Understanding and Troubleshooting DHCP in Catalyst Switch or
Contents
1. Page 25 of 45 Client identifier 00636973636F2D303065302E316566322E633434312D457430 Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 4 192 168 1 1 255 255 255 255 347 0 02 05 787 0 012 875 05 31 2001 06 53 Message type DHCP Ack hee a DLC Header iC LC Destination BROADCAST FFFFFFFFFFFF Broadcast LC Source Station 003094248F71 iC Ethertype 0800 IP Pi aeni TP Header ne Band BAE E E e A A A a b Q De P Version 4 header length 20 bytes P Type of service 00 P 000 routine Ps O normal delay Pa 0 normal throughput http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 LC Frame 127 arrived at 06 53 04 2321 frame size is 347 015B hex bytes 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 26 of 45 0 normal reliability 0 ECT bit transport protocol will ignore the CE bit wee 0 CE bit no congestion Total length 333 bytes Identification 47 Flags 0X O may fragment 0 last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum F8C7 correct Source address 192 168 1 1 Destination address 255 255 255 255 No options T HOW OW OW OWA OWA OWA OW A WO OWE Oa a za HSARA UDP Header Source port 67 BootPs2. DHCP client verifying IP address not in use by sending ARP request fo http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 42 of 45 Verify Router is Receiving and Forwarding DHCP Request Using debug ip dhep server packet Command If the router IOS is 12 0 x T or 12 1 and supports the IOS DHCP server functionality additional debugging can be done using the debug ip dhep server packet command This debug was intended for use with the IOS DHCP server feature but can be used for troubleshooting the DHCP BootP Relay Agent feature as well As with the previous troubleshooting steps router debugs do not provide an exact determination of the problem since the actual packet cannot be viewed However debugs do allow inferences to be made regarding DHCP processing In exec mode enter the following debug command debug ip dhep server packet Router debug ip dhcp server packet 00 20 54 DHCPD setting giaddr to 192 168 1 1 Router received DHCPDISCOVER REQUEST INRORM and setting Gateway IP ad 00 20 54 DHCPD BOOTREQUEST from 0063 6973 636f 2d30 3065 302e 3165 6632 2e BOOTREQUEST includes DHCPDISCOVER DHCPREQUEST and DHCPINFORM gt 0063 0973 6262 2030 3065 3026 3169 6632 2663 indicates client identir 00 20 54 DHCPD forwarding BOOTREPLY to client 00e0 lef2 c441 BOOTREPLY
3. ned IP address 0 0 0 0 192 168 1 2 e in bootstrap 0 0 0 0 192 168 1 1 ddress 0005DCF2C441 n tag 63825363 DHCP Ack 192 168 2 2 s lease time 172800 seconds nterval 86400 seconds interval 151200 seconds 299a 2 9O25 50 r address 192 168 10 1 r address 192 168 10 2 192 168 10 1 192 168 10 3 sco com Page 32 of 45 Troubleshooting DHCP when Client Workstations are Unable to Obtain DHCP Addresses Case Study 1 DHCP Server on Same LAN Segment or VLAN as DHCP Client When the DHCP server and client reside on the same LAN segment or VLAN and the client is unable to obtain an IP address from a DHCP server it is unlikely that the local router is causing a DHCP problem The problem is most likely related to the devices that connect the DHCP server and DHCP client However the problem may be with the DHCP server or client itself Following the troubleshooting modules below should determine what device is causing the issue Note To configure the DHCP server on a per vlan basis define different DHCP pools for every VLAN serving DHCP addresses to your clients Case Study 2 DHCP Server and DHCP Client are Separated by a Router http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 33 of 45 Configured for DHCP BootP Relay Agent Functionality When the DHCP server a
4. 0800 IP SSS IP Header Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the CE bit lt 0 CE bit no congestion Total length 317 bytes Identification 6 Flags 0X O may fragment e0 last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum F900 correct http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 20 of 45 Source address Destination address No options HHH H UDP Header Source port Length 291 No checksum 289 byte s of data i CT GG R OP OS FO SD OEY U DHCP Header 2 type Boot record type Hardware address Hardware address 1 Hops 0 Transaction id 00000882 Elapsed boot time Flags 8000 Dein ce eee a aeay cuales Client self assigned I Client IP address Relay Agent 0 0 0 0 Client hardware address Host name Boot file name Vendor Information tag Message Type 5 Server IP address Request IP address leas 192 168 1 1 255 255 255 255 67 BootPs DHCP Destination port 68 BootPc DHCP Reply 10Mb Ethernet length 6 bytes O0 s
5. DHCP UDP broadcast The router will now act as a DHCP Relay Agent and fill in Interface E2 the Gateway IP 0 0 0 0 0 0 0 0 192 168 1 1 MAC Address 192 168 1 1 address field with the incoming interface IP address to an incoming interface IP address and forward the request directly to the DHCP server 7 The DHCP server has received the DACPREQUEST lioz 168 1 21192 168 2 2 192 168 1 1 MAC Address of 199 168 2 2 and is sending a DHCP Server DHCPACK to the DHCP BootP Relay Agent 8 The DHCP BootP Relay Agent receives the DHCPACK and will forward the hene ki DHCPACK 192 168 1 2 192 168 2 2 1 192 168 1 1 192 168 1 1 MAC Address broadcast on the local LAN The client will accept the ACK and use the client s IP address MAC Addres DHCP Server Interfac E2 MA Addres ffff EEFE broadc pe tet FUE Pre Execution Enviroment PXE Bootup DHCP Considerations http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 15 of 45 Pre Execution Environment PXE allows a workstation to boot from a server on a network prior to booting the operating system on the local hard drive A network administrator does not have to physically visit the specific workstation and manually boot it Operating systems and other software such as diagnostic programs can be loaded onto the devi
6. ensure that you understand the potential impact of any command before using it Conventions For more information on document conventions see the Cisco Technical Tips Conventions Key Concepts Below are several key concepts of DHCP e DHCP clients initially have no configured IP address and must therefore send a broadcast request to obtain an IP address from a DHCP server e Routers by default do not forward broadcasts It is necessary to accommodate client DHCP broadcast requests if the DHCP server is on another broadcast domain Layer 3 L3 network This is performed by use of a DHCP Relay Agent e The Cisco router implementation of DHCP Relay is provided via interface level ip helper commands Example Scenarios Scenario 1 Cisco Router Routing between DHCP Client and Server s Networks http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 3 of 45 2 es s z z e ta ca ca ral 1 r 4 r A DHCP Server Pa DHCP Clie 192 168 2 2 lt ae 00e 1ef2 c T2eve mn teda S e7 e v a ewe ee ee As configured in the diagram above interface Ethernet will forward the client s broadcasted DHCPDISCOVER to 192 168 2 2 via interface Ethernet The DHCP server will fulfill the request via unicast No further configuration to the router is necessary in
7. one is for Microsoft DHCP clients and the other is for non Microsoft DHCP clients DHCP client identifier manual binding Microsoft DHCP clients and DHCP hardware address manual binding non Microsoft DHCP clients The reason for two different commands is that a PC that runs with Windows modifies its MACs and a 01 is added at the beginning of the address These are the sample configurations e The following is the configuration for Microsoft DHCP clients configuration terminal ip dhcp pool new_pool host ip address subnet mask client identifier O1XXXXXXXXXXXX XxXxxxx represents 48 bit MAC address prepended with 01 e The following is the configuration for non Microsoft DHCP clients configuration terminal ip dhcp pool new pool host ip address subnet mask hardware address XXXXXXXXXXXX XXxxxx represents 48 bit MAC address How to make DHCP Work on Secondary IP Segments By default DHCP has a limitation in that the reply packets are sent only if the request is received from the interface configured with the primary IP address DHCP traffic uses the broadcast address When the DHCP request is received by the router interface it forwards it to the DHCP server when IP helper address is configured with a source address of the primary IP configured on the interface to let the DHCP server know which IP pool it must use for the client in the DHCP reply packet There is no way for the router to know if the DHCP broa
8. variable u Th z a uv 5 Client Server Conversation for Client Obtaining DHCP Address Where Client and DHCP Server Reside on Same Subnet http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 10 of 45 Packet Source MAC Source IP_ Destination IP Description MAC a Addr Addr Addr Role of DHCP BootP Relay Agent Routers by default will not forward broadcast packets Since DHCP client messages use the destination IP address of 255 255 255 255 all Nets Broadcast DHCP clients will not be able to send requests to a DHCP server on a different subnet unless the DHCP BootP Relay Agent is configured on the router The DHCP BootP Relay Agent will forward DHCP requests on behalf of a DHCP client to the DHCP server The DHCP BootP Relay Agent will append its own IP address to the source IP address of the DHCP frames going to the DHCP server This allows the DHCP server to respond via unicast to the DHCP BootP Relay Agent The DHCP BootP Relay Agent will also populate the Gateway IP address field with the IP address of the interface on which the DHCP message is received from the client The DHCP server uses the Gateway ip address field to determine the subnet from which the DHCPDISCOVER DHCPREQUEST or DHCPINFORM message originates Configuring DHCP BootP Relay Agent Feature on Cisco IOS Router Configuring a Cisc
9. 0 0 0 0 Ethernet0O d 255 255 255 255 len 604 rcvd 2 P src 68 dst 67 P rcvd src 0 0 0 0 68 dst 255 255 255 255 67 length 584 CPD setting giaddr to 192 168 1 1 P sent src 192 168 1 1 67 dst 192 168 2 2 67 length 604 Ci Hi E P D D H D P s 192 168 1 1 local d 192 168 2 2 Ethernet1 len 604 sending DP src 67 dst 67 HCPD BOOTREQUEST from 0063 6973 636f 2d30 3030 302e 3030 3030 2e30 3030 31 P s 192 168 2 2 Ethernetl d 192 168 1 1 len 328 rcevd 4 DP src 67 dst 67 DP rcvd src 192 168 2 2 67 dst 192 168 1 1 67 length 308 HCPD forwarding BOOTREPLY to client 0000 0000 0001 HCPD broadcasting BOOTREPLY to client 0000 0000 0001 DP sent src 0 0 0 0 67 dst 255 255 255 255 68 lLength 328 D D B H D P D H P D D H H D HEIE ra OU e H s 0 0 0 0 Ethernet0 d 255 255 255 255 len 604 rcvd 2 P src 68 dst 67 P rcvd src 0 0 0 0 68 dst 255 255 255 255 67 length 584 CPD setting giaddr to 192 168 1 1 P sent src 192 168 1 1 67 dst 192 168 2 2 67 length 604 s 192 168 1 1 local d 192 168 2 2 Ethernetl len 604 sending P src 67 dst 67 CPD BOOTREQUEST from 0063 6973 636f 2d30 3030 302e 3030 3030 2e30 3030 31 s 192 168 2 2 Ethernetl d 192 168 1 1 len 328 rcvd 4 P src 67 dst 67 P rcvd src 192 168 2 2 67 dst 192 168 1 1 67 lLength 308 CPD forwarding BOOTREPLY to client 0000 000
10. 0 0 0 0 0 0 0 0 is sent from client 2 The router receives the DHCPDISCOVER on the El interface The router recognizes that this packet is a DHCP UDP broadcast The router will now act as a DHCP BootP Relay Agent and fill in the Gateway 0 0 0 0 0 0 0 0 192 168 1 1 IP address field with the incoming interface IP address change the source IP address to an incoming interface IP address and forward the request directly to the DHCP server 3 The DHCP server has received the DHCPDISCOVER and is sending a DHCPOFFER to the DHCP Relay Agent 4 The DHCP Relay Agent receives a DHCPOFFER 192 168 1 2 192 168 2 2 192 168 1 1 and will forward the DHCPOFFER broadcast on the LAN http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 GI Address Packet ffff fet 0 0 0 0 0005 DCC9 C640 0 0 0 0 broadc Interface E2 MAC Address 192 168 1 1 Interfac MAC Address of 192 168 2 2 E2 MA DHCP Server Addres ffff FEFE broadc MAC Addres DHCP Server 192 168 1 2 192 168 2 2 192 168 1 1 Interface E1 192 168 1 1 MAC Address Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 14 of 45 5 DHCPREQUEST 0 0 0 0 0 0 0 0 0 0 0 0 0005 DCC9 C640 0 0 0 0 FPFE FPFE i broadc sent from client 6 The router receives the DHCPREQUEST on the El Interface The router recognizes that this packet is
11. DHCP Problems e Catalyst switch default configuration e DHCP BootP Relay Agent configuration e NIC compatibility issue or DHCP feature issue e Faulty NIC or improper NIC driver installation e Intermittent network outages due to frequent spanning tree computations e Operating system behavior or software defect e DHCP server scope configuration or software defect e Cisco Catalyst switch or IOS DHCP BootP Relay Agent software defect e Unicast Reverse Path Forwarding uRPF check failing because the DHCP offer is received on a different interface than expected When the Reverse Path Forwarding RPF feature is enabled on an interface a Cisco router can drop Dynamic Host Configuration Protocol DHCP and BOOTstrap Protocol BOOTP packets that have source addresses of 0 0 0 0 and destination addresses of 255 255 255 255 The router can also drop all IP packets that have a http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 34 of 45 multicast IP destination at the interface This issue is documented in CSCdw31925 registered customers only e DHCP database agent is not used but DHCP conflict logging is not disabled This document will use troubleshooting modules below to determine the root cause as indicated in the list above A Verify Physical Connectivity This procedure is applicable to all case studies First ver
12. DHCP Relay Feature on the VPN 3000 Concentrator Configuration Example PIX ASA 7 x as a DHCP Relay Configuration Example Tools and Utilities Technical Support Cisco Systems Home How to Bu Login Profile Feedback Site Ma Hel Contacts amp Feedback Help Site Map 2007 2008 Cisco Systems Inc All rights reserved Terms amp Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems Inc http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008
13. IP phone has Cisco Discovery Protocol CDP disabled the DHCP server cannot assign an appropriate IP address to the phone The DHCP server tends to assign the IP address that belongs to the data VLAN subnet of the switchport If the CDP is enabled the switch is able to detect that the Cisco IP Phone requests the DHCP and can provide the correct subnet information The DHCP server then is able to allot an IP address from the voice VLAN subnet pool There are no explicit steps required to bind the dhcp service to the voice vlan K Removing Down SVI Disrupts DHCP Snooping Operation On the Cisco Catalyst 6500 series switches an SVI in shutdown state is created automatically after it configures the DHCP to snoop for a particular VLAN The presence of this SVI has direct implications on the correct operation of DHCP snooping DHCP snooping on the Cisco Catalyst 6500 series switches that run Native IOS is implemented mostly on Route Processor RP or MSFC not on Switch Processor SP or Supervisor The Cisco Catalyst 6500 series intercepts packets in hardware with VACLs that supply the packets to a Local Target Logic LTL subscribed to by the RP Once the frames enter the RP they first need to be associated with an L3 Interface SVT IDB before they can be passed off to the snooping part Without an SVI this IDB does not exist and the packets get dropped in the RP http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2
14. and set quality of service QoS and security policies or other parameter assignment policies for each subscriber of a service provider network When DHCP snooping is enabled on a switch it automatically enables option 82 If the DHCP server is not configured to handle the packets with option 82 it ceases to allocate the address to that request In order to resolve this issue disable the subscriber identification option 82 in the switches relay agents with the global configuration command no ip dhep relay information option I DHCP Database Agent and DHCP Conflict Logging A DHCP database agent is any host for example an FTP TFTP or RCP server that stores the DHCP bindings database You can configure multiple DHCP database agents and you can configure the interval between database updates and transfers for each agent Use the ip dhep database command to configure a database agent and database agent parameters If you choose not to configure a DHCP database agent disable the recording of DHCP address conflicts on the DHCP server Execute the no ip dhep conflict logging command to disable the DHCP address conflict logging Clear the previously logged conflicts with clear ip dhep conflict If this fails to disable the conflict logging this error message appears DHCPD 4 DECLINE CONFLICT DHCP address conflict client J Check CDP for IP Phone Connections When the switchport that is connected to the Cisco
15. fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum B8DA correct Source address 0 0 0 0 Destination address 255 255 255 255 No options ERSS UDP Header Source port 68 BootPc DHCP Destination port 67 BootPs DHCP Length 584 No checksum 576 byte s of data AES eS DHCP Header Boot record type 1 Request Hardware address type 1 10Mb Ethernet Hardware address length 6 bytes Hops 0 Transaction id 00001425 Elapsed boot time 0 seconds lags 8000 T E E E TEAR Broadcast IP datagrams ient self assigned IP address 0 0 0 0 ient IP address 0 0 0 0 ext Server to use in bootstrap elay Agent 0 0 0 0 ient hardware address 0005DCF2C441 0 0 0 0 Q WZA Q t Host name Boot file name Vendor Information tag 63825363 Message Type 1 DHCP Discover http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 23 of 45 DHCP Maximum message size 1152 DHCP Client identifier 00636973636F2D303065302E316566322E633434312D457430 DHCP Parameter Request List 7 entries DHCP 1 Client s subnet mask DHCP 6 Domain name server DHCP 15 Domain name DHCP 44 NetBIOS over TCP IP name server D
16. ree aa een ea ae as ae a OO ee a TR ek iae a aa e Ras http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 LC Frame 121 arrived at 07 02 54 7746 frame size is 347 015B hex bytes bit Pd 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Destination address No options UDP Header Source port Destination port Length 313 Checksum 7DF6 c 305 byte s of da C Ee DEEA OP A E A A Oe DHCP Header Boot record type Hardware address 192 168 1 1 67 BootPs DHCP 67 BootPs DHCP orrect ta 2 Request type 1 10Mb Ethernet Hardware address Hops 0 Transaction id Elapsed boot time 8000 Flags Liei Rb ia Sores Client self assig Client IP address Next Server to us Relay Agent Client hardware a Host name Boot file name Vendor Informatio Message Type 5 Server IP address Request IP addres length 6 bytes 000005F4 0 seconds Broadcast IP datagrams Address Renewel i Address Rebinding Subnet mask Domain Name Serve Domain Name Serve Domain name ci I I Cr O ONO OE A OOA OEA Y CA AOA ACFE OT O Nr a E O AO OO OO C e s G g U U Y U U y w w w w w w o w w w a w a w w w w w a a a a yr G GS GI NT GI NT GD GO S G GT A NT G A A G Ns A I ek I I NetBIOS Server address NetBIOS Server address
17. server is run by a network administrator DHCP clients can be reliably and dynamically configured with parameters appropriate to the current network architecture Most enterprise networks consist of multiple subnets divided into subnetworks referred to as Virtual LANS VLANs where routers route between the subnetworks Since routers do not pass broadcasts by default a DHCP server would be needed on each subnet unless the routers are configured to forward the DHCP broadcast using the DHCP Relay Agent feature Understanding DHCP DHCP was originally defined in Requests for Comments RFCs 1531 E and has since been obsoleted by RFC 2131 E DHCP is based on the Bootstrap Protocol BootP which is defined in RFC 951 E DHCP is used by workstations hosts to get initial configuration information such as an IP address subnet mask and default gateway upon bootup Since each host needs an IP address to communicate in an IP network DHCP eases the administrative burden of manually configuring each host with an IP address Furthermore if a host moves to a different IP subnet it has to use a different IP address than the one it was previously using DHCP takes care of this automatically by allowing the host to choose an IP address in the correct IP subnet Current DHCP RFC References e RFC 2131 DHCP e RFC 2132 DHCP Options and BootP Vendor Extensions e RFC 1534 Interoperation between DHCP and BootP e RFC 1542 Clarifications and E
18. some Catalyst switches to go into an errdisabled state Refer to Recovering From errDisable Port State on the CatOS Platforms and Errdisable Port State Recovery on the Cisco IOS Platforms which describe the errdisable state explain how to recover from it and provide examples of recovery from this state B Test Network Connectivity by Configuring Client Workstation with Static IP Address This procedure is applicable to all case studies When troubleshooting any DHCP Issue it is important to verify network connectivity by configuring a static IP address on a client workstation If the workstation is unable to reach network resources despite having a statically configured IP address the root cause of the problem is not DHCP At this point network connectivity troubleshooting is required C Verify Issue as a Startup Problem http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 35 of 45 This procedure is applicable to all case studies If the DHCP client is unable to obtain an IP address from the DHCP server on startup attempt to obtain an IP address from the DHCP server by manually forcing the client to send a DHCP request Issue the following steps to manually obtain an IP address from a DHCP server for the operating systems listed below Microsoft Windows 95 98 ME Click the Start button and run the WINIPCFG ex
19. this example Scenario 2 Cisco Catalyst Switch with L3 Module Routing between DHCP Client and Server s Networks interface Vlan 10 1p address E z no ip directed DHCP Client 00e0 lef c44 DHCP Server 192 168 2 2 As configured in the diagram above interface VLAN20 will forward the client s broadcasted DHCPDISCOVER to 192 168 2 2 via interface VLAN10 The DHCP server will fulfill the request via unicast No further configuration to the router is necessary in this example The switch ports will need to be configured as host ports and have Spanning Tree Protocol STP portfast enabled and trunking and channeling disabled http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 4 of 45 Background Information DHCP provides a mechanism through which computers using Transmission Control Protocol Internet Protocol TCP IP can obtain protocol configuration parameters automatically through the network DHCP is an open standard that was developed by the Dynamic Host Configuration Working Group 4 DHC WG of the Internet Engineering Task Force IETF DHCP is based on a client server paradigm in which the DHCP client for example a desktop computer contacts a DHCP server for configuration parameters The DHCP server is typically centrally located and operated by the network administrator Because the
20. to configure DHCP and the commands associated with it refer to the following link e DHCP Configuration Task List version 12 1 l service timestamps debug uptime service timestamps log uptime no service password encryption j hostname Router enable password cisco ip subnet zero no ip domain lookup ip dhcp excluded address 10 10 1 1 10 10 1 199 Address range excluded from DHCP pools ip dhcp pool test _dhcp gt DHCP pool sc0pe fame is test dhep network 10 10 1 0 255 255 255 0 DHCP pool address will be assigned in this range for associated Gateway I default router 10 10 1 1 DHCP option for default gateway dns server 10 30 1 1 DHCP option for DNS server s netbios name server 10 40 1 1 http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 45 of 45 DHCP option for NetBIOS name server s WINS lease 0 0 1 Lease time interface Ethernet0O description DHCP Client Network ip address 10 10 1 1 255 255 255 0 no ip directed broadcast interface Ethernetl description Server Network ip address 10 10 2 1 255 255 255 0 no ip directed broadcast ine con 0 transport input none ine aux 0 transport input all ine vty 0 4 login end Related Information
21. will retransmit the DHCPREQUEST at least four times within 60 seconds before restarting the Initializing state DHCPDECLINE The client receives the DHCPACK and will optionally perform a final check on the parameters The client performs this procedure by sending Address Resolution Protocol ARP requests for the IP address provided in the DHCPACK If the client detects that the address is already in use by receiving a reply to the ARP request the client will send a DHCPDECLINE message to the server and restart the configuration process by going into the Requesting state DHCPINFORM If a client has obtained a network address through some other means or has a manually configured IP address a client workstation may use a DHCPINFORM request message to obtain other local configuration parameters such as the domain name and Domain Name Servers DNSs DHCP servers receiving a DHCPINFORM message construct a DHCPACK message with any local configuration parameters appropriate for the client without allocating a new IP address This DHCPACK will be sent unicast to the client DHCPRELEASE A DHCP client may choose to relinquish its lease on a network address by sending a DHCPRELEASE message to the DHCP server The client identifies the lease to be released by the use of the client identifier field and network address in the DHCPRELEASE message If you need to extend the current DHCP pool range remove the current pool of addresses and specify the new r
22. 0 0001 CPD broadcasting BOOTREPLY to client 0000 0000 0001 P sent src 0 0 0 0 67 dst 255 255 255 255 68 length 328 UO Hic A S o E C U U C Obtain Sniffer Trace and Determine Root Cause of DHCP Problem Using router debugging techniques will not always determine the exact root cause of a DHCP problem The ultimate step in resolving a DHCP issue is to obtain a sniffer trace and note where the process is not functioning correctly DHCP packet traces can be deciphered by referencing the Decoding Sniffer Trace of DHCP Client and Server on Same LAN Segment and Decoding Sniffer Trace of DHCP Client and Server Separated by Router Configured as a DHCP Relay Agent sections of this document For information on obtaining sniffer traces using the Switched Port Analyzer SPAN feature on Catalyst switches refer to the following document e Configuring the Catalyst Switched Port Analyzer SPAN Alternative Method of Packet Decoding Using debug on Router By using the debug ip packet detail dump lt acl gt command on a Cisco router it is possible to get an entire packet in hex displayed in the system log or Command Line Interface CLI Using the Verify Router is Receiving DHCP Request Using debug Commands and Verify Router is Receiving DHCP Request and Forwarding Request to DHCP Server Using debug Commands sections above along with the dump keyword added to
23. 008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 39 of 45 L Limited Broadcast Address When a DHCP client sets the broadcast bit in a DHCP packet the DHCP server and relay agent send DHCP messages to clients with the all ones broadcast address 255 255 255 255 If the ip broadcast address command has been configured to send a network broadcast the all ones broadcast sent by DHCP is overridden In order to remedy this situation use the ip dhep limited broadcast address command to ensure that a configured network broadcast does not override the default DHCP behavior Some DHCP clients can only accept an all ones broadcast and are not able to acquire a DHCP address unless this command is configured on the router interface connected to the client M Debugging DHCP Using Router debug Commands Verify Router is Receiving DHCP Request Using debug Commands On routers that support software processing of DHCP packets you can verify whether a router is receiving the DHCP request from the client The DHCP process will fail if the router is not receiving requests from the client This troubleshooting step involves configuring an access list for debugging output This access list is for debugging purposes only and is not intrusive to the router In global configuration mode enter the following access list access list 100 permit ip host 0 0 0 0 host 255 255 255 255 In exec mode enter the following debug
24. 328 rcvd 4 00 23 44 UDP src 67 dst 67 DHCP server sending DHCPACK back to DHCP BootP Relay Agent From the output above it is clear that the router is receiving the DHCP requests from the client and forwarding the request per the DHCP BootP Relay Agent configuration to the DHCP server The DHCP server also replied directly to the DHCP BootP Relay Agent This output only shows a summary of the packet and not the packet itself Therefore it is not possible to determine if the packet is correct or whether the server is replying with a DHCPNAK Nevertheless the router did receive a broadcast packet with the source and destination IP and UDP ports that are correct for DHCP and there is two way communication with the DHCP server http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 41 of 45 Verify Router is Receiving and Forwarding DHCP Request Using debug ip udp Command The debug ip udp command can be used to trace the path of a DHCP request through a router However this debug is intrusive in a production environment since all processed switched UDP packets will be displayed to the console This debug should not be used in production A Warning The debug ip udp command is intrusive and may cause high Central Processing Unit CPU utilization In exec mode enter the following debug command debug ip udp Sampl
25. 439 frame size is 60 003C hex bytes DLC Destination BROADCAST FFFFFFFFFFFF Broadcast DLC Source Station Ciscl4F2C441 DLC Ethertype 0806 ARP DLC ARP ARP RARP frame ARP ARP Hardware type 1 10Mb Ethernet ARP Protocol type 0800 IP ARP Length of hardware address 6 bytes ARP Length of protocol address 4 bytes ARP Opcode 2 ARP reply ARP Sender s hardware address OQOEOIEF2C441 ARP Sender s protocol address 192 168 1 2 ARP Target hardware address FFFFFFFFFFFF ARP Target protocol address 192 168 1 2 ARP ARP 18 bytes frame padding ARP Tim 118 192 168 1 1 192 168 2 2 618 0 00 51 212 0 489 912 05 31 2001 07 02 5 Message type DHCP Discover PLES SHS DLC Header DLC DLC Frame 118 arrived at 07 02 54 7463 frame size is 618 026A hex bytes DLC Destination Station OOO5DCOBF2F4 DLC Source Station 003094248F72 DLC Ethertype 0800 IP DLC IP IP Header LP http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 28 of 45 Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the C 2 2 0 CE bit no congestion Total length 604 byt
26. Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 1 of 45 Solutions Products Ordering Partners Training Corporate 1 TAC Notice What s Understanding and eo rc Troubleshooting DHCP in Catalyst Switch or Enterprise Networks Help us help you m Please rate this 7 document Excellent Contents oc Average Introduction O Fair Prerequisites Requirements dial x Components Used This document solved Conventions _ my problem Key Concepts Yes Example Scenarios oi Background Information Just browsing Understanding DHCP 5 Current DHCP RFC References Suggestions for DHCP Message Table improvement Renewing the Lease DHCP Packet Client Server Conversation for Client Obtaining DHCP Address Where Client and DHCP Server Reside on Same Subnet Role of DHCP BootP Relay Agent 256 character limit Configuring DHCP BootP Relay Agent Feature on Cisco IOS O Router Setting Manual Bindings How to make DHCP Work on Secondary IP Segments DHCP Client Server Conversation with DHCP Relay Function Pre Execution Enviroment PXE Bootup DHCP Considerations Understanding and Troubleshooting DHCP Using Sniffer Traces Decoding Sniffer Trace of DHCP Client and Server on Same LAN Segment Decoding Sniffer Trace of DHCP Client and Server Separated by a Router that is Configured as a DHCP Relay Agent Troubleshooting DHCP when Client Workstations are Unable to Obtain DHC
27. Client self assigned IP address 0 0 0 0 Client IP address 192 168 1 2 Next Server to use in bootstrap 0 0 0 0 Relay Agent 0 0 0 0 Client hardware address 0005DCC9C640 http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 18 of 45 DHCP Host name DHCP Boot file name DHCP DHCP Vendor Information tag 63825363 DHCP Message Type 2 DHCP Offer DHCP Server IP address 192 168 1 1 DHCP Request IP address lease time 85535 seconds DHCP Address Renewel interval 42767 seconds DHCP Address Rebinding interval 74843 seconds DHCP Subnet mask 255 255 255 0 DHCP Domain Name Server address 192 168 1 3 DHCP Domain Name Server address 192 168 1 4 DHCP Gateway address 192 168 1 1 DHCP FT ee I E Sd I iy ey Frame 3 DHCPREQUEST Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 3 0 0 0 0 255 255 255 255 618 0 01 26 829 0 003 586 05 07 2001 11 52 03 A Message type DHCP Request DLC S45 DLC Header PLC DLC Frame 56 arrived at 11 52 03 8294 frame size is 618 026A hex bytes DLC Destination BROADCAST FFFFFFFFFFFF Broadcast DLC Source Station O005DCC9C640 DLC Ethertype 0800 IP
28. DHCP Destination port 68 BootPc DHCP Length 313 Checksum 326F correct 305 byte s of data C TR KAES RD eG Gi FU EO EOE Oe EN T N OD SO EOE A F I CI CAI OED IEI CO OI OE LOMO Re CEE C N A A OT O OA mo OAE OOA ONGAY g A g E a e a e a aaa AT SAE aS a aaa DE aTe e o U TE DHCP Header Boot record type 2 Reply Hardware address type 1 10Mb Ethernet Hardware address length 6 bytes H Hops 0 H Transaction id 00001425 H Elapsed boot time 0 seconds H Flags 8000 H Wore r e a ee tee Broadcast IP datagrams H Client self assigned IP address 0 0 0 0 H Client IP address 192 168 1 2 Next Server to use in bootstrap 0 0 0 0 Relay Agent 192 168 1 1 Client hardware address 0005DCF2C441 Host name Boot file name Vendor Information tag 63825363 H Message Type 5 DHCP Ack H Server IP address 192 168 2 2 H Request IP address lease time 172800 seconds Address Renewel interval 86400 seconds Address Rebinding interval 151200 seconds Subnet mask 255 255 255 0 Domain Name Server address 192 168 10 1 Domain Name Server address 192 168 10 2 NetBIOS Server address 192 168 10 1 NetBIOS Server address 192 168 10 3 Domain name cisco com BG GI GI GD GA TD I GG RD I Ds I GT GS EG I MU UU TU UV U0 TU TU TU TU TU TU U0 U0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Frame Status Sour
29. DLC IP sso IP Header IP IP Version 4 header length 20 bytes IP Type of service 00 IP 000 routine IPs O normal delay IP 0 normal throughput EPs 0 normal reliability LE 0 ECT bit transport protocol will ignore the CE bit IP 0 CE bit no congestion IP Total length 604 bytes IP Identification 10 IP Flags 0X ER Ons may fragment IP O last fragment IP Fragment offset 0 bytes IP Time to live 255 seconds hops IP Protocol 17 UDP IP Header checksum B987 correct IP Source address 0 0 0 0 IP Destination address 255 255 255 255 IP No options IP UDP Sones UDP Header UDP UDP Source port 68 BootPc DHCP UDP Destination port 67 BootPs DHCP UDP Length 584 UDP No checksum UDP 576 byte s of data UDP DHCP DHCP Header DHCP DHCP Boot record type 1 Request DHCP Hardware address type 1 10Mb Ethernet DHCP Hardware address length 6 bytes DHCP http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 19 of 45 Ce I ed A De DS Ns MD I eG AM NN J I NN A I END NS I OQ CY COVEY OP OOO Gi OF OQ On OOO A QV Oe OO OF O rOQ O Gy TU OD PO A ET DD OE EE EO FO PU EO PO OE PO EO EO PS g Hops 0 Transaction id 00000882 Elap
30. HCP 3 Routers on the client s subnet DHCP 33 Static route DHCP 150 Unknown Option DHCP Class identifier 646F63736973312E30 DHCP Option overload 3 File and Sname fields hold options DHCP a a el el S Frame 2 DHCPOFFER Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 125 192 168 1 1 255 255 255 255 347 0 02 05 772 0 012 764 05 31 2001 06 Message type DHCP Offer LC LC LC LC ae DLC Header Frame 125 arrived at 06 53 04 2171 frame size is 347 015B hex bytes Destination BROADCAST FFFFFFFFFFFF Broadcast Source Station 003094248F71 Pi PE te Oe Oe e e e O EE E D EA A EEA NA R RA TA Oe a E A A E T Ow PO Ow ee a T F 2 T ee EG AQANAAAAA ATW UV W U UD WU TU ee ee ee oe oe oe oo oo oe o MU TU T UU U Or OG Ja amp I I Ethertype 0800 IP SSS IP Header Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the CE bit 0 CE bit no congestion Total length 333 bytes Identification 45 Flags 0X O may fragment 0 last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum F8C9 correct Source address 192 168 1 1 D
31. HCP Offer AD Eg DLC Header Frame 2 arrived at 11 52 03 8258 frame size is 331 014B hex bytes Destination BROADCAST FFFFFFFFFFFF Broadcast Source Station 0005DCC42484 Ethertype 0800 IP ln ee ee ee ee e e g el F E ET AAE E S E E RA A EA R RAA e e a 9 ee a ee E T E E A T E E E TE REE EEE qaqaqagaagaagaagaaagaagaagaagaaagnanaavtuupuv t g g TT VV Pe Y eo TT T ee ee ee ahaa TP Header s Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the CE bit lt 0 CE bit no congestion Total length 317 bytes Identification 5 Flags 0X O may fragment 0O last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum F901 correct Source address 192 168 1 1 Destination address 255 255 255 255 No options FESSA UDP Header Source port 67 BootPs DHCP Destination port 68 BootPc DHCP Length 297 No checksum 289 byte s of data aaa DHCP Header Boot record type 2 Reply Hardware address type 1 10Mb Ethernet Hardware address length 6 bytes Hops 0 Transaction id 00000882 Elapsed boot time 0 seconds Flags 8000 1 1 2 2 Broadcast IP datagrams
32. P Addresses Case Study 1 DHCP Server on Same LAN Segment or VLAN as DHCP Client Case Study 2 DHCP Server and DHCP Client are Separated by a Router Configured for DHCP BootP Relay Agent Functionality DHCP Server on Router Fails to Assign Adresses with a POOL EXHAUSTED Error DHCP Troubleshooting Modules Understanding Where DHCP Problems Can Occur Keywords Entered after the ip dhcp pool command option option_number ASCII are in Double Quotes Appendix A IOS DHCP Sample Configuration Related Information http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 2 of 45 Introduction This document contains information on how to troubleshoot several common Dynamic Host Configuration Protocol DHCP issues that can arise within a Cisco Catalyst switch network This document includes troubleshooting the use of the Cisco IOS DHCP BootP Relay Agent feature Prerequisites Requirements There are no specific prerequisites for this document Components Used This document is not restricted to specific software and hardware versions The information presented in this document was created from devices in a specific lab environment All of the devices used in this document started with a cleared default configuration If you are working in a live network
33. ROADCAST FFFFFFFFFFFF Broadcast LC Source Station 0005DCC9C640 iC Ethertype 0800 IP vVuUuUUUD http kbase cisco com paws servlet ViewF ile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 16 of 45 Pe ees IP Header Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the CE bit 0 CE bit no congestion Total length 604 bytes Identification 9 Flags 0X O may fragment e0 last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum B988 correct Source address 0 0 0 0 Destination address 255 255 255 255 No options HOW OW OW OW OWA OWA OW OO OOO OREO OOOO E e ae UDP Header Source port 68 BootPc DHCP Destination port 67 BootPs DHCP Length 584 No checksum 576 byte s of data C CT ee DR TO EE Se EO TD ED T Fs PO SEO FO he FO OR Ei Ts ES OS ED I QnA CVO CY OYtA OL G QQ CFO OOO OO GIO Cy Aur 2 O GO Qicko OFS TO nO Ng SESE Ss ee ee oaa Ye EE FEE TE E ae Pa a em Oa N F ae F FE E a a Po SSeS as DHCP Header Boot record type 1 Request Hardware address type 1 10Mb Ethernet Hardware a
34. ange of IP addresses under the DHCP pool In order to remove specific IP addresses or a range of addresses that you want to be in the DHCP pool use the command ip dhep excluded address Note If devices use BOOTP infinite length leases are shown in the DHCP bindings of routers http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 8 of 45 Renewing the Lease Since the IP address is only leased from the server the lease must be renewed from time to time When one half of the lease time has expired T1 0 5 x LT the client will try to renew the lease The client enters the Renewing state and sends a DHCPREQUEST message to the server which holds the current lease The sever will reply to the request to renew with a DHCPACK message if it agrees to renew the lease The DHCPACK message will contain the new lease and any new configuration parameters in the event that any changes are made to the server during the time of the previous lease If the client is unable to reach the server holding the lease for some reason it will attempt to renew the address from any DHCP server after the original DHCP server has not responded to the renewal requests within a time T2 The default value of T2 is 7 8 x LT This means T1 lt T2 lt LT If the client previously had a DHCP assigned IP address and it is restarted the client will speci
35. ce Address Dest Address Size Rel Time Delta Time Abs Tim 5 Ciscl4F2C441 Broadcast 60 0 02 05 798 0 011 763 05 31 2001 06 53 04 AM ARP HA Ciscl4F2C441 PRO IP DLCs se DLC Header http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 27 of 45 Frame Status Source Address Dest Address Size Rel Time Delta Time Abs DLC DLC Frame 128 arrived at 06 53 04 2439 frame size is 60 003C hex bytes DLC Destination BROADCAST FFFFFFFFFFFF Broadcast DLC Source Station Ciscl4F2C441 DLC Ethertype 0806 ARP DLC ARP ARP RARP frame ARP ARP Hardware type 1 10Mb Ethernet ARP Protocol type 0800 IP ARP Length of hardware address 6 bytes ARP Length of protocol address 4 bytes ARP Opcode 2 ARP reply ARP Sender s hardware address OQOEOIEF2C441 ARP Sender s protocol address 192 168 1 2 ARP Target hardware address FFFFFFFFFFFF ARP Target protocol address 192 168 1 2 ARP ARP 18 bytes frame padding ARP Tim 5 Ciscl4F2C441 Broadcast 60 0 02 05 798 0 011 763 05 31 2001 06 53 04 AM ARP Sniffer A Trace Frame Status Source Address Dest Address Size Rel Time Delta Time Abs HA Ciscl4F2C441 PRO IP DEC ana DLC Header DLC DLC Frame 128 arrived at 06 53 04 2
36. ce from a server over the network PXE environment uses DHCP to configure it s IP address The DHCP BootP Relay Agent configuration must be done on the router if the DHCP server is located on another routed segment of the network The ip helper address command on the local router interface must be configured Refer to the Configuring DHCP BootP Relay Agent Feature on Cisco IOS Router section of this document for configuration information Understanding and Troubleshooting DHCP Using Sniffer Traces Decoding Sniffer Trace of DHCP Client and Server on Same LAN Segment Network Topology where DHCP Client and Server Reside on Same LAN Segment DHCP Server DHCP Client The sniffer trace below is comprised of six frames These six frames illustrate a working scenario for DHCP where the DHCP client and server reside on the same physical or logical segment When troubleshooting DHCP it is important to match your sniffer trace to the traces below There may be some differences compared to the traces below but the general packet flow should be exactly the same The packet trace follows previous discussions of how DHCP works Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 1 0 0 0 0 255 255 255 255 618 0 01 26 810 0 575 244 05 07 2001 11 52 03 Al Message type DHCP Discover LC lt Se5 DLC Header LC LC Frame larrived at 11 52 03 8106 frame size is 618 026A hex bytes LC Destination B
37. command debug ip packet detail 100 Sample output Router debug ip packet detail 100 IP packet debugging is on detailed for access list 100 Router 00 16 46 IP s 0 0 0 0 Ethernet4 0 d 255 255 255 255 len 604 rcvd 2 00 16 46 UDP src 68 dst 67 00 16 46 IP s 0 0 0 0 Ethernet4 0 d 255 255 255 255 len 604 rcevd 2 00 16 46 UDP src 68 dst 67 From the output above it is clear that the router is receiving the DHCP requests from the client This output only shows a summary of the packet and not the packet itself Therefore it is not possible to determine if the packet is correct Nevertheless the router did receive a broadcast packet with the source and destination IP and UDP ports that are correct for DHCP Verify Router is Receiving DHCP Request and Forwarding Requests to DHCP Server Using debug Commands Additional entries in the access list can be added to see if the router is communicating successfully with the DHCP server Again these debugs do not look into the packet but you can confirm whether or not the DHCP relay agent is forwarding requests to the DHCP server In global configuration mode create the following access list access list 100 permit ip host 0 0 0 0 host 255 255 255 255 http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 40 of 45 access list 100 permit udp host lt
38. dcast request comes from a device that is on the secondary IP network configured on the interface As a workaround sub interface configuration provided that the device connected to the router supports dotlq tagging to separate the two subnets can be configured so both of them get their correspondent IP addresses properly If the secondary address is the preferred way there is another workaround which is to enable the global configuration command ip dhep smart relay This has a limitation in that it only uses the secondary IP to relay the DHCP request if there is no response from the DHCP server after three consecutive requests for the primary address pool DHCP Client Server Conversation with DHCP Relay Function The table below illustrates the process for a DHCP client to obtain an IP address from a DHCP server This table is modeled after the network diagram above Each numerical value in the diagram http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 13 of 45 represents a packet that is described below This table is a point of reference for understanding the packet flow of DHCP client server conversation This table is also useful for determining where DHCP problems may be occurring Packet Source g Destin MAC Address OUTS MA Address Client IP Server IP Address Address 1 DHCPDISCOVER
39. ddress length The client sets the value to zero and the value hops Hops increments if the request is forwarded across a router A random number that is chosen by the client All Transaction DHCP messages http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 9 of 45 ID exchanged for a given DHCP transaction use the ID xid Specifies number of Seconds seconds since the DHCP process started Indicates whether the Flags message will be broadcast or unicast Only used when client knows its IP address as in the case of the Bound Renew or Rebinding states If the client IP address is 0 0 0 0 the DHCP server will place the offered client IP address in this field If the client knows the IP address of the DHCP server this field will be Server IP populated with the DHCP address server address Otherwise it is used in DHCPOFFER and DHCPACK from DHCP server The Gateway IP address filled in by the DHCP BootP Relay Agent xid secs ciaddr yiaddr Router IP giaddr address GI The DHCP client MAC address 64 Server The optional server host name name 128 The boot file name name The optional parameters Option that can be provided by the DHCP server RFC parameters 151 35 gives all possible options chaddr 1 nN sname file options
40. ddress length 6 bytes Hops 0 Transaction id 00000882 Elapsed boot time 0 seconds lags 8000 T Gaim aai aE fod Broadcast IP datagrams ient self assigned IP address 0 0 0 0 ient IP address 0 0 0 0 ext Server to use in bootstrap Relay Agent 0 0 0 0 Client hardware address 0005DCC9C640 Zaar 0 0 0 0 Host name Boot file name Vendor Information tag 63825363 Message Type 1 DHCP Discover Maximum message size 1152 Client identifier 00636973636F2D303030352E646363392E633634302D564C31 Parameter Request List 7 entries H 1 Client s subnet mask H 66 TFTP Option H 6 Domain name server H 3 Routers on the client s subnet 67 Boot File Option 12 Host name server 150 Unknown Option DS GIN A GG Se I GT eI GYD Gs GT GI GP Cee I http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 17 of 45 DHCP Class identifier 646F63736973312E30 DHCP Option overload 3 File and Sname fields hold options DHCP SE Ss SS PS a aS at ar SS a I Frame 2 DHCPOFFER Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 2 192 168 1 1 255 255 255 255 331 0 01 26 825 0 015 172 05 07 2001 11 52 C C OG U GV O G G J C O UG A A G UC Message type D
41. dhcp_relay_agent gt host lt dhcp_server gt eq 67 access list 100 permit udp host lt dhcp_server gt host lt dhcp_relay_agent gt eq 67 For example access list 100 permit ip host 0 0 0 0 host 255 255 255 0 access list 100 permit udp host 192 168 1 1 host 192 168 2 2 eq 67 access list 100 permit udp host 192 168 1 1 host 192 168 2 2 eq 68 access list 100 permit udp host 192 168 2 2 host 192 168 1 1 eq 67 access list 100 permit udp host 192 168 2 2 host 192 168 1 1 eq 68 In exec mode enter the following debug command Router 00 23 44 IP s 0 0 0 0 Ethernet4 0 d 255 255 255 255 len 604 rcvd 2 00 23 44 UDP src 68 dst 67 g Router receiving DHCPDISCOVER from DHCP client 00 23 44 IP s 192 168 1 1 local d 192 168 2 2 Ethernet4 1 len 604 s 00 23 44 UDP src 67 dst 67 Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP BootP 00 23 44 IP s 192 168 2 2 Ethernetl d 192 168 1 1 len 328 rcvd 4 00 23 44 UDP src 67 dst 67 DHCP server sending DHCPOFFER to DHCP BootP Relay Agent 00 23 44 IP s 0 0 0 0 Ethernet4 0 d 255 255 255 255 len 604 rcvd 2 00 23 44 UDP src 68 dst 67 7 Router receiving DHCPREQUEST from DHCP client 00 23 44 IP s 192 168 1 1 local d 192 168 2 2 Ethernet4 1 len 604 s 00 23 44 UDP src 67 dst 67 Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP BootP 00 23 44 IP s 192 168 2 2 Ethernetl d 192 168 1 1 len
42. e an E A A E T e ew PO Ow fe aw F 2 2 ee EG UDPS Sees UDP Header UDP UDP Source port 67 BootPs DHCP UDP Destination port 67 BootPs DHCP UDP Length 584 UDP Checksum 4699 correct UDP 576 byte s of data De DUC Pas a DHCP Header DHCP DHCP Boot record type 1 Request DHCP Hardware address type 1 10Mb Ethernet DHCP Hardware address length 6 bytes DHCP DHCP Hops 1 http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 LC Frame 120 arrived at 07 02 54 7745 frame size is 618 026A hex bytes bit Pd 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Transaction id 000005F4 H Elapsed boot time 0 seconds H Flags 8000 H Tien a esawecr Degen we a Broadcast IP datagrams H Client self assigned IP address 0 0 0 0 H Client IP address 0 0 0 0 Next Server to use in bootstrap 0 0 0 0 Relay Agent 192 168 1 1 Client hardware address OOO5DCF2C441 Host name Boot file name Vendor Information tag 63825363 Parameter Request List 7 entries l Client s subnet mask Domain name server H 15 Domain name H 44 NetBIOS over TCP IP name server H 3 Routers on the client s subnet H 33 Static route 50 Unknown Option Class identifier 646F63736973312E30 Option overload 3 File and Sname fields hold optio
43. e output Router debug ip udp UDP packet debugging is on Router 00 18 48 UDP fevd src 0 0 0 0 68 dst 255 255 255 255 67 length 584 1 Router receiving DHCPDISCOVER from DHCP client 00 18 48 UDP sent src 192 168 1 1 67 dst 192 168 2 2 67 length 604 Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP BootP 00 18 48 UDP revd src 192 168 2 2 67 dst 192 168 1 1 67 lLength 313 Router receiving DHCPOFFER from DHCP server directed to DHCP BootP Rela 00 18 48 UDP sent src 0 0 0 0 67 dst 255 255 255 255 68 lLength 333 Router forwarding DHCPOFFER from DHCP server to DHCP client via DHCP Bo 00 18 48 UDP rcvd src 0 0 0 0 68 dst 255 255 255 255 67 length 584 Router receiving DHCPREQUEST from DHCP client 00 18 48 UDP sent src 192 168 1 1 67 dst 192 168 2 2 67 length 604 Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP BootP 00 18 48 UDP rcvd src 192 168 2 2 67 dst 192 168 1 1 67 lLength 313 l Router receiving DHCPACK or DHCPNAK from DHCP directed to DHCP Boot 00 18 48 UDP sent src 0 0 0 0 67 dst 255 255 255 255 68 lLength 333 Router forwarding DHCPACK or DHCPNAK to DHCP client via DHCP BootP 00 18 48 UDP rcvd src 192 168 1 2 520 dst 255 255 255 255 520 length 3 DHCP client verifying IP address not in use by sending ARP request for 00 18 50 UDP revd src 192 168 1 2 520 dst 255 255 255 255 520 length 3
44. e program Click the Release All button followed by the Renew All button Is the DHCP client now able to obtain an IP address EJIP Configuration Ethermet Adapter Information EEE Adapter Address 00 D0 87 25 E5 3F IP Addiess 64 102 50 154 Subnet Mask 255 255 255 0 Default Gateway 64 102 50 1 oo Release Renew Release All Renew All More Info gt Microsoft Windows NT 2000 Open a command prompt window by typing emd in the Start Run field Issue the command ipeonfig renew in the command prompt window as shown below Is the DHCP client now able to obtain an IP Address ae ag 99 Microsoft Corp C gt ipconfig Windows 2000 IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix EP MAAPERE G oi al a al ak ah ah al a Subnet Mask Default Gateway C gt ipconfig renew Windows 2666 IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IP Address Subnet Mask Default Gateway gt cisco com 64 102 47 137 5 255 255 255 192 64 102 47 129 If the DHCP client is able to obtain an IP address by manually renewing the IP address after the PC has completed the bootup process the issue is most likely a DHCP startup issue If the DHCP client is attached to a Cisco Catalyst switch the problem is most likely due to a configuration issue dealing with STP portfast and or channeling and trunking Other possibilities
45. econds Broadcast IP datagrams P address 192 168 1 2 Next Server to use in bootstrap 0 0 0 0 0 0 0 0 0005DCC9C640 63825363 DHCP Ack 192 168 1 1 tim 86400 seconds Address Renewel interval Address Rebinding interval Subnet mask Domain Name Server address Domain Name Server address Gateway address I X CIE CO TOA OOO O OO CY A OAA CE OY E OO O OE A T HOO rg RO EO e ee ae e s G GT I OGG A I RT NT G GG GAGs GG I MU U MU E T T EE FA TU TU TEE T TU TU TU TU U0 U0 0 0 0 0 0 0 0 0 0 0 0 0 Frame Status Source Address Dest 5 0005DCC9C640 Broadcast 60 0 01 259 4 290 ZID 192 168 43200 seconds 75600 seconds 192 168 1 3 192 168 1 4 1 I H Address Size Rel Time Delta Time Abs Tim 26 846 0 002 954 05 07 2001 11 52 03 AM ARP HA 0005DCC9C640 PRO IP DECi Roass DLC Header DEG DLC Frame 58 arrived at 11 52 03 8470 frame size is 60 003C hex bytes DLC Destination BROADCAST FFFFFFFFFFFF Broadcast DLC Source Station 0005DCC9C640 DLC Ethertype 0806 ARP DLC ARP ARP RARP frame ARP ARP Hardware type 1 10Mb Ethernet ARP Protocol type 0800 IP ARP Length of hardware address 6 bytes ARP Length of protocol address 4 bytes ARP Opcode 2 ARP reply ARP Sender s hardware address 0005DCC9C640 http kbase cisco com paws servlet ViewFile 27470 100 xml convertPa
46. elay Agent from which the DHCPDISCOVER came The DHCP BootP Relay Agent will then either broadcast or unicast the DHCPOFFER on the local subnet on UDP port 68 depending on the Broadcast flag set by the Bootp client DHCPREQUEST After the client receives a DHCPOFFER it responds with a DHCPREQUEST message indicating its intent to accept the parameters in the DHCPOFFER and moves into the Requesting state The client may receive multiple DHCPOFFER messages one from each DHCP server that received the original DHCPDISCOVER message The client chooses one DHCPOFFER and responds to that DHCP server only implicitly declining all other DHCPOFFER messages The client identifies the selected server by populating the Server Identifier option field with the DHCP server s IP address The DHCPREQUEST is also a broadcast so all DHCP servers that sent a DHCPOFFER will see the DHCPREQUEST and each will know whether its DHCPOFFER was accepted or declined Any additional configuration options that the client requires will be included in the options field of the DHCPREQUEST message Even though the client has been offered an IP address it will send the DHCPREQUEST message with a source IP address of 0 0 0 0 At this time the client has not yet http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 7 of 45 received verification that it is clear
47. er address 192 168 10 1 NetBIOS Server address 192 168 10 3 Domain name cisco com SSeS Ste Se eS Se Se eS ee Frame 3 DHCPREQUEST Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 0 0 0 0 255 255 255 255 618 0 02 05 774 0 002 185 05 31 2001 06 53 04 3 GOG R R E E eE E E e L L e L E h a RROD ODO ODDO LUG Message type DHCP Request LEs LC HC LC LEs is SATHE DLC Header Frame 126 arrived at 06 53 04 2193 frame size is 618 026A hex bytes Destination BROADCAST FFFFFFFFFFFF Broadcast Source Station Cisc14F2C441 Ethertype 0800 IP R FD E E a a ba e E A ee ls A D FEE FA T LC Sees IP Header Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the CE bit 0 CE bit no congestion Total length 604 bytes Identification 184 Flags 0X O may fragment 0 last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum B8D9 correct Source address 0 0 0 0 Destination address 255 255 255 255 No options a a UDP Header http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troub
48. erver specifically as defined in the packet The client to server communication 0x04 DHCPDECLINE indicating that the network address is already in use The server to client communication with 0x05 DHCPACK configuration parameters including committed network address The server to client communication refusing we Peres the request for configuration parameter The client to server communication 0x07 DHCPRELEASE_ relinquishing network address and canceling remaining lease ooo P P http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 6 of 45 The client to server communication asking for only local 0x08 DHCPINFORM __ configuration parameters that the client already has externally configured as an address DHCPDISCOVER When a client boots up for the first time it is said to be in the Initializing state and transmits a DHCPDISCOVER message on its local physical subnet over User Datagram Protocol UDP port 67 BootP server Since the client has no way of knowing the subnet to which it belongs the DHCPDISCOVER is an all subnets broadcast destination IP address of 255 255 255 255 with a source IP address of 0 0 0 0 The source IP address is 0 0 0 0 since the client does not have a configured IP address If a DHCP server exists on this local subnet and is configured and operating correctl
49. es Identification 52 Flags 0X O may fragment O last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum 3509 correct Source address 192 168 1 1 Destination address 192 168 2 2 No options an te ee UDP Header 67 BootPs DHCP 67 BootPs DHCP Source port Destination port U Length 584 U Checksum 0A19 correct U 576 byte s of data VA A OD ee Fe ae a i a Re a Oe no fa es Oe OT A 0 ee I qaqgnaaqaadaanagnaagaaagaagaagaaagaaagaagaaagadgaaagaagaagngagaaagnganaanvwtw UUs WY EO PO TDS A ETA A Pt SE OS AQ RE AS Eg SO A A EO A Us A DHCP Header Boot record type 1 Hardware address Hardware address Request type 1 10Mb Ethernet length 6 bytes Hops 1 Transaction id 000005F4 Elapsed boot time 0 seconds 7 H Flags 8000 H Tne e an a seu Broadcast IP datagrams H Client self assigned IP address 0 0 0 0 H Client IP address 0 0 0 0 H Next Server to use in bootstrap 0 0 0 0 H Relay Agent 192 168 1 1 H Client hardware address 0005DCF2C441 Host name Boot file name Parameter Request List 7 entries 1 Client s subnet mask H 6 Domain name server H 15 Domain name H 44 NetBIOS over TCP IP name server H 3 Routers on the client s subnet H 33 Static route H 150 Unknown Option H Class identif
50. estination address 255 255 255 255 No options Soe UDP Header szes Source port 67 BootPs DHCP Destination port 68 BootPc DHCP Length 313 Checksum 8517 correct 305 byte s of data SaaS DHCP Header Boot record type 2 Reply Hardware address type 1 10Mb Ethernet Hardware address length 6 bytes Hops 0 http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 24 of 45 TD DS ND Gs YT AD IND NS G9 DD GY a AG IES DG I CIO Or QO E C C1O O OO Or QViOn OOOO OO O O Gi OV MU U TU MU UU TU TU U0 U0 U0 U0 0 0 0 0 0 0 0 0 0 0 TEE 0 Transaction id 00001425 Elapsed boot time 0 seconds Flags 8000 1 1 2 2 Broadcast IP datagrams Client self assigned IP address 0 0 0 0 Client IP address 192 168 1 2 Next Server to use in bootstrap 0 0 0 0 Relay Agent 192 168 1 1 Client hardware address OOO5DCF2C441 Host name Boot file name Vendor Information tag 63825363 Message Type 2 DHCP Offer Server IP address 192 168 2 2 Request IP address lease time 99471 seconds Address Renewel interval 49735 seconds Address Rebinding interval 87037 seconds Subnet mask 255 255 255 0 Domain Name Server address 192 168 10 1 Domain Name Server address 192 168 10 2 NetBIOS Serv
51. fically request the previously leased IP address in a DHCPREQUEST packet This DHCPREQUEST will still have the source IP address as 0 0 0 0 and the destination as the IP broadcast address 255 255 255 255 A client sending a DHCPREQUEST during a reboot must not fill in the server indentifier field and must instead fill in the requested IP address option field Strictly RFC compliant clients will populate the ciaddr field with the address requested instead of the DHCP option field The DHCP server will accept either method The behavior of the DHCP server depends on a number of factors such as in the case of Windows NT DHCP servers the version of the operating system being used as well as other factors such as superscoping If the DHCP server determines that the client can still use the requested IP address it will either remain silent or send a DHCPACK for the DHCPREQUEST If the server determines that the client cannot use the requested IP address it will send a DHCPNACK back to the client The client will then move to the Initializing state and send a DHCPDISCOVER message DHCP Packet The DHCP message is variable in length and consists of fields listed in the table below Note This packet is a modified version of the original BootP packet See the packet as an request or reply OpCode 1BOOTREQUEST 2 BOOTREPLY hype hype z W Specifies the network P is eee hardware address type en fe ee Specifies the length fe ee hardware a
52. ier 646F63736973312E30 Option overload 3 File and Sname fields hold options A E So GT A A GS Gs a NT IN IG IG A A E G E I I http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 bit H Vendor Information tag 63825363 H Message Type 1 DHCP Discover H Maximum message size 1152 H Client identifier 00636973636F2D303065302E316566322E633434312D457430 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 29 of 45 Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 2 I 192 168 2 2 192 168 1 1 347 0 00 51 214 0 002 133 05 31 2001 07 02 54 Me Le Gs LC Les LC ios ssage type DHCP Offer SaaS DLC Header Frame 119 arrived at 07 02 54 7485 frame size is 347 015B hex bytes Destination Station 003094248F72 Source Station OOO5DCOBF2F4 Ethertype 0800 IP U P eE EET De Oe et eT e e a AD O E E E A 4 MDs De EQS Ad SD De Fe PO Te FO Oe PO OE Eh OO EO BO EOS FO het EO TR Ty BO Os I I I ANAADAAAADADAAAAAA AAA AA AAS FU 151 TT te te te te ce ee er ee ee oe oe te oe te ee te o U UW u y TU g Sue DTG D Gv D a a S a I A I LC EA IP Header Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport
53. ify physical connectivity of a DHCP client and server If connected to a Catalyst switch verify that both the DHCP client and server have physical connectivity For Catalyst CatOS switches such as the 2948G 4000 5000 and 6000 series switches use the show port lt mod gt lt port_range gt command to note the port status If the port status is anything other than connected the port will not pass any traffic including DHCP client requests The output from the commands is as follows Switch enable show port 5 1 Port Name Status Vlan Duplex Speed Typ 5 1 connected 1 a full a 100 10 100BaseTX For IOS based switches such as the Catalyst 2900XL 3500XL 2950 3550 the equivalent command to show port status is show interface lt interface gt If the state of the interface is anything other than lt interface gt is up line protocol is up the port will not pass traffic including DHCP client requests The output from the commands is as follows Switch tshow interface fastEthernet 0 1 FastEthernet0 1 is up line protocol is up Hardware is Fast Ethernet address is 0030 94dc accl bia 0030 94dc accl1 If the physical connection has been verified and there is indeed no link between the Catalyst switch and DHCP client consult the Troubleshooting Cisco Catalyst Switches to NIC Compatibility Issues document for additional troubleshooting in regards to the physical layer connectivity issue Excessive data link errors cause ports on
54. include NIC card issues and switch port startup issues Troubleshooting Steps D and E should be reviewed to rule out switch port http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 36 of 45 configuration and NIC card issues as the root cause of the DHCP problem D Verify Switch Port Configuration STP Portfast and Other Commands If the switch is a Catalyst 2900 4000 5000 6000 verify that the port has STP portfast enabled and trunking channeling disabled The default configuration is STP portfast disabled and trunking channeling auto if applicable For the 2900XL 3500XL 2950 3550 switches STP portfast is the only required configuration These configuration changes resolve the most common DHCP client issues that occur with an initial installation of a Catalyst switch For more documentation regarding the necessary switch port configuration requirements for DHCP to operate properly when connected to Catalyst switches please review the following document Using Portfast and Other Commands to Fix Workstation Startup Connectivity Delays After reviewing the configuration guidelines in the document above return to this document for additional troubleshooting E Check for Known NIC Card or Catalyst Switch Issues If the Catalyst switch configuration is correct it is possible that a software compatibility issue may ex
55. includes DHCPOFFER and DHCPNAK Client s MAC address is 00e0 lef2 c44l1 00 20 54 DHCPD broadcasting BOOTREPLY to client 00e0 lef2 c441 Router is forwarding DHCPOFFER or DHCPNAK broadcast on local LAN interf 00 20 54 DHCPD setting giaddr to 192 168 1 1 Router received DHCPDISCOVER REQUEST INFORM and set Gateway IP addres 00 20 54 DHCPD BOOTREQUEST from 0063 6973 636f 2d30 3065 302e 3165 6632 2e BOOTREQUEST includes DHCPDISCOVER DHCPREQUEST and DHCPINFORM Pose UGI 69724 C282 eos JU0 Sc S0N Si SINS CB I2eA2S6S INOI Cotes Client identifie 00 20 54 DHCPD forwarding BOOTREPLY to client 00e0 lef2 c441 BOOTREPLY includes DHCPOFFER and DHCPNAK Client s MAC address is 00e0 1lef2 c44l1 00 20 54 DHCPD broadcasting BOOTREPLY to client 00e0 1lef2 c441 Router is forwarding DHCPOFFER or DHCPNAK broadcast on local LAN interf Running Multiple Debugs Simultaneously http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 43 of 45 When running multiple debugs simultaneously a fair amount of information can be discovered regarding the operation of the DHCP BootP Relay Agent and server Using the above troubleshooting outlines you can make inferences about where the DHCP BootP Relay Agent functionality may not be operating correctly I U s
56. ist on the Catalyst switch or DHCP client s NIC that could be causing DHCP issues The next step in troubleshooting is to review the following document and rule out any software issues with the Catalyst switch or NIC that may be contributing to the problem Troubleshooting Cisco Catalyst Switches to NIC Compatibility Issues Knowledge of the DHCP client s operating system as well as specific NIC information such as the manufacturer model and driver version will be needed to properly rule out any compatibility issues F Distinguishing whether DHCP Clients Obtain IP Address on the Same Subnet or VLAN as DHCP Server It is important to distinguish whether or not DHCP is functioning correctly when the client is on same subnet or VLAN as the DHCP server If the DHCP is working correctly on the same subnet or VLAN as the DHCP server the DHCP issue may be with the DHCP BootP Relay Agent If the problem persists even with testing DHCP on the same subnet or VLAN as the DHCP server the problem may actually be with the DHCP server G Verify Router DHCP BootP Relay Configuration Issue the steps below to verify the configuration 1 When configuring DHCP relay on a router verify that the ip helper address command is located on the correct interface The ip helper address command must be present on the inbound interface of the DHCP client workstations and must be directed to the correct DHCP server 2 Verify that the global configuration command
57. ith DHCP DHCP Server Hub A Relay Agent Hub B DHCP Client 192 168 2 1 192 168 1 1 192 168 2 2 Sniffer B http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 22 of 45 Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 1 0 0 0 0 255 255 255 255 618 0 02 05 759 0 025 369 05 31 2001 06 53 04 gt Message type DHCP Discover LC LC Le LG LCs SPES DLC Header Frame 124 arrived at 06 53 04 2043 frame size is 618 026A hex bytes Destination BROADCAST FFFFFFFFFFFF Broadcast Source Station OOO5DCF2C441 Ethertype 0800 IP eE en ee Oe EE T E O E E E N ea is eT eR RD OD ay OP TOO DO TO TO FD BOs EO FO E OD Eth hs Fo Pe T I ADD AADAADAADADDADADADA GDA ADT TTT Ti ee ce ce ce ae ee ae er ae oer ee te ee oe We GS GI OI GG GE I GT Ge IS Gs I I U UM TU TU VU UU TU U0 U0 U0 UU U0 0 0 0 0 0 0 0 0 E BHEN IP Header 5 Version 4 header length 20 bytes Type of service 00 O00 routine 0 normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the CE bit wee 0 CE bit no congestion Total length 604 bytes Identification 183 Flags 0X O may fragment 0 last
58. leshooting DHCP in Catalyst Switch or Enterprise DP Source port 68 BootPc DHCP DP Destination port 67 BootPs DHCP DP Length 584 DP No checksum DP 576 byte s of data Oo I CPO CIC CF CP Cr CP Ca CC ae Ca CEPE CY Oe a Os IE CY CY CD CO CP ey a e Sa ania DHCP Header Boot record type 1 Request Hardware address type 1 10Mb Ethernet Hardware address length 6 bytes Hops 0 Transaction id 00001425 Elapsed boot time 0 seconds lags 8000 7 es ona eho Beat AY send Broadcast IP datagrams ient self assigned IP address 0 0 0 0 ient IP address 0 0 0 0 Next Server to use in bootstrap Relay Agent 0 0 0 0 Client hardware address OO005DCF2C441 QQry 0 0 0 0 Host name Boot file name Vendor Information tag 63825363 Message Type 3 DHCP Request Maximum message size 1152 Server IP address 192 168 2 2 Request specific IP address 192 168 1 2 Request IP address lease time 99471 seconds Parameter Request List 7 entries H l Client s subnet mask H 6 Domain name server H 15 Domain name H 44 NetBIOS over TCP IP name server H 3 Routers on the client s subnet H 33 Static route H 150 Unknown Option Class identifier 646F63736973312E30 Option overload 3 File and Sname fields hold options pe Ds So GI NT ODN GD GO EG Ne NT a A Gs I A I Od NG ar GaGa Ca ey I
59. nd client reside on the different LAN segments or VLANs the router functioning as a DHCP BootP Relay Agent is responsible for forwarding the DHCPREQUEST to the DHCP server Additional troubleshooting steps are required to troubleshoot the DHCP BootP Relay Agent as well as the DHCP server and client Following the troubleshooting modules below should determine which device is causing the issue DHCP Server on Router Fails to Assign Adresses with a POOL EXHAUSTED Error It is possible that some addresses are still held by clients even if they are released from the pool This can be verified by the show dhep conflict output An address conflict occurs when two hosts use the same IP address At the address assignment the DHCP checks for conflicts with ping and gratuitous ARP If a conflict is detected the address is removed from the pool The address is assigned until the administrator resolves the conflict Configure no ip dhep conflict logging to resolve this issue DHCP Troubleshooting Modules Understanding Where DHCP Problems Can Occur DHCP problems can arise due to a multitude of reasons The most common reasons are configuration issues However many DHCP problems can be caused by software defects in operating systems Network Interface Card NIC drivers or DHCP BootP Relay Agents running on routers Due to the number of potentially problematic areas a systematic approach to troubleshooting is required Short List of Possible Causes of
60. no service dhep is not present This configuration parameter will disable all DHCP server and relay functionality on the router The default configuration service dhcp will not appear in the configuration and is the default configuration command If the service dhcp is not enabled the clients do not receive the IP addresses from the DHCP server http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 37 of 45 Note In routers that run older Cisco IOS releases the ip bootp server command handles the DHCP relay agent function instead of the service dhep command Because of this the ip bootp server command needs to be enabled in these routers if the ip helper address command is configured to forward DHCP UDP broadcasts and properly act as a DHCP relay agent on behalf of the DHCP client 3 When applying ip helper address commands to forward UDP broadcasts to a subnet broadcast address verify that no ip directed broadcast is not configured on any outbound interface that the UDP broadcast packets needs to traverse The no ip directed broadcast will block on any translation of a directed broadcast to physical broadcasts This interface configuration is default configuration in software versions 12 0 and higher 4 Forwarding DHCP broadcasts to the DHCP server s subnet broadcast address is an occasional software issue When troubleshoo
61. ns Roe I ID se Go E DG I YG A GE GG I OQ CY OLA OOOO OR OC OE OO Oa OOOO OA GO FO FO FO I TR A AS A BOO Ag EE PO PU OO EE EOE POS g g Page 31 of 45 H ssage Type 3 DHCP Request aximum message size 1152 H Client identifier 00636973636F2D303065302E316566322E633434312D457430 H Server IP address 192 168 2 2 H Request specific IP address 192 168 1 2 H Request IP address lease time 172571 seconds SO ES ES ee Se Pre hae eS IS ha Frame 4 DHCPACK Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 4 192 168 2 2 192 168 1 1 347 0 00 51 240 0 000 153 05 31 2001 07 02 54 Message type DHCP Ack DOIA DLC Header LC LC Destination Station 003094248F72 LC Source Station OOO5DCOBF2F4 iC Ethertype 0800 IP LC U SSeS IP Header Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the C lt 0 CE bit no congestion Total length 333 bytes Identification 42 Flags 0X O may fragment 0 last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum 3622 correct Source address 192 168 2 2 taut Oe e E e E T E A A E E ae pae
62. o router to forward BootP or DHCP requests is simple configure an IP helper address pointing to the DHCP BootP server or pointing to the subnet broadcast address of the network the server is on For example consider the following network diagram DHCP Server we DHCP Clie 192 168 2 2 lt a 00e0 1ef2 Tee Tesen 7 e evrene wren ee Lee To forward the BootP DHCP request from the client to the DHCP server the ip helper address interface command is used The IP helper address can be configured to forward any UDP broadcast based on UDP port number By default the IP helper address will forward the following UDP http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 11 of 45 broadcasts e Trivial File Transfer Protocol TFTP port 69 DNS port 53 time service port 37 e NetBIOS name server port 137 NetBIOS datagram server port 138 Boot Protocol DHCP BootP client and server datagrams ports 67 and 68 Terminal Access Control Access Control System TACACS service port 49 e JEN 116 name service port 42 IP helper addresses can direct UDP broadcasts to a unicast or broadcast IP address However it is not recommended to use the IP helper address to forward UDP broadcasts from one subnet to the broadcast address of another subnet due to the large amount of broadcast flooding that may occ
63. protocol will ignore the CE bit wee 0 CE bit no congestion Total length 333 bytes Identification 41 Flags 0X Oa 0 last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum 3623 correct Source address 192 168 2 2 Destination address 192 168 1 1 No options may fragment SSaS4 UDP Header Source port 67 BootPs DHCP Destination port 67 BootPs DHCP Length 313 Checksum Al1F8 correct 305 byte s of data Bie Sea DHCP Header Boot record type 2 Request Hardware address type 1 10Mb Ethernet Hardware address length 6 bytes Hops 0 Transaction id 000005F4 Elapsed boot time 0 seconds lags 8000 T F Tani megus a eera Broadcast IP datagrams Client self assigned IP address 0 0 0 0 Client IP address 192 168 1 2 Next Server to use in bootstrap Relay Agent 192 168 1 1 Client hardware address 0005DCF2C441 T EE FI IS TDS EI SEQ FEE ST T EE F 0 0 0 0 Host name Boot file name http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 30 of 45 DHCP Vendor Information tag 63825363 DHCP Message Type 2 DHCP Offer DHCP Server IP address 192 168 2 2 DHCP Request IP addre
64. sed boot time 0 seconds lags 8000 T Shale R SENA E nS Broadcast IP datagrams ient self assigned IP address 0 0 0 0 ient IP address 0 0 0 0 ext Server to use in bootstrap Relay Agent 0 0 0 0 Client hardware address 0005DCC9C640 ZAaaraAr 0 0 0 0 Host name Boot file name Vendor Information tag 63825363 Message Type 3 DHCP Request Maximum message size 1152 Client identifier 00636973636F2D303030352E646363392E633634302D564C31 Server IP address 192 168 1 1 Request specific IP address 192 168 1 2 Request IP address lease time 85535 seconds Parameter Request List 7 entries 1 Client s subnet mask 66 TFTP Option 6 Domain name server 3 Routers on the client s subnet 67 Boot File Option 12 Host name server 150 Unknown Option Class identifier 646F63736973312E30 Option overload 3 File and Sname fields hold options Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 4 192 168 1 1 255 255 255 255 331 0 01 26 844 0 014 658 05 07 2001 11 52 Message type DHCP Ack LC Le LC LC LC iC SSR DLC Header Frame 57 arrived at 11 52 03 8440 frame size is 331 014B hex bytes Destination BROADCAST FFFFFFFFFFFF Broadcast Source Station 0005DCC42484 U er E A Oe ee ee E E E E E E 5 a E R E ee ea N A ed T RE ee LC Ethertype
65. ss lease time 172571 seconds DHCP Address Renewel interval 86285 seconds DHCP Address Rebinding interval 150999 seconds DHCP Subnet mask 255 255 255 0 DHCP Domain Name Server address 192 168 10 1 DHCP Domain Name Server address 192 168 10 2 DHCP NetBIOS Server address 192 168 10 1 DHCP NetBIOS Server address 192 168 10 3 DHCP Domain name cisco com DHCP BSS SS Sy SS SS eS SS eS Sy e Frame 3 DHCPREQUEST Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 3 192 168 1 1 192 168 2 2 618 0 00 51 240 0 025 974 05 31 2001 07 02 54 Message type DHCP Request Le SSeS DLC Header LC LC Destination Station OOO5DCOBF2F4 LC Source Station 003094248F72 iC Ethertype 0800 IP Ba SSS IP Header Version 4 header length 20 bytes Type of service 00 000 routine O normal delay 0 normal throughput 0 normal reliability 0 ECT bit transport protocol will ignore the C lt 0 CE bit no congestion Total length 604 bytes Identification 54 Flags 0X O may fragment O last fragment Fragment offset 0 bytes Time to live 255 seconds hops Protocol 17 UDP Header checksum 3507 correct Source address 192 168 1 1 Destination address 192 168 2 2 No options PiE ee Oe ee e e O E E D EA KEA NA R RA O
66. the access list will provide the same debug information but with the packet detail in hex To determine the contents of the packet the packet will need to translated An example is given in Appendix A http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 44 of 45 Keywords Entered after the ip dhcp pool command option option_number ASCII are in Double Quotes A Cisco router with a DHCP option with the option number configured can encounter a failure if it tries to parse the URL because any keywords entered after the ip dhep pool command option option number ASCII are in double quotes after the router is reloaded This behavior is seen on devices that run the IOS 12 4 17a which is a known bug and is documented in CSCsk96976 registered customers only This issue is resolved in IOS versions 12 4 17b 12 4 18a and later and 12 4 19 T1 Appendix A IOS DHCP Sample Configuration The DHCP server database is organized as a tree The root of the tree is the address pool for natural networks branches are subnetwork address pools and leaves are manual bindings to clients Subnetworks inherit network parameters and clients inherit subnetwork parameters Therefore common parameters for example the domain name should be configured at the highest network or subnetwork level of the tree For more information on how
67. ths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 21 of 45 ARP Sender s protocol address 192 168 1 2 ARP Target hardware address FFFFFFFFFFFFE ARP Target protocol address 192 168 1 2 ARP ARP 18 bytes frame padding ARP Sh ty Gee ee es ee ee ee Frame 6 ARP Frame Status Source Address Dest Address Size Rel Time Delta Time Abs Tim 6 0005DCC9C640 Broadcast 60 0 01 27 355 0 508 778 05 07 2001 11 52 04 AM ARP HA 0005DCC9C640 PRO IP DOi DLC Header n Destination BROADCAST FFFFFFFFFFFF Broadcast Source Station 0005DCC9C640 Ethertype 0806 ARP Le oe E GOGO U ARP RARP frame 18 bytes frame padding By ee te i i oo oe R RP RP Hardware type 1 10Mb Ethernet RP Protocol type 0800 IP RP Length of hardware address 6 bytes RP Length of protocol address 4 bytes RP Opcode 2 ARP reply RP Sender s hardware address 0005DCC9C640 RP Sender s protocol address 192 168 1 2 RP Target hardware address FFFFFFFFFFFF RP Target protocol address 192 168 1 2 RP RP RP Frame 59 arrived at 11 52 04 3557 frame size is 60 003C hex bytes Decoding Sniffer Trace of DHCP Client and Server Separated by a Router that is Configured as a DHCP Relay Agent DHCP Client and Server separated by router configured as DHCP Relay Agent Router w
68. ting DHCP always attempt to forward DHCP UDP broadcasts to the DHCP server s IP address as shown below l version 12 0 service timestamps debug uptime service timestamps log uptime no service password encryption no service dhcp 2 This configuration command will disable all DHCP server and relay functiona l hostname router interface Ethernet0O ip address 192 168 2 1 255 255 255 0 no ip directed broadcast 3 This configuration will prevent translation of a directed broadcast to a phi interface Ethernetl 1 DHCP client workstations reside of this interface ip address 192 168 1 1 255 255 255 0 ip helper address 192 168 2 255 4 IP helper address pointing to DHCP server s subnet no ip directed broadcast line con 0 exec timeout 0 0 transport input none line aux 0 ine vty 0 4 login end http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 38 of 45 H Subscriber Identification 82 Option Turned On The DHCP relay agent information option 82 feature enables the DHCP relay agents Catalyst switches to include information about itself and the attached client when it forwards DHCP requests from a DHCP client to a DHCP server The DHCP server can use this information to assign IP addresses perform access control
69. to use the IP address DHCPACK After the DHCP server receives the DHCPREQUEST it acknowledges the request with a DHCPACK message thus completing the initialization process The DHCPACK message has a source IP address of the DHCP server and the destination address is once again a broadcast and contains all the parameters that the client requested in the DHCPREQUEST message When the client receives the DHCPACK it enters into the Bound state and is now free to use the IP address to communicate on the network Meanwhile the DHCP server stores the lease in its database and uniquely identifies it using the client identifier or chaddr and the associated IP address Both the client and server will use this combination of identifiers to refer to the lease The client identifier is the Mac address of the device plus the media type Before the DHCP client begins using the new address the DHCP client must calculate the time parameters associated with a leased address which are Lease Time LT Renewal Time T1 and Rebind Time T2 The typical default LT is 72 hours You can use shorter lease times to conserve addresses if needed DHCPNAK If the selected server is unable to satisfy the DHCPREQUEST message the DHCP server will respond with a DHCPNAK message When the client receives a DHCPNAK message or does not receive a response to a DHCPREQUEST message the client restarts the configuration process by going into the Requesting state The client
70. ur Multiple IP helper address entries on a single interface are supported as well as shown below version 12 0 service timestamps debug uptime service timestamps log uptime no service password encryption hostname router interface Ethernet0O ip address 192 168 2 1 255 255 255 0 no ip directed broadcast interface Ethernetl ip address 192 168 1 1 255 255 255 0 ip helper address 192 168 2 2 ip helper address 192 168 2 3 l IP helper address pointing to DHCP server no ip directed broadcast ine con 0 exec timeout 0 0 transport input none ine aux 0 ine vty 0 4 login end Cisco routers do not support load balancing of DHCP servers that are configured as DHCP Relay Agents Cisco routers forward the DHCPDISCOVER message to all the helper addresses mentioned http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Page 12 of 45 for that interface Having two or more DHCP servers to serve a subnet only increases the DHCP traffic as the DHCPDISCOVER DHCPOFFER and DHCPREQUEST DHCPDECLINE messages are exchanged between each pair of DHCP client and server Setting Manual Bindings There are two ways to set up manual bindings one is for the Windows host and the other is for non Windows hosts There are two different commands used to configure
71. xtensions for the BootP e RFC 2241 DHCP Options for Novell Directory Services e RFC 2242 Netware IP Domain Name and Information e RFC 2489 Procedure for Defining New DHCP Options DHCP uses a client server model where one or more servers DHCP servers allocate IP addresses and other optional configuration parameters to clients hosts upon client bootup These configuration parameters are leased by the server to the client for some specified amount of time When a host boots up the TCP IP stack in the host transmits a broadcast DHCPDISCOVER message in order to gain an IP address and subnet mask among other configuration parameters This http kbase cisco com paws servlet ViewFile 27470 100 xml convertPaths 1 8 7 2008 Cisco Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise N Page 5 of 45 initiates an exchange between the DHCP server and the host During this exchange the client passes through the several well defined states listed below 1 Initializing 2 Selecting 3 Requesting 4 Bound 5 Renewing 6 Rebinding In moving between the states listed above the client and server may exchange the types of messages listed in the DHCP Message Table below DHCP Message Table ee _ client is oa for PACPDISOOVER available DHCP servers puicrorrer server response to the DHCPOFFER client DHCPDISCOVER The client broadcasts to the server requesting 0x03 DHCPREQUEST offered parameters from one s
72. y the DHCP server will hear the broadcast and respond with a DHCPOFFER message If a DHCP server does not exist on the local subnet there must be a DHCP BootP Relay Agent on this local subnet to forward the DHCPDISCOVER message to a subnet that contains a DHCP server This relay agent can either be a dedicated host for example Microsoft Windows Server or router for example a Cisco router configured with interface level IP helper statements DHCPOFFER A DHCP server that receives a DHCPDISCOVER message may respond with a DHCPOFFER message on UDP port 68 BootP client The client receives the DHCPOFFER and moves into the Selecting state This DHCPOFFER message contains initial configuration information for the client For example the DHCP server will fill in the yiaddr field of the DHCPOFFER message with the requested IP address The subnet mask and default gateway are specified in the options field subnet mask and router options respectively Other common options in the DHCPOFFER message include IP Address lease time renewal time domain name server and NetBIOS name server WINS The DHCP server will send the DHCPOFFER to the broadcast address but will include the clients hardware address in the chaddr field of the offer so the client knows that it is the intended destination In the event that the DHCP server is not on the local subnet the DHCP server will send the DHCPOFFER as a unicast packet on UDP port 67 back to the DHCP BootP R
Download Pdf Manuals
Related Search