05-04-2019 11:51 AM
I'm having some issues with port based dhcp, it seems simple enough, but clients are sometimes getting weird addresses instead of what's been assigned to that port. Here's an example config:
version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname A-Rack03-Switch01 ! boot-start-marker boot-end-marker ! enable password <redacted> username <redacted> privilege 15 password 0 <redacted> username <redacted> privilege 15 password 0 <redacted> ! no aaa new-model clock timezone PST -8 0 clock summer-time PDT 2 Sunday March 02:00 1 Sunday November 02:00 60 system mtu routing 1500 ip dhcp use subscriber-id client-id ip dhcp subscriber-id interface-name ! ip dhcp pool Rack03Switch01 network 10.10.3.0 255.255.255.0 default-router 10.10.3.1 dns-server 10.10.3.1 reserved-only address 10.10.3.98 client-id "Fa0/1" ascii address 10.10.3.97 client-id "Fa0/2" ascii address 10.10.3.96 client-id "Fa0/3" ascii address 10.10.3.95 client-id "Fa0/4" ascii address 10.10.3.94 client-id "Fa0/5" ascii address 10.10.3.93 client-id "Fa0/6" ascii address 10.10.3.92 client-id "Fa0/7" ascii address 10.10.3.91 client-id "Fa0/8" ascii address 10.10.3.90 client-id "Fa0/9" ascii address 10.10.3.89 client-id "Fa0/10" ascii address 10.10.3.88 client-id "Fa0/11" ascii address 10.10.3.87 client-id "Fa0/12" ascii address 10.10.3.86 client-id "Fa0/13" ascii address 10.10.3.85 client-id "Fa0/14" ascii address 10.10.3.84 client-id "Fa0/15" ascii address 10.10.3.83 client-id "Fa0/16" ascii address 10.10.3.82 client-id "Fa0/17" ascii address 10.10.3.81 client-id "Fa0/18" ascii address 10.10.3.80 client-id "Fa0/19" ascii address 10.10.3.79 client-id "Fa0/20" ascii address 10.10.3.78 client-id "Fa0/21" ascii address 10.10.3.77 client-id "Fa0/22" ascii address 10.10.3.76 client-id "Fa0/23" ascii address 10.10.3.75 client-id "Fa0/24" ascii address 10.10.3.74 client-id "Fa0/25" ascii address 10.10.3.73 client-id "Fa0/26" ascii address 10.10.3.72 client-id "Fa0/27" ascii address 10.10.3.71 client-id "Fa0/28" ascii address 10.10.3.70 client-id "Fa0/29" ascii address 10.10.3.69 client-id "Fa0/30" ascii address 10.10.3.68 client-id "Fa0/31" ascii address 10.10.3.67 client-id "Fa0/32" ascii address 10.10.3.66 client-id "Fa0/33" ascii address 10.10.3.65 client-id "Fa0/34" ascii address 10.10.3.64 client-id "Fa0/35" ascii address 10.10.3.63 client-id "Fa0/36" ascii address 10.10.3.62 client-id "Fa0/37" ascii address 10.10.3.61 client-id "Fa0/38" ascii address 10.10.3.60 client-id "Fa0/39" ascii address 10.10.3.59 client-id "Fa0/40" ascii address 10.10.3.58 client-id "Fa0/41" ascii address 10.10.3.57 client-id "Fa0/42" ascii address 10.10.3.56 client-id "Fa0/43" ascii address 10.10.3.55 client-id "Fa0/44" ascii address 10.10.3.54 client-id "Fa0/45" ascii address 10.10.3.53 client-id "Fa0/46" ascii address 10.10.3.52 client-id "Fa0/47" ascii address 10.10.3.51 client-id "Fa0/48" ascii ! crypto pki trustpoint TP-self-signed-3886261120 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3886261120 revocation-check none rsakeypair TP-self-signed-3886261120 ! crypto pki certificate chain TP-self-signed-3886261120 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/2 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/3 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/4 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/5 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/6 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/7 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/8 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/9 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/10 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/11 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/12 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/13 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/14 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/15 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/16 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/17 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/18 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/19 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/20 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/21 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/22 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/23 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/24 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/25 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/26 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/27 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/28 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/29 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/30 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/31 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/32 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/33 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/34 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/35 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/36 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/37 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/38 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/39 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/40 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/41 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/42 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/43 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/44 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/45 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/46 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/47 ip dhcp server use subscriber-id client-id ! interface FastEthernet0/48 ip dhcp server use subscriber-id client-id ! interface GigabitEthernet0/1 description A Secondary Uplink ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.10.3.4 255.255.255.0 ip route-cache ! ! ip default-gateway 10.10.3.1 ip http server ip http secure-server ! snmp-server community public RO ! banner motd # This device is for authorized personnel only. If you have not been provided with permission to access this device - disconnect at once. # banner login # *** login local Required. Unauthorized use is prohibited *** # ! line con 0 line vty 0 4 password <redacted> login local line vty 5 15 password <redacted> login local ! end
That switch right now has 45 devices connected to the 100MB ports and only nine have addresses. :( The other 36 didn't get addresses at all, or got addresses that are outside the scope, so don't show in my scan. Note that it seems that some clients will get an address then drop it after a bit but I'm not sure what they get since they don't show on a scan of the subnet.
05-04-2019 07:06 PM
Hi @billseymour
As per document, you should use the interface name with quotes. See here
Also debug the output for - debug ip dhcp server packet
Also share output for -show ip dhcp pool Rack03Switch01
-
Sebastian
Please mark this helpful.
05-04-2019 08:09 PM - edited 05-04-2019 08:25 PM
From that link, which I've read before:
Step 5 address ip-address client-id string [ascii] Example: Router(dhcp-config)# address 10.10.10.2 client-id Et1/0 ascii Reserves an IP address for a DHCP client identified by the client ID. The string argument can be an ASCII value or a hexadecimal value. For port-based address allocation the string argument must be the name of the port
and the ascii keyword must be specified.
[My bold, though it's much more likely to be Fa0/1 or Gi0/1] No mention of quoting the string, and their example isn't quoted... I'm willing to give it a try however! :)
I just look at the 15.0 release documentation and it's the same as 12.2 was...
05-05-2019 02:01 AM
Hello,
on a side note, this might be a bug (see below). What if you specify the MAC address as the client-id ?
By the way, I think the "" quotes are added by the system, you cannot add them manually...
Port based DHCP using wrong subscriber-id for address allocation
CSCsz91199
Description
None
Symptom:
Port based DHCP using wrong subscriber-id for address allocation. This
causes the client to get the dynamically learned address rather than
the one reserved.
Conditions:
The issue is with using the subscriber-id feature in the DHCP port based
implementation.
Workaround:
No Workaround
05-13-2019 05:09 PM
OK, sorry it's taken so long to get back, convention last week and I've been out for that.
The problem switch of the day is a different one, so these reflect that. Here's the output from show ip dhcp pool Rack23Switch01:
Pool Rack23Switch01 : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 0 Excluded addresses : 61 Pending event : none 1 subnet is currently in the pool : Current index IP address range Leased/Excluded/Total 10.10.23.23 10.10.23.1 - 10.10.23.254 0 / 61 / 254 48 reserved addresses are currently in the pool : Address Client 10.10.23.98 Fa0/1 10.10.23.97 Fa0/2 10.10.23.96 Fa0/3 10.10.23.95 Fa0/4 10.10.23.94 Fa0/5 10.10.23.93 Fa0/6 10.10.23.92 Fa0/7 10.10.23.91 Fa0/8 10.10.23.90 Fa0/9 10.10.23.89 Fa0/10 10.10.23.88 Fa0/11 10.10.23.87 Fa0/12 10.10.23.86 Fa0/13 10.10.23.85 Fa0/14 10.10.23.84 Fa0/15 10.10.23.83 Fa0/16 10.10.23.82 Fa0/17 10.10.23.81 Fa0/18 10.10.23.80 Fa0/19 10.10.23.79 Fa0/20 10.10.23.78 Fa0/21 10.10.23.77 Fa0/22 10.10.23.76 Fa0/23 10.10.23.75 Fa0/24 10.10.23.74 Fa0/25 10.10.23.73 Fa0/26 10.10.23.72 Fa0/27 10.10.23.71 Fa0/28 10.10.23.70 Fa0/29 10.10.23.69 Fa0/30 10.10.23.68 Fa0/31 10.10.23.67 Fa0/32 10.10.23.66 Fa0/33 10.10.23.65 Fa0/34 10.10.23.64 Fa0/35 10.10.23.63 Fa0/36 10.10.23.62 Fa0/37 10.10.23.61 Fa0/38 10.10.23.60 Fa0/39 10.10.23.59 Fa0/40 10.10.23.58 Fa0/41 10.10.23.57 Fa0/42 10.10.23.56 Fa0/43 10.10.23.55 Fa0/44 10.10.23.54 Fa0/45 10.10.23.53 Fa0/46 10.10.23.52 Fa0/47 10.10.23.51 Fa0/48 D-Rack23-Switch01#
And the output from the debug command, debug ip dhcp server packet:
*Mar 10 03:34:34.112: DHCPD: Reload workspace interface Vlan1 tableid 0. *Mar 10 03:34:34.112: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0 *Mar 10 03:34:34.112: DHCPD: client's VPN is . *Mar 10 03:34:34.112: DHCPD: using subscriber-id as client-id *Mar 10 03:34:34.112: DHCPD: using received relay info. *Mar 10 03:34:34.112: DHCPD: DHCPDISCOVER received from client 4661.302f.3436 on interface Vlan1. *Mar 10 03:34:34.112: DHCPD: using received relay info. *Mar 10 03:34:34.112: DHCPD: Sending DHCPOFFER to client 4661.302f.3436 (10.10.23.53). *Mar 10 03:34:34.112: DHCPD: creating ARP entry (10.10.23.53, 54e7.9334.9d45). *Mar 10 03:34:34.112: DHCPD: unicasting BOOTREPLY to client 54e7.9334.9d45 (10.10.23.53). *Mar 10 03:34:34.187: DHCPD: Reload workspace interface Vlan1 tableid 0. *Mar 10 03:34:34.187: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0 *Mar 10 03:34:34.187: DHCPD: client's VPN is . *Mar 10 03:34:34.187: DHCPD: using subscriber-id as client-id *Mar 10 03:34:34.187: DHCPD: using received relay info. *Mar 10 03:34:34.187: DHCPD: DHCPDISCOVER received from client 4661.302f.3438 on interface Vlan1. *Mar 10 03:34:34.187: DHCPD: using received relay info. *Mar 10 03:34:34.187: DHCPD: Sending DHCPOFFER to client 4661.302f.3438 (10.10.23.51). *Mar 10 03:34:34.187: DHCPD: creating ARP entry (10.10.23.51, a21f.2ced.ba5f). *Mar 10 03:34:34.187: DHCPD: unicasting BOOTREPLY to client a21f.2ced.ba5f (10.10.23.51). *Mar 10 03:34:34.229: DHCPD: Reload workspace interface Vlan1 tableid 0. *Mar 10 03:34:34.229: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0 *Mar 10 03:34:34.229: DHCPD: client's VPN is . *Mar 10 03:34:34.229: DHCPD: using subscriber-id as client-id *Mar 10 03:34:34.229: DHCPD: DHCPREQUEST received from client 4661.302f.3436. *Mar 10 03:34:34.229: DHCPD: Sending DHCPACK to client 4661.302f.3436 (10.10.23.53). *Mar 10 03:34:34.229: DHCPD: creating ARP entry (10.10.23.53, 54e7.9334.9d45). *Mar 10 03:34:34.229: DHCPD: unicasting BOOTREPLY to client 54e7.9334.9d45 (10.10.23.53). *Mar 10 03:34:34.305: DHCPD: Reload workspace interface Vlan1 tableid 0. *Mar 10 03:34:34.305: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0 *Mar 10 03:34:34.305: DHCPD: client's VPN is . *Mar 10 03:34:34.313: DHCPD: using subscriber-id as client-id *Mar 10 03:34:34.313: DHCPD: DHCPREQUEST received from client 4661.302f.3438. *Mar 10 03:34:34.313: DHCPD: Finding a relay for client 4661.302f.3438 on interface Vlan1.
I'm investigating which clients have those MAC addresses...
05-13-2019 05:14 PM
Oh, and using the MAC address isn't viable. The whole reason for using port based addresses is you don't actually know that the same machine is going to be hooked to that port each time. When a client goes down most often it's just reset, but sometimes it's pulled and another is dropped into it's place.
07-15-2021 02:52 PM
Have you tried removing the "reserved-only" statement to see the outcome?
07-16-2021 12:35 AM - edited 07-16-2021 12:35 AM
Hello
no ip dhcp subscriber-id interface-name
Clear ip dhcp binding
test again
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: