Debugging of the router as a relay proxy

I. Network Environment

Our vswitch uses Cisco Catalyst 2948G, and the vro uses Cisco3640. Vswitches are divided into VLAN1 and vlan2. The IP address range of VLAN1 is 168.68.35.XXX, The subnet mask is 255.255.255.0, the IP address range of VLAN2 is 168.68.36.XXX, And the subnet mask is 255.255.255.0. Port 1 of the vswitch is set to the TRUNK of the virtual subnet. It is connected to the Ethernet port of Cisco3640 ~ 40 ports are divided into VLAN1, 41 ~ 48 is divided into vlan2. The client uses the Windows 95 operating system, installs the TCP/IP protocol to access VLAN1, and the server uses Windows NT + SP4 + Microsoft DHCP server, install the TCP/IP protocol in VLAN2 to connect to vlan2. The logic is as follows. The IP address of the client is automatically obtained by using the router as a relay proxy. the DHCP server allocates an IP address. The IP address of the server is 168.68.36.8, And the subnet mask is 255.255.255.0. The IP address of the vswitch is 168.68.36.9, And the subnet mask is 255.255.255.0. The vro IP address is 168.68.36.10, And the subnet mask is 255.255.255.0.

Ii. Initial vro Configuration

Cisco3640 supports sub-port settings. The sub-port establishes and maintains multiple logical connections on a single physical interface. The original vro configuration is as follows:
Interface FastEthernet1/0
Ip address 168.68.35.1 255.255.255.0
No ip directed-broadcast
Fair-queue 64 256 0
!
Interface FastEthernet1/0.1
Encapsulation dot1Q 1
Ip helper-address 168.68.36.8
No ip directed-broadcast
!
Interface FastEthernet1/0.2
Encapsulation dot1Q 2
Ip address 168.68.36.1 255.255.255.0
No ip directed-broadcast
Router VPN 100
Passive-interface Serial0/0
Network 168.0.0.0
No auto-summary
3. Problems found: the client cannot obtain the IP address

After the hardware is connected, when the client uses the Winipcfg command of Win95 to obtain the IP address, the problem occurs: the client cannot obtain the IP address. From the perspective of hardware connection, the problem may be in four aspects: Nic, network cable, switch, and router. By manually setting the IP address on the client, you can ping the server, vswitch, and vro. This indicates that the NIC, network cable, vswitch, and vro are working properly. What is the problem? Is it because the router configuration statement is incorrect? After reading the configuration statement of the random document, there is no problem. To narrow down the problem, I connected the client to VLAN2. Then the client can obtain the IP address, and then connect the client to VLAN1 without obtaining the IP address. It seems that the VLAN is in disorder.
We know that the client needs to go through four steps to obtain the IP address for the first time. Each step of information transmission is sent by broadcast. Any step in VLAN transmission is blocked, so the client cannot obtain the IP address. How can I view the broadcast packet transmitted in the switch? In TCP/IP, the transmission protocol is divided into TCP and UDP. TCP is a connection-oriented protocol, and UDP is a non-connection-oriented protocol. According to the analysis of the nature of broadcast, the broadcast package should be a UDP package. The broadcast must pass through the router, and the router can monitor the UDP packet, in this way, you can view the transmission of broadcast packets between VLANs through the vro. After entering the command debug ip UDP of the router monitoring udp package, we found that the IP lease request information DHCPDISCOVER was sent only to VLAN1 but not to vlan2, this should be the key to the client's failure to obtain the IP address.
4. Locate the problem: the original IP Address

In the vro configuration, the ip helper-address 168.68.36.8 command is used to specify the destination address for UDP packet transmission. IP lease request information is not transmitted to vlan2, this command does not work. Check the random document again. This command is indeed correct. When I was puzzled, I suddenly found that the second sub-port of the router's Ethernet port was set with an IP address. The first sub-port was not set with an IP address, but the parent port was set with an IP address, that is to say, the ip address of the first sub-port is determined by the parent port. Should the ip helper-address 168.68.36.8 be set to the parent port? I immediately changed the router configuration as follows:
Interface FastEthernet1/0
Ip address 168.68.35.1 255.255.255.0
Ip helper-address 168.68.36.8
No ip directed-broadcast
Fair-queue 64 256 0
!
Interface FastEthernet1/0.1
Encapsulation dot1Q 1
No ip directed-broadcast
!
Interface FastEthernet1/0.2
Encapsulation dot1Q 2
Ip address 168.68.36.1 255.255.255.0
No ip directed-broadcast
Router VPN 100
Passive-interface Serial0/0
Network 168.0.0.0
No auto-summary
After this setting, the client can obtain the IP address. From the solution of this problem, we can infer that the configuration information of the first sub-Port of Cisco3640 should be located on the parent port. Afterwards, I checked some related books and confirmed that this speculation was correct.