DHCP configuration is a common content in the work of network workers. When configuring DHCP, what common errors will occur, and how to solve them?
Common error 1: The IP address obtained by the client conflicts with the IP address of other clients
| Possible Causes |
Other hosts on the network manually configure IP addresses, but the DHCP server deployment does not exclude this IP address from the address pool, which will cause conflicts. |
| Positioning idea |
Disable the network card of the client or disconnect the network cable, perform a ping operation from another host, and check whether the host with the IP address already exists in the network. If a response is received, it means that the IP address has been manually configured. |
| Solution |
▶ Modify the IP address of the manually configured host; ▶ Exclude conflicting addresses in the DHCP server address pool. When the device functions as a DHCP server and an interface-based address pool is configured, run the command dhcp server excluded-ip-address; when the device functions as a DHCP server and a global address pool is configured, run the command excluded-ip-address. ▶Release the conflicting IP address on the client and reapply for the IP address (take Windows 7 PC as an example, run cmd to enter the DOS environment, execute the command ipconfig/release to release the IP address; then execute the command ipconfig/renew to reapply for the IP address) . ▶In order to avoid IP address conflicts obtained by clients, you can configure the conflict detection function when assigning IP addresses on the DHCP server. After detecting address conflicts, other available IP addresses will be assigned. |
| Conflict detection function specific configuration reference |
Steps: ▶Execute the command system-view to enter the system view. ▶ Execute the command dhcp server ping packet number to configure the number of conflict detections when the device assigns an IP address. ▶By default, the number of conflict detections when the device assigns an IP address is 2. ▶ Execute the command dhcp server ping timeout milliseconds to configure the maximum waiting time for each conflict detection when the device assigns an IP address. ▶By default, the maximum waiting time for each conflict detection when the device assigns an IP address is 500 milliseconds. |
Common error 2: The client cannot obtain an IP address from the DHCP server
There are five possible situations that cause the client to fail to obtain an IP address from the DHCP server. The reasons and solutions for the five situations are shared below.
| Possible reason one |
The DHCP function is not enabled. |
| Positioning idea |
In the user view, run the display current-configuration | include dhcp enable command to check whether the DHCP function is enabled. If nothing is displayed, it means that the DHCP function is not enabled. |
| Solution |
In the system view, run the dhcp enable command to enable the DHCP function. By default, the DHCP function is disabled in the system. |
| Possible reason two |
The configuration is incorrect. |
| Positioning idea |
①For DHCP server: a. Check whether the address pool of the network segment where the client is located is configured on the DHCP server (execute the display ip pool command), and check whether the configuration is correct. b. In the view of the interface connected to the client side, run the display this command to check whether the DHCP server function is enabled on the interface. c. If there is a relay between the server and the client, check whether the route to the network segment where the client is located is configured on the DHCP server. ② For DHCP relay: a. Check whether the DHCP relay configuration is correct (execute the display dhcp relay command). b. In the view of the interface connected to the client, run the display this command to check whether the DHCP relay function is enabled on the interface. |
| Solution |
Change the configuration or deployment of a DHCP server or relay |
| Possible reason three |
There are no addresses available for allocation in the address pool. |
| Positioning idea |
Run the display ip pool command to check whether there are available IP addresses in the address pool. The Idle(Expired) field in the displayed information indicates the number of idle IP addresses in the address pool. If it is displayed as 0, it means that there is no address available for allocation in the address pool. |
| Solution |
Determine the number of clients in the network: ①If the number of clients is more than the number of addresses available for allocation in the address pool, the address range in the address pool needs to be enlarged: a. Run the command ip address ip-address { mask | mask-length } in the interface view to increase the address range by reducing the mask length. b. Execute the command network ip-address [ mask { mask | mask-length } ] under the global address pool to increase the address range by reducing the mask length. ②如果客户端数目小于地址池中可供分配的地址数目,需要降低地址租期以保证未使用的IP能够及时回收,自动回收功能的配置详见(可选)配置地址池中冲突地址的自动回收功能。 |
| 可能原因四 |
某些无盘工作站的上层接入设备上开启了STP功能。 |
| 定位思路 |
客户端发送DHCP请求报文的超时时间小于STP收敛的时间,会导致服务器无法接收DHCP请求报文,从而无法为无盘工作站分配IP地址。 |
| 解决办法 |
在上层接入设备上关闭STP功能。 |
| 可能原因五 |
网络中其他主机手工配置了IP地址,DHCP服务器部署没有把此IP地址从地址池中排除出去,造成IP地址冲突。 |
| 定位思路 |
禁用客户端的网卡或断开网线,从另外一台主机上执行ping操作,检查网络中是否已经存在该IP地址的主机。如果收到响应,说明此IP地址已经被手工配置。 |
| 解决办法 |
①修改手工配置的主机的IP地址。 ②在DHCP服务器地址池中排除冲突的地址。设备作为DHCP服务器并配置了基于接口方式的地址池时,执行命令dhcp server excluded-ip-address;设备作为DHCP服务器并配置了基于全局方式的地址池时,执行命令excluded-ip-address。 ③在客户端上释放冲突的IP地址并重新申请IP地址(以Windows 7的PC为例,运行cmd进入DOS环境,执行命令ipconfig/release释放IP地址;然后执行命令ipconfig/renew重新申请IP地址)。 为避免客户端获取的IP地址冲突,可以在DHCP服务器上配置分配IP地址时的冲突探测功能,探测到地址冲突后,会分配其他可用的IP地址。 |
常见情况三:客户端从DHCP服务器获取IP地址慢
当客户端从DHCP服务器获取IP地址慢,我们要如何接解决呢?
| 可能原因一 |
网络中存在其他DHCP服务器。 |
| 定位思路 |
同网段内如果存在多个DHCP服务器,客户端会接收第一个回应报文的DHCP服务器的消息。 |
| 解决办法 |
在客户端的上行接入设备上配置DHCP Snooping功能,使客户端仅接收信任的DHCP服务器消息,避免从其他DHCP服务器获取IP地址。 |
| 可能原因二 |
广播流量抑制。 |
| 定位思路 |
检查客户端和DHCP服务器之间链路上是否配置了广播流量抑制。由于DHCP请求报文是广播的,如果网络中广播报文超过了之前配置的阈值,会造成DHCP请求报文被丢弃。 |
| 解决办法 |
根据业务实际情况调整广播流量抑制的阈值,以不影响业务的下限为好。 |
| 可能原因三 |
恶意攻击。 |
| 定位思路 |
执行命令display cpu-defend statistics查看DHCP服务器上送CPU报文的统计信息,发现出现大量DHCP报文被丢弃,且分析报文发现同一时间DHCP报文由同一个MAC地址发出,可以确定该MAC地址为DHCP泛洪攻击源。 |
| 解决办法 |
将此MAC地址列为黑名单。 |
| 可能原因四 |
DHCP服务器/中继上使能了STP功能。 |
| 定位思路 |
STP功能缺省处于使能状态,DHCP服务器/中继如果使能了STP功能,可能会造成地址分配较慢。 |
| 解决办法 |
如果确认不需要使能STP功能,可以执行命令undo stp enable去使能STP功能。 |
以上希望对你有帮助。
感谢你的关注+点赞+收藏!