• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 539
  • Last Modified:

Cisco IOS DHCP and Macintosh OS 9.0 -10.3 DHCP problem

Hello,

My first question...

We have a Cisco Router running NAT and DHCP.  It serves a network of PC's, Macintoshes, PC's behind routers, and Macintoshes behind routers.  All machines work fine except those Macintosh computers that are not behind a client router.  About every week or so they act like they cannot get their dhcp info fully or that they can get it but cant go outside the private network.  Here is the config of the DHCP part of the router (dns taken out, its working fine):

no ip dhcp conflict logging
ip dhcp excluded-address 172.16.20.2 172.16.21.45
ip dhcp excluded-address 172.16.23.1 172.16.23.254
!
ip dhcp pool cap2_ccu1
   network 172.16.20.0 255.255.252.0
   dns-server ???.???.???.??? ???.???.???.???
   default-router 172.16.20.1
   lease 0 2

The following commands were run during a time when this problem occours:

show ip dhcp binding (partial **** mark offending Macintosh assigned IP)
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
172.16.21.81        0100.0d61.5dc9.06       Nov 21 2004 04:49 PM    Automatic
172.16.21.83        0100.1111.43b1.cb       Nov 21 2004 04:54 PM    Automatic
172.16.21.98        0100.b0d0.f750.84       Nov 21 2004 05:04 PM    Automatic
172.16.21.99        0100.1111.2f77.5c       Nov 21 2004 04:33 PM    Automatic
172.16.21.121       0100.112f.484b.b2       Nov 21 2004 05:12 PM    Automatic
172.16.21.134       0100.0a5e.2de9.f4       Nov 21 2004 04:35 PM    Automatic
172.16.21.231       0100.0d88.3b66.54       Nov 21 2004 04:56 PM    Automatic
172.16.21.239       0100.80ad.c15e.54       Nov 21 2004 04:28 PM    Automatic
172.16.21.242       0100.1217.08b5.a3       Nov 21 2004 04:28 PM    Automatic
172.16.21.245       0100.1111.172f.00       Nov 21 2004 04:48 PM    Automatic
172.16.21.251       0100.08a1.242b.88       Nov 21 2004 04:31 PM    Automatic
172.16.21.252       0100.1111.1731.8d       Nov 21 2004 04:38 PM    Automatic
172.16.22.21        0100.40ca.83ac.40       Nov 21 2004 05:04 PM    Automatic
172.16.22.24        0100.10dc.eb02.b4       Nov 21 2004 04:24 PM    Automatic
172.16.22.29        0100.0d56.a9c4.61       Nov 21 2004 04:20 PM    Automatic
172.16.22.38        0100.502c.064d.76       Nov 21 2004 04:41 PM    Automatic
172.16.22.39        0100.e04c.b8ec.f1       Nov 21 2004 04:42 PM    Automatic
172.16.22.40        0100.0393.7e58.2e       Nov 21 2004 03:58 PM    Automatic
172.16.22.41        0100.0c41.f434.32       Nov 21 2004 04:26 PM    Automatic
**********
172.16.22.42        0100.1124.2f9d.6a       Nov 21 2004 04:51 PM    Automatic
**********
172.16.22.44        0100.0393.95e7.9e       Nov 21 2004 04:52 PM    Automatic
172.16.22.45        0100.0d88.bb2b.b2       Nov 21 2004 05:07 PM    Automatic
172.16.22.46        0100.3065.b877.1e       Nov 21 2004 04:45 PM    Automatic

show ip dhcp conflict (nothing came up)

show ip dhcp pool
Pool cap2_ccu1 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 1022
 Leased addresses               : 55
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 172.16.22.48         172.16.20.1      - 172.16.23.254     55

show ip dhcp server statistics
Memory usage         21790
Address pools        1
Database agents      0
Automatic bindings   55
Manual bindings      0
Expired bindings     816
Malformed messages   0
Secure arp entries   0
Message              Received
BOOTREQUEST          8
DHCPDISCOVER         1242
DHCPREQUEST          15035
DHCPDECLINE          1
DHCPRELEASE          1
DHCPINFORM           2121
Message              Sent
BOOTREPLY            8
DHCPOFFER            1181
DHCPACK              15464
DHCPNAK              44

The only thing that seems to resolve the problem is a Reload of the Router or a requirement that Macintosh computers be behind routers, both of which are unnaceptable and why this question is worth 500 points.  

What could be causing only macintosh computers directly connected to the network to have this problem?  Could it be something with the NAT heres the nat info (external ips removed):

ip nat pool ??????? ???.???.???.??? ???.???.???.??? netmask 255.255.255.0
ip nat inside source list 11 pool ????????
ip nat inside source static 192.168.10.5 ???.???.???.???
ip nat inside source static 192.168.10.6 ???.???.???.???
ip nat inside source static 192.168.10.7 ???.???.???.???
ip nat inside source static 192.168.10.8 ???.???.???.???
ip nat inside source static 192.168.10.4 ???.???.???.???
ip nat inside source static 192.168.10.27 ???.???.???.???
ip nat inside source static 172.16.23.1 ???.???.???.???
ip nat inside source static 172.16.23.2 ???.???.???.???
ip nat inside source static 172.16.23.3 ???.???.???.???
ip nat inside source static 172.16.23.4 ???.???.???.???
ip nat inside source static 172.16.23.5 ???.???.???.???
ip nat inside source static 172.16.23.6 ???.???.???.???
ip nat inside source static 172.16.23.7 ???.???.???.???
ip nat inside source static 172.16.23.8 ???.???.???.???
ip nat inside source static 172.16.23.9 ???.???.???.???
ip nat inside source static 172.16.23.10 ???.???.???.???

Thanks
Ian
:)
0
Rebelnorth
Asked:
Rebelnorth
3 Solutions
 
lrmooreCommented:
Are the Mac's on a switch? Spanning Tree on the switch could be causing your problem.
If it is a managed switch, then try disabling spanning tree on the Mac host ports only.
0
 
MaxQCommented:
Rather than disabling Spanning Tree entirely, you could also enable the "fast start" feature with the command "spanning-tree portfast" (in interface config mode on IOS) or "set spantree portfast enable" (on a Catalyst OS switch).
0
 
RebelnorthAuthor Commented:
Weve figured out the problem isnt spanning tree, and unfortunately no intelligent switches anywhere, and that it may apply to pcs as well.  It has something to do with a particular user whos apple airport base station is broadcasting dhcp info.  We cant quite figure out how or why its causing a problem, but the problem started just after this user was added to the network, and that users airport is sending dhcp offers out over the network.  We need to find some way to isolate that and prevent it from happening.  

We could:
Add some sort of intelligent device with filtering between network and airport.
Replace airport.

Problem is dont know what to filter.   And would prefer not to replace the airport.  We cant filter dhcp currently because the only device between the network and the airport only allows full filtering of ports, not partial based on source or destination.

Any ideas?

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
fullermsCommented:
You cannot have two devices offering ip address on the same broadcast network. Try moving the airport device to a different subnet, or a different interface on the same router. Since you are not using any intelligent switches, this is the only solution I can think of.
0
 
fullermsCommented:
"We cant filter dhcp currently because the only device between the network and the airport only allows full filtering of ports, not partial based on source or destination"

Try blocking UDP ports 67 and 68. If this doesnt work, then go by my previous post

0
 
RebelnorthAuthor Commented:
We havent had the problem occour again.

What we eventually did was shut of dhcp on the airport in total.  I have a lack of experience with the base sation, and it is out of my administrative authority, so when I asked the user to see if he wasnt distributing info to our side of the base station and he said no he was not, I assumed like my router dhcp would not be forwarded through the base station so he had to do dhcp on his machines.  But the airport base station acts like a bridge (at least the way I look at it technically I could be wrong) in regards to dhcp, so he didnt need to do dhcp.  He shut it off and everything is fine so far.  

Again I dont know how the problem was caused but it started after this user was added to the network.  

Points divided between users for trying.

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now