Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1989
Views
0
Helpful
7
Replies

DHCP Server Port-Based Address Allocation on a 2960 switch

billseymour
Level 1
Level 1

‎05-04-2019 11:51 AM

I'm having some issues with port based dhcp, it seems simple enough, but clients are sometimes getting weird addresses instead of what's been assigned to that port. Here's an example config:

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A-Rack03-Switch01
!
boot-start-marker
boot-end-marker
!
enable password <redacted>
username <redacted> privilege 15 password 0 <redacted>
username <redacted> privilege 15 password 0 <redacted>
!
no aaa new-model
clock timezone PST -8 0
clock summer-time PDT 2 Sunday March 02:00 1 Sunday November 02:00 60
system mtu routing 1500
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
!
ip dhcp pool Rack03Switch01
   network 10.10.3.0 255.255.255.0
   default-router 10.10.3.1
   dns-server 10.10.3.1
   reserved-only
   address 10.10.3.98 client-id "Fa0/1" ascii
   address 10.10.3.97 client-id "Fa0/2" ascii
   address 10.10.3.96 client-id "Fa0/3" ascii
   address 10.10.3.95 client-id "Fa0/4" ascii
   address 10.10.3.94 client-id "Fa0/5" ascii
   address 10.10.3.93 client-id "Fa0/6" ascii
   address 10.10.3.92 client-id "Fa0/7" ascii
   address 10.10.3.91 client-id "Fa0/8" ascii
   address 10.10.3.90 client-id "Fa0/9" ascii
   address 10.10.3.89 client-id "Fa0/10" ascii
   address 10.10.3.88 client-id "Fa0/11" ascii
   address 10.10.3.87 client-id "Fa0/12" ascii
   address 10.10.3.86 client-id "Fa0/13" ascii
   address 10.10.3.85 client-id "Fa0/14" ascii
   address 10.10.3.84 client-id "Fa0/15" ascii
   address 10.10.3.83 client-id "Fa0/16" ascii
   address 10.10.3.82 client-id "Fa0/17" ascii
   address 10.10.3.81 client-id "Fa0/18" ascii
   address 10.10.3.80 client-id "Fa0/19" ascii
   address 10.10.3.79 client-id "Fa0/20" ascii
   address 10.10.3.78 client-id "Fa0/21" ascii
   address 10.10.3.77 client-id "Fa0/22" ascii
   address 10.10.3.76 client-id "Fa0/23" ascii
   address 10.10.3.75 client-id "Fa0/24" ascii
   address 10.10.3.74 client-id "Fa0/25" ascii
   address 10.10.3.73 client-id "Fa0/26" ascii
   address 10.10.3.72 client-id "Fa0/27" ascii
   address 10.10.3.71 client-id "Fa0/28" ascii
   address 10.10.3.70 client-id "Fa0/29" ascii
   address 10.10.3.69 client-id "Fa0/30" ascii
   address 10.10.3.68 client-id "Fa0/31" ascii
   address 10.10.3.67 client-id "Fa0/32" ascii
   address 10.10.3.66 client-id "Fa0/33" ascii
   address 10.10.3.65 client-id "Fa0/34" ascii
   address 10.10.3.64 client-id "Fa0/35" ascii
   address 10.10.3.63 client-id "Fa0/36" ascii
   address 10.10.3.62 client-id "Fa0/37" ascii
   address 10.10.3.61 client-id "Fa0/38" ascii
   address 10.10.3.60 client-id "Fa0/39" ascii
   address 10.10.3.59 client-id "Fa0/40" ascii
   address 10.10.3.58 client-id "Fa0/41" ascii
   address 10.10.3.57 client-id "Fa0/42" ascii
   address 10.10.3.56 client-id "Fa0/43" ascii
   address 10.10.3.55 client-id "Fa0/44" ascii
   address 10.10.3.54 client-id "Fa0/45" ascii
   address 10.10.3.53 client-id "Fa0/46" ascii
   address 10.10.3.52 client-id "Fa0/47" ascii
   address 10.10.3.51 client-id "Fa0/48" ascii
!
crypto pki trustpoint TP-self-signed-3886261120
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3886261120
 revocation-check none
 rsakeypair TP-self-signed-3886261120
!
crypto pki certificate chain TP-self-signed-3886261120
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/2
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/3
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/4
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/5
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/6
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/7
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/8
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/9
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/10
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/11
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/12
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/13
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/14
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/15
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/16
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/17
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/18
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/19
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/20
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/21
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/22
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/23
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/24
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/25
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/26
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/27
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/28
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/29
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/30
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/31
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/32
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/33
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/34
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/35
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/36
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/37
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/38
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/39
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/40
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/41
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/42
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/43
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/44
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/45
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/46
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/47
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/48
 ip dhcp server use subscriber-id client-id
!
interface GigabitEthernet0/1
 description A Secondary Uplink
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 10.10.3.4 255.255.255.0
 ip route-cache
!
!
ip default-gateway 10.10.3.1
ip http server
ip http secure-server
!
snmp-server community public RO
!
banner motd #
This device is for authorized personnel only. 
If you have not been provided with permission to 
access this device - disconnect at once.
#
banner login #
*** login local Required. Unauthorized use is prohibited ***
#
!
line con 0
line vty 0 4
 password <redacted>
 login local
line vty 5 15
 password <redacted>
 login local
!
end

That switch right now has 45 devices connected to the 100MB ports and only nine have addresses. :( The other 36 didn't get addresses at all, or got addresses that are outside the scope, so don't show in my scan. Note that it seems that some clients will get an address then drop it after a bit but I'm not sure what they get since they don't show on a scan of the subnet.

Labels:
0 Helpful
7 Replies 7

Sebastian Fernandez
Level 1
Level 1

‎05-04-2019 07:06 PM

Hi @billseymour 

 

As per document, you should use the interface name with quotes. See here

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-2sx/dhcp-12-2sx-book/dhcp-prt-bsd-aa.html

 

Also debug the output for - debug ip dhcp server packet

 

Also share output for -show ip dhcp pool Rack03Switch01

 

 

-

Sebastian

Please mark this helpful.

 

0 Helpful

billseymour
Level 1
Level 1
In response to Sebastian Fernandez

‎05-04-2019 08:09 PM - edited ‎05-04-2019 08:25 PM

From that link, which I've read before:

 Step 5
address ip-address client-id string [ascii]
Example:
Router(dhcp-config)# address 10.10.10.2 client-id Et1/0 ascii
Reserves an IP address for a DHCP client identified by the client ID.
    The string argument can be an ASCII value or a hexadecimal value.
    For port-based address allocation the string argument must be the name of the port
    and the ascii keyword must be specified.

[My bold, though it's much more likely to be Fa0/1 or Gi0/1] No mention of quoting the string, and their example isn't quoted... I'm willing to give it a try however! :)

I just look at the 15.0 release documentation and it's the same as 12.2 was...

0 Helpful

Georg Pauwen
VIP
VIP

‎05-05-2019 02:01 AM

Hello,

 

on a side note, this might be a bug (see below). What if you specify the MAC address as the client-id ?

 

By the way, I think the "" quotes are added by the system, you cannot add them manually...

 

Port based DHCP using wrong subscriber-id for address allocation
CSCsz91199
Description
None

Symptom:

Port based DHCP using wrong subscriber-id for address allocation. This
causes the client to get the dynamically learned address rather than
the one reserved.

Conditions:

The issue is with using the subscriber-id feature in the DHCP port based
implementation.


Workaround:

No Workaround

0 Helpful

billseymour
Level 1
Level 1
In response to Georg Pauwen

‎05-13-2019 05:09 PM

OK, sorry it's taken so long to get back, convention last week and I've been out for that.

The problem switch of the day is a different one, so these reflect that. Here's the output from show ip dhcp pool Rack23Switch01:

Pool Rack23Switch01 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 0
 Excluded addresses             : 61
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 10.10.23.23          10.10.23.1       - 10.10.23.254      0     / 61    / 254
 48 reserved addresses are currently in the pool :
 Address          Client
 10.10.23.98      Fa0/1
 10.10.23.97      Fa0/2
 10.10.23.96      Fa0/3
 10.10.23.95      Fa0/4
 10.10.23.94      Fa0/5
 10.10.23.93      Fa0/6
 10.10.23.92      Fa0/7
 10.10.23.91      Fa0/8
 10.10.23.90      Fa0/9
 10.10.23.89      Fa0/10
 10.10.23.88      Fa0/11
 10.10.23.87      Fa0/12
 10.10.23.86      Fa0/13
 10.10.23.85      Fa0/14
 10.10.23.84      Fa0/15
 10.10.23.83      Fa0/16
 10.10.23.82      Fa0/17
 10.10.23.81      Fa0/18
 10.10.23.80      Fa0/19
 10.10.23.79      Fa0/20
 10.10.23.78      Fa0/21
 10.10.23.77      Fa0/22
 10.10.23.76      Fa0/23
 10.10.23.75      Fa0/24
 10.10.23.74      Fa0/25
 10.10.23.73      Fa0/26
 10.10.23.72      Fa0/27
 10.10.23.71      Fa0/28
 10.10.23.70      Fa0/29
 10.10.23.69      Fa0/30
 10.10.23.68      Fa0/31
 10.10.23.67      Fa0/32
 10.10.23.66      Fa0/33
 10.10.23.65      Fa0/34
 10.10.23.64      Fa0/35
 10.10.23.63      Fa0/36
 10.10.23.62      Fa0/37
 10.10.23.61      Fa0/38
 10.10.23.60      Fa0/39
 10.10.23.59      Fa0/40
 10.10.23.58      Fa0/41
 10.10.23.57      Fa0/42
 10.10.23.56      Fa0/43
 10.10.23.55      Fa0/44
 10.10.23.54      Fa0/45
 10.10.23.53      Fa0/46
 10.10.23.52      Fa0/47
 10.10.23.51      Fa0/48
D-Rack23-Switch01#

And the output from the debug command, debug ip dhcp server packet:

*Mar 10 03:34:34.112: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.112: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.112: DHCPD: client's VPN is .
*Mar 10 03:34:34.112: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.112: DHCPD: using received relay info.
*Mar 10 03:34:34.112: DHCPD: DHCPDISCOVER received from client 4661.302f.3436 on interface Vlan1.
*Mar 10 03:34:34.112: DHCPD: using received relay info.
*Mar 10 03:34:34.112: DHCPD: Sending DHCPOFFER to client 4661.302f.3436 (10.10.23.53).
*Mar 10 03:34:34.112: DHCPD: creating ARP entry (10.10.23.53, 54e7.9334.9d45).
*Mar 10 03:34:34.112: DHCPD: unicasting BOOTREPLY to client 54e7.9334.9d45 (10.10.23.53).
*Mar 10 03:34:34.187: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.187: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.187: DHCPD: client's VPN is .
*Mar 10 03:34:34.187: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.187: DHCPD: using received relay info.
*Mar 10 03:34:34.187: DHCPD: DHCPDISCOVER received from client 4661.302f.3438 on interface Vlan1.
*Mar 10 03:34:34.187: DHCPD: using received relay info.
*Mar 10 03:34:34.187: DHCPD: Sending DHCPOFFER to client 4661.302f.3438 (10.10.23.51).
*Mar 10 03:34:34.187: DHCPD: creating ARP entry (10.10.23.51, a21f.2ced.ba5f).
*Mar 10 03:34:34.187: DHCPD: unicasting BOOTREPLY to client a21f.2ced.ba5f (10.10.23.51).
*Mar 10 03:34:34.229: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.229: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.229: DHCPD: client's VPN is .
*Mar 10 03:34:34.229: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.229: DHCPD: DHCPREQUEST received from client 4661.302f.3436.
*Mar 10 03:34:34.229: DHCPD: Sending DHCPACK to client 4661.302f.3436 (10.10.23.53).
*Mar 10 03:34:34.229: DHCPD: creating ARP entry (10.10.23.53, 54e7.9334.9d45).
*Mar 10 03:34:34.229: DHCPD: unicasting BOOTREPLY to client 54e7.9334.9d45 (10.10.23.53).
*Mar 10 03:34:34.305: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.305: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.305: DHCPD: client's VPN is .
*Mar 10 03:34:34.313: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.313: DHCPD: DHCPREQUEST received from client 4661.302f.3438.
*Mar 10 03:34:34.313: DHCPD: Finding a relay for client 4661.302f.3438 on interface Vlan1.

I'm investigating which clients have those MAC addresses...

0 Helpful

billseymour
Level 1
Level 1
In response to Georg Pauwen

‎05-13-2019 05:14 PM

Oh, and using the MAC address isn't viable. The whole reason for using port based addresses is you don't actually know that the same machine is going to be hooked to that port each time. When a client goes down most often it's just reset, but sometimes it's pulled and another is dropped into it's place.

0 Helpful

00uoqnp4oIU3Ypx2g5d6
Level 1
Level 1

‎07-15-2021 02:52 PM

Have you tried removing the "reserved-only" statement to see the outcome?

0 Helpful

paul driver
VIP
VIP

‎07-16-2021 12:35 AM - edited ‎07-16-2021 12:35 AM

Hello

no ip dhcp subscriber-id interface-name

Clear ip dhcp binding

 

test again


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card