Solved: Re: User not getting IP via DHCP from Core Switch

King_1988 · ‎05-20-2024

Hi,

we are using cisco catalyst 9300 stack as core switch. DHCP is configured in core switch. But from yesterday many users (LAN and Wifi) are facing issue as they are getting disconnected from network due to not getting any ip via DHCP from core switch. When static ip is given there is no issue. After clearing the dhcp lease and clearing MAC address dynamic table from switch the DHCP issue solved. But after 2 hours the same issue happened. Then again did the same thing and issue solved. We have understood that it's a DHCP issue. But why it is happening and how to solve this?

Elliot Dierksen · ‎05-20-2024

@MHM Cisco World makes a good point about guest access. The default DHCP lease time is way too long, IMHO. You lose very little by shaving your lease times down to 30 minutes, or perhaps even less. All that costs you is two packets at 50% of lease time. Client sends a DHCPREQ at that time, and the server responds with a DHCPACK. That way you recover stale leases in a reasonable time frame.

View solution in original post

Elliot Dierksen · ‎05-20-2024

DHCP snooping would impact all switches, so you would need to be careful there. If you continue to have issues then that may be worth doing. Lease time is a personal preference. Microsoft has seemed to advocate for (IMHO) ridiculously high lease time times to avoid network traffic. The amount of traffic is really small and the high lease times contribute to DHCP address starvation which I think is what you are experiencing. Here is a link that talks about doing that within the dhcp pool definition.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-l1.html#wp3986925401

Edit: My preference is for 30 minute leases.

View solution in original post

MHM Cisco World · ‎05-20-2024

this is no kind of attack what is happened the guest get IP and exhausted the dhcp pool, you can reduce the lease time to be 30 min or enlarge the dhcp pool.

no need DHCP snooping

MHM

View solution in original post

Elliot Dierksen · ‎05-20-2024

That sounds like something is consuming all the available DHCP addresses. What do you see in the output of the "sh ip dhcp bind" command? You can start there to try to find the offending device.

Richard Pidcock · ‎05-20-2024

Can you share your DHCP configurations from you core switch? Agree also with @Elliot Dierksen , what does your DHCP binding table look like?

Richard W. Pidcock

MHM Cisco World · ‎05-20-2024

LAN and Wifi

If the wifi is guest then there is high chance that the dhcp pool is exhausted

Do

show ip dhcp pool

Check available IP for host when issue happened again

If that case you need secondary IP and secondary dhcp pool to overriding the dhcp exhausted.

MHM

Elliot Dierksen · ‎05-20-2024

@MHM Cisco World makes a good point about guest access. The default DHCP lease time is way too long, IMHO. You lose very little by shaving your lease times down to 30 minutes, or perhaps even less. All that costs you is two packets at 50% of lease time. Client sends a DHCPREQ at that time, and the server responds with a DHCPACK. That way you recover stale leases in a reasonable time frame.

King_1988 · ‎05-20-2024

Thanks to all of you for giving such quick responses. I will check tomorrow all the work around you mentioned. 2 things i am guessing :

1. Is there any issue of dhcp snooping? Should i configure globally dhcp snooping trust for allocated VLANs (DHCP is configured SVI wise)

2. Can you please tell me the best practice configuration for DHCP lease time in cisco switch?

Elliot Dierksen · ‎05-20-2024

DHCP snooping would impact all switches, so you would need to be careful there. If you continue to have issues then that may be worth doing. Lease time is a personal preference. Microsoft has seemed to advocate for (IMHO) ridiculously high lease time times to avoid network traffic. The amount of traffic is really small and the high lease times contribute to DHCP address starvation which I think is what you are experiencing. Here is a link that talks about doing that within the dhcp pool definition.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-l1.html#wp3986925401

Edit: My preference is for 30 minute leases.

MHM Cisco World · ‎05-20-2024

this is no kind of attack what is happened the guest get IP and exhausted the dhcp pool, you can reduce the lease time to be 30 min or enlarge the dhcp pool.

no need DHCP snooping

MHM

King_1988 · ‎05-20-2024

Can you please share the command of reducing lease time? It needs to be set on dhcp pool or globally ?

MHM Cisco World · ‎05-20-2024

Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip dhcp pool 172.25.2.0/24 
Router1(dhcp-config)#lease 0 0 30 
Router1(dhcp-config)#exit 
Router1(config)#end

Lease time <days> <hours><min>

MHM

Reza Sharifi · ‎05-20-2024

1. Is there any issue of dhcp snooping? Should i configure globally dhcp snooping trust for allocated VLANs (DHCP is configured SVI wise)

For testing purposes, while you are troubleshooting the DHCP address issue, you may want to remove DHCP snooping until the issue is resolved.

2. Can you please tell me the best practice configuration for DHCP lease time in cisco switch?

It depends, if you have a lot of people walking in and staying for a short time, there is no need to give them an 8-hour lease. A 2- or 3-hour lease may be sufficient. On the other hand, if you have users who use wireless all day, an 8-hour lease is probably a good idea.

Also, not clear in you original post but you ususally want to use 2 subnets/vlan, one for the wired connections and one for wireless.

HTH

King_1988 · ‎05-20-2024

Can you please explain 'ip dhcp binding cleanup interval 600' ?