Solved: DHCP via WAN on isr 819

Nathan Andrews · ‎01-18-2017

I've got a remote router that I can't convince to pull an IP via dhcp. It's connected to an ISP router, and I'm aware that I'll have an interesting time with that setup.

For now, I just want the silly thing to grab an address from that ISP router. I have confirmed that PCs plugged into its ports do get IPs via dhcp. I've configured the interface gi 0 to get an address via dhcp, but it just plain old doesn't work. I've actually tried setting up a packet capture at gi 0, but I get absolutely nothing. Literally a blank file.

interface GigabitEthernet0
description WAN1 (Gi0) VRF SLA and TUN 100
ip vrf forwarding GIG100
no ip dhcp client request tftp-server-address
ip dhcp client client-id ascii rtr035
ip dhcp client class-id 1234
ip dhcp client hostname rtr035
ip dhcp client lease 0 1 0
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
zone-member security GIG100
ip policy route-map VRF_TO_GLOBAL
duplex auto
speed auto
no cdp enable

With dhcp debugging on I get the following log information:

Jan 18 09:25:40: DHCP: Try 828 to acquire address for GigabitEthernet0
Jan 18 09:25:40: DHCP: No configured hostname - not including Hostname option
Jan 18 09:25:40: DHCP: allocate request
Jan 18 09:25:40: DHCP: new entry. add to queue, interface GigabitEthernet0
Jan 18 09:25:40: DHCP: Client socket is opened
Jan 18 09:25:40: DHCP: SDiscover attempt # 1 for entry:
Jan 18 09:25:40: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:25:40: Temp sub net mask: 0.0.0.0
Jan 18 09:25:40: DHCP Lease server: 0.0.0.0, state: 3 Selecting
Jan 18 09:25:40: DHCP transaction id: 6A9
Jan 18 09:25:40: Lease: 3600 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:25:40: Next timer fires after: 00:00:04
Jan 18 09:25:40: Retry count: 1 Client-ID: rtr035
Jan 18 09:25:40: Client-ID hex dump: 727472303335
Jan 18 09:25:40: Hostname: rtr035
Jan 18 09:25:40: DHCP: SDiscover placed lease len option: 3600
Jan 18 09:25:40: DHCP: SDiscover placed class-id option: 31323334
Jan 18 09:25:40: DHCP: SDiscover: sending 286 byte length DHCP packet
Jan 18 09:25:40: DHCP: SDiscover 286 bytes
Jan 18 09:25:40: B'cast on GigabitEthernet0 interface from 0.0.0.0
Jan 18 09:25:43: %SEC-6-IPACCESSLOGP: list CELL_EGRESS_FILTER denied tcp 10.201.35.71(0) -> 64.4.54.254(0), 1 packet
Jan 18 09:25:43: DHCP: SDiscover attempt # 2 for entry:
Jan 18 09:25:43: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:25:43: Temp sub net mask: 0.0.0.0
Jan 18 09:25:43: DHCP Lease server: 0.0.0.0, state: 3 Selecting
Jan 18 09:25:43: DHCP transaction id: 6A9
Jan 18 09:25:43: Lease: 3600 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:25:43: Next timer fires after: 00:00:04
Jan 18 09:25:43: Retry count: 2 Client-ID: rtr035
Jan 18 09:25:43: Client-ID hex dump: 727472303335
Jan 18 09:25:43: Hostname: rtr035
Jan 18 09:25:43: DHCP: SDiscover placed lease len option: 3600
Jan 18 09:25:43: DHCP: SDiscover placed class-id option: 31323334
Jan 18 09:25:43: DHCP: SDiscover: sending 286 byte length DHCP packet
Jan 18 09:25:43: DHCP: SDiscover 286 bytes
Jan 18 09:25:43: B'cast on GigabitEthernet0 interface from 0.0.0.0
Jan 18 09:25:47: DHCP: SDiscover attempt # 3 for entry:
Jan 18 09:25:47: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:25:47: Temp sub net mask: 0.0.0.0
Jan 18 09:25:47: DHCP Lease server: 0.0.0.0, state: 3 Selecting
Jan 18 09:25:47: DHCP transaction id: 6A9
Jan 18 09:25:47: Lease: 3600 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:25:47: Next timer fires after: 00:00:04
Jan 18 09:25:47: Retry count: 3 Client-ID: rtr035
Jan 18 09:25:47: Client-ID hex dump: 727472303335
Jan 18 09:25:47: Hostname: rtr035
Jan 18 09:25:47: DHCP: SDiscover placed lease len option: 3600
Jan 18 09:25:47: DHCP: SDiscover placed class-id option: 31323334
Jan 18 09:25:47: DHCP: SDiscover: sending 286 byte length DHCP packet
Jan 18 09:25:47: DHCP: SDiscover 286 bytes
Jan 18 09:25:47: B'cast on GigabitEthernet0 interface from 0.0.0.0
Jan 18 09:25:51: DHCP: QScan: Timed out Selecting state

There's something simple here I am missing, but I am quite a newb. Could I please borrow some insight?

Richard Burts · ‎01-18-2017

Thanks for following my suggestion and removing the client specific commands. Sorry that did not turn out to be the issue. I would suggest leaving them out while we continue to test. When we do get DHCP working you can decide whether to put them back in.

My next thought is about how you have configured your security zones based on this command

zone-member security GIG100

Can you provide some detail about how the security zones are set up and operating? As a test could you remove the security zone from this interface?

HTH

Rick

HTH

Rick

View solution in original post

Nathan Andrews · ‎01-18-2017

show ip interface brief shows the following for that interface:

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0 unassigned YES DHCP up up

Nathan Andrews · ‎01-18-2017

Config cleansed of all additional dhcp options.

interface GigabitEthernet0
description WAN1 (Gi0) VRF SLA and TUN 100
ip vrf forwarding GIG100
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
zone-member security GIG100
ip policy route-map VRF_TO_GLOBAL
duplex auto
speed auto
no cdp enable

shut/no shut interface

Still no address. Logs follow:

Jan 18 09:43:26: Hostname: rtr035
Jan 18 09:43:26: DHCP: SDiscover placed class-id option: 636973636F706E70
Jan 18 09:43:26: DHCP: SDiscover: sending 303 byte length DHCP packet
Jan 18 09:43:26: DHCP: SDiscover 303 bytes
Jan 18 09:43:26: B'cast on GigabitEthernet0 interface from 0.0.0.0
Jan 18 09:43:30: DHCP: SDiscover attempt # 3 for entry:
Jan 18 09:43:30: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:43:30: Temp sub net mask: 0.0.0.0
Jan 18 09:43:30: DHCP Lease server: 0.0.0.0, state: 3 Selecting
Jan 18 09:43:30: DHCP transaction id: E7B
Jan 18 09:43:30: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:43:30: Next timer fires after: 00:00:04
Jan 18 09:43:30: Retry count: 3 Client-ID: cisco-0087.31c3.ac8b-Gi0
Jan 18 09:43:30: Client-ID hex dump: 636973636F2D303038372E333163332E
Jan 18 09:43:30: 616338622D476930
Jan 18 09:43:30: Hostname: rtr035
Jan 18 09:43:30: DHCP: SDiscover placed class-id option: 636973636F706E70
Jan 18 09:43:30: DHCP: SDiscover: sending 303 byte length DHCP packet
Jan 18 09:43:30: DHCP: SDiscover 303 bytes
Jan 18 09:43:30: B'cast on GigabitEthernet0 interface from 0.0.0.0
Jan 18 09:43:34: DHCP: QScan: Timed out Selecting state%Unknown DHCP problem.. No allocation possible
Jan 18 09:43:44: DHCP: Waiting for 5 seconds on interface GigabitEthernet0
Jan 18 09:43:49: DHCP: Try 2 to acquire address for GigabitEthernet0
Jan 18 09:43:49: DHCP: allocate request
Jan 18 09:43:49: DHCP: zapping entry in DHC_PURGING state for Gi0
Jan 18 09:43:49: DHCP: deleting entry 11A5C1E4 0.0.0.0 from list
Jan 18 09:43:49: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:43:49: Temp sub net mask: 0.0.0.0
Jan 18 09:43:49: DHCP Lease server: 0.0.0.0, state: 11 Purging
Jan 18 09:43:49: DHCP transaction id: E7B
Jan 18 09:43:49: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:43:49: Next timer fires after: 00:00:26
Jan 18 09:43:49: Retry count: 0 Client-ID: cisco-0087.31c3.ac8b-Gi0
Jan 18 09:43:49: Client-ID hex dump: 636973636F2D303038372E333163332E
Jan 18 09:43:49: 616338622D476930
Jan 18 09:43:49: Hostname: rtr035
Jan 18 09:43:49: DHCP: new entry. add to queue, interface GigabitEthernet0
Jan 18 09:43:49: DHCP: SDiscover attempt # 1 for entry:
Jan 18 09:43:49: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:43:49: Temp sub net mask: 0.0.0.0
Jan 18 09:43:49: DHCP Lease server: 0.0.0.0, state: 3 Selecting
Jan 18 09:43:49: DHCP transaction id: E7C
Jan 18 09:43:49: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:43:49: Next timer fires after: 00:00:04
Jan 18 09:43:49: Retry count: 1 Client-ID: cisco-0087.31c3.ac8b-Gi0
Jan 18 09:43:49: Client-ID hex dump: 636973636F2D303038372E333163332E
Jan 18 09:43:49: 616338622D476930
Jan 18 09:43:49: Hostname: rtr035
Jan 18 09:43:49: DHCP: SDiscover placed class-id option: 636973636F706E70
Jan 18 09:43:49: DHCP: SDiscover: sending 303 byte length DHCP packet
Jan 18 09:43:49: DHCP: SDiscover 303 bytes
Jan 18 09:43:49: B'cast on GigabitEthernet0 interface from 0.0.0.0
Jan 18 09:43:52: DHCP: SDiscover attempt # 2 for entry:
Jan 18 09:43:52: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:43:52: Temp sub net mask: 0.0.0.0
Jan 18 09:43:52: DHCP Lease server: 0.0.0.0, state: 3 Selecting
Jan 18 09:43:52: DHCP transaction id: E7C
Jan 18 09:43:52: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:43:52: Next timer fires after: 00:00:04
Jan 18 09:43:52: Retry count: 2 Client-ID: cisco-0087.31c3.ac8b-Gi0
Jan 18 09:43:52: Client-ID hex dump: 636973636F2D303038372E333163332E
Jan 18 09:43:52: 616338622D476930
Jan 18 09:43:52: Hostname: rtr035
Jan 18 09:43:52: DHCP: SDiscover placed class-id option: 636973636F706E70
Jan 18 09:43:52: DHCP: SDiscover: sending 303 byte length DHCP packet
Jan 18 09:43:52: DHCP: SDiscover 303 bytes
Jan 18 09:43:52: B'cast on GigabitEthernet0 interface from 0.0.0.0
Jan 18 09:43:56: DHCP: SDiscover attempt # 3 for entry:
Jan 18 09:43:56: Temp IP addr: 0.0.0.0 for peer on Interface: GigabitEthernet0
Jan 18 09:43:56: Temp sub net mask: 0.0.0.0
Jan 18 09:43:56: DHCP Lease server: 0.0.0.0, state: 3 Selecting
Jan 18 09:43:56: DHCP transaction id: E7C
Jan 18 09:43:56: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
Jan 18 09:43:56: Next timer fires after: 00:00:04
Jan 18 09:43:56: Retry count: 3 Client-ID: cisco-0087.31c3.ac8b-Gi0
Jan 18 09:43:56: Client-ID hex dump: 636973636F2D303038372E333163332E
Jan 18 09:43:56: 616338622D476930
Jan 18 09:43:56: Hostname: rtr035
Jan 18 09:43:56: DHCP: SDiscover placed class-id option: 636973636F706E70
Jan 18 09:43:56: DHCP: SDiscover: sending 303 byte length DHCP packet
Jan 18 09:43:56: DHCP: SDiscover 303 bytes

Richard Burts · ‎01-18-2017

Thanks for following my suggestion and removing the client specific commands. Sorry that did not turn out to be the issue. I would suggest leaving them out while we continue to test. When we do get DHCP working you can decide whether to put them back in.

My next thought is about how you have configured your security zones based on this command

zone-member security GIG100

Can you provide some detail about how the security zones are set up and operating? As a test could you remove the security zone from this interface?

HTH

Rick

HTH

Rick

Nathan Andrews · ‎01-18-2017

Many thanks for your input so far. The issue is definitely related to the security zone settings. Removing that line caused the interface to pull an apropriate IP via dhcp. I'm not sure where to go with the security zone config, but I'll post it soon if you can continue to help me.

Richard Burts · ‎01-18-2017

I am glad that we can identify the problem as related to security zones. I wonder if you need something set up for zone to self.

HTH

Rick

HTH

Rick

Nathan Andrews · ‎01-18-2017

I yanked the text of security zones, class maps and policy maps.

Nathan Andrews · ‎01-20-2017

Thanks to your input, the interface is receiving an address via dhcp now.

I am unfortunately not familiar enough with IOS to correct the configuration and return the interface to the security group. I believe I'll need an ACL that allows the dhcp information to pass in that security zone, but I'm not sure how to actually do that.

Richard Burts · ‎01-18-2017

There are several things that could be causing this. My first guess is that it may be related to the 5 client specific commands in your configuration. When you connected a PC and tested it was most likely just a vanilla dhcp request from the PC which worked. So my first suggestion would be to remove the client specific commands and see if the behavior changes. If that does not help then we will look for other possibilities.

HTH

Rick

HTH

Rick