04-23-2020 10:02 PM
Hello,
I am setting up a Cisco 2900 router with the dhcp service running/on.
Somehow, on the wireless it is handing out adresses in the '0 subnet', like 192.168.0.x and only addresses like that.
I am using an origin file, all host entries are in 192.168.1.0 bound to their MAC address.
When I check the pool, this is what I see:
Pool VLAN1 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 28
Leased addresses : 28
Pending event : none
0 subnet is currently in the pool :
Current index IP address range Leased addresses
192.168.1.37 192.168.1.37 - 192.168.1.37 1
I tried excluding those ip addresses with: "ip dhcp excluded-address 192.168.0.1 192.168.0.254"
but it just seems to ignore that. I tried setting the network like "network 192.168.1.0 255.255.255.0 but I get an error saying "you can't do that with the origin file command.
any ideas why dhcp hands out addresses in the0 subnet?
(I did see a subnet command in the dhcp-config like :
(dhcp-config)#subnet ?
prefix-length Designate subnet allocation unit size; but have no idea what that does.
thanks,
Ron
04-23-2020 11:59 PM
Hello,
looking at the output you have posted:
--> 0 subnet is currently in the pool
There seems to be some misconfiguration. Can you post the full running config, as well as the origin file you are using ?
04-24-2020 06:43 AM
Yes I can definitely do that. (I also seem to have a problem, a msg that says;
%IP-4-DUPADDR: Duplicate address 19.168.37.1 on GigabitEthernet0/1.37 by xxxx.xxxx.xxxx; wonder what happened there.
I'll post the running config an origin file too (I have two, but probably the same problem)
thanks!!
Ron
PS: I thought I posted this late last night, apparently it got autosaved and not sent. sorry.
#show run
Building configuration...
Current configuration : 4006 bytes
!
! Last configuration change at 06:59:40 UTC Fri Apr 24 2020 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Charon
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$Y6Ap$foIYqVqbcci.b9/iOKKVt/
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.2.1 192.168.2.5
ip dhcp excluded-address 192.168.37.1 192.168.37.5
!
ip dhcp pool VLAN1
origin file tftp://192.168.2.8/dhcp/static-bindings-subnet-1
default-router 192.168.1.1
dns-server 192.168.1.1
!
ip dhcp pool VLAN2
origin file tftp://192.168.2.8/dhcp/static-bindings-subnet-2
default-router 192.168.2.1
dns-server 192.168.1.1
!
!
!
ip domain name localdomain
ip host cisco-ap6.localdomain 192.168.1.6
ip host C2960s-north.localdomain 192.168.1.2
ip host cisco-ap1.localdomain 192.168.1.11
ip host cisco-ap5.localdomain 192.168.1.5
ip host cisco-ap9.localdomain 192.168.1.19
ip host charon.localdomain 192.168.1.1
ip host zoneminder.localdomain 192.168.2.8
ip host waves.localdomain 192.168.1.117
ip host trotter68.localdomain 192.168.1.110
ip host trotter67.localdomain 192.168.1.109
ip host cuda.localdomain 192.168.1.116
ip host seismo.localdomain 192.168.2.4
ip host cnc.localdomain 192.168.1.115
ip host wintrotter.localdomain 192.168.1.106
ip host picopod.localdomain 192.168.1.107
ip host wemo.localdomain 192.168.2.2
ip host Samsung-HDTV.localdomain 192.168.3.3
ip host picoscope.localdomain 192.168.3.37
ip host cisco-ap7.localdomain 192.168.37.17
ip host cisco-ap8.localdomain 192.168.37.18
ip host cisco-ap2.localdomain 192.168.37.12
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid CISCO2911/K9 sn FCZ192771UU
!
!
username admin password 7 1500085A550A3F373D3D342F1A5441
username wwwadmin privilege 15 password 7 061118365E4D5F48251B130500
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.37
encapsulation dot1Q 37
ip address 192.168.37.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface Vlan1
no ip address
ip helper-address 192.168.1.1
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns view default
domain list localdomain
ip dns server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip nat inside source list 102 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
!
control-plane
!
!
!
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 105C0A4F54370618190A2B262D7B64
login local
transport input ssh
line vty 5 392
password 7 131714445A2C10393E2A293E3C7144
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
ntp server time.nist.gov
!
end
the origin file:
*time* Apr 20 2020 5:11 PM
*version* 3
!IP address Type Hardware address Lease expiration
!
! Work stations and servers in subnet 192.168.1.0
!
192.168.1.37 /24 1 8C8E.F269.BD3D Infinite
192.168.1.64 /24 1 146B.9CA6.CE60 Infinite
192.168.1.65 /24 1 146B.9CA6.AEEC Infinite
192.168.1.66 /24 1 0C8C.2442.1E16 Infinite
192.168.1.67 /24 1 146B.9CA8.0326 Infinite
192.168.1.68 /24 1 146B.9CA7.F73A Infinite
192.168.1.69 /24 1 146B.9CA6.9F8C Infinite
192.168.1.70 /24 1 146B.9CA7.F72A Infinite
192.168.1.71 /24 1 146B.9CA8.249F Infinite
192.168.1.72 /24 1 146B.9CA8.24C6 Infinite
192.168.1.73 /24 1 146B.9CA7.3123 Infinite
192.168.1.77 /24 1 0015.2B06.A7E3 Infinite
192.168.1.104 /24 1 0021.5C58.2995 Infinite
192.168.1.105 /24 1 001C.BFA0.591C Infinite
192.168.1.106 /24 1 0019.B96D.7C91 Infinite
192.168.1.107 /24 1 0012.7B46.8E0B Infinite
192.168.1.108 /24 1 2477.03c6.6f74 Infinite
192.168.1.109 /24 1 D4BE.D975.9B02 Infinite
192.168.1.110 /24 1 ECF4.BB39.7B50 Infinite
192.168.1.111 /24 1 3CA9.F49F.1B9C Infinite
192.168.1.114 /24 1 0019.B971.6CB6 Infinite
192.168.1.115 /24 1 0025.649C.28E7 Infinite
192.168.1.116 /24 1 1803.7329.A583 Infinite
192.168.1.117 /24 1 BC30.5BB0.80D9 Infinite
192.168.1.137 /24 1 0811.9643.2DE4 Infinite
!
! toys
!
192.168.1.235 /24 1 f4a9.9783.3d31 Infinite
192.168.1.236 /24 1 d0c5.d350.aaad Infinite
192.168.1.237 /24 1 D8C4.6A82.1704 Infinite
04-24-2020 07:26 AM
Hello,
file and config look okay. You could try and change the origin file to something that resembles the client address rather than the hardware address. So nstead of:
192.168.1.37 /24 1 8C8E.F269.BD3D Infinite
you would prepend a '01' to the MAC address:
192.168.1.37 /24 1 018C.8EF2.69BD.3D Infinite
04-24-2020 08:08 AM
Hello Georg,
first of all, thank you for looking through that config.
I can definitely change that from hw adress to client ID. I am wondering though, is it a warning? or an error?
Whenever the router loads that file it says:
abcd bytes
[ok]
Also, what does the error/warning message exactly mean?
Does it mean, there are no subnets in the pool? (which I think would seem weird).. or? is the 192.168.0.0 subnet in the pool?
thanks!!
Ron
(oh and I found the offending duplicate ip address).
04-24-2020 10:12 AM
Hello,
so I changed one of the origin files.
What I get now is:
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 28
Leased addresses : 28
Pending event : none
65508 subnets are currently in the pool :
how are there 65508 subnets in that pool?
I changed the entries to what you suggested:
!IP address Type Hardware address Lease expiration
192.168.1.37 /24 1 018C.8EF2.69BD.3D Infinite
04-24-2020 10:40 AM
Hello,
my bad, I gave you a wrong sample. The entries should look like this (id instead of 1):
192.168.1.37 /24 id 018C.8EF2.69BD.3D Infinite
04-24-2020 12:05 PM
I actually wondered about that, but since I am the rookie, I didn't say anythink.
thanks!
Ron
04-24-2020 12:31 PM
ok, so I changed that, and ended up with the old situation again:
Pool VLAN1 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 28
Leased addresses : 28
Pending event : none
0 subnet is currently in the pool :
04-24-2020 01:27 PM
Hello,
just to be sure, does your file have the
*end*
denominator ?
04-24-2020 01:33 PM
yes it does have the *end* at the end of both files.
04-24-2020 11:36 AM
Hello
Possible another dhcp server device active that is allocating addressing in that range.
Check the dhcp server address in the client allocation and then check its arp address for that ip, The trace that mac- address to the source of the dhcp server.
Another way would be to enable dhcp snooping and trust ONLY the uplinks to you known dhcp server.
04-24-2020 11:57 AM
Hello Paul,
thanks for that suggestion. Actually nothing that is powered on on the network does dhcp. (what would be the best way to trace that? I used 'show ip arp | include 192.168' That didn't show anything unexpected.
All but 5 machines, 2 of which are powered on) use dhcp. All the wireless stuff I have does, but I don't even see anything broadcast coming out of the "wireless AP trunks" to begin with
I changed the static-bindings file from HW addresses to the ID, but that changed the 0 value to65,000-something which surprised me.
thank you!
Ron
04-24-2020 12:24 PM
Hello
On a client like a windows pc if you have one
ipconfig /all
This will show you the ip address of the dhcp server
Ping that is address and then see if you get an arp entry for it
04-24-2020 01:34 PM
I have all linux machines, but yes I can see the arp.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide