IOS DHCP Best Practices

Unanswered Question
Nov 17th, 2008
User Badges:

Hi Group,


I have a query regarding DHCP conflicts. One of our customer is using Cisco 4500 switches in Core/Distribution and these switches are running DHCP service as well. There is one DHCP Pool configured for IP Phones (172.21.17.0/24). Yesterday we got compalint from cutomer that IP Phones are not able to get IP address so I checked the primary 4500 switch and found 'DHCP conflict' log messages so I used ' claer ip dhcp conflict *' command and after that all IP Phones started getting ip addresses.


What could be the possible cause of this problem ? Should we disable logging of DHCP conflicts ?


Can we avoid such incident by using 'ip dhcp ping' command ? Kindly guide me in this reagrd.


Thanks in Advance.


Regards,


Mujeeb





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.

Mujeeb


I would check the following:-


1) The sixe of the pool, does it have enought IP addresses for the amount of devices?


2) The lease time, if it's to long, they will not free up quick enough


3) Debug the DHCP to make sure the IP phones are actually sending a relase when they have finished with the IP address.


4) Make sure you only have phones requesting IP's from the DHCP pool.


5) If you have PC's on the LAn - check that the RAS service is disabled, as if the service is enabled on the PC'S - when the RAS service see's a DHCp server available - it will grab an extra 2 ip addresses....just in case a device connects to it.....Microsoft :o(


If all else fails - install a windows DHCP server - then hand over the head ache to the server team!!!!!!


HTH>

rmujeeb81 Wed, 11/19/2008 - 23:55
User Badges:


Hi Andrew,


Here is the setup of our client,


- 2*4500 are working in primary/secondary setup.

- Voice VLAN is 12 and DHCP pool for IP Phones is 172.21.17.0/24. Same DHCP pool is configured on both primary & seconadry switch.

- HSRP is running, Primary 4500 is 'Active' Router.

- Primary 4500 is root switch for VLAN 12.

- All edge switches are connected with primary and secondary 4500 except 2 switches which are cascaded with each other and one of them is only connected with secondary 4500 so root port is going towards secondary 4500. As per my understanding when IP phones which are connected with this edge switch will require IP Address from DHCP then they will broadcast the request. In the result broadcast traffic will actually flow through secondary 4500 to reach root switch but secondary switch is also running DHCP service with same DHCP pool so it will provide the IP Addresses to specific IP Phones. This setup could result in DHCP IP conflicts ??


Regards,


Mujeeb


Mujeeb,




To answer your question "his setup could result in DHCP IP conflicts ??" - YES. DHCP servers do not work in primary and secondary setup's. This is your issue - if either device recevies a DHCP request, they will answer, which is why you have dhcp conflicts.


If you must 2 DHCP servers, split the subnets between the 2 devices, and configure opposite DHCP exculsions i.e.:-


4500(1)


ip dhcp excluded-address 192.168.2.1 192.168.2.254

ip pool test

network 192.168.1.0 255.255.254.0 (uses .1 & .2 for the ip range)


The above only allocates IP's from 192.168.1.1 to 192.168.1.254


4500(2)


ip dhcp excluded-address 192.168.1.1 192.168.1.254

ip pool test

network 192.168.2.0 255.255.254.0 (uses .1 & .2 for the ip range)


The above only allocates IP's from 192.168.2.1 to 192.168.2.254


HTH>


rmujeeb81 Thu, 11/20/2008 - 03:51
User Badges:

Hi,


What if all traffic would flow towards primary switch and only forward towards secondary switch in case of primary link/switch failure. So in that case secondary switch can provide IP Addresses from same pool without any problem ?


Regards,


Mujeeb

Mujeeb,


No - what is a DHCP request? It's a bootp BROADCAST?? What do switches do, what is their basic operating priciple? They forward ALL BROADCASTS?


At somepoint the secondary switch will recevie a DHCP request, even if it's not the primary switch, and when it recevies a request, it will send a DHCP offer, only after it has checked if the IP address is already in use. If it's in use = DHCP conflict = your problem.


Either have 1 DHCP server, or split the DHCP ranges between the 2 switches. Or have a Windows server be the DHCP server, which is reachable from both switches at layer 3 if both or 1 is on-line.


HTH>



rmujeeb81 Thu, 11/20/2008 - 04:15
User Badges:


Hi,


Means, even if primary switch/link will not fail and some new IP Phone/PC connected to network then there is chance that DHCP broadcast packets hits to secondary switch and secondary switch will try to assign IP address.


What about using 'no ip dhcp conflict logging' ? would it help me in current setup ?


Thanks & Regards,


Mujeeb

Actions

This Discussion