cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
635
Views
1
Helpful
14
Replies

DHCP pool issue

rony999
Level 1
Level 1

Dear friends,

I am getting a DHCP pool issue on the Cisco 9500. Our pool has 4094 IP addresses, and the lease is for 5 days, but the user's IP is continuously changing, and because of it, they are getting connectivity issues.

Also, we have checked the pool's leased address, and it is not increasing; it is stuck at 51 lease addresses.

Please help us to resolve this issue.

rony999_0-1722926247816.png

 

 

14 Replies 14

Show ip dhcp server statistics 

Do this multi time see if counter is increasing (share here if you can)

If counter is same then you have other dhcp server in same subnet or rogue dhcp server make this issue 

MHM

Dear  MHM Cisco World

Thank you for replying.

Below is the status, and please let me know how I can check the rogue or other DHCP server.

rony999_0-1722930376243.png

rony999_1-1722930452746.png

 

 

 

     >...how I can check the rogue or other DHCP server.
  - By checking on the client if an address has been obtained from the intended DHCP server ,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

The counter is increasing' 

If lease is same ?

Do show ip dhcp binding' check if Mac (of host) add to this binding table 

A- mac add but wrong IP then check your pool and GW subnet and mask

B- there is no entry' then  sure there rogue dhcp server 

How can I detect it' I think best way is use wireshark 

MHM

marce1000
VIP
VIP

 

  - As the lease time is concerned ; could you check , on the client , and or with networking tools on the client (or diag)
    that the same lease time has been acquired (or observed) as it is being configured on the 9500

   M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hello,


@rony999 wrote:

 

they are getting connectivity issues.

Can you elaborate a litte on you topology?
Are these wired/wifi  allocations, if they are wifi connections first of all I would suggest to decrease your lease from 5 days to a few hrs
Maybe post the output from the below into a txt file and attached please:

sh ip dhcp server

sh ip dhcp database
sh ip dhcp pool
sh ip dhcp conflicts


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Dear Paul,

Below are the details.

rony999_0-1722938835581.png

sh ip dhcp database (NO database)

 

rony999_1-1722938936246.png

rony999_2-1722939051036.png

 

 

 

Hello
From a client, what dhcp server does it state it received it allocation from, is that the correct server ip?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Total address 4094 so mask is /20

Only check the mask in SVI use /20

MHM

rony999
Level 1
Level 1

Dear Team,

Please find the Wireshark screenshot.

Screenshot 2024-08-07 at 12.47.57 PM.png

 

 

 

Hi thanks for wireshark 

Check IP 172.16.9.254 and mac address appear in wireshark' is it correct for your SVI IP and mac address ?

I see many request in wireshark 

Under SVI use 

No ip redirect 

No ip unreachable 

MHM

 

bbb bbb
Level 1
Level 1

Dear @rony999 

In the Wireshark screenshot you provided, there is  a "DHCP NAK" info. 

Pleas see link below for more information
https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html#:~:text=0x06,for%20configuration%20parameter.

If possible to try port mirror on the router or switch on the same subnet to see DHCP traffic on the network that will show "DHCP Offer" status just to verify DHCP server/s on the network .

Sample DHCP sniff on my terminal with my home router as DHCP server.

bbbbbb_0-1723021583822.png

Happy to Help : ]

Best regards

Dear Friends,

Thank you for help.

 

We are able to figure out "DHCP issue". It happened because of looping somewhere in the building switch.

now we are getting different issue: "we have set the excluded ip address pool for 150 ip's but its now showing 1598 and its increasing significantly." 

Below is the screenshot for reference.

rony999_0-1723087416554.png

 

 

Dear, 

Is there any vm/device in your environment sitting on that pool that is sending multiple DHCP request? Do a packet capture file on the router by span to see devices sending multiple DHCP request and from there validate dhcp client.

https://community.cisco.com/t5/switching/how-to-check-or-debug-dhcp-request-and-ip-renew-logs/td-p/3928244


You can also try implement port security on access switch to limit mac addresses and for looping issue implement bpdu guard with its corresponding recovery mechanism. 

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

 

lastly, how about a restart/reboot of the dhcp server (of course during maintenance window time)..?

HtH : }

Best regards,

 

 

Review Cisco Networking for a $25 gift card