This article will outline several common issues related to DHCP.
- Case 1: DHCP Server and DHCP Client are in the same VLAN
1. Locate a client that is not working. Determine its MAC address.
1-1. Find the port that this client is connected to, then run show fdb port port_number
exos-switch # show fdb ports 1
MAC VLAN Name(
Tag) Age Flags Port / Virtual Port
List
------------------------------------------------------------------------------
00:04:16:52:f6:ef vlan100(0128) 0000 d
mi S 1
1-2. Is the MAC address learned in the correct VLAN?
If yes, skip to Step 2. If not, check the items below.
- Is the port active?
show ports no-refresh
show ports 1 no-refresh
- Is the VLAN tagging correct on the port?
show vlan vlan_number
show ports 1 information detail
- Is the client directly connected, or is there something else in between?
2. Configure the test client with a static IP address in the correct subnet.
- Is the test client able to ping the DHCP server? If not, there is a
connectivity issue to the DHCP server.
- Repeat the troubleshooting from Step 1 for the DHCP server. If this
is correct on both ends, verify the VLAN configuration and tagging on all
switches between the client and DHCP server.
3. If the client is able to reach the DHCP server with a static IP address, take a packet capture
on both the client and the DHCP server to determine where the DHCP process is breaking down.
In Wireshark, a display filter can be applied to view just DHCP
traffic for one specific client. The syntax of this filter is
bootp.hw.mac_addr == client_mac_address.
* Related posts:
Wireshark Display Filter Examples
If the DHCP server sees the Request or Offer come in, but does not respond, ensure that the DHCP scope is configured correctly.
If the client never sends a Request or Offer, ensure that DHCP is enabled on the client.
-
Case 2: DHCP Server and DHCP Client are in separate VLANs
1. Locate a client that is not working. Determine its MAC address.
1-1. Find the port that this client is connected to, then run show fdb port port_number- Is the MAC address learned in the correct VLAN? If yes, skip to Step 2. If not check the items below.
- Is the port active?
- Is the VLAN tagging correct on the port?
- Is the client directly connected, or is there something else in between?
2. Determine where routing is happening for the client's VLAN.
On the router for the VLAN, check to see if
bootprelay is enabled for both
the client and server VLANs.
show bootprelay
show config nettools
3. If bootprelay is not configured, configure it pointing to the DHCP server.
4. If bootprelay is configured correctly, verify that IP forwarding is enabled on both the client and server VLANs.
The output of
show vlan
should show an
f flag for
these VLANs.
If this is not enabled, enable IP forwarding on both VLANs.
If this is not enabled, enable IP forwarding on both VLANs.
5. If IP forwarding is enabled, verify that the DHCP server is reachable from the client VLAN.
On the switch, you can specify the source address for a ping with the
command
ping DHCP_server from IP_of_client_VLAN.
If this is not successful, repeat the test from the server VLAN. If this
fails, there is likely a layer 2 connectivity issue to the server. Verify
the same information from Step 1 for the DHCP server, as well as the
VLAN configuration and tagging for the switches along the path to the
server.
6. In the router for the VLAN, confirm that the client's MAC address is present in the FDB with the command show fdb client_MAC_address.
If this is not present, there is likely a layer 1 or layer 2 issue between
the edge switch and the router. Verify tagging for this VLAN along the
downstream switches.
7. Take a packet capture on both the client and the server to determine where the DHCP process is failing.
In Wireshark, a display filter can be applied to view just DHCP
traffic for one specific client. The syntax of this filter is bootp.hw.mac_addr == client_mac_address. The DHCP traffic seen on the server should be sent unicast, with the
source address being the router's IP address in the client VLAN.
7-1. If the DHCP server sees the Request or Offer come in, but does not respond, ensure that the DHCP scope is configured correctly.
7-2. If the client never sends a Request or Offer, ensure that DHCP is enabled on the client.
※ Additional notes
show port port# info detail command can be used to check the VLANs present on a port, and the tagging. An untagged VLAN will show "Internal Tag" in this output, while a tagged VLAN will show "802.1Q Tag".In the example below, VLAN Default is present untagged on this port, and VLAN voip
is present with a tag of 100.
exos-switch # show port 1 info detail
Port: 1
Virtual-router: VR-Default
Type:
UTP
Random Early drop:
Unsupported
Admin state: Enabled
with auto-speed sensing auto-duplex
Link State: Ready
Link Ups: 0
Last: --
Link Downs: 0
Last: --
VLAN cfg:
Name:
Default,
Internal Tag = 1,
MAC-limit = No-limit, Virtual router: VR-Default
Name:
voip, 802.1Q Tag = 100,
MAC-limit = No-limit, Virtual router: VR-Default
Port-specific VLAN ID: 100
- Case 3: Duplicate IP address is detected
※ Note
The IPv4 DAD feature is deprecated in EXOS 30.1. There is no other feature that provides periodic IPv4 GARP. The best way to detect duplicate IP addresses is probably ACL counters or packet captures.
✓ Symptoms
- A client system is getting an alert with 'Windows has detected an IP
address conflict.'
- When issuing the command
show iparp
or
show iparp 0.0.0.0, a duplicate IP address is seen, and it is unsure where the
conflicting IP is located and how many times the detection is occurring.
exos-switch # show iparp 0.0.0.0
VR Destination
Mac
Age Static VLAN
VID Port
Dynamic Entries : 343
Static Entries
:
0
Pending Entries :
3
In Request : 224859665
In Response
: 1873263
Out Request : 22162377
Out Response
: 121131715
Failed Requests : 3381061
Proxy Answered :
0
Rx Error :
0
Dup IP Addr
: 10.10.15.1
Rejected Count : 59214
Rejected IP
:
169.254.60.22
Rejected Port : 7:34
Rejected I/F
: workstation
Max ARP entries : 8192
Max ARP pending entries
: 256
ARP address check: Enabled
ARP refresh
: Enabled
Timeout :
20 minutes ARP Sender-Mac
Learning : Disabled
Locktime :
1000 milliseconds
Retransmit Time : 1000
milliseconds
Reachable Time : 900000 milliseconds
(Auto)
Fast Convergence : Off
1. Enable DAD detection feature using the following command.
configure ip dad [off | on | {on} attempts max_solicitations]
{{vr} vr_name | vr all}
exos-switch # configure
ip dad on vr all
2. Issue the command 'show ip dad' and check the Interface Failures account.
The output will look as follows and show the incrementing VLAN in which
the duplicate is occurring, the MAC address from where the IP is
duplicated, and the duplicate IP:
exos-switch # show ip dad
IPv4 Duplicate Address Detection
DAD Status
: On
Max Solicitation Attempts : 1
Virtual Router Interface
Flags IP
Address
Conflict MAC
Failures
--------------------------------------------------------------------------------
VR-Default
Default
-PE-U 10.10.1.103
00:00:00:00:00:00 0
VR-Default
servers
-PE-U 10.10.10.1
f4:cf:e2:47:c2:00 0
VR-Default
storage
TPE-- 10.10.11.1
00:00:00:00:00:00 0
VR-Default video
-PE-U
10.10.4.1
f4:cf:e2:47:c2:00 0
VR-Default voice
-PE-U
10.10.5.1
f4:cf:e2:47:c2:00 0
VR-Default
wireless
-PE-U 10.10.15.1
f4:cf:e2:47:c2:00 175
VR-Default
workstation -PE-U
10.10.101.1
f4:cf:e2:47:c2:00 191
3. Check the logs and confirm the duplicate IP address.
The log will also confirm the same and populate when the duplicate IP
is detected:
10/25/2015 17:32:23.24 <Erro:vlan.dad.IPAddrDup> Slot-7:
10.10.15.1 on interface wireless is Duplicate. Neighbor
F4:CF:E2:47:C2:00 has the same IP Address
10/25/2015 17:32:23.24 <Erro:vlan.dad.IPAddrDup> Slot-7:
10.10.101.1 on interface workstation is Duplicate. Neighbor
F4:CF:E2:47:C2:00 has the same IP Address
4. Disable DAD detection feature using the following command.
configure ip dad [off | on | {on} attempts max_solicitations]
{{vr} vr_name | vr all}
exos-switch # configure
ip dad off
configure ip dad [off | on | {on} attempts max_solicitations]
{{vr} vr_name | vr all}
exos-switch # configure
ip dad off
* Related Articles:
Extreme Switch - How to create an ACL in EXOS
* References:
DHCP server sending DHCPNAK packets
DHCP Clients sending DHCPDECLINE packets
How to apply a bootprelay dhcp server to a specific VLAN
How to configure bootprelay
DHCP Clients sending DHCPDECLINE packets
How to apply a bootprelay dhcp server to a specific VLAN
How to configure bootprelay
where is the "How to apply a bootprelay dhcp server to a specific VLAN " please update link
ReplyDelete