I am porting this old blog of mine from personal blog.
It quite common to see a Cisco Switch or a Router being used as a DHCP server, generally in a small office or a remote branch office, where there is no need of a dedicated DHCP server.
If you are managing one such network, you may have run into a issue, where clients fail to get an IP from the Cisco Switch/Router. If you are lucky, you might get the Syslogs showing a lot of IP conflicts being logged. That will be your hint. A Most often that not, you may not see anything in the logs, if the conflicts are old or if logging is incorrectly setup.
I came across one such case during my tenure at Cisco as a TAC engineer with Cisco LAN Switching, The customer, unlike many others, was a curious being and wanted to dig deeper and find out why its happening.
NOTE: The term “server” will be used to refer the Switch or the Router, which has the active DHCP Server service.
So first thing I did was to run a dhcp debug on the switch ( cmd : debug dhcp server events). And we observed something interesting.
A. DHCP Request was received at Switch from the Client
B. DHCP Assignment Failed stating that the Pool is exhausted.
Next I check the DHCP Pool Statistics to see why such a big pool is exhausted.
The IPs from the pool would be excluded when a duplicate IP is found or a conflict is detected. So next I check the IP conflicts, and see that the a lot of address are under conflict.
Hence I cleared the DHCP conflicts and the excluded IPs from the pool were available in the Pool again !
So what was happening here ?
The DHCP Server sends and ICMO Echo to the IP address it intends to allocate to a client before replying to the DHCP request. If it receives ICMP Echo Reply message to its ping, then the IP address is obviously in use by another client. And hence the DHCP server tries the next available address from the pool and so on, till it finds a free IP which can assigned to the requesting client.
If the DHCP conflict logging feature is enabled (which is default), then the server will log the conflict with a syslog message and puts the address on the list of conflicts. The addresses on that list (displayed with show ip dhcp conflict) are not used in the future. To reuse a conflicting address, the network admin has to manually clear it from conflict the list with the “clear ip dhcp conflict” cmd.
1. Turn off conflict logging
DHCP Database agents are basically any storage location like FTP, TFTP server or a storage media on the server itself. The DHCP agents are used for storing the DHCP lease info like addresses leased, lease expiry, client MAC etc.
If you don’t use DHCP agents, then it’s best to turn off conflict logging with the “no ip dhcp conflict logging” configuration command.
The DHCP conflict logging makes sense if the router uses external DHCP agents to store the DHCP binding database, otherwise any addresses that is allocated prior to a router reload would be reported as conflicts after the bindings are lost !
NOTE: Even with conflict logging disabled, there’s no DHCP functionality loss and no chance of duplicate address allocation, as the server would still check whether an IP address is being used by another client before allocating it ! 🙂
The more recent Cisco IOS have auto conflict clearing command ” ip dhcp conflict resolution”, which will check for conflicts at regular intervals of time and clear them automatically.
2. Optimize the lease time
You can configure a lease time of 8-10 hours for DHCP client ( as that’s is generally the working office hours !) Which will ensure that the clients renew the DHCP IPs every 8-10 hours, so that there is a lesser probability of clients retaining a stale entry and creating a conflict.
3. Ignore the BOOTP requests
Configure the following command to prevent BOOTP requests from getting an IP from the DHCP server. By Default, the BOOTP leased IPs do not have a lease time expiry. Hence any client which uses BOOTP instead of DHCP, will fetch an IP and will retain it for infinite time.
cmd : “ip dhcp bootp ignore”
Hope it helps !
Until next time….. Cheers !