Re: DHCP exclusion not working

AHMADJ · ‎07-20-2020

i have two routers ra and rb with HSRP between them i have configured dhcp exclusion addresses but i am getting ip conflict ERROR MASSEGES BELOW details

Jul 15 2020 15:05:57.883 UAE: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 10.114.53.3.
Jul 15 2020 15:05:58.933 UAE: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 10.114.53.1.
Jul 15 2020 15:05:59.469 UAE: %IP-4-DUPADDR: Duplicate address 10.114.53.2 on GigabitEthernet0/0/1.20, sourced by 247e.12bf.4003
Jul 16 2020 10:59:58.270 UAE: %IP-4-DUPADDR: Duplicate address 10.114.53.2 on GigabitEthernet0/0/1.20, sourced by 247e.12bf.4003
Jul 16 2020 11:00:29.590 UAE: %IP-4-DUPADDR: Duplicate address 10.114.53.2 on GigabitEthernet0/0/1.20, sourced by 247e.12bf.4003
Jul 16 2020 12:02:37.889 UAE: %IP-4-DUPADDR: Duplicate address 10.114.53.2 on GigabitEthernet0/0/1.20, sourced by 247e.12bf.4003

IOS image :isr4300-universalk9.03.16.04b.S.155-3.Sn4b-ext.SPA.bin

Router RA
========================================================================

ip dhcp excluded-address 10.114.53.1 10.114.53.10
!
ip dhcp pool VOICE
network 10.114.53.0
default-router 10.114.53.1
dns-server 10.32.x.x
option 150 ip 10.32.x.x

interface GigabitEthernet0/0/1.20
description Branch Backup-VOICE VLAN 20
encapsulation dot1Q 20
ip address 10.114.53.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow monitor FLOW-MONITOR-1 input
ip flow monitor FLOW-MONITOR-1 output
standby 1 ip 10.114.53.1
standby 1 priority 110
standby 1 preempt
no cdp enable
h323-gateway voip interface
ip virtual-reassembly

RB#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type State Interface
Hardware address/
User name
10.114.53.26 0100.59dc.5b9e.c9 Jul 21 2020 11:20 AM Automatic Active GigabitEthernet0/0/1.20
10.114.53.28 01b4.a8b9.e92d.47 Jul 21 2020 11:21 AM Automatic Active GigabitEthernet0/0/1.20
RB#show ip dhcp conflict
IP address Detection method Detection time VRF
10.114.53.5 Ping Jul 15 2020 03:06 PM
ROUTER-RB#show ip dhcp database
ROUTER-RB#show ip dhcp server statistics
Memory usage 18580
Address pools 1
Database agents 0
Automatic bindings 2
Manual bindings 0
Expired bindings 4
Malformed messages 20
Secure arp entries 0
Renew messages 123
Workspace timeouts 0
Static routes 0
Relay bindings 0
Relay bindings active 0
Relay bindings terminated 0
Relay bindings selecting 0

Message Received
BOOTREQUEST 0
DHCPDISCOVER 115
DHCPREQUEST 1890
DHCPDECLINE 2
DHCPRELEASE 1
DHCPINFORM 24
DHCPVENDOR 0
BOOTREPLY 0
DHCPOFFER 66
DHCPACK 303
DHCPNAK 0

Message Sent
BOOTREPLY 0
DHCPOFFER 34
DHCPACK 134
DHCPNAK 0

Message Forwarded
BOOTREQUEST 0
DHCPDISCOVER 68
DHCPREQUEST 315
DHCPDECLINE 2
DHCPRELEASE 0
DHCPINFORM 24
DHCPVENDOR 0
BOOTREPLY 0
DHCPOFFER 66
DHCPACK 303
DHCPNAK 0

DHCP-DPM Statistics
Offer notifications sent 0
Offer callbacks received 0
Classname requests sent 0
Classname callbacks received 0

================================================================

ROUTER ra

ip dhcp pool VOICE
network 10.114.53.0 https://protect-eu.mimecast.com/s/F8ZOC0RNVSj4Dsow3cI?domain=255.255.255.0
default-router 10.114.53.1
dns-server 10.32.x.x
option 150 ip 10.32.x.x
domain-name sib.ae

!
interface GigabitEthernet0/0/1.20
description Branch Main-VOICE VLAN 20
encapsulation dot1Q 20
ip address 10.114.53.2 https://protect-eu.mimecast.com/s/F8ZOC0RNVSj4Dsow3cI?domain=255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow monitor FLOW-MONITOR-1 input
ip flow monitor FLOW-MONITOR-1 output
standby 1 ip 10.114.53.1
standby 1 priority 110
standby 1 preempt
no cdp enable
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.114.53.2
ip virtual-reassembly
!

ROUTER-RA#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type State Interface
Hardware address/
User name
10.114.53.34 01b4.a8b9.e92c.6b Jul 21 2020 08:55 AM Automatic Active GigabitEthernet0/0/1.20
10.114.53.35 01c0.64e4.d994.0d Jul 21 2020 11:13 AM Automatic Active GigabitEthernet0/0/1.20
10.114.53.37 01b4.a8b9.e92d.3f Jul 21 2020 11:21 AM Automatic Active GigabitEthernet0/0/1.20
ROUTER-RA#show ip dhcp conflict
IP address Detection method Detection time VRF
10.114.53.3 Ping Jul 15 2020 03:05 PM
10.114.53.1 Ping Jul 15 2020 03:05 PM
ROUTER-RA#show ip dhcp database
ROUTER-RA#show ip dhcp server statistics
Memory usage 19363
Address pools 1
Database agents 0
Automatic bindings 3
Manual bindings 0
Expired bindings 2
Malformed messages 20
Secure arp entries 0
Renew messages 43
Workspace timeouts 0
Static routes 0
Relay bindings 0
Relay bindings active 0
Relay bindings terminated 0
Relay bindings selecting 0

Message Received
BOOTREQUEST 0
DHCPDISCOVER 114
DHCPREQUEST 1763
DHCPDECLINE 2
DHCPRELEASE 0
DHCPINFORM 24
DHCPVENDOR 0
BOOTREPLY 0
DHCPOFFER 66
DHCPACK 312
DHCPNAK 0

Message Sent
BOOTREPLY 0
DHCPOFFER 23
DHCPACK 86
DHCPNAK 0

Message Forwarded
BOOTREQUEST 0
DHCPDISCOVER 67
DHCPREQUEST 315
DHCPDECLINE 2
DHCPRELEASE 0
DHCPINFORM 24
DHCPVENDOR 0
BOOTREPLY 0
DHCPOFFER 66
DHCPACK 312
DHCPNAK 0

DHCP-DPM Statistics
Offer notifications sent 0
Offer callbacks received 0
Classname requests sent 0
Classname callbacks received 0

Georg Pauwen · ‎07-20-2020

Hello,

if you are sure that your HSRP enabled interfaces do not have duplicate IP addresses, try the interface command 'standby use-bia' in order to force the interfaces to not use the virtual MAC addresses...

AHMADJ · ‎07-20-2020

i have the same dhcp pool configured in both routers RA and RB and both have the same default gateway which is the HSRP virtual ip 10.114.53.1 ,if i apply command standby use-bia this will not make dhcp releases to be flapped and this will fix reserved dhcp ip and ip conflicts?belwo configration

interface GigabitEthernet0/0/1.20
description Branch Backup-VOICE VLAN 20
encapsulation dot1Q 20
ip address 10.114.53.3 255.255.255.0
standby 1 ip 10.114.53.1
standby 1 priority 110
standby 1 preempt
no cdp enable
h323-gateway voip interface
ip virtual-reassembly

!
interface GigabitEthernet0/0/1.20
description Branch Main-VOICE VLAN 20
encapsulation dot1Q 20
ip address 10.114.53.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 10.114.53.1
standby 1 priority 110
standby 1 preempt
no cdp enable
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.114.53.2
ip virtual-reassembly

Georg Pauwen · ‎07-20-2020

Hello,

all that command does is use the actual MAC address of the interface instead of the virtual MAC. It should not have any influence on any other DHCP lease...

Georg Pauwen · ‎07-20-2020

As an alternative, you can also disable the entire DHCP ping operation:

Router(config)#ip dhcp ping packets 0

AHMADJ · ‎07-20-2020

so the ip exclusion is working fine my issue could be with HSRP MAc addresses this making duplicate address? and

paul driver · ‎07-20-2020

Hello

When you have a dhcp server running in both rtrs with the same scope without splitting that scope will cause duplication you need to make half the scope active on either server and exclude the other half

- on a side note both hsrp stanzas have the same hsrp priority value i would suggest you change this also

lastly how are the two rtrs interconnected?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

AHMADJ · ‎07-21-2020

they are connected back to back gig0/1 ----->gi0/1 and hsrp is conigured under sub interface gig0/1.20

paul driver · ‎07-21-2020

Hello

So if this a direct internal interconnected link not sure why you have netflow and disabling icmp unreachables is applied

Do you have any other hsrp sub-interface active with dhcp

Have you checked the physical status of this interconnect?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul