12-10-2017 02:50 PM - edited 03-05-2019 09:37 AM
Hello.
I have a very weird issue with the DHCP client (Saw on 1941 and 2021 on IOS 15)
Every time I restart my router, to get new IP's from my ISP through DHCP, I need to do on the WAN interface the following :
ip dhcp client authentication mode token <Wait for a DHCP request to be fired and fail> no ip dhcp client authentication mode <Wait for a DHCP request to be fired and work>
There are some debug logs after a boot :
~ ssh 192.168.88.1 Password: esscg-2921-1 line 388 esscg-2921-1#sh ip int gi0/0.832 GigabitEthernet0/0.832 is up, line protocol is up Internet address will be negotiated using DHCP Broadcast address is 255.255.255.255 MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is ipv4-internet-out Inbound access list is ipv4-internet-in Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Flow switching is disabled IP CEF switching is enabled IP CEF switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is enabled, interface in domain outside BGP Policy Mapping is disabled Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check Output features: Post-routing NAT Outside, Common Flow Table, Stateful Inspection, Firewall (NAT), Access List, Firewall (inspect), NAT ALG proxy IPv4 WCCP Redirect outbound is disabled IPv4 WCCP Redirect inbound is disabled IPv4 WCCP Redirect exclude is disabled Outgoing inspection rule is default Inbound inspection rule is default esscg-2921-1#sh run int gi0/0.832 Building configuration... Current configuration : 577 bytes ! interface GigabitEthernet0/0.832 description ORANGE - DATA encapsulation dot1Q 832 ip ddns update hostname xxx.ddns.net ip ddns update noip ip address dhcp ip access-group ipv4-internet-in in ip access-group ipv4-internet-out out ip nat outside ip inspect default in ip inspect default out ip virtual-reassembly in ipv6 address dhcp ipv6 address autoconfig ipv6 enable ipv6 nd autoconfig prefix ipv6 nd autoconfig default-route ipv6 dhcp client pd orange-pd ipv6 inspect default in ipv6 inspect default out ipv6 traffic-filter ipv6-internet-in in end esscg-2921-1#conf t Enter configuration commands, one per line. End with CNTL/Z.
esscg-2921-1(config)#int gi0/0.832
esscg-2921-1(config-subif)#ip dhcp client authentication mode token
esscg-2921-1#debug dhcp detail
DHCP client activity debugging is on (detailed)
000067: 00:03:54: DHCP: SDiscover attempt # 2 for entry:
000068: 00:03:54: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0/0.832
000069: 00:03:54: Temp sub net mask: 0.0.0.0
000070: 00:03:54: DHCP Lease server: 0.0.0.0, state: 3 Selecting
000071: 00:03:54: DHCP transaction id: 1DE
000072: 00:03:54: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
000073: 00:03:54: Next timer fires after: 00:00:04
000074: 00:03:54: Retry count: 2 Client-ID: cisco-1c6a.7a2c.7670-Gi0/0.832
000075: 00:03:54: Client-ID hex dump: 636973636F2D316336612E376132632E
000076: 00:03:54: 373637302D4769302F302E383332
000077: 00:03:54: Hostname: xxx.ddns.net
000078: 00:03:54: DHCP: SDiscover placed class-id option: 636973636F706E70
000079: 00:03:54: DHCP: SDiscover: sending 318 byte length DHCP packet
000080: 00:03:54: DHCP: SDiscover 318 bytes
000081: 00:03:54: B'cast on GigabitEthernet0/0.832 interface from 0.0.0.0
000082: 00:03:54: DHCP: Received a BOOTREP pkt
000083: 00:03:54: DHCP: Scan: Message type: DHCP Offer
000084: 00:03:54: DHCP: Scan: Server ID Option: 81.52.127.254 = 51347FFE
000085: 00:03:54: DHCP: Scan: Lease Time: 86400
000086: 00:03:54: DHCP: Scan: Subnet Address Option: 255.255.252.0
000087: 00:03:54: DHCP: Scan: Router Option: 123.123.191.254
000088: 00:03:54: DHCP: Scan: DNS Name Server Option: 62.36.225.150, 62.37.228.20
000089: 00:03:54: DHCP: Scan: Rebind time: 75600
000090: 00:03:54: DHCP: Scan: Renewal time: 43200
000091: 00:03:54: DHCP: Scan: Token Authen Message Option:
000092: 00:03:54: DHCP: Scan: Domain Name: orange.es
000093: 00:03:54: DHCP: rcvd pkt source: 123.123.191.254, destination: 255.255.255.255
000094: 00:03:54: UDP sport: 43, dport: 44, length: 338
000095: 00:03:54: DHCP op: 2, htype: 1, hlen: 6, hops: 0
000096: 00:03:54: DHCP server identifier: 81.52.127.254
000097: 00:03:54: xid: 1DE, secs: 3, flags: 8000
000098: 00:03:54: client: 0.0.0.0, your: 123.123.188.32
000099: 00:03:54: srvr: 81.52.127.254, gw: 90.74.0.254
000100: 00:03:54: options block length: 90
000101: 00:03:54: DHCP Offer Message Offered Address: 123.123.188.32
000102: 00:03:54: DHCP: Lease Seconds: 86400 Renewal secs: 43200 Rebind secs: 75600
000103: 00:03:54: DHCP: Server ID Option: 81.52.127.254
000104: 00:03:54: DHCP: No authen config but message has authen info - protocol 0 algorithm 0
%Unknown DHCP problem.. No allocation possible
esscg-2921-1(config)#int gi0/0.832
esscg-2921-1(config-subif)#no ip dhcp client authentication mode
000147: 00:04:11: DHCP: Waiting for 10 seconds on interface GigabitEthernet0/0.832
000148: 00:04:21: DHCP: Try 3 to acquire address for GigabitEthernet0/0.832
000149: 00:04:21: DHCP: No configured hostname - not including Hostname option
000150: 00:04:21: DHCP: allocate request
000151: 00:04:21: DHCP: zapping entry in DHC_PURGING state for Gi0/0.832
000152: 00:04:21: DHCP: deleting entry 2975E0D8 0.0.0.0 from list
000153: 00:04:21: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0/0.832
000154: 00:04:21: Temp sub net mask: 0.0.0.0
000155: 00:04:21: DHCP Lease server: 0.0.0.0, state: 11 Purging
000156: 00:04:21: DHCP transaction id: 1DE
000157: 00:04:21: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
000158: 00:04:21: Next timer fires after: 00:00:21
000159: 00:04:21: Retry count: 0 Client-ID: cisco-1c6a.7a2c.7670-Gi0/0.832
000160: 00:04:21: Client-ID hex dump: 636973636F2D316336612E376132632E
000161: 00:04:21: 373637302D4769302F302E383332
000162: 00:04:21: Hostname: xxx.ddns.net
000163: 00:04:21: DHCP: new entry. add to queue, interface GigabitEthernet0/0.832
000164: 00:04:21: DHCP: SDiscover attempt # 1 for entry:
000165: 00:04:21: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0/0.832
000166: 00:04:21: Temp sub net mask: 0.0.0.0
000167: 00:04:21: DHCP Lease server: 0.0.0.0, state: 3 Selecting
000168: 00:04:21: DHCP transaction id: 1DF
000169: 00:04:21: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
000170: 00:04:21: Next timer fires after: 00:00:04
000171: 00:04:21: Retry count: 1 Client-ID: cisco-1c6a.7a2c.7670-Gi0/0.832
000172: 00:04:21: Client-ID hex dump: 636973636F2D316336612E376132632E
000173: 00:04:21: 373637302D4769302F302E383332
000174: 00:04:21: Hostname: xxx.ddns.net
000175: 00:04:21: DHCP: SDiscover placed class-id option: 636973636F706E70
000176: 00:04:21: DHCP: SDiscover: sending 318 byte length DHCP packet
000177: 00:04:21: DHCP: SDiscover 318 bytes
000178: 00:04:21: B'cast on GigabitEthernet0/0.832 interface from 0.0.0.0
000179: 00:04:21: DHCP: Received a BOOTREP pkt
000180: 00:04:21: DHCP: Scan: Message type: DHCP Offer
000181: 00:04:21: DHCP: Scan: Server ID Option: 81.52.127.254 = 51347FFE
000182: 00:04:21: DHCP: Scan: Lease Time: 86400
000183: 00:04:21: DHCP: Scan: Subnet Address Option: 255.255.252.0
000184: 00:04:21: DHCP: Scan: Router Option: 123.123.191.254
000185: 00:04:21: DHCP: Scan: DNS Name Server Option: 62.36.225.150, 62.37.228.20
000186: 00:04:21: DHCP: Scan: Rebind time: 75600
000187: 00:04:21: DHCP: Scan: Renewal time: 43200
000188: 00:04:21: DHCP: Scan: Token Authen Message Option:
000189: 00:04:21: DHCP: Scan: Domain Name: orange.es
000190: 00:04:21: DHCP: rcvd pkt source: 123.123.191.254, destination: 255.255.255.255
000191: 00:04:21: UDP sport: 43, dport: 44, length: 338
000192: 00:04:21: DHCP op: 2, htype: 1, hlen: 6, hops: 0
000193: 00:04:21: DHCP server identifier: 81.52.127.254
000194: 00:04:21: xid: 1DF, secs: 0, flags: 8000
000195: 00:04:21: client: 0.0.0.0, your: 123.123.188.32
000196: 00:04:21: srvr: 81.52.127.254, gw: 90.74.0.254
000197: 00:04:21: options block length: 90
000198: 00:04:21: DHCP Offer Message Offered Address: 123.123.188.32
000199: 00:04:21: DHCP: Lease Seconds: 86400 Renewal secs: 43200 Rebind secs: 75600
000200: 00:04:21: DHCP: Server ID Option: 81.52.127.254
000201: 00:04:21: DHCP: offer received from 81.52.127.254
000202: 00:04:21: DHCP: SRequest attempt # 1 for entry:
000203: 00:04:21: Temp IP addr: 123.123.188.32 for peer on Interface: GigabitEthernet0/0.832
000204: 00:04:21: Temp sub net mask: 255.255.252.0
000205: 00:04:21: DHCP Lease server: 81.52.127.254, state: 4 Requesting
000206: 00:04:21: DHCP transaction id: 1DF
000207: 00:04:21: Lease: 86400 secs, Renewal: 0 secs, Rebind: 0 secs
000208: 00:04:21: Next timer fires after: 00:00:03
000209: 00:04:21: Retry count: 1 Client-ID: cisco-1c6a.7a2c.7670-Gi0/0.832
000210: 00:04:21: Client-ID hex dump: 636973636F2D316336612E376132632E
000211: 00:04:21: 373637302D4769302F302E383332
000212: 00:04:21: Hostname: xxx.ddns.net
000213: 00:04:21: DHCP: SRequest- Server ID option: 81.52.127.254
000214: 00:04:21: DHCP: SRequest- Requested IP addr option: 123.123.188.32
000215: 00:04:21: DHCP: SRequest placed class-id option: 636973636F706E70
000216: 00:04:21: DHCP: SRequest: 330 bytes
000217: 00:04:21: DHCP: SRequest: 330 bytes
000218: 00:04:21: B'cast on GigabitEthernet0/0.832 interface from 0.0.0.0
000219: 00:04:22: DHCP: Received a BOOTREP pkt
000220: 00:04:22: DHCP: Scan: Message type: DHCP Ack
000221: 00:04:22: DHCP: Scan: Server ID Option: 81.52.127.254 = 51347FFE
000222: 00:04:22: DHCP: Scan: Lease Time: 86400
000223: 00:04:22: DHCP: Scan: Subnet Address Option: 255.255.252.0
000224: 00:04:22: DHCP: Scan: Router Option: 123.123.191.254
000225: 00:04:22: DHCP: Scan: DNS Name Server Option: 62.36.225.150, 62.37.228.20
000226: 00:04:22: DHCP: Scan: Rebind time: 75600
000227: 00:04:22: DHCP: Scan: Renewal time: 43200
000228: 00:04:22: DHCP: Scan: Token Authen Message Option:
000229: 00:04:22: DHCP: Scan: Domain Name: orange.es
000230: 00:04:22: DHCP: rcvd pkt source: 123.123.191.254, destination: 255.255.255.255
000231: 00:04:22: UDP sport: 43, dport: 44, length: 338
000232: 00:04:22: DHCP op: 2, htype: 1, hlen: 6, hops: 0
000233: 00:04:22: DHCP server identifier: 81.52.127.254
000234: 00:04:22: xid: 1DF, secs: 0, flags: 8000
000235: 00:04:22: client: 0.0.0.0, your: 123.123.188.32
000236: 00:04:22: srvr: 81.52.127.254, gw: 90.74.0.254
000237: 00:04:22: options block length: 90
000238: 00:04:22: DHCP Ack Message
000239: 00:04:22: DHCP: Lease Seconds: 86400 Renewal secs: 43200 Rebind secs: 75600
esscg-2921-1(config-subif)#
000240: 00:04:22: DHCP: Server ID Option: 81.52.127.254
esscg-2921-1(config-subif)#do sh
000241: 00:04:26: DHCP: Releasing ipl options:
000242: 00:04:26: DHCP: Applying DHCP options:
000243: 00:04:26: Setting default_gateway to 123.123.191.254
000244: 00:04:26: Adding default route 123.123.191.254
000245: 00:04:27: Adding route to DHCP server 81.52.127.254 via GigabitEthernet0/0.832 123.123.191.254
000246: 00:04:27: Adding DNS server address 62.36.225.150
000247: 00:04:27: Adding DNS server address 62.37.228.20
000248: 00:04:27: DHCP: Sending notification of ASSIGNMENT:
000249: 00:04:27: Address 123.123.188.32 mask 255.255.252.0
000250: 00:04:27: DHCP Client Pooling: ***Allocated IP address: 123.123.188.32
000251: 00:04:27: Allocated IP address = 123.123.188.32 255.255.252.0
And this keep hapenning at every restart.
I didn't had problems with other device (Like EdgeRouter) to get the DHCP client working fine.
Seen for example on : Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.5(3)M6a, RELEASE SOFTWARE (fc2)
Any idea of what what can be ? Looks like a bug ?
Thanks
12-11-2017 12:35 AM
Hello,
just to be clear: your router has no client authentication configured initially, and in order to get an IP address, you have to configure and then disable it ?
What if you configure 'ip dhcp client authentication mode token' or 'ip dhcp client authentication mode md5' and enable 'ip dhcp-client forcerenew' globally ?
I checked for bugs but couldn't find any...
12-11-2017 12:51 AM
12-11-2017 12:55 AM
Hello,
the forcerenew is only needed in combination with client authentication. In your case, since you have no authentication configured, you don't need the forcerenew. Does the problem also occur without forcerenew ?
02-07-2020 04:48 AM
I have the same problem and found the exact same behaviour.
Did you ever solve the DHCP problem with Orange in Spain?
02-07-2020 04:54 AM
Hello,
what device is this happening on ? Post the running configuration...
02-07-2020 05:22 AM - edited 02-07-2020 05:38 AM
@mathieupoussin had the problem on a 1941 router IOS15. I have the problem @mathieupoussin described on a 1841 IOS 15.1(4)M12a.
interface FastEthernet0/1 no ip address duplex auto speed auto no cdp enable ! interface FastEthernet0/1.832 encapsulation dot1Q 832 ip address dhcp !!! configure the next two, wait for DHCP to fail, then
!!! remove the two lines again !ip dhcp client authentication mode token !ip dhcp client authentication key-chain blablabla end
02-07-2020 05:43 AM
Hello,
post the full running configuration (sh run). Do you have the below configured ?
interface FastEthernet0/1.832
encapsulation dot1Q 832
ip address dhcp
ip dhcp client authentication mode token
ip dhcp client authentication key-chain keychain-name
!
key-chain keychain-name
!
ip dhcp-client forcerenew
02-07-2020 05:51 AM
No, I do not have that configured. I do not know which key I would have to configure. Provider Orange did not give any user/pass or key to me.
The interesting part is, that the Cisco router accepts the DHCP-provided IP as soon as it failed once with authentication enabled by disabling authentication again.
This might be a hack and it works by accident.
05-22-2018 03:48 PM
I have a similar problem. When I remove "ip nat outside" from the interface config, it receives a DHCP address properly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide