09-04-2012 02:30 AM - edited 03-07-2019 08:40 AM
Hello,
I have set up a dhcp server in a router for the wireless clients that exist in VLAN 10. I noticed that as soon as I set up the DHCP some strange "MACs" have been given IP (through the command sh ip dhcp bindings). After only a few minutes the pool was exhausted and no normal users can grant an IP address. The output from binding table is shown below:
10.4.216.52 01d8.b377.7b47.31 Sep 05 2012 11:19 AM Automatic
10.4.216.53 013c.d0f8.5d8b.41 Sep 05 2012 11:18 AM Automatic
10.4.216.54 010c.771a.2726.14 Sep 05 2012 11:15 AM Automatic
10.4.216.55 0140.a6d9.42ab.47 Sep 05 2012 11:15 AM Automatic
10.4.216.56 01e0.c97a.6934.51 Sep 05 2012 11:24 AM Automatic
10.4.216.57 0160.334b.d0d9.66 Sep 05 2012 11:17 AM Automatic
10.4.216.58 0100.c610.2f2c.0f Sep 05 2012 11:18 AM Automatic
10.4.216.59 8400.d23c.9228 Sep 05 2012 11:18 AM Automatic
Only user with MAC 8400.d23c.9228 is a normal user. Does anyone have an idea what is the other "MACs" (there are not actually MAC because they have many bytes) and how I can stop them from exhausting the pool?
Best Regards.
Solved! Go to Solution.
09-04-2012 07:11 AM
Hi,
these are not MAC addresses but client-identifiers made up of 01 prefix for media type=ethernet and then the mac address
of the host. Some devices like Windows hosts use the client-identifier when requesting DHCP service while others use the MAC address. a search for OUI( first 24 bits of MAC address) will tell you the vendor id
eg:
0100.c610.2f2c.0f I've bolded the MAC address and the OUI 00-c6-10 is from Apple like all others except
01d8.b377.7b47.31 which is HTC. So all these devices are surely Smartphones/Tablets( even the one using MAC address is sony ericsson mobile.
You said they were not pingable but they may have left the facility, they may have been shut down or they may have no more IP due to very short lease time if not default in DHCP pool( 24 hrs).
Regards.
Alain
Don't forget to rate helpful posts.
09-04-2012 02:44 AM
HI Emmanouil,
Just go to
Router# terminal monitor
Router# debug ip dhcp server events
if it shows like this:
*Feb 29 11:29:06.168: DHCPD: due to: POOL EXHAUSTED
then
So first off all lets go into EXEC mode:
Router # configure terminal
OK now you need to set the new lease time. Lets go into the existing pool:
R1(config)#ip dhcp pool
Right so you need to set the lease time to 4 or wtever u want hours. The configuration statement wyou need is 'lease' and the two timeout numbers are firstly in 'DAYS and then 'HOURS'. So wyou need '0days 4hours'
Router(dhcp-config)#lease 0 4
So then check the new lease period is working or not!
1st Router#clear ip dhcp bind *
and Now lets check teh DEBUG, are you getting leases now?
it should something like this: DHCPD: Sending notification of ASSIGNMENT:
then u can see the binding table:
Router# show ip dhcp bind
Hope it helps.
Regards
Please rate if it works.
09-04-2012 02:54 AM
Thanks for your help. I will make the changes you suggested. But do you have any idea what are these strange addresses that exhaust the pool?
In addition to my previous post, the IPs that are assigned to these strange hardware addresses are NOT ping-able.
09-04-2012 02:59 AM
Hi Emmi,
As per my knowledge.
Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database.
Regards
Just Info*****Automatic binding information (such as lease expiration date and time, interface index, and VPN routing and forwarding [VRF] name) is stored on a database agent. The bindings are saved as text records for easy maintenance.
09-04-2012 03:46 AM
Is there any way with EEM to track the exhaustion event and run the command clear ip dhcp binding?
09-04-2012 07:11 AM
Hi,
these are not MAC addresses but client-identifiers made up of 01 prefix for media type=ethernet and then the mac address
of the host. Some devices like Windows hosts use the client-identifier when requesting DHCP service while others use the MAC address. a search for OUI( first 24 bits of MAC address) will tell you the vendor id
eg:
0100.c610.2f2c.0f I've bolded the MAC address and the OUI 00-c6-10 is from Apple like all others except
01d8.b377.7b47.31 which is HTC. So all these devices are surely Smartphones/Tablets( even the one using MAC address is sony ericsson mobile.
You said they were not pingable but they may have left the facility, they may have been shut down or they may have no more IP due to very short lease time if not default in DHCP pool( 24 hrs).
Regards.
Alain
Don't forget to rate helpful posts.
09-04-2012 07:35 AM
Hello Alain,
these are not MAC addresses but client-identifiers made up of 01 prefix for media type=ethernet and then the mac address
Oh, this is interesting! I knew that the numbers displayed in the show ip dhcp binding are not MAC addresses but I did not know that the "01" prefix stands for Ethernet. Is there any document that describes this in more detail?
Thank you for sharing this info!
Best regards,
Peter
09-04-2012 10:28 AM
Hi Peter,
http://tools.ietf.org/html/rfc2132
Best Regards.
Alain
Don't forget to rate helpful posts.
09-04-2012 11:13 AM
Hi Alain,
Awesome! Thank you! And I thought I am the RFC guy here... Well, one never stops to learn
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide