IOS DHCP Best Practices

Unanswered Question
Nov 17th, 2008
User Badges:

Hi Group,


I have a query regarding DHCP conflicts. One of our customer is using Cisco 4500 switches in Core/Distribution and these switches are running DHCP service as well. There is one DHCP Pool configured for IP Phones (172.21.17.0/24). Yesterday we got compalint from cutomer that IP Phones are not able to get IP address so I checked the primary 4500 switch and found 'DHCP conflict' log messages so I used ' claer ip dhcp conflict *' command and after that all IP Phones started getting ip addresses.


What could be the possible cause of this problem ? Should we disable logging of DHCP conflicts ?


Can we avoid such incident by using 'ip dhcp ping' command ? Kindly guide me in this reagrd.


Thanks in Advance.


Regards,


Mujeeb


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
royalblues Mon, 11/17/2008 - 22:53
User Badges:
  • Green, 3000 points or more

Are you using a database agent?


If not it is generally recommended to disable ip DHCP address conflicts.


By Default the DHCP server would send the ping packets twice. You might try increase the number of pings packets to be sent uising the ip dhcp ping command and also modify the wait timer


Narayan

rmujeeb81 Mon, 11/17/2008 - 23:37
User Badges:


Hi Narayan,


Thanks for response. No I am not using database agent( which I believe is an external storage media to store DHCP logs/conflicts ??).


So root cause of that problem was that most of ip addresses were in DHCP conflict list and DHCP was short of free IP addresses in the pool ??


Thanks in Advance.


Regards,


Mujeeb

Mohamed Sobair Mon, 11/17/2008 - 23:31
User Badges:
  • Gold, 750 points or more

Hi,


Have you checked if CDP is enabled on the Switch ports connected to IP-Phones or not?


If CDP disabled, the DHCP Server can't detect the IP-Phones, therfore wont assignt the correct IP address information, when CDP enabled, the DHCP server provides the correct Subnet information from the Voice vlan pool.


I would also set spanning-tree portfast on those Switchports.



Please refer to the bellow document:


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a00800f0804.shtml#renewing



HTH

Mohamed

rmujeeb81 Tue, 11/18/2008 - 00:06
User Badges:

Hi,


Actually DHCP pool is configured on core/distribution switch(4500) and IP Phones are directly connected with access layer switches (3560s) and cdp is enabled on all switches.


Regards,


Mujeeb

allan.thomas Tue, 11/18/2008 - 09:25
User Badges:
  • Blue, 1500 points or more

The database agent can also be used to store the dhcp binding on the local flash, this ensures that the bindings are not lost when the switch reloads:-


ip dhcp database flash://dhcp-binding


If the dhcp bindings are cleared, the client should request it's old address even if it is not present in the bindings.


Therefore all the IP Phones should request their previous IP address, and any subsequent or new addresses will only be offered an existing IP address by the 4500 if it does not receive a reply to see if that particular address is use.


However, in your case, as there is no bindings the DHCP server has logged address conflicts when using a ping session.


If you do not configure a database agent, then you should configure 'no ip dhcp conflict logging' in global config. The database agent would be the safest option.


Hope this helps.

Allan.


Pls rate helpful posts.

rmujeeb81 Tue, 11/18/2008 - 09:41
User Badges:

Hi,


I would like to add that DHCP pool on both primary and secondary switches is same. Primary switch is the root switch for most of the Vlans. Below is the log message for your reference,


%DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 172.21.17.185


Thanks & Regards,


Mujeeb


rmujeeb81 Wed, 11/19/2008 - 04:40
User Badges:


Hi Group,


I am still not able to find the root cause of that problem so please help me. Following information could be helpful to have a picture of LAN setup,


- 2*4500 are working in primary/secondary setup.

- Voice VLAN is 12 and DHCP pool for IP Phones is 172.21.17.0/24. Same DHCP pool is configured on both primary & seconadry switch.

- HSRP is running, Primary 4500 is 'Active' Router.

- Primary 4500 is root switch for VLAN 12.

- All edge switches are connected with primary and secondary 4500 except 2 switches which are cascaded with each other and one of them is only connected with secondary 4500 so root port is going towards secondary 4500. As per my understanding when IP phones which are connected with this edge switch will require IP Address from DHCP then they will broadcast the request. In the result broadcast traffic will actually flow through secondary 4500 to reach root switch but secondary switch is also running DHCP service with same DHCP pool so it will provide the IP Addresses to specific IP Phones. This setup could result in DHCP IP conflicts ??


Thanks & Reagrds,


Mujeeb

Actions

This Discussion