Showing results for 
Search instead for 
Did you mean: 

2951 DHCP Problem

Patrick McHenry


I have a small branch office using a 2951 router. I'm using the 2951 as the DHCP server for the site. It is handing out the addresses but, the users tell me in the morning when the come in they have to unplug their cat 5 cable from the wall - then, plug it back in to log in. If they don't do this they can't log in. I'm assuming it is because they aren't getting an address until the unplug and plug in the cat 5 cable.

Has anyone heard of this issue?

Config and show:

ip dhcp excluded-address

ip dhcp pool corp-pool

import all



option 150 ip



option 43 hex ac14.085d


2951#show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address          Client-ID/              Lease expiration        Type

                    Hardware address/

                    User name         0100.04f2.ebe1.16       Oct 24 2012 11:34 PM    Automatic         0100.1cc0.e35e.26       Oct 24 2012 09:02 PM    Automatic         01c8.0aa9.c112.97       Oct 24 2012 08:48 PM    Automatic         01c8.0aa9.9efe.62       Oct 25 2012 04:27 AM    Automatic         0100.0830.8bd2.da       Oct 25 2012 12:05 AM    Automatic         01c8.0aa9.9f06.72       Oct 24 2012 10:24 AM    Automatic         0168.bc0c.80b4.c0       Oct 25 2012 12:03 AM    Automatic         0168.bc0c.80b7.3a       Oct 25 2012 12:03 AM    Automatic         0168.bc0c.80bc.f5       Oct 24 2012 09:03 PM    Automatic         0168.bc0c.80b3.12       Oct 25 2012 12:04 AM    Automatic         01d8.67d9.e109.44       Oct 24 2012 08:48 PM    Automatic         01a4.934c.f31f.2e       Oct 24 2012 08:55 PM    Automatic         0160.eb69.c044.2b       Oct 25 2012 07:23 AM    Automatic

Thanks, Pat.

22 Replies 22

Hi Parick,

Thanks for the responce. Still didnt see the ipconfig/all from one of the pc.

Configuration looks fine other than i can not see any DHCP pool (vlan 30) for the phones as Alain highlighted.

Will it be possible for you run wireshark capture during the boot up process on one of the affected pc?



Would you like the config /all before they unplug their PCs or after? Or, does it not matter?

Thanks, Pat.


Posting both wouldn't hurt anyway, isn't it?



Don't forget to rate helpful posts.

Don't forget to rate helpful posts.


I agree, that sounds like the quickest route to a diagnosis.  Just setup a SPAN session monitoring one of the ports and arrange to have the packet capture running before anyone tries to use that machine in the morning.  That way you can watch not only the machines traffic, but also make sure that the phone is working as it should (if it's taking too long to pull down it's config it might not forward any traffic from the device until after the computer has already given up on pulling an address, or something)

Also, Pat, I just want to be clear...

When you say they "can't log in", it's actually giving them an error code and telling them the domain isn't available (or something along those lines), right?  Because i've definitely had networks in the past with very high latency and packet loss where machines would take >40 minutes to download and run login scripts, so users would take to unplugging the machines when they logged in (forcing the scripts to fail immediately instead of succeed after 40 mintues) and plugging it back in when their desktop came up.  Just want to be sure we're all talking about the same thing here

I wasn't able to create the SPAN as you wanted but, I have some info that might help and if you would like me to do the SPAN we could do that as well later.

Last night I got the address that the User was using  - and started pinging it before the User go in this morning. The ping failed but, I could ping the address of the User"s phone that the PC is connected to.

I asked the User to call me before he tried logging in but, before he called me he hit his mouse and it triggered this debug( I had debug ip dhcp packet events going)

Oct 30 07:20:35 cst-dst: DHCPD: checking for expired leases.

Oct 30 07:22:35 cst-dst: DHCPD: checking for expired leases.

Oct 30 07:22:44 cst-dst: DHCPD: Sending notification of ASSIGNMENT:

Oct 30 07:22:44 cst-dst:  DHCPD: address mask

Oct 30 07:22:44 cst-dst:   DHCPD: htype 1 chaddr 60eb.69c0.442b

At that point he had only touched his mouse but, I was able to ping his address - But, when he tried to login it failed and this is a print screen of his monitor:

Then, when he unplugged and plugged in his ethernet cable the router had another debug message:

Oct 30 07:26:35 cst-dst: DHCPD: checking for expired leases.

Oct 30 07:27:12 cst-dst: DHCPD: Sending notification of ASSIGNMENT:

Oct 30 07:27:12 cst-dst:  DHCPD: address mask

Oct 30 07:27:12 cst-dst:   DHCPD: htype 1 chaddr 60eb.69c0.442b

Oct 30 07:27:12 cst-dst:   DHCPD: lease time remaining (secs) = 1296000

And then, the User was able to login.

Thanks, Pat.

Hi Pat,

This does not sound to me a DHCP problem for me now :-) According to your post your where not able to ping the pc before the user touches the mouse and as soon as mouse was moved you where able to ping the ip address. This means that the user PC was in a sleep mode and hence the network card was not responding to ping. As soon as user moved the mouse the network card woke up  and you where able to ping the ip address after that. This means you the DHCP is working fine.

I think the problem you have here is something to do with logging on (not necessarily a dhcp issue). Are these users log on the pc using domain credentials or is it local login?

As sussgested a network SPAN before unplug and after unplug will really help to identify the root cause of the issue here.



Thanks, Najaf.

I believe you are correct that it is not a DHCP problem. I know how to span a port but how do I collect the data? Can I send the span data to flash?

Could you explain how I should accomplish this, or send a doc my way?

Thanks, Pat.

Hi Pat,

Please follow this steps for port monitoring. This may vary slightly depending on switch model but logic would be the same.

1) Identify one spare switch port of the switch.

2) Connect a laptop or desktop to that port. This switch port would be your span destination port. For time being assume this being as Fas 0/10.This pc should have a packet capture software like wireshark running on it.

3) Identify the port to which the problem pc is connected. This switch port would be the source port for your span.

For time being assume this being as Fas 0/20.

4) Configure your switch as below

config terminal

monitor session 1 source interface Fa 0/20 (we are using Fas 0/20 as source in our example)

monitor session 1 destination interface Fa 0/10 (we are using Fas 0/10 as destination in our example and this will be port on which packet capture pc would be running)

Once monitoring is configured open packet capture software and you would be able to see all the traffic going to source port on packet capture software.

Hope this helps.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers