cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

352
Views
0
Helpful
5
Replies
Beginner

DHCP Server Port-Based Address Allocation on a 2960 switch

I'm having some issues with port based dhcp, it seems simple enough, but clients are sometimes getting weird addresses instead of what's been assigned to that port. Here's an example config:

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A-Rack03-Switch01
!
boot-start-marker
boot-end-marker
!
enable password <redacted>
username <redacted> privilege 15 password 0 <redacted>
username <redacted> privilege 15 password 0 <redacted>
!
no aaa new-model
clock timezone PST -8 0
clock summer-time PDT 2 Sunday March 02:00 1 Sunday November 02:00 60
system mtu routing 1500
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
!
ip dhcp pool Rack03Switch01
   network 10.10.3.0 255.255.255.0
   default-router 10.10.3.1
   dns-server 10.10.3.1
   reserved-only
   address 10.10.3.98 client-id "Fa0/1" ascii
   address 10.10.3.97 client-id "Fa0/2" ascii
   address 10.10.3.96 client-id "Fa0/3" ascii
   address 10.10.3.95 client-id "Fa0/4" ascii
   address 10.10.3.94 client-id "Fa0/5" ascii
   address 10.10.3.93 client-id "Fa0/6" ascii
   address 10.10.3.92 client-id "Fa0/7" ascii
   address 10.10.3.91 client-id "Fa0/8" ascii
   address 10.10.3.90 client-id "Fa0/9" ascii
   address 10.10.3.89 client-id "Fa0/10" ascii
   address 10.10.3.88 client-id "Fa0/11" ascii
   address 10.10.3.87 client-id "Fa0/12" ascii
   address 10.10.3.86 client-id "Fa0/13" ascii
   address 10.10.3.85 client-id "Fa0/14" ascii
   address 10.10.3.84 client-id "Fa0/15" ascii
   address 10.10.3.83 client-id "Fa0/16" ascii
   address 10.10.3.82 client-id "Fa0/17" ascii
   address 10.10.3.81 client-id "Fa0/18" ascii
   address 10.10.3.80 client-id "Fa0/19" ascii
   address 10.10.3.79 client-id "Fa0/20" ascii
   address 10.10.3.78 client-id "Fa0/21" ascii
   address 10.10.3.77 client-id "Fa0/22" ascii
   address 10.10.3.76 client-id "Fa0/23" ascii
   address 10.10.3.75 client-id "Fa0/24" ascii
   address 10.10.3.74 client-id "Fa0/25" ascii
   address 10.10.3.73 client-id "Fa0/26" ascii
   address 10.10.3.72 client-id "Fa0/27" ascii
   address 10.10.3.71 client-id "Fa0/28" ascii
   address 10.10.3.70 client-id "Fa0/29" ascii
   address 10.10.3.69 client-id "Fa0/30" ascii
   address 10.10.3.68 client-id "Fa0/31" ascii
   address 10.10.3.67 client-id "Fa0/32" ascii
   address 10.10.3.66 client-id "Fa0/33" ascii
   address 10.10.3.65 client-id "Fa0/34" ascii
   address 10.10.3.64 client-id "Fa0/35" ascii
   address 10.10.3.63 client-id "Fa0/36" ascii
   address 10.10.3.62 client-id "Fa0/37" ascii
   address 10.10.3.61 client-id "Fa0/38" ascii
   address 10.10.3.60 client-id "Fa0/39" ascii
   address 10.10.3.59 client-id "Fa0/40" ascii
   address 10.10.3.58 client-id "Fa0/41" ascii
   address 10.10.3.57 client-id "Fa0/42" ascii
   address 10.10.3.56 client-id "Fa0/43" ascii
   address 10.10.3.55 client-id "Fa0/44" ascii
   address 10.10.3.54 client-id "Fa0/45" ascii
   address 10.10.3.53 client-id "Fa0/46" ascii
   address 10.10.3.52 client-id "Fa0/47" ascii
   address 10.10.3.51 client-id "Fa0/48" ascii
!
crypto pki trustpoint TP-self-signed-3886261120
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3886261120
 revocation-check none
 rsakeypair TP-self-signed-3886261120
!
crypto pki certificate chain TP-self-signed-3886261120
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/2
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/3
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/4
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/5
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/6
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/7
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/8
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/9
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/10
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/11
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/12
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/13
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/14
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/15
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/16
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/17
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/18
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/19
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/20
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/21
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/22
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/23
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/24
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/25
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/26
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/27
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/28
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/29
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/30
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/31
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/32
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/33
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/34
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/35
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/36
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/37
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/38
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/39
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/40
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/41
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/42
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/43
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/44
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/45
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/46
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/47
 ip dhcp server use subscriber-id client-id
!
interface FastEthernet0/48
 ip dhcp server use subscriber-id client-id
!
interface GigabitEthernet0/1
 description A Secondary Uplink
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 10.10.3.4 255.255.255.0
 ip route-cache
!
!
ip default-gateway 10.10.3.1
ip http server
ip http secure-server
!
snmp-server community public RO
!
banner motd #
This device is for authorized personnel only. 
If you have not been provided with permission to 
access this device - disconnect at once.
#
banner login #
*** login local Required. Unauthorized use is prohibited ***
#
!
line con 0
line vty 0 4
 password <redacted>
 login local
line vty 5 15
 password <redacted>
 login local
!
end

That switch right now has 45 devices connected to the 100MB ports and only nine have addresses. :( The other 36 didn't get addresses at all, or got addresses that are outside the scope, so don't show in my scan. Note that it seems that some clients will get an address then drop it after a bit but I'm not sure what they get since they don't show on a scan of the subnet.

5 REPLIES 5
Highlighted

Re: DHCP Server Port-Based Address Allocation on a 2960 switch

Hi @billseymour 

 

As per document, you should use the interface name with quotes. See here

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-2sx/dhcp-12-2sx-book/dhcp-prt-bsd-aa.html

 

Also debug the output for - debug ip dhcp server packet

 

Also share output for -show ip dhcp pool Rack03Switch01

 

 

-

Sebastian

Please mark this helpful.

 

Beginner

Re: DHCP Server Port-Based Address Allocation on a 2960 switch

From that link, which I've read before:

 Step 5
address ip-address client-id string [ascii]
Example:
Router(dhcp-config)# address 10.10.10.2 client-id Et1/0 ascii
Reserves an IP address for a DHCP client identified by the client ID.
    The string argument can be an ASCII value or a hexadecimal value.
    For port-based address allocation the string argument must be the name of the port
and the ascii keyword must be specified.

[My bold, though it's much more likely to be Fa0/1 or Gi0/1] No mention of quoting the string, and their example isn't quoted... I'm willing to give it a try however! :)

I just look at the 15.0 release documentation and it's the same as 12.2 was...

VIP Mentor

Re: DHCP Server Port-Based Address Allocation on a 2960 switch

Hello,

 

on a side note, this might be a bug (see below). What if you specify the MAC address as the client-id ?

 

By the way, I think the "" quotes are added by the system, you cannot add them manually...

 

Port based DHCP using wrong subscriber-id for address allocation
CSCsz91199
Description
None

Symptom:

Port based DHCP using wrong subscriber-id for address allocation. This
causes the client to get the dynamically learned address rather than
the one reserved.

Conditions:

The issue is with using the subscriber-id feature in the DHCP port based
implementation.


Workaround:

No Workaround

Beginner

Re: DHCP Server Port-Based Address Allocation on a 2960 switch

OK, sorry it's taken so long to get back, convention last week and I've been out for that.

The problem switch of the day is a different one, so these reflect that. Here's the output from show ip dhcp pool Rack23Switch01:

Pool Rack23Switch01 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 0
 Excluded addresses             : 61
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 10.10.23.23          10.10.23.1       - 10.10.23.254      0     / 61    / 254
 48 reserved addresses are currently in the pool :
 Address          Client
 10.10.23.98      Fa0/1
 10.10.23.97      Fa0/2
 10.10.23.96      Fa0/3
 10.10.23.95      Fa0/4
 10.10.23.94      Fa0/5
 10.10.23.93      Fa0/6
 10.10.23.92      Fa0/7
 10.10.23.91      Fa0/8
 10.10.23.90      Fa0/9
 10.10.23.89      Fa0/10
 10.10.23.88      Fa0/11
 10.10.23.87      Fa0/12
 10.10.23.86      Fa0/13
 10.10.23.85      Fa0/14
 10.10.23.84      Fa0/15
 10.10.23.83      Fa0/16
 10.10.23.82      Fa0/17
 10.10.23.81      Fa0/18
 10.10.23.80      Fa0/19
 10.10.23.79      Fa0/20
 10.10.23.78      Fa0/21
 10.10.23.77      Fa0/22
 10.10.23.76      Fa0/23
 10.10.23.75      Fa0/24
 10.10.23.74      Fa0/25
 10.10.23.73      Fa0/26
 10.10.23.72      Fa0/27
 10.10.23.71      Fa0/28
 10.10.23.70      Fa0/29
 10.10.23.69      Fa0/30
 10.10.23.68      Fa0/31
 10.10.23.67      Fa0/32
 10.10.23.66      Fa0/33
 10.10.23.65      Fa0/34
 10.10.23.64      Fa0/35
 10.10.23.63      Fa0/36
 10.10.23.62      Fa0/37
 10.10.23.61      Fa0/38
 10.10.23.60      Fa0/39
 10.10.23.59      Fa0/40
 10.10.23.58      Fa0/41
 10.10.23.57      Fa0/42
 10.10.23.56      Fa0/43
 10.10.23.55      Fa0/44
 10.10.23.54      Fa0/45
 10.10.23.53      Fa0/46
 10.10.23.52      Fa0/47
 10.10.23.51      Fa0/48
D-Rack23-Switch01#

And the output from the debug command, debug ip dhcp server packet:

*Mar 10 03:34:34.112: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.112: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.112: DHCPD: client's VPN is .
*Mar 10 03:34:34.112: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.112: DHCPD: using received relay info.
*Mar 10 03:34:34.112: DHCPD: DHCPDISCOVER received from client 4661.302f.3436 on interface Vlan1.
*Mar 10 03:34:34.112: DHCPD: using received relay info.
*Mar 10 03:34:34.112: DHCPD: Sending DHCPOFFER to client 4661.302f.3436 (10.10.23.53).
*Mar 10 03:34:34.112: DHCPD: creating ARP entry (10.10.23.53, 54e7.9334.9d45).
*Mar 10 03:34:34.112: DHCPD: unicasting BOOTREPLY to client 54e7.9334.9d45 (10.10.23.53).
*Mar 10 03:34:34.187: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.187: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.187: DHCPD: client's VPN is .
*Mar 10 03:34:34.187: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.187: DHCPD: using received relay info.
*Mar 10 03:34:34.187: DHCPD: DHCPDISCOVER received from client 4661.302f.3438 on interface Vlan1.
*Mar 10 03:34:34.187: DHCPD: using received relay info.
*Mar 10 03:34:34.187: DHCPD: Sending DHCPOFFER to client 4661.302f.3438 (10.10.23.51).
*Mar 10 03:34:34.187: DHCPD: creating ARP entry (10.10.23.51, a21f.2ced.ba5f).
*Mar 10 03:34:34.187: DHCPD: unicasting BOOTREPLY to client a21f.2ced.ba5f (10.10.23.51).
*Mar 10 03:34:34.229: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.229: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.229: DHCPD: client's VPN is .
*Mar 10 03:34:34.229: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.229: DHCPD: DHCPREQUEST received from client 4661.302f.3436.
*Mar 10 03:34:34.229: DHCPD: Sending DHCPACK to client 4661.302f.3436 (10.10.23.53).
*Mar 10 03:34:34.229: DHCPD: creating ARP entry (10.10.23.53, 54e7.9334.9d45).
*Mar 10 03:34:34.229: DHCPD: unicasting BOOTREPLY to client 54e7.9334.9d45 (10.10.23.53).
*Mar 10 03:34:34.305: DHCPD: Reload workspace interface Vlan1 tableid 0.
*Mar 10 03:34:34.305: DHCPD: tableid for 10.10.23.4 on Vlan1 is 0
*Mar 10 03:34:34.305: DHCPD: client's VPN is .
*Mar 10 03:34:34.313: DHCPD: using subscriber-id as client-id
*Mar 10 03:34:34.313: DHCPD: DHCPREQUEST received from client 4661.302f.3438.
*Mar 10 03:34:34.313: DHCPD: Finding a relay for client 4661.302f.3438 on interface Vlan1.

I'm investigating which clients have those MAC addresses...

Beginner

Re: DHCP Server Port-Based Address Allocation on a 2960 switch

Oh, and using the MAC address isn't viable. The whole reason for using port based addresses is you don't actually know that the same machine is going to be hooked to that port each time. When a client goes down most often it's just reset, but sometimes it's pulled and another is dropped into it's place.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards