cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4875
Views
13
Helpful
15
Replies

DHCP on Cisco Switch - How long before it reuses the old IPs?

Hi guys,

I've configured the DHCP server on a Cisco Switch C3560E as follows:

ip dhcp excluded-address 172.16.0.1 172.16.10.255


ip dhcp pool perth_main

   network 172.16.0.0 255.255.0.0

   default-router 172.16.10.254

   lease 0 8

!

My goal was to limit the dhcp to the range 172.16.11.0 - 172.16.13.255, as there are not so many user on this network I so limited the lease time to 8 hours in order to "recycle" the unused addresses". What happend is that it is always using new IPs, even if the lease time has expired.

IP address          Client-ID/              Lease expiration        Type

                    Hardware address/

                    User name

172.16.109.90       XXXXXXXXXXXX       Apr 04 2013 10:00 PM    Automatic

172.16.113.106      XXXXXXXXXXXX       Apr 04 2013 06:55 PM    Automatic

172.16.113.122      XXXXXXXXXXXX       Apr 04 2013 09:04 PM    Automatic

172.16.114.142      XXXXXXXXXXXX       Apr 04 2013 09:35 PM    Automatic

172.16.115.90       XXXXXXXXXXXX       Apr 04 2013 02:30 PM    Automatic

172.16.115.187      XXXXXXXXXXXX       Apr 04 2013 05:52 PM    Automatic

172.16.115.193      XXXXXXXXXXXX       Apr 04 2013 02:32 PM    Automatic

172.16.115.201      XXXXXXXXXXXX       Apr 04 2013 02:51 PM    Automatic

172.16.115.202      XXXXXXXXXXXX       Apr 04 2013 02:56 PM    Automatic

172.16.115.210      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.115.229      XXXXXXXXXXXX       Apr 04 2013 02:29 PM    Automatic

172.16.115.235      XXXXXXXXXXXX       Apr 04 2013 07:52 PM    Automatic

172.16.115.236      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.115.243      XXXXXXXXXXXX       Apr 04 2013 03:59 PM    Automatic

172.16.116.0        XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.3        XXXXXXXXXXXX       Apr 04 2013 10:00 PM    Automatic

172.16.116.25       XXXXXXXXXXXX       Apr 04 2013 04:50 PM    Automatic

172.16.116.39       XXXXXXXXXXXX       Apr 04 2013 05:47 PM    Automatic

172.16.116.46       XXXXXXXXXXXX       Apr 04 2013 06:49 PM    Automatic

172.16.116.53       XXXXXXXXXXXX       Apr 04 2013 07:43 PM    Automatic

172.16.116.147      XXXXXXXXXXXX       Apr 04 2013 10:12 PM    Automatic

172.16.116.149      XXXXXXXXXXXX       Apr 04 2013 02:30 PM    Automatic

172.16.116.168      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.169      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.170      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.172      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.173      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.175      XXXXXXXXXXXX       Apr 04 2013 02:30 PM    Automatic

172.16.116.182      XXXXXXXXXXXX       Apr 04 2013 07:50 PM    Automatic

172.16.116.186      XXXXXXXXXXXX       Apr 04 2013 08:48 PM    Automatic

172.16.116.192      XXXXXXXXXXXX       Apr 04 2013 07:59 PM    Automatic

172.16.116.225      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.226      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.227      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.228      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.116.229      XXXXXXXXXXXX       Apr 04 2013 08:47 PM    Automatic

172.16.117.19       XXXXXXXXXXXX       Apr 04 2013 09:49 PM    Automatic

172.16.117.34       XXXXXXXXXXXX       Apr 04 2013 02:24 PM    Automatic

172.16.117.35       XXXXXXXXXXXX       Apr 04 2013 02:25 PM    Automatic

172.16.117.37       XXXXXXXXXXXX       Apr 04 2013 02:29 PM    Automatic

172.16.117.40       XXXXXXXXXXXX       Apr 04 2013 02:28 PM    Automatic

172.16.117.41       XXXXXXXXXXXX       Apr 04 2013 02:29 PM    Automatic

172.16.117.42       XXXXXXXXXXXX       Apr 04 2013 02:30 PM    Automatic

172.16.117.43       XXXXXXXXXXXX       Apr 04 2013 02:30 PM    Automatic

172.16.117.44       XXXXXXXXXXXX       Apr 04 2013 02:30 PM    Automatic

172.16.117.45       XXXXXXXXXXXX       Apr 04 2013 02:30 PM    Automatic

172.16.117.46       XXXXXXXXXXXX       Apr 04 2013 02:29 PM    Automatic

Questions:

1. How can I force the DHCP server to recycle the unused IPs?

2. Can I specify a DHCP range (172.16.11.0 - 172.16.13.255) instead of an "excluded-address" range?

Thanks,

Dario

2 Accepted Solutions

Accepted Solutions

I have just lab'ed this and I see interesting results...

My DHCP config looks like this:

R2:

ip dhcp excluded-address 10.0.0.1 10.0.0.10

ip dhcp excluded-address 10.0.0.13 10.0.0.254

!

ip dhcp pool 1

   network 10.0.0.0 255.255.255.0

   default-router 10.0.0.1

   lease 0 0 1

So only .11 and .12 is allowed to be given out. I set a lease time of 1 min. DHCP was given out to R3 and R4. I shut the interface on R3 and the binding went away.. This is the debug output:

R2#

*Mar  1 00:10:43.319: DHCPD: checking for expired leases.

*Mar  1 00:11:01.031: DHCPD: Sending notification of TERMINATION:

*Mar  1 00:11:01.031:  DHCPD: address 10.0.0.11 mask 255.255.255.0

*Mar  1 00:11:01.035:  DHCPD: reason flags: RELEASE

*Mar  1 00:11:01.035:   DHCPD: htype 1 chaddr c002.11b8.0000

*Mar  1 00:11:01.035:   DHCPD: lease time remaining (secs) = 86155

*Mar  1 00:11:01.035: DHCPD: returned 10.0.0.11 to address pool 1.

*Mar  1 00:11:03.023: DHCPD: Seeing if there is an internally specified pool class:

*Mar  1 00:11:03.023:   DHCPD: htype 1 chaddr c002.11b8.0000

*Mar  1 00:11:03.023:   DHCPD: remote id 020a00000a00000100000000

*Mar  1 00:11:03.023:   DHCPD: circuit id 00000000

*Mar  1 00:11:15.691: DHCPD: Sending notification of ASSIGNMENT:

*Mar  1 00:11:15.691:  DHCPD: address 10.0.0.12 mask 255.255.255.0

*Mar  1 00:11:15.695:   DHCPD: htype 1 chaddr c003.11b8.0000

*Mar  1 00:11:15.695:   DHCPD: lease time remaining (secs) = 60

When I enabled the interface on R5, it managed to pick up the old address that R3 used to have (the only address available).

Okay, so what happens when we expand the range to .11 .12 .13 and .14?

All have been given out but 1 (because i've left it for now). But lets see when the lease expires after.

R2#show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address          Client-ID/              Lease expiration        Type

                    Hardware address/

                    User name

10.0.0.11           0063.6973.636f.2d63.    Mar 01 2002 12:19 AM    Automatic

                    3030.342e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.12           0063.6973.636f.2d63.    Mar 01 2002 12:20 AM    Automatic

                    3030.332e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.13           0063.6973.636f.2d63.    Mar 01 2002 12:19 AM    Automatic

                    3030.322e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

I'll shut 10.0.0.11 down and enable R6. Remember we have .11 .12 .13 and .14 available. In your scenario I should be getting .14 right?

R2#show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address          Client-ID/              Lease expiration        Type

                    Hardware address/

                    User name

10.0.0.12           0063.6973.636f.2d63.    Mar 01 2002 12:25 AM    Automatic

                    3030.332e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.13           0063.6973.636f.2d63.    Mar 01 2002 12:25 AM    Automatic

                    3030.322e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.14           0063.6973.636f.2d63.    Mar 01 2002 12:25 AM    Automatic

                    3030.342e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

And I do! Why not use .11? - because of the history and binding? It seems like that. When there are no addresses left to hand out, it seems to use the old addresses again... This is what I've experienced.

So I guess, as long as you specify which are the excluded addresses you will be ok.

1. How can I force the DHCP server to recycle the unused IPs? No, I don't think so - not that i've experienced, always uses the next one if available. If none are available it tries to use old ones.

2. Can I specify a DHCP range (172.16.11.0 - 172.16.13.255) instead of an "excluded-address" range? No but you can do this as shown above in the examples.

Hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

Hello Dario, sorry to hear about the problem you had with DHCP. Did you get a chance to save the config and reboot the switch?

Debug IP dhcp output would have been good.

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

15 Replies 15

Bilal Nawaz
VIP Alumni
VIP Alumni

Hello Dario,

If there is a dhcp binding for a client I think until that binding hasn't been cleared or 'timed out' then it will use the next addresses in the scope. (I'm not sure if there is a time out period for this, but if the lease has expired, do a 'show ip dhcp binding' to see if the address is still in the binding (even though its expired)

Then do a 'clear ip dhcp binding' to clear. And then check to see if the unused addresses are being leased out.

With regards to specifying your pool, in all cisco's configuration examples they have specified the full network range and any address that needs to be excluded is done with the ip dhcp excluded-address command that you stated.

http://www.optimumdata.com/shop/files/cisco/3600/3600_Cisco_IOS_DHCP_Server.pdf

Haven't got certain answers for you but I hope this helps.

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Hi Bilal,

I've tried to clean the binding table but... without success :-(

Hello
yes you can limit the range to what ever you require

ar present that 16 bit range is a lot of address

Try this - network 172.16.10.0 255.255.254.0

ip dhcp excluded-address 172.16.10.254

res
paul

Sent from Cisco Technical Support Android App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi pdriver,

I have tried to run that command but it did not work (see below).

myswitch(config)#ip dhcp pool perth_main

myswitch(dhcp-config)#   network 172.16.11.1 172.16.13.255

172.16.11.1 / 172.16.13.255 is an invalid network.

Any othe idea? :-)

Thanks,

Dario

Hello

apolgoies i cut and pasted off my mobile and just noticed what it produced

Try this-

ip dhcp pool perth_main

   network 172.16.10.0 255.255.254.0

res

Paul

     

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

I don't think doing this will  work unless he also changes the netmask of the interface to be  a /23 too( as the incoming interface is used to select the pool when there is no relay-agent  if i'm not mistaken)  and he'll also need to change the default-router in the DHCP pool to be in the same subnet. to restrict a scope there is the ip dhcp excluded-address command.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hello Alain ( i assume this is you first name )

You are 100% correct -  I should have been more clear i my posting- even though the syntax is correct it would NOT work if this interface isn't within this range-  I should have stated that.

cheers

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi guys.

Unfortunately I cannot change the netmask. My predecessor did not spend much time in planning so... we are now forced to keep that configuration :-/

What about if I use two exclude lists instad?

I mean something like this:

ip dhcp excluded-address 172.16.0.1 172.16.10.255

ip dhcp excluded-address 172.16.14.1 172.16.255.255

ip dhcp pool perth_main

   network 172.16.0.0 255.255.0.0

   default-router 172.16.10.254

   lease 0 8

!

is IOS it supposed to accept two "excluded-address" lists?

Thanks

Dario

Yes, you can configure 2 address lists like you have stated. I still don't know why your leases are giving out the next ip addresses. I'll lab it in a mo.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Hello

Yes it does, and yes you can exlcuded many ranges

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I have just lab'ed this and I see interesting results...

My DHCP config looks like this:

R2:

ip dhcp excluded-address 10.0.0.1 10.0.0.10

ip dhcp excluded-address 10.0.0.13 10.0.0.254

!

ip dhcp pool 1

   network 10.0.0.0 255.255.255.0

   default-router 10.0.0.1

   lease 0 0 1

So only .11 and .12 is allowed to be given out. I set a lease time of 1 min. DHCP was given out to R3 and R4. I shut the interface on R3 and the binding went away.. This is the debug output:

R2#

*Mar  1 00:10:43.319: DHCPD: checking for expired leases.

*Mar  1 00:11:01.031: DHCPD: Sending notification of TERMINATION:

*Mar  1 00:11:01.031:  DHCPD: address 10.0.0.11 mask 255.255.255.0

*Mar  1 00:11:01.035:  DHCPD: reason flags: RELEASE

*Mar  1 00:11:01.035:   DHCPD: htype 1 chaddr c002.11b8.0000

*Mar  1 00:11:01.035:   DHCPD: lease time remaining (secs) = 86155

*Mar  1 00:11:01.035: DHCPD: returned 10.0.0.11 to address pool 1.

*Mar  1 00:11:03.023: DHCPD: Seeing if there is an internally specified pool class:

*Mar  1 00:11:03.023:   DHCPD: htype 1 chaddr c002.11b8.0000

*Mar  1 00:11:03.023:   DHCPD: remote id 020a00000a00000100000000

*Mar  1 00:11:03.023:   DHCPD: circuit id 00000000

*Mar  1 00:11:15.691: DHCPD: Sending notification of ASSIGNMENT:

*Mar  1 00:11:15.691:  DHCPD: address 10.0.0.12 mask 255.255.255.0

*Mar  1 00:11:15.695:   DHCPD: htype 1 chaddr c003.11b8.0000

*Mar  1 00:11:15.695:   DHCPD: lease time remaining (secs) = 60

When I enabled the interface on R5, it managed to pick up the old address that R3 used to have (the only address available).

Okay, so what happens when we expand the range to .11 .12 .13 and .14?

All have been given out but 1 (because i've left it for now). But lets see when the lease expires after.

R2#show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address          Client-ID/              Lease expiration        Type

                    Hardware address/

                    User name

10.0.0.11           0063.6973.636f.2d63.    Mar 01 2002 12:19 AM    Automatic

                    3030.342e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.12           0063.6973.636f.2d63.    Mar 01 2002 12:20 AM    Automatic

                    3030.332e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.13           0063.6973.636f.2d63.    Mar 01 2002 12:19 AM    Automatic

                    3030.322e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

I'll shut 10.0.0.11 down and enable R6. Remember we have .11 .12 .13 and .14 available. In your scenario I should be getting .14 right?

R2#show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address          Client-ID/              Lease expiration        Type

                    Hardware address/

                    User name

10.0.0.12           0063.6973.636f.2d63.    Mar 01 2002 12:25 AM    Automatic

                    3030.332e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.13           0063.6973.636f.2d63.    Mar 01 2002 12:25 AM    Automatic

                    3030.322e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

10.0.0.14           0063.6973.636f.2d63.    Mar 01 2002 12:25 AM    Automatic

                    3030.342e.3131.6238.

                    2e30.3030.302d.4661.

                    302f.30

And I do! Why not use .11? - because of the history and binding? It seems like that. When there are no addresses left to hand out, it seems to use the old addresses again... This is what I've experienced.

So I guess, as long as you specify which are the excluded addresses you will be ok.

1. How can I force the DHCP server to recycle the unused IPs? No, I don't think so - not that i've experienced, always uses the next one if available. If none are available it tries to use old ones.

2. Can I specify a DHCP range (172.16.11.0 - 172.16.13.255) instead of an "excluded-address" range? No but you can do this as shown above in the examples.

Hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Hi,

your lab is indeed showing how Cisco IOS DHCP allocates its pool addresses: from first available up to last IP of the scope then when the scope is exhauted it restarts from the first available IP in the pool.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi guys,

Thanks for your explanations.

Today I received a almost-night call of a user because the network was down. Once arrived in my office, I run "show ip dhcp binding" I got no IP allocated:

Bindings from all pools not associated with VRF:

IP address          Client-ID/              Lease expiration        Type

                    Hardware address/

                    User name

I've tried the "Microsoft way" of retarting the service and delete/reinsert the DHCP pool definition. No way to make it work again.

The only change I've applied between the installation of DHCP on the SWITCH and the failure of this night, was the configuration of this switch as NTP client (and server). Some DHCP clients were set to expire in 1993 and suddenly the sime stepped forward of 20 years.Note that for about a week the service had been working fine.

Now, in order to bendaid the problem, I've moved the DHCP service to an ASA Firewall, just to give immediate connectivity to the users. Just the DHCP of the ASA is limited to 255 addresses and that is not a good permanent solution.

Any idea?

Thanks,

Dario

Hello Dario, sorry to hear about the problem you had with DHCP. Did you get a chance to save the config and reboot the switch?

Debug IP dhcp output would have been good.

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco