DHCP debug

Answered Question
Oct 24th, 2007
User Badges:

I am having an issue with DHCP. I am using a cisco 1710 (one fastethernet and one ethernet) on my network. I live in an apartment where my ISP provides me a direct ethernet line to them. Everyone in the appartment gets an ethernet line. The ISP runs a DHCP server and supplies everyone at the appartment with their own IP.


Recently, I turned on the dhcp service to provide addresses to my LAN. A couple days later my ISP blocked my connection saying I was giving out IP addresses on their network. From what I can tell, my router is receiving requests but not handing out IPs. I'm not sure if by seeing the traffic if it does any responses at all. From what they[ISP] have told me, the router is seeing the DHCP requests but not giving anyone an IP. However, this is causing other computers on the network to not get an IP at all. All need to figure out what the issue is. The following is my configuration with comments and the debug. Any help would be highly appreciated.


Debug:

The 208.x.x.180 is the DHCP assigned address to my ethernet (WAN) port.


Router#debug ip dhcp server events

Router#debug ip dhcp server packet

*Apr 7 17:10:00.507: DHCPD: DHCPINFORM received from client 0100.0ae4.d408.97 (208.x.x.82).

*Apr 7 17:10:00.507: DHCPD: Finding a relay for client 0100.0ae4.d408.97 on interface Ethernet0.

*Apr 7 17:10:00.507: DHCPD: Seeing if there is an internally specified pool class:

*Apr 7 17:10:00.507: DHCPD: htype 1 chaddr 000a.e4d4.0897

*Apr 7 17:10:00.507: DHCPD: remote id 020a0000d02df1b400000000

*Apr 7 17:10:00.511: DHCPD: circuit id 00000000

*Apr 7 17:10:00.511: DHCPD: there is no pool for 208.xx.xx.180.

*Apr 7 17:10:03.511: DHCPD: DHCPINFORM received from client 0100.0ae4.d408.97 (208.x.x.82).

*Apr 7 17:10:03.511: DHCPD: Finding a relay for client 0100.0ae4.d408.97 on interface Ethernet0.

*Apr 7 17:10:03.511: DHCPD: Seeing if there is an internally specified pool class:

*Apr 7 17:10:03.511: DHCPD: htype 1 chaddr 000a.e4d4.0897

*Apr 7 17:10:03.511: DHCPD: remote id 020a0000d02df1b400000000

*Apr 7 17:10:03.511: DHCPD: circuit id 00000000

*Apr 7 17:10:03.511: DHCPD: there is no pool for 208.xx.xx.180.

*Apr 7 17:10:23.003: DHCPD: checking for expired leases.

*Apr 7 17:11:18.047: DHCPD: DHCPINFORM received from client 0100.0ae4.d408.97 (208.x.x.82).

*Apr 7 17:11:18.047: DHCPD: Finding a relay for client 0100.0ae4.d408.97 on interface Ethernet0.

*Apr 7 17:11:18.047: DHCPD: Seeing if there is an internally specified pool class:

*Apr 7 17:11:18.051: DHCPD: htype 1 chaddr 000a.e4d4.0897

*Apr 7 17:11:18.051: DHCPD: remote id 020a0000d02df1b400000000

*Apr 7 17:11:18.051: DHCPD: circuit id 00000000

*Apr 7 17:11:18.051: DHCPD: there is no pool for 208.xx.x.180.



Configuration:


Router#show run

Building configuration...


Current configuration : 1117 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

!

no ip dhcp use vrf connected

!

ip dhcp pool internal_DHCP

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 38.9.212.2

!

!

ip cef

ip name-server

!

!

!

!

!

!

!

!

!

!

interface Ethernet0

description =====WAN=====

mac-address

ip address dhcp hostname

ip access-group 101 out

ip nat outside

ip virtual-reassembly

half-duplex

no keepalive

fair-queue

no cdp enable

!

interface FastEthernet0

description =====LAN=====

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

!

ip route 0.0.0.0 0.0.0.0 208.x.x.1

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface Ethernet0 overload

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 101 permit ip any any

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

login

!

end


Router#


Correct Answer by bbayer about 9 years 8 months ago

Hi,

I have never seen a router hand out addresses for the wrong network before.

I think you need to block inbound DHCP requests on your Ethernet0 interface. If I were you I would also set up the IOS firewall on your Ethernet0 interface. Try pasting this into your router: (you will need at the advanced security feature set)


conf t

int e0

no ip access-group 101 out

exit

no access-list 101

access-list 101 permit udp any eq bootps any eq bootpc

access-list 101 deny ip any any

ip inspect name FW http

ip inspect name FW ftp

ip inspect name FW udp router-traffic

ip inspect name FW tcp router-traffic

int e0

ip inspect FW out

ip access-group 101 in

no fair-queue

end

wr



This should allow your router to get a DHCP address from your provider and prevent your neighbors from seeing ANYTHING on your network.


Brian ": )

CCIE #14105


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
bbayer Thu, 10/25/2007 - 22:32
User Badges:

Hi,

I have never seen a router hand out addresses for the wrong network before.

I think you need to block inbound DHCP requests on your Ethernet0 interface. If I were you I would also set up the IOS firewall on your Ethernet0 interface. Try pasting this into your router: (you will need at the advanced security feature set)


conf t

int e0

no ip access-group 101 out

exit

no access-list 101

access-list 101 permit udp any eq bootps any eq bootpc

access-list 101 deny ip any any

ip inspect name FW http

ip inspect name FW ftp

ip inspect name FW udp router-traffic

ip inspect name FW tcp router-traffic

int e0

ip inspect FW out

ip access-group 101 in

no fair-queue

end

wr



This should allow your router to get a DHCP address from your provider and prevent your neighbors from seeing ANYTHING on your network.


Brian ": )

CCIE #14105


pcexhaust Sat, 10/27/2007 - 07:22
User Badges:

Thank you for your reply. I have added your configuration to my router. When I enable the same debugging as before, I only get:

*Apr 8 11:52:47.550: DHCPD: checking for expired leases.

*Apr 8 11:54:47.550: DHCPD: checking for expired leases.

*Apr 8 11:56:47.550: DHCPD: checking for expired leases.


So, it looks like the issue is fixed!

Actions

This Discussion