DHCP pool issue

rony999 · ‎08-05-2024

Dear friends,

I am getting a DHCP pool issue on the Cisco 9500. Our pool has 4094 IP addresses, and the lease is for 5 days, but the user's IP is continuously changing, and because of it, they are getting connectivity issues.

Also, we have checked the pool's leased address, and it is not increasing; it is stuck at 51 lease addresses.

Please help us to resolve this issue.

MHM Cisco World · ‎08-06-2024

Show ip dhcp server statistics

Do this multi time see if counter is increasing (share here if you can)

If counter is same then you have other dhcp server in same subnet or rogue dhcp server make this issue

MHM

rony999 · ‎08-06-2024

Dear MHM Cisco World

Thank you for replying.

Below is the status, and please let me know how I can check the rogue or other DHCP server.

marce1000 · ‎08-06-2024

>...how I can check the rogue or other DHCP server.
- By checking on the client if an address has been obtained from the intended DHCP server ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎08-06-2024

The counter is increasing'

If lease is same ?

Do show ip dhcp binding' check if Mac (of host) add to this binding table

A- mac add but wrong IP then check your pool and GW subnet and mask

B- there is no entry' then sure there rogue dhcp server

How can I detect it' I think best way is use wireshark

MHM

marce1000 · ‎08-06-2024

- As the lease time is concerned ; could you check , on the client , and or with networking tools on the client (or diag)
that the same lease time has been acquired (or observed) as it is being configured on the 9500

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

paul driver · ‎08-06-2024

Hello,

@rony999 wrote:

they are getting connectivity issues.

Can you elaborate a litte on you topology?
Are these wired/wifi allocations, if they are wifi connections first of all I would suggest to decrease your lease from 5 days to a few hrs
Maybe post the output from the below into a txt file and attached please:

sh ip dhcp server
sh ip dhcp database
sh ip dhcp pool
sh ip dhcp conflicts

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

rony999 · ‎08-06-2024

Dear Paul,

Below are the details.

sh ip dhcp database (NO database)

paul driver · ‎08-06-2024

Hello
From a client, what dhcp server does it state it received it allocation from, is that the correct server ip?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎08-06-2024

Total address 4094 so mask is /20

Only check the mask in SVI use /20

MHM

rony999 · ‎08-07-2024

Dear Team,

Please find the Wireshark screenshot.

MHM Cisco World · ‎08-07-2024

Hi thanks for wireshark

Check IP 172.16.9.254 and mac address appear in wireshark' is it correct for your SVI IP and mac address ?

I see many request in wireshark

Under SVI use

No ip redirect

No ip unreachable

MHM

bbb bbb · ‎08-07-2024

Dear @rony999

In the Wireshark screenshot you provided, there is a "DHCP NAK" info.

Pleas see link below for more information
https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html#:~:text=0x06,for%20configuration%20parameter.

If possible to try port mirror on the router or switch on the same subnet to see DHCP traffic on the network that will show "DHCP Offer" status just to verify DHCP server/s on the network .

Sample DHCP sniff on my terminal with my home router as DHCP server.

Happy to Help : ]

Best regards

rony999 · ‎08-07-2024

Dear Friends,

Thank you for help.

We are able to figure out "DHCP issue". It happened because of looping somewhere in the building switch.

now we are getting different issue: "we have set the excluded ip address pool for 150 ip's but its now showing 1598 and its increasing significantly."

Below is the screenshot for reference.

bbb bbb · ‎08-07-2024

Dear,

Is there any vm/device in your environment sitting on that pool that is sending multiple DHCP request? Do a packet capture file on the router by span to see devices sending multiple DHCP request and from there validate dhcp client.

https://community.cisco.com/t5/switching/how-to-check-or-debug-dhcp-request-and-ip-renew-logs/td-p/3928244

You can also try implement port security on access switch to limit mac addresses and for looping issue implement bpdu guard with its corresponding recovery mechanism.

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

lastly, how about a restart/reboot of the dhcp server (of course during maintenance window time)..?

HtH : }

Best regards,