Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2545
Views
5
Helpful
2
Replies

DHCP Address Conflict

davidhvoss
Level 1
Level 1

‎07-23-2016 10:13 AM - edited ‎03-08-2019 06:45 AM

We had a 6500 acting as a DHCP server crash.  We brought it back up but had 10,000 customers with an existing IP address and none of them tracking on the DHCP server anymore.  When a IP request comes into the DHCP server, it has been handing out IP addresses that were already given out and had a 3 day lease time.

We have dhcp ping enabled, so it will try to ping an IP before handing it out, but most customers have a firewall and will block ICMP, so this is not a good solution.

We have the dhcp conflict logging enabled, but this also isn't the silver bullet we need.

Do you know of a way the 6500 can check to see if an IP is in use any other way?  Some ideas were to have the DHCP server check the arp table.  That would be great (since all VLAN gateways are on the 6500) but I don't know of a command to make it do that.

Any ideas to assist?

Labels:
0 Helpful
2 Replies 2

ahmedshoaib
Level 4
Level 4

‎07-23-2016 03:25 PM

Hi;

Cisco switches become DHCP server, but it's always recommend use a separate DHCP Server (either Windows/Linux base). Due to a lot of DHCP request your switch become overload and crash (you can verify the CPU utilization of 6500) and once switch reload it don't have any option/feature to verify the IP Address already assign to users.

Thanks & Best regards;

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee

‎07-24-2016 12:26 AM

David,

Frankly, there is not much you can do. DHCP server can attempt pinging the IP address it is going to assign, but just as you have mentioned, it is not a reliable test because the end host using this IP address may not respond for whatever reason (firewall being the most common).

What end hosts do when they are assigned an IP address by a DHCP server is that they usually send out an ARP request for that very address, and if someone responds, the host knows that the address is already used. In that case, the client should inform the DHCP server using the DHCPDECLINE message and start the discovery process again. However, there is no way to force a Cisco DHCP server to look into the local ARP table to check whether the address-to-be-assigned already exists in the ARP table - this ARP check is performed by the end host, not by the server.

In each of these cases, Cisco DHCP server will record the address as conflicted, and will exclude it from assignments until you clear the list of conflicted IP addresses.

I am afraid that the only way to solve your current situation is to simply wait till the leased addresses expire, and in the meantime, suffer the conflicting IP addresses. It sounds bad, it is bad, but this is the downside of using DHCP without a permanent lease database storage.

A propos, regarding the persistent database storage: You should definitely configure your 6500 to store the lease database to some persistent storage - perhaps the FLASH filesystem on disk0:, or a TFTP server, so that the next time when you need to reload it, the DHCP address leases won't get lost. The command to do this is very simple - ip dhcp database url - and will save you these trouble in the future. Read more about this command here:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i1.html#wp2095691970

Best regards,
Peter

Customers Also Viewed These Support Documents