cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
3945
Views
0
Helpful
14
Replies
Highlighted
Beginner

DHCP Server Port-Based Address Allocation on Cisco switch 2960-x

I am trying to configure DHCP Server on a Cisco 2960-X switch to achieve port-based address allocation. I would like the IP address assigned to any device connected to that port to be the same every time.

I have used the following guide to achieve this: Configuring DHCP Features and IP Source Guard

The commands used are explained in detail here: Cisco IOS IP Addressing Services Command Reference

I have also tried various iterations of the following command to find something that works: address ip-address client-id string [ascii]

What I am not sure about is the string after client-id. Does it have to match your interface name? If not how does the DHCP server know which interface to relate the assigned IP address.

Here's my running-config:

otg#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/3, Gi1/0/4
                                                Gi1/0/5, Gi1/0/6, Gi1/0/7
                                                Gi1/0/8, Gi1/0/9, Gi1/0/10
                                                Gi1/0/11, Gi1/0/12, Gi1/0/13
                                                Gi1/0/14, Gi1/0/15, Gi1/0/16
                                                Gi1/0/17, Gi1/0/18, Gi1/0/19
                                                Gi1/0/20, Gi1/0/21, Gi1/0/22
                                                Gi1/0/23, Gi1/0/24, Gi1/0/25
                                                Gi1/0/26, Gi1/0/27, Gi1/0/28
2    VLAN0002                         active    Gi1/0/2
140  VLAN0140                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
140  enet  100140     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

---------------------------------------------------------------------------------------------------------------------

otg#show ip dhcp pool

Pool otgpool :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 0
 Excluded addresses             : 1
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 192.168.100.1        192.168.100.1    - 192.168.100.254   0     / 1     / 254
 1 reserved address is currently in the pool :
 Address          Client
 192.168.100.100  Gi1/0/2

---------------------------------------------------------------------------------------------------------------------

otg#sh run
Building configuration...


Current configuration : 4058 bytes
!
! Last configuration change at 06:04:30 UTC Tue Jan 5 2016
! NVRAM config last updated at 23:29:56 UTC Mon Jan 4 2016
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname otg
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$43Kk$SyzqQc5biarBjD2TD9Hw0/
enable password otgswitch
!
no aaa new-model
clock timezone UTC -5 0
clock summer-time UTC recurring
switch 1 provision ws-c2960x-24ts-l
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
!
ip dhcp pool otgpool
 network 192.168.100.0 255.255.255.0
 default-router 192.168.100.1
 reserved-only
   address 192.168.100.100 client-id "Gi1/0/2" ascii
!
!
!
!
crypto pki trustpoint TP-self-signed-1160303744
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1160303744
 revocation-check none
 rsakeypair TP-self-signed-1160303744
!
!
crypto pki certificate chain TP-self-signed-1160303744
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31313630 33303337 3434301E 170D3136 30313035 30343239
  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31363033
  30333734 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  810081CE C80CB939 C1722AA5 E3167E22 23DE4A5F EBB8168C 0DEF4392 F4624590
  11282956 58E0A473 806BBC5E 65E228F4 8FF553ED B1A07A46 CBBC80BA 22C16838
  11EEFA3B 9CD7290D D79CAEDC 4F259F57 8F30CC84 6125CD18 90917913 ECE9B8BA
  DE9F2BDC 21F62BCC 424D5D19 8FEEE8F5 E5A86568 DAF3EE8A 4CD5BE74 63E14AED
  C9BB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14E50E89 9DFB34B0 F88C367D D1DFE392 1849468B BC301D06
  03551D0E 04160414 E50E899D FB34B0F8 8C367DD1 DFE39218 49468BBC 300D0609
  2A864886 F70D0101 05050003 81810077 5FCAF4BC 7ABCDE2E 69FFB95E 1BBE6CE6
  584B0392 998CD1FB 226E9767 F400304B 36C1692F 54B4CF09 F461AE69 097E47F3
  64D8EB80 4CDB1E87 0FD375A7 DF45B8B0 72B6630E 5D29A00A 1679F321 CBED7B18
  370AC2D0 D8DD2DA5 AF7FECFD 44DE20D0 6D991B2F BFDA7E64 791ACC01 22031B34
  7C1FB7EC C2EAD9DC 45CB4261 00795F
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
 description cart2
 switchport access vlan 2
 switchport mode access
 switchport port-security maximum 2
 switchport port-security
 ip dhcp server use subscriber-id client-id
 storm-control broadcast level 10.00
 storm-control multicast level 10.00
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 ip address 192.168.200.245 255.255.255.0
!
interface Vlan2
 ip address 192.168.100.254 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.100.1
ip http server
ip http secure-server
!
!
!
banner motd ^Cto #
Welco^C
!
line con 0
line vty 0 4
 password otgswitch
 login
line vty 5 15
 login
!
end

I then enabled DHCP debug messages and here is what I receive:

Jan 4 02:55:49.112: DHCPD: Reload workspace interface Vlan1 tableid 0.
Jan 4 02:55:49.112: DHCPD: tableid for 192.168.200.245 on Vlan1 is 0
Jan 4 02:55:49.112: DHCPD: client's VPN is .
Jan 4 02:55:49.112: DHCPD: using subscriber-id as client-id
Jan 4 02:55:49.112: DHCPD: using received relay info.
Jan 4 02:55:49.112: DHCPD: DHCPDISCOVER received from client 0047.6931.2f30.2f on interface Vlan1.
Jan 4 02:55:49.112: DHCPD: using received relay info.

Please advise on what I might be doing wrong. Would appreciate your help.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

My view is you are hitting IOS bug present in some 15.0 releases which I register in my private bug database as ANT1601. Will you please try to upgrade your box. I have experienced the same issue with Cat2960s and succeeded with 15.0(2a)SE9 (bug still present in 15.0(2)EX5).

And to answer your question about the ascii string it can be configured as eg. Gi1/0/2 both with and without quotes - both works OK for me.

Good luck!

Best regards,

Antonin

View solution in original post

14 REPLIES 14
Highlighted
VIP Advisor

I havent tried this out myself, but

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/dhcp-prt-bsd-aa.pdf

suggests to configure the actual interface, the reservation needs to apply to,  with 

Router(config-if)# ip dhcp server use subscriber-id client-id

 (although that command its marked as "optional")

have you tried that? 

in addition did you try the notation "et" for ethernet, instead of "eth" ?

Please remember to rate useful posts, by clicking on the stars below.

Highlighted

Thank you for your reply. I did complete that step and you can see it in my config shown in the question. I have included the complete config for better troubleshooting. I haven't tried the interface short name with eth but from what I read online the interface short name for GigabitEthernet1/0/x needs to be Gi1/0/x or G1/0/x. Not sure which one is right since there is no way to see a subscriber id assigned to an interface. Have a look at the detailed config included in the question and please advise.

Highlighted

Hello,

Add this command to interface vlan 2 as well to see if any change

interface Vlan2

ip address 192.168.100.254 255.255.255.0

ip dhcp server use subscriber-id client-id

Highlighted

Hi, Thanks for your reply. I tried what you suggested but it didn't help. so the problem I am facing is as follows. Here is the results of dhcp binding when plugged into the following ports:

port# interface received SID(hex) expected SID(hex)
2 Gi1/0/2 0047-6931-2f30-2f 0047-6931-2f30-2f32
13 Gi1/0/13 0047-6931-2f30-2f31 0047-6931-2f30-2f31-33
24 Gi1/0/24 0047-6931-2f30-2f32 0047-6931-2f30-2f32-34

So as you can see above the last part of subscriber id is lost in all the cases. thus when connected to port 12 you get Sid of port 1 as the 3 is lost. Now I think this might have something to do with the 00 padding in the beginning but these SID where captured during automatic dhcp thus it was received by the dhcp server and I have no control over what subscriber-id is assigned to a particular interface. The loos of information could be due to size of my interface short name when compared to a mac address. Any thoughts on how to fix this or assign desired subscriber-id to an interface?

Highlighted

Hi,

My view is you are hitting IOS bug present in some 15.0 releases which I register in my private bug database as ANT1601. Will you please try to upgrade your box. I have experienced the same issue with Cat2960s and succeeded with 15.0(2a)SE9 (bug still present in 15.0(2)EX5).

And to answer your question about the ascii string it can be configured as eg. Gi1/0/2 both with and without quotes - both works OK for me.

Good luck!

Best regards,

Antonin

View solution in original post

Highlighted

That explains why I have been having so much trouble. This has been driving me crazy as I did the process multiple times but it just wont work and then I caught the reason why in dhcp bindings. Here the current version I am using:

Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2a)EX5, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Mon 16-Feb-15 08:16 by prod_rel_team

ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(2r)E2, RELEASE SOFTWARE (fc1)

Based on your reply looks like the version I am using has the bug. Do you recommend going to a version higher (if any) or downgrade to a more stable version. Do you know which one that might be? I am using the Cisco 2960-x switch. Thanks for your help!

Highlighted

Hi,

Thanks for the reply.

I have configured this particular feature for Cat2960s boxes only. I know that 12.2 releases worked OK but that is not a viable option for Cat2960x. Also my tested 15.0(2a)SE9 is not available for Cat2960x range. Since your IOS version is the latest available within the 15.0 train release (for Cat2960x) I believe the best choice for you is to go for 15.2 train release. I would try the Cisco suggested 15.2(2)E3 first. I am sorry to say that at the moment I have no Cat2960x box available in my lab to test for you.

Good luck!

Best regards,

Antonin

Highlighted

I upgraded to 15.2(2)E3 and it works just fine. Thank you for your help and advice.

Regards,

Allay

Highlighted

Ran into this same problem myself. Assigned IP's to ports using the above instructions and would get the first available IP address using DHCP, instead of the assigned address for the port.

The 2960-X Switch was running 15.2(2r)E1 upgraded to 15.2(4)E3 and the issue went away. Works perfectly now.

Figured I would update, was hitting a brick wall there for a little bit.

Regards,

Cameron

Highlighted
Frequent Contributor

from the configuring DHCP features link above, did you do step 4 and 5?

see table below

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip dhcp use subscriber-id client-id

Configure the DHCP server to globally use the subscriber identifier as the client identifier on all incoming DHCP messages.

Step 3 

ip dhcp subscriber-id interface-name

Automatically generate a subscriber identifier based on the short name of the interface.

A subscriber identifier configured on a specific interface takes precedence over this command.

Step 4 

interface interface-id

Specify the interface to be configured, and enter interface configuration mode.

Step 5 

ip dhcp server use subscriber-id client-id

Configure the DHCP server to use the subscriber identifier as the client identifier on all incoming DHCP messages on the interface.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show running config

Verify your entries.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

HTH

Richard

Highlighted

Thanks for your reply. Yes I believe I have done those steps but It doesn't seem to work. You think default-gateway has a role to play? Or how about the short name used? Am I doing it right? What would the short name be for interface GigabitEthernet1/0/x. Please have a look at the question again I have included my complete config file with relevant settings displayed. Please advise if you see something not right in it.

Highlighted

<code>otg#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.100.1       0047.6931.2f30.2f       Jan 09 2016 04:53 AM    Automatic
192.168.100.5       0047.6931.2f30.2f32     Infinite                Manual</code>

So I looked at my bindings and here is why its not working the client-id on my reserved ip address does not match. there is a difference of 32. Do you know why that may be?

Highlighted

do you need the  address 192.168.100.100 client-id "Gi1/0/2" ascii  in inverted commas

 try address 192.168.100.100 client-id Gi1/0/2 ascii

Highlighted

The "" are added in the config file. I added the address just like you showed above. Also if you look at the first line in dhcp bindings table and it says the address was assigned automatically thus 0047.6931.2f30.2f was received by the dhcp server as the interface short name. Which is weird because no matter which port I connect it too. It gets the same. Thus that led me to believe that we are loosing information due to size restrictions. 0047.6931.2f30.2f(Hex) <-> Gi1/0/ . Here you can see the port number is missing and which is why its not working. Any thoughts on why this might be the case?

port# interface received SID(hex) expected SID(hex)
2 Gi1/0/2 0047-6931-2f30-2f 0047-6931-2f30-2f32
13 Gi1/0/13 0047-6931-2f30-2f31 0047-6931-2f30-2f31-33
24 Gi1/0/24 0047-6931-2f30-2f32 0047-6931-2f30-2f32-34

Content for Community-Ad