Re: [Catalyst 2960 -X] DHCP conflict

TechniqueAlezpc · ‎08-06-2019

Hello,

I'm French and sorry for my bad English ;)

We are now supervising infrastructure for our new customer, which is composed by :

- 1 master switch with a DHCP, 3 VLAN (Catalyst 2960)

- 2 secondary switch without any function (Zyxel)

Our customer has some problem to get an IP from DHCP: There's 10 excluded address for the printers, and all the rest is reachable. By the way, for an unknown reason, the pool only lease a few IPs (a dozen), and exclude the others until .255

Pool 2nd :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 20
Excluded addresses : 155
Remembered addresses : 0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased/Excluded/Total
10.241.131.1 10.241.131.1 - 10.241.131.254 20 / 155 / 254

In the ARP table, some addresses have the same MAC :

Internet 10.241.131.41 4 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.42 29 2c30.33e6.0c3a ARPA Vlan71
Internet 10.241.131.43 4 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.44 3 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.45 3 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.46 3 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.47 3 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.48 3 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.49 3 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.50 3 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.51 3 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.52 2 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.53 2 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.54 2 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.55 2 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.56 2 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.57 2 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.58 0 7085.c212.880b ARPA Vlan71
Internet 10.241.131.59 2 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.60 1 241c.0408.aaf6 ARPA Vlan71
Internet 10.241.131.61 1 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.63 1 847b.eb43.9080 ARPA Vlan71
Internet 10.241.131.64 1 847b.eb43.9080 ARPA Vlan71

I tried a clear ip binding, clear ip conflicts *, clear arp, clear arp-cache, clear ip arp interface vlan 71 but no effects, the DHCP don't lease addresses. The switch is up-to-date, and the problem still here. We are far from the client, and we can't shut down the DHCP pool to recreate it (we can't stop the production).

If someone has an idea or a solution, I'm interested :)

Thanks to all.

balaji.bandi · ‎08-06-2019

Can you post show version, and full show run to look what you configured.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TechniqueAlezpc · ‎08-06-2019

Version :


cisco WS-C2960X-48TS-L (APM86XXX) processor (revision M0) with 524288K bytes of memory.
Processor board ID FCW2046B77T
Last reset from reload command
8 Virtual Ethernet interfaces
1 FastEthernet interface
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 08:CC:A7:82:83:80
Motherboard assembly number : 73-16693-05
Power supply part number : 341-0537-02
Motherboard serial number : FOC204647NK
Power supply serial number : LIT20412D9L
Model revision number : M0
Motherboard revision number : A0
Model number : WS-C2960X-48TS-L
Daughterboard assembly number : 73-14200-03
Daughterboard serial number : FOC20465L37
System serial number : FCW2046B77T
Top Assembly Part Number : 68-100471-02
Top Assembly Revision Number : A0
Version ID : V05
CLEI Code Number : CMMNF00ARD
Daughterboard revision number : A0
Hardware Board Revision Number : 0x19


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C2960X-48TS-L 15.2(4)E8 C2960X-UNIVERSALK9-M


Configuration register is 0xF

Run :

Current configuration : 7016 bytes
!
! Last configuration change at 13:24:26 UTC Tue Aug 6 2019
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 
!
no aaa new-model
clock timezone UTC 1 0
switch 1 provision ws-c2960x-48ts-l
!
!
!
!
ip routing
no ip cef optimize neighbor resolution
no ip dhcp conflict logging
ip dhcp excluded-address 10.241.127.1 10.241.127.10
ip dhcp excluded-address 10.241.131.1 10.241.131.10
ip dhcp excluded-address 10.251.2.1 10.251.2.32
ip dhcp excluded-address 10.251.251.1 10.251.251.10
ip dhcp excluded-address 10.251.131.1 10.251.131.10
ip dhcp excluded-address 10.251.127.1 10.251.127.10
no ip dhcp ping packets
!
ip dhcp pool 1st
network 10.241.127.0 255.255.255.0
default-router 10.241.127.1
domain-name **
dns-server 10.251.2.2 10.251.2.3
!
ip dhcp pool Srv
network 10.251.2.0 255.255.255.0
default-router 10.251.2.1
domain-name **
dns-server 10.251.2.2 10.251.2.3
!
ip dhcp pool fwi
network 10.251.251.0 255.255.255.128
default-router 10.251.251.2
domain-name **
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool 2nd
network 10.241.131.0 255.255.255.0
default-router 10.241.131.1
domain-name **
dns-server 10.251.2.2 10.251.2.3
lease 0 8
!
ip dhcp pool Demo
network 10.241.191.0 255.255.255.0
!
crypto pki trustpoint TP-self-signed-**
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-**
revocation-check none
rsakeypair TP-self-signed-**
!
!
crypto pki certificate chain TP-self-signed-**
certificate self-signed 01
quit
!
spanning-tree mode pvst
spanning-tree extend system-id
errdisable recovery cause loopback
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport access vlan 101
switchport mode access
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface GigabitEthernet1/0/1
switchport access vlan 101
!
interface GigabitEthernet1/0/2
switchport access vlan 101
!
interface GigabitEthernet1/0/3
switchport access vlan 101
!
interface GigabitEthernet1/0/4
switchport access vlan 101
!
interface GigabitEthernet1/0/5
switchport access vlan 101
!
interface GigabitEthernet1/0/6
switchport access vlan 101
!
interface GigabitEthernet1/0/7
switchport access vlan 101
!
interface GigabitEthernet1/0/8
switchport access vlan 101
!
interface GigabitEthernet1/0/9
switchport access vlan 101
!
interface GigabitEthernet1/0/10
switchport access vlan 101
!
interface GigabitEthernet1/0/11
switchport access vlan 101
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
switchport access vlan 101
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/14
switchport access vlan 101
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/15
switchport access vlan 101
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/16
switchport access vlan 101
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
switchport access vlan 161
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 191
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
switchport access vlan 41
!
interface GigabitEthernet1/0/39
switchport access vlan 41
!
interface GigabitEthernet1/0/40
switchport access vlan 41
!
interface GigabitEthernet1/0/41
switchport access vlan 41
!
interface GigabitEthernet1/0/42
switchport access vlan 41
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
switchport access vlan 71
!
interface GigabitEthernet1/0/45
switchport access vlan 71
!
interface GigabitEthernet1/0/46
switchport access vlan 71
!
interface GigabitEthernet1/0/47
switchport access vlan 71
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address 10.251.1.1 255.255.255.0
!
interface Vlan41
ip address 10.241.127.1 255.255.255.0
!
interface Vlan71
ip address 10.241.131.1 255.255.255.0
!
interface Vlan101
ip address 10.251.2.1 255.255.255.0
!
interface Vlan131
ip address 10.251.131.2 255.255.255.0
!
interface Vlan161
ip address 10.251.251.1 255.255.255.128
!
interface Vlan162
ip address 10.251.251.134 255.255.255.128
!
interface Vlan191
ip address 10.241.191.1 255.255.255.0
!
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.251.251.2 permanent
ip route 10.241.131.0 255.255.255.0 Vlan71
ip route 10.251.2.0 255.255.255.0 Vlan101
ip route 10.251.251.0 255.255.255.128 Vlan161
!
!
!
line con 0
line vty 0 4
password **
login
line vty 5 15
password **
login
!
end

Here you got, thanks !

paul driver · ‎08-06-2019

Hello

Suggest the following and test again:

conf t
no ip route 10.241.131.0 255.255.255.0 Vlan71
no ip route 10.251.2.0 255.255.255.0 Vlan101
no ip route 10.251.251.0 255.255.255.128 Vlan161

ip dhcp ping packets 2 <--- validation check before dhcp allocates

Can you also confirm whats connecting to the port-channel 1 on vlan 101

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul