IOS Bug? OSX DHCP clients are unable to obtain an IP address.

benlemasurier · ‎03-29-2011

Hey everyone,

I have a network which looks something like this:

Router A

ge0/0 - 192.168.0.10/22 (external)

ge0/1 - 192.168.10.0/24 (internal) (DHCP SERVER)

ge0/0/0 - 192.168.11.0/24 (wireless) (DHCP SERVER)

Router B

ge0/0 - 192.168.0.20/22 (external)

ge0/1 - 192.168.20.0/24 (internal) (DHCP SERVER)

ge0/0/0 - 192.168.21.0/24 (wireless)

Router C

ge0/0 - 192.168.0.30/22 (external)

ge0/1 - 192.168.30.0/24 (internal) (DHCP SERVER)

ge0/0/0 - 192.168.31.0/24 (wireless)

Each respective wireless interface is directly connected to a cisco ap541n wireless access point. They access points are connected to each other in a WDS bridge.

My problem is that when a user connects to the wireless network, Router A reports:

*Mar 29 17:28:53.003: %DHCPD-4-DECLINE_CONFLICT: DHCP address conflict: client 0118.e7f4.f6da.86 declined 192.168.11.6.

Each time the client attempts to renew the lease, the server just cycles to the next available IP:

*Mar 29 17:28:53.003: %DHCPD-4-DECLINE_CONFLICT: DHCP address conflict: client 0118.e7f4.f6da.86 declined 192.168.11.7.

a-gw# sh ip dhcp conflict

IP address Detection method Detection time VRF

192.168.11.3 Gratuitous ARP Mar 29 2011 10:28 AM

192.168.11.4 Gratuitous ARP Mar 29 2011 10:28 AM

192.168.11.5 Gratuitous ARP Mar 29 2011 10:28 AM

192.168.11.6 Gratuitous ARP Mar 29 2011 10:28 AM

192.168.11.7 Gratuitous ARP Mar 29 2011 10:29 AM

192.168.11.8 Gratuitous ARP Mar 29 2011 10:29 AM

192.168.11.9 Gratuitous ARP Mar 29 2011 10:29 AM

This continues until the entire address pool is filled up. What am I doing wrong here? The only DHCP server available on the wireless network is the one enabled on Router A.

Thanks!

benlemasurier · ‎03-29-2011

Update: this only happens when Apple/OSX clients connect to the network. Is this a bug in the IOS?

scrye · ‎04-08-2011

HI Ben;

I don't have an answer but I might be able to share your pain, and you might be able to point me in the correct direction.

For years we have had a single ISC DHCP server for our large 100-site network. Recently the ISC server freaked out so bad that I, in desperation, have been enabling Cisco IOS DHCP server on all our 6500s. We think the problem is the result of thousands of recently added iPads and iPods on the network. They are known to not play nice. They seem to be bombarding the ISC server with DISCOVERS and REQUESTS, and ignoring OFFERS and ACKs.

I just threw the config together today without any ip dhcp database server, so I have no ip dhcp conflict logging. I would like to have that, but am unsure how to proceed. I want to avoid introducing external ( to the 6500s) points of failure. I would like the 6500s to maintain the binding database. Is there a way to get logging going but still have the 6500 maintain the binding DB? If so, can I just use any available TFTP server to hold the logs? The Cisco docs are not super-helpful.

I know this does not help you with your question, but perhaps as we chew over this together, my experiences might shed light on your problem.

Here is the config we just put in place, from a typical site:

no ip dhcp conflict logging
ip dhcp excluded-address 10.10.4.1 10.10.4.255
ip dhcp excluded-address 10.10.7.255
ip dhcp excluded-address 10.10.12.1 10.10.12.255
ip dhcp excluded-address 10.10.15.255
ip dhcp excluded-address 10.10.192.1 10.10.192.255
ip dhcp excluded-address 10.10.195.255
!
ip dhcp pool vlan4
   network 10.10.4.0 255.255.252.0
   default-router 10.10.4.1
   domain-name me.org
   dns-server 10.254.8.7 10.254.8.4
   lease 1 1
!
ip dhcp pool vlan12
   network 10.10.12.0 255.255.252.0
   default-router 10.10.12.1
   domain-name me.org
   dns-server 10.254.8.7 10.254.8.4
   lease 1 1
!
ip dhcp pool vlan192
   network 10.10.192.0 255.255.252.0
   default-router 10.10.192.1
   domain-name me.org
   dns-server 10.254.8.7 10.254.8.4
   lease 1 1
!

thanks!

Steve

scrye · ‎04-09-2011

Ben, I found this blog post that is simultaneously interesting and disturbing. If I am reading it correctly, the mere act of logging conflicts can cause your pools to fill up.

http://blog.ioshints.info/2007/08/dhcp-conflict-logging-true-story.html

Sorry if this is a red-herring. I'm pretty confused about Cisco dhcp, having only recently used it for anything other than Cisco IP phones.

Steve

Robert Placencia · ‎07-29-2014

I just ran into and resolved a very similar issue. Here's what I did:

1. Put a computer with wireshark at a client port.

2. performed a clear ip dhcp conflict on the switch/router

3. From the client end do a release / renew repeatedly.

What I found was that every time my client tried to get an ip address it would go through the DORA routine of discover, offer, request, and just before the device would finally take the IP address it would send out a ARP broadcast of who has x.x.x.x ip tell 0.0.0.0. Immediately following this a VM ubuntu server would reply directly stating that it owned the IP. The client would then send a gratuituos arp (Decline) to the server. It would go through the entire pool telling every client it owned the IP until the pool ran out. Once we found the mac address of the server doing this we shut it down and all was well.

Robert Placencia · ‎07-29-2014

Also note that I only saw the VM server responding to the clients when I did captures directly from the client. I did not see these responses when doing captures from the Switch with a span port monitoring the VLAN.