07-05-2024 05:44 PM
I have a C9300L as the Core switch where I have the interface vlans configured for the L3 and I have some C9200L as the access switches for the end users.
In the Core C9300, I have the DHCP server and the pools configured and some users are not receiving IP. When I take a look at the Core I can see the mac address entry of the PC connected but there is no IP associated, even I when I run a "debug ip dhcp server packet" I dont see any DHCP request coming from the PC. I checked the dhcp pool and it still has many available IP. After making some ipconfig/flushdns and /renew a few times, the PC receive the IP address, this issue happens randomly, no matter which access switch the user is connected , some users have the problem and but others are ok, and the next day may be the opposite.
The error is not all the time, sometimes the connection does not present any problem, even if it the same PC, the same port of the switch and the same subnet. And as I mentioned the dhcp pool is not full, there is a lot of available IP when the issue occurs.
Any idea what can be happening? is there a posiblity that the switch is dropping the DHCP request?
ip dhcp pool TEST
network 10.3.151.0 255.255.255.0
default-router 10.3.151.1
dns-server 8.8.8.8
interface Vlan15
ip address 10.3.151.1 255.255.255.0
no ip redirects
no ip unreachables
end
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 41
Excluded addresses : 28
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased/Excluded/Total
10.3.151.246 10.3.151.1 - 10.3.151.254 41 / 28 / 254
07-05-2024 11:48 PM - edited 07-05-2024 11:49 PM
1. Is VLAN 15 in the VLAN DB?
2. Is the PC connected to a port assigned to VLAN 15?
3. Is the PC configured for static IP address?
4. Is the MAC address of the PC found in the MAC address table and originating for the correct switch port?
5. Are there any other downstream clients connected to VLAN 15?
07-08-2024 09:09 AM
Hi Leo
Yes, the is in all vlan DB
The port is in access with the correct vlan and the are trunks between the core and the access switches passing the vlans
The PC are using DHCP only
When the user connect the PC I can see the mac in the mac-address tables and in the correct port.
There are other downstreams clients from the same switch working good, and the issue occurs randomly, sometimes work good and sometimes fails not alwaws to the same users, no matter de acccess switch.
07-06-2024 12:26 AM
I have the DHCP server and the pools configured and some users are not receiving IP
Since this is randomly occurring in the network, its required some troubleshooting,
Do you have any rough diagram of your network how these connected ?
is the only VLAN 15 in the network ?
i would like to see CORE switch full config and also access switch config (removing any confidential information)
what IOS XE code running on all devices ?
Do you have DHCP snooping enabled ?
what Logs youi see on the CORE Switch ?
is the only PC connected, Phone and PC (just checking )
there is good guide here to help you troubleshoot :
07-08-2024 09:13 AM
Hi Balaji
I have a Core device connected directly to all access switches in a star topology (see attached)
There are more vlans, also with the same problem. All the dhcp pool are created in the Core.
We are using version 16.12.3a
DHCP snooping is not enabled
When I have a problem with a PC that is not receiving DHCP i check the logg int the Core but dont see any related logg with the mac address of the affected PC, I can see another logs for other DHCP request for other clients.
More of the users are connected directly to the switch port, others are connected with an IP Phone. But there have been problems in both cases, but as I mentioned is not all the time
07-06-2024 02:33 AM
9000#show platform hardware fed switch active qos queue stats internal cpu policer
do this in both SW and see if there is counter rapidly increase
do this twice in each SW
MHM
07-06-2024 10:05 AM
When I initially read the OP I was thinking about what kind of configuration issue this might be. But when I read more carefully I focused on this "this issue happens randomly". If sometimes it does work and sometimes it does not work it is hard to think of a configuration issue that would produce this. So perhaps we need to look more at environmental issues. Is it possible that there are intermittent connectivity issues?
07-08-2024 09:38 AM
Hi Richard,
Yes, is an unusual event because I have users in the same access switch working without problems and others that have the problem. Not always are the same users, and after a few retries of flushdns in the PC or reconnect the cable several times sometimes the issue is solved. Also it is a recent problem, some weeks ago I dont have this problem with the DHCP and the config of the devices have not changed.
For that reason I wanted to know if is a possible that my Core switch where I have the DHCP service running is discarting or dropping the packets, I used this command that was shared with me here in this forum and the ICMP redirects Queue Drops is increasing.
C9300L_CORE#show platform hardware fed switch active qos queue stats internal cpu policer
CPU Queue Statistics
============================================================================================
(default) (set) Queue Queue
QId PlcIdx Queue Name Enabled Rate Rate Drop(Bytes) Drop(Frames)
--------------------------------------------------------------------------------------------
0 11 DOT1X Auth Yes 1000 1000 0 0
1 1 L2 Control Yes 2000 2000 0 0
2 14 Forus traffic Yes 4000 4000 0 0
3 0 ICMP GEN Yes 600 600 0 0
4 2 Routing Control Yes 5400 5400 0 0
5 14 Forus Address resolution Yes 4000 4000 0 0
6 0 ICMP Redirect Yes 600 600 921724755614 1659530658
07-08-2024 09:16 AM
Hi MHM,
See the result of the command, in the Core I see the ICMP Redirect and BROADCAST Queue Drops increase on the Core, in the access switches I dont see the counters increase (Queue Drop is 0)
C9300L_CORE#show platform hardware fed switch active qos queue stats internal cpu policer
CPU Queue Statistics
============================================================================================
(default) (set) Queue Queue
QId PlcIdx Queue Name Enabled Rate Rate Drop(Bytes) Drop(Frames)
--------------------------------------------------------------------------------------------
0 11 DOT1X Auth Yes 1000 1000 0 0
1 1 L2 Control Yes 2000 2000 0 0
2 14 Forus traffic Yes 4000 4000 0 0
3 0 ICMP GEN Yes 600 600 0 0
4 2 Routing Control Yes 5400 5400 0 0
5 14 Forus Address resolution Yes 4000 4000 0 0
6 0 ICMP Redirect Yes 600 600 921702584418 1659490294
7 16 Inter FED Traffic Yes 2000 2000 0 0
8 4 L2 LVX Cont Pack Yes 1000 1000 0 0
9 19 EWLC Control Yes 13000 13000 0 0
10 16 EWLC Data Yes 2000 2000 0 0
11 13 L2 LVX Data Pack Yes 1000 1000 0 0
12 0 BROADCAST Yes 600 600 64801062 405065
13 10 Openflow Yes 200 200 0 0
14 13 Sw forwarding Yes 1000 1000 0 0
15 8 Topology Control Yes 13000 13000 0 0
16 12 Proto Snooping Yes 2000 2000 0 0
17 6 DHCP Snooping Yes 400 400 0 0
18 13 Transit Traffic Yes 1000 1000 0 0
19 10 RPF Failed Yes 200 200 0 0
20 15 MCAST END STATION Yes 2000 2000 0 0
21 13 LOGGING Yes 1000 1000 0 0
22 7 Punt Webauth Yes 1000 1000 0 0
23 18 High Rate App Yes 13000 13000 0 0
24 10 Exception Yes 200 200 0 0
25 3 System Critical Yes 1000 1000 0 0
26 10 NFL SAMPLED DATA Yes 200 200 0 0
27 2 Low Latency Yes 5400 5400 0 0
28 10 EGR Exception Yes 200 200 0 0
29 5 Stackwise Virtual OOB Yes 8000 8000 0 0
30 9 MCAST Data Yes 400 400 0 0
31 3 Gold Pkt Yes 1000 1000 0 0
C9300L_CORE#show platform hardware fed switch active qos queue stats internal cpu policer
CPU Queue Statistics
============================================================================================
(default) (set) Queue Queue
QId PlcIdx Queue Name Enabled Rate Rate Drop(Bytes) Drop(Frames)
--------------------------------------------------------------------------------------------
0 11 DOT1X Auth Yes 1000 1000 0 0
1 1 L2 Control Yes 2000 2000 0 0
2 14 Forus traffic Yes 4000 4000 0 0
3 0 ICMP GEN Yes 600 600 0 0
4 2 Routing Control Yes 5400 5400 0 0
5 14 Forus Address resolution Yes 4000 4000 0 0
6 0 ICMP Redirect Yes 600 600 921724755614 1659530658
7 16 Inter FED Traffic Yes 2000 2000 0 0
8 4 L2 LVX Cont Pack Yes 1000 1000 0 0
9 19 EWLC Control Yes 13000 13000 0 0
10 16 EWLC Data Yes 2000 2000 0 0
11 13 L2 LVX Data Pack Yes 1000 1000 0 0
12 0 BROADCAST Yes 600 600 64804781 405097
13 10 Openflow Yes 200 200 0 0
14 13 Sw forwarding Yes 1000 1000 0 0
15 8 Topology Control Yes 13000 13000 0 0
16 12 Proto Snooping Yes 2000 2000 0 0
17 6 DHCP Snooping Yes 400 400 0 0
18 13 Transit Traffic Yes 1000 1000 0 0
19 10 RPF Failed Yes 200 200 0 0
20 15 MCAST END STATION Yes 2000 2000 0 0
21 13 LOGGING Yes 1000 1000 0 0
22 7 Punt Webauth Yes 1000 1000 0 0
23 18 High Rate App Yes 13000 13000 0 0
24 10 Exception Yes 200 200 0 0
25 3 System Critical Yes 1000 1000 0 0
26 10 NFL SAMPLED DATA Yes 200 200 0 0
27 2 Low Latency Yes 5400 5400 0 0
28 10 EGR Exception Yes 200 200 0 0
29 5 Stackwise Virtual OOB Yes 8000 8000 0 0
30 9 MCAST Data Yes 400 400 0 0
31 3 Gold Pkt Yes 1000 1000 0 0
07-08-2024 09:28 AM
But I see you apply no ip redirect no ip unreachable' are you apply it to correct vlan?
Also I think you need
No ip direct-broadcast
Unless you need it for some app.
MHM
07-08-2024 10:37 AM
Yes, I applied the commands to the correct interface vlan. I see that Directed broadcast forwarding is disabled by default.
Vlan15 is up, line protocol is up
Internet address is 10.3.150.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are never sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
Associated unicast routing topologies:
Topology "base", operation state is UP
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
07-08-2024 11:40 AM
You mentioned two platforms
One is 9200 and other 9300
Are you run any dhcp relay?
Thanks
MHM
07-08-2024 12:05 PM
The 9300 is my Core switch where I have the interface vlans created and the dhcp pool. I dont have dhcp relay
The 9200 are the access switches that are conected via trunk to the Core.
07-08-2024 12:18 PM
Ok, I check and I see that the queue of CPU for all SVI
So disable ip redirects abd unreachable in all SVI and check.
The queue must be not full for these packet from any SVI in SW.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide