10-24-2012 05:22 AM - edited 03-07-2019 09:39 AM
I have a small branch office using a 2951 router. I'm using the 2951 as the DHCP server for the site. It is handing out the addresses but, the users tell me in the morning when the come in they have to unplug their cat 5 cable from the wall - then, plug it back in to log in. If they don't do this they can't log in. I'm assuming it is because they aren't getting an address until the unplug and plug in the cat 5 cable.
Has anyone heard of this issue?
Config and show:
ip dhcp excluded-address 172.18.0.58 172.18.0.62
ip dhcp pool corp-pool
network 172.18.0.32 255.255.255.224
option 150 ip 10.20.64.42 10.20.64.40 10.3.4.40
dns-server 10.3.1.100 10.3.1.108 188.8.131.52
option 43 hex ac14.085d
2951#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
172.18.0.34 0100.04f2.ebe1.16 Oct 24 2012 11:34 PM Automatic
172.18.0.36 0100.1cc0.e35e.26 Oct 24 2012 09:02 PM Automatic
172.18.0.37 01c8.0aa9.c112.97 Oct 24 2012 08:48 PM Automatic
172.18.0.39 01c8.0aa9.9efe.62 Oct 25 2012 04:27 AM Automatic
172.18.0.42 0100.0830.8bd2.da Oct 25 2012 12:05 AM Automatic
172.18.0.43 01c8.0aa9.9f06.72 Oct 24 2012 10:24 AM Automatic
172.18.0.45 0168.bc0c.80b4.c0 Oct 25 2012 12:03 AM Automatic
172.18.0.46 0168.bc0c.80b7.3a Oct 25 2012 12:03 AM Automatic
172.18.0.48 0168.bc0c.80bc.f5 Oct 24 2012 09:03 PM Automatic
172.18.0.50 0168.bc0c.80b3.12 Oct 25 2012 12:04 AM Automatic
172.18.0.52 01d8.67d9.e109.44 Oct 24 2012 08:48 PM Automatic
172.18.0.53 01a4.934c.f31f.2e Oct 24 2012 08:55 PM Automatic
172.18.0.56 0160.eb69.c044.2b Oct 25 2012 07:23 AM Automatic
10-29-2012 07:13 AM
Thanks for the responce. Still didnt see the ipconfig/all from one of the pc.
Configuration looks fine other than i can not see any DHCP pool (vlan 30) for the phones as Alain highlighted.
Will it be possible for you run wireshark capture during the boot up process on one of the affected pc?
10-29-2012 07:24 AM
Would you like the config /all before they unplug their PCs or after? Or, does it not matter?
10-29-2012 08:04 AM
Posting both wouldn't hurt anyway, isn't it?
Don't forget to rate helpful posts.
10-29-2012 09:05 AM
I agree, that sounds like the quickest route to a diagnosis. Just setup a SPAN session monitoring one of the ports and arrange to have the packet capture running before anyone tries to use that machine in the morning. That way you can watch not only the machines traffic, but also make sure that the phone is working as it should (if it's taking too long to pull down it's config it might not forward any traffic from the device until after the computer has already given up on pulling an address, or something)
Also, Pat, I just want to be clear...
When you say they "can't log in", it's actually giving them an error code and telling them the domain isn't available (or something along those lines), right? Because i've definitely had networks in the past with very high latency and packet loss where machines would take >40 minutes to download and run login scripts, so users would take to unplugging the machines when they logged in (forcing the scripts to fail immediately instead of succeed after 40 mintues) and plugging it back in when their desktop came up. Just want to be sure we're all talking about the same thing here
10-30-2012 05:11 AM
I wasn't able to create the SPAN as you wanted but, I have some info that might help and if you would like me to do the SPAN we could do that as well later.
Last night I got the address that the User was using - 172.18.0.56 and started pinging it before the User go in this morning. The ping failed but, I could ping the address of the User"s phone that the PC is connected to.
I asked the User to call me before he tried logging in but, before he called me he hit his mouse and it triggered this debug( I had debug ip dhcp packet events going)
Oct 30 07:20:35 cst-dst: DHCPD: checking for expired leases.
Oct 30 07:22:35 cst-dst: DHCPD: checking for expired leases.
Oct 30 07:22:44 cst-dst: DHCPD: Sending notification of ASSIGNMENT:
Oct 30 07:22:44 cst-dst: DHCPD: address 172.18.0.56 mask 255.255.255.224
Oct 30 07:22:44 cst-dst: DHCPD: htype 1 chaddr 60eb.69c0.442b
At that point he had only touched his mouse but, I was able to ping his address - 172.18.0.56. But, when he tried to login it failed and this is a print screen of his monitor:
Then, when he unplugged and plugged in his ethernet cable the router had another debug message:
Oct 30 07:26:35 cst-dst: DHCPD: checking for expired leases.
Oct 30 07:27:12 cst-dst: DHCPD: Sending notification of ASSIGNMENT:
Oct 30 07:27:12 cst-dst: DHCPD: address 172.18.0.56 mask 255.255.255.224
Oct 30 07:27:12 cst-dst: DHCPD: htype 1 chaddr 60eb.69c0.442b
Oct 30 07:27:12 cst-dst: DHCPD: lease time remaining (secs) = 1296000
And then, the User was able to login.
10-30-2012 06:15 PM
This does not sound to me a DHCP problem for me now :-) According to your post your where not able to ping the pc before the user touches the mouse and as soon as mouse was moved you where able to ping the ip address. This means that the user PC was in a sleep mode and hence the network card was not responding to ping. As soon as user moved the mouse the network card woke up and you where able to ping the ip address after that. This means you the DHCP is working fine.
I think the problem you have here is something to do with logging on (not necessarily a dhcp issue). Are these users log on the pc using domain credentials or is it local login?
As sussgested a network SPAN before unplug and after unplug will really help to identify the root cause of the issue here.
10-31-2012 04:34 AM
I believe you are correct that it is not a DHCP problem. I know how to span a port but how do I collect the data? Can I send the span data to flash?
Could you explain how I should accomplish this, or send a doc my way?
10-31-2012 04:54 AM
Please follow this steps for port monitoring. This may vary slightly depending on switch model but logic would be the same.
1) Identify one spare switch port of the switch.
2) Connect a laptop or desktop to that port. This switch port would be your span destination port. For time being assume this being as Fas 0/10.This pc should have a packet capture software like wireshark running on it.
3) Identify the port to which the problem pc is connected. This switch port would be the source port for your span.
For time being assume this being as Fas 0/20.
4) Configure your switch as below
monitor session 1 source interface Fa 0/20 (we are using Fas 0/20 as source in our example)
monitor session 1 destination interface Fa 0/10 (we are using Fas 0/10 as destination in our example and this will be port on which packet capture pc would be running)
Once monitoring is configured open packet capture software and you would be able to see all the traffic going to source port on packet capture software.
Hope this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: