Solved: DHCP Server is not passing out DHCP Leases

divyakolus · ‎09-14-2012

I can't seem to figure out why DHCP server is not passing out DHCP lease a client?

Also I can't seem to figure out why NVI0 interface is UP? I have setup another box similarly and NVI0 is down on that and the DHCP server is working fine on that too. Strange!

I am working on CISCO 881 VPN Router...Please have a look at it and let me know. Thanks

Here is the configuration in the box...

sh run
Building configuration...

Current configuration : 6543 bytes
!
! Last configuration change at 17:09:54 CST Fri Sep 14 2012 by XXXXX
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone CSTime -6
clock summer-time CST recurring
!
crypto pki trustpoint TP-self-signed-3079619067
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3079619067
revocation-check none
rsakeypair TP-self-signed-3079619067
!
!
crypto pki certificate chain TP-self-signed-3079619067
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303739 36313930 3637301E 170D3132 30393134 31393231
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30373936
31393036 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100993C D622004B F3AEA1E5 81106C28 36EC52D0 5435ABC3 8912095F 3641168A
B67D97AF AEB43CF3 00A00EB5 702FA355 9F58EBEF F42294DC 0E32CF40 E17D372A
3BC36401 55EDBA5C 910B7A51 89D709A8 7EAB3FF0 E4C99D34 CBE3F316 069C0E16
BC284055 35E3D762 463DABF6 852C4E7A D2EF45A4 21F08689 4DF17870 9E2A6C27
1BFB0203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A506F70 6C617276 696C6C65 2E796F75 72646F6D 61696E2E
636F6D30 1F060355 1D230418 30168014 64EA4CAE 2029E4C2 702584C6 B5732464
5C9DA38A 301D0603 551D0E04 16041464 EA4CAE20 29E4C270 2584C6B5 7324645C
9DA38A30 0D06092A 864886F7 0D010104 05000381 81006C27 96E06B83 04DBDA81
EEB0AF35 84ED370E A8C9694E F9B9326D 69CB1043 9C396D7B 760D252F 4881926D
878E434F 9AFC3E6D A5BF43F2 E619D6EC F45C039A 5FFB478F A99F7EE5 274E37D5
11976FDE 823FD1A9 700203E5 67A329B3 F4CF45F0 245757C8 E2349276 B13414D1
017616FA 38A40BA8 42545AC5 C7676D21 29E4F491 CADB
        quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.100.101
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
ip dhcp pool Internal_Network
   network 192.168.1.0 255.255.255.0
   dns-server 192.168.100.254
   default-router 192.168.1.254
!
!
ip cef
ip domain name yourdomain.com
ip name-server 192.168.100.254
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX1604828T
!
!
username XXXXX privilege 15 secret 5 $1$QEcR$96cmvs/h/.05G6BnorcWG/
username XXXXX secret 5 $1$PQQ1$3.Vin0i/2uZ/KD0xEJ8GC.
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group YYYYYYY
key XXXXX_XXXXX_XXXXX
pool VPN-Pool
acl VPN-Access-List
crypto isakmp profile vpn-isakmp-profile-1
   match identity group YYYYYYY
   client authentication list vpn_xauth_ml_1
   isakmp authorization list vpn_group_ml_1
   client configuration address respond
   virtual-template 2
!
!
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
!
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN_INTERFACE
ip address 192.168.100.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
!
interface Vlan1
description VLAN1_INTERFACE
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool VPN-Pool 192.168.1.151 192.168.1.200
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.100 21 192.168.100.3 21 extendable
ip nat inside source static tcp 192.168.1.100 80 192.168.100.3 80 extendable

ip route 0.0.0.0 0.0.0.0 192.168.100.254
!
ip access-list extended VPN-Access-List
permit ip 192.168.1.0 0.0.0.255 any
permit tcp host A.B.C.D host 192.168.1.100 eq ftp
permit tcp host A1.B1.C1.D1 host 192.168.1.100 eq ftp
permit tcp host A2.B2.C2.D2 host 192.168.1.100 eq ftp
permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.100 eq ftp
permit tcp host A3.B3.C3.D3 host 192.168.1.100 eq ftp
permit tcp any host 192.168.1.100 eq XXX
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run

!
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner motd ^C XXXXX-XXXXX VPN Router ^C
!
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 124A50424A5E5550
transport input telnet ssh
!
scheduler max-task-time 5000
end

Jennifer Halim · ‎09-15-2012

How is the client connected to the router? and what is the client? have you tried different client and does it work?

You also mention that the other router works fine, are they running exactly the same version of software?

Pls kindly run debug on the router and see if it's actually providing the IP Address or not.

debug ip dhcp server e

View solution in original post

divyakolus · ‎09-15-2012

Does anyone has a clue of why DHCP server is not working right?

Thank You

Jennifer Halim · ‎09-15-2012

How is the client connected to the router? and what is the client? have you tried different client and does it work?

You also mention that the other router works fine, are they running exactly the same version of software?

Pls kindly run debug on the router and see if it's actually providing the IP Address or not.

debug ip dhcp server e

divyakolus · ‎09-16-2012

Hi Jennifer,

I have gotten it resolved. Per your suggestion, I have turned on debug ip dhcp events and found that POOL EMPTY message. After little research, I found out that I have made a mistake in my excluded-address range.

I have had it as

ip dhcp excluded-address 192.168.1.1 192.168.100.101

It should have been

ip dhcp excluded-address 192.168.1.1 192.168.1.101.

It was a typo.

Thank you for the suggestion.

Srini