration.

CCNA Exam Relevance

On the CCNA 200-301 exam, DHCP relay configuration is tested in troubleshooting scenarios. Candidates may be asked to identify why clients cannot obtain IP addresses across subnets. The exam often presents a topology with multiple VLANs and expects the candidate to know that 'ip helper-address' must be applied on the interface of the client VLAN. Questions may be in the form of drag-and-drop (placing commands on the correct interface) or multiple choice (selecting the correct interface for the helper-address).

Exam Tips

1.

Remember: The 'ip helper-address' command is configured on the interface that receives the DHCP broadcast (client VLAN), not the server VLAN.

2.

The command 'show ip dhcp relay' can be used to verify relay statistics on some IOS versions.

3.

If DHCP snooping is enabled, ensure the port facing the DHCP server is trusted; otherwise, relayed packets may be dropped.

Commands Used in This Scenario

ping [ip]

The ping command sends ICMP echo requests to a destination IP address to test network connectivity and measure round-trip time.

show ip dhcp binding

Displays the current DHCP binding table, showing which IP addresses have been leased to clients, along with their MAC addresses, lease expiration, and type of binding.

show running-config

Displays the current active configuration in DRAM, showing all non-default settings.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions