DHCP Server Scope Full

ibrahim52
ibrahim52 used Ask the Experts™
on
Hello,well i have two DHCP scope configured in my dhcp.Everything was working fine,untill just a month back i am facing this issue that whenever i check the statistics it show 85% of ip is in used and only 15% is available.Though,i have not more than 50 users in my network as i have this dhcp server running for a hotel.I have already reserved the ip addresses for the access points my hotel has.As i mentioned it was working fine earlier.One more thing which i noticed in my event viewer was this error "Scope, 10.139.235.0, is 100 percent full with only 0 IP addresses remaining".
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In this scenario you probably want to drop the DHCP lease time down to a low amount say a few days or a week.  It is likely that IP address are assigned in DHCP to systems that are no longer connecting to the network.
ibrahim52Team Leader

Author

Commented:
First thanks for your instant response.Exactly,its trying to connect the systems which are no longer in the network and i have already tried every possible solution posted on the internet
Brian PiercePhotographer
Awarded 2007
Top Expert 2008

Commented:
You need to delete the existing leases - open up DHCP, go to the scope and expand the leases folder
Delete all the leases (a bit drastic but it will do the trick), then to make sure you don't get into this problem again, Right click on SCOPE and select PROPERTIES, set the lease duration to 1 day.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

ibrahim52Team Leader

Author

Commented:
It is already on this settings,and in every 3 hours i am doing deletion of all the leased ip addresses.I just tried one of the solution posted on EE of jetpack dhcp.mdb temp.But didnt worked too
Do you have wireless at your hotel. Is it possible that people not at the hotel are getting wireless access?  How many IP's are in each scope?
ibrahim52Team Leader

Author

Commented:
Only two.One is 10.139.234.0 and another is 10.139.235.0.DHCP is disabled on access point side.
ibrahim52Team Leader

Author

Commented:
the hotel is located near beach area where no other residence are there around
Right are you using a whole /24 for each scope?  We are going to need more information to help.  
ibrahim52Team Leader

Author

Commented:
What kind of information you need.I am ready to give.Yeah i am using whole.I have started from 10.139.235.120 to 10.139.235.250.I have configured my access point under 120.Thank you.
ibrahim52Team Leader

Author

Commented:
Thank you very much
Distinguished Expert 2017
Commented:
If you have 50 users and two scopes, are you sure that your AP are not open?
Similar to the prior posters, what is the lease time for the IPs? 50 users no matter how long they are away, the DHCP should assign them the same IP hey had within the lease window based on the MAC address.

Under the properties of the DHCP server on the Advanced tab, you could use the conflict detection to get the DHCP server to reclaim a previously assigned IP for use with another system.

How are the scope assignment handled i.e. you have each AP using dhcp-relay agent requesting an IP on behalf of a system?  Do you have multiple nics in the server with each scope attached to a different nic?

The other alternative is to redefine your scope by expanding it. i.e. if you have 10.139.235.0/24 to convert it to 10.139.235.0/23 which will double the scope of IPs available.  You would of course need to make the appropriate modifications on firewalls to reflect/handle the change.  
ibrahim52Team Leader

Author

Commented:
Well,unfortunately i am not the administrator of that place.But i can tell you the scenario.Yeah that particular windows server 2000 has 3 NIC cards ,out of which one it is going for guest (i.e., AP 10.139.235.0) ,another one is going for the lobby (i.e., 10.139.234.0),the cable which is connected to this NICs is splitted into two pairs and the third NIC cable is connected with the main switch for routing and serves internet to other NIC i guess.As i said ,everything was working fine and the IP assigned to the AP are already in reserved list.Actually we have set the scope of IP address from 10.139.235.120 to 10.139.235.250,where all the ip addresses under .120 has been assigned to all the access points and dhcp is disabled in every access points configuration.I hope you would understand my explanation.
Distinguished Expert 2017
Commented:
I understand, but it is hard to determine why 50 users are using more than 50 IPs no matter how long are the lease times.  My guess is that additional systems have been added.
Check the MAC addresses in the DHCP leased IPs to see what is using the IPS.  Does the location use IP phones?
You can use the link below to help identifying the device that has an IP:
http://www.coffer.com/mac_find/
I.e. The leased IP list will have the name of a system along with the MAC.  Those without a name or an unfamiliar name, check the MAC to see who makes the networking device.  Then go from there trying to determine who is using up your IPs.
ibrahim52Team Leader

Author

Commented:
Well as i mentioned earlier ,i get the list of computers in DHCP leased IP screen ,some are ok and some have bad address and some have been disconnected but those still shows up there till i don't clear the list and its not much traffic as the internet is being used by guest ,concurrent users sometimes reach to 30 or 35 maximum but not higher than this.
Distinguished Expert 2017
Commented:
What is the lease time on the scope that has no available IPs, never (no expiration of the lease)?
Do you have scavanging of stale records enabled on the DHCP? How frequently are the records scrubbed?

Something makes no sense:
The scope you have is 10.139.235.2-10.139.235.254 with the 10.139.235.2-119 and 10.139.235.251-254 reserved for use by the APs and the DHCP.
If you have 120 AP locations, and you only have 120 allocatable IPs I would think this is an under allocation.

Your scope is too narrow. You should consider a larger scope based on the maximum capacity you want to support rather than the maximum concurrent use metric.
If an average person uses their computer in the morning for a quick glance at what they will be facing once they get to wherever they are going and it takes each 15 minutes, within an hour you could have 120 individuals access the resources without having the concurrent use metric exceed 30 while the scope gets filled for any other users after the hour is up if the scope lease time is greater than 1 hour.
You can not rely on the individual systems to release the lease. i.e. when the system is shutdown, the dhcp client on the system sends a release notice to the DHCP server.
ibrahim52Team Leader

Author

Commented:
But i have already mentioned in my question,from past two years it was working fine.Why it happened all of a sudden.Let me clear you one more time.

10.139.235.2-10.139.235.120 = Allocated to AP

and then i have started my scope from

10.139.235.125-10.139.235.250 = Its for guest.
Distinguished Expert 2017
Commented:
It is more common these days for people to travel with devices that are wi-fi enabled as compared to two years ago.  Look at the leased IPs and the devices. I.e. do you have cell/smart-phones, Netbooks/laptops, pda, etc. that use the wi-fi feed?

What does, "Allocated to AP" means?
Does it mean that you have 120 APs in the various locations to cover the area of service?

If you have an option to enable DHCP on the AP, this could solve your scope issue. But may pose difficulty for your access accounting.

Could you post the detailed data dealing with the statistics of the full scope?
I.e. how many IPs can be given out. and then the used/available.


What is the IP Lease time for this Scope?

ibrahim52Team Leader

Author

Commented:
1) Well yeah ,as we are providing free internet service to guests so they must be using cellphones and pda but still the wireless service is just till rooms not everywhere in hotel premises.

2) Yeah we have around 120 AP ,each AP have been assigned an ip address that's why we started our scope from 10.139.235.130 to 10.139.235.250 for the guest dhcp because whatever comes under 10.139.235.130 i.e., 10.139.235.10-10.139.235.125 have been assigned as an static ip address to all the AP's disabling the AP's DHCP.

3) Exactly,sometime we access the AP from server side,just for a routine check.

4)as i said from 10.139.235.130 - 10.139.235.250 ,so around 110 of ip address can be given out for guests and whenever i see the window of my dhcp ,i don't see the exact info as per my stats.I am posting some screenshots here.

5) As you can see the screenshots below,that it shows 31% of availability in Stats but i dont have the exact info posted in dhcp screen.So where 68% is being used.

Sorry for replying so late as i couldn't get time but i am still facing this issue and looking to resolve this asap.Thank you Arnold.





sc3r.png
43203006.png
sc2n.png
Distinguished Expert 2017
Commented:
Here is the issue, a warning is just that a warning. Check the properties of the DHCP server configuration on whether it checks if an IP is in use before allocating it.


Some of your images suggest that some IPs are being used by other means i.e. statically set elsewhere.

Your LAN layout might be contributing to this.
Depending on what router/firewalls you have and the AP, you may have been better of using one Block of IPs for the AP/networking equipment and then use a different Block of IPs for the guest access.
I.e. configure the AP with a DHCP relay agent.
AP has IP on 10.12.0.0/24 network while the guests are getting IPs on the 10.139.235.0/24.

Unfortunately, the information you included does not help. i.e. there is no list of 87 IP leased out.
Post the Information from the Address pool as well as reservation.
ibrahim52Team Leader

Author

Commented:
Well,i am uploading my Network Diagram.According to the diagram,as you can see my leased line connects to Cisco 1700 and than it goes to Cisco Pix Firewall than to Cisco Catalyst switch (which is located in our Mezz. floor of the hotel) and the same switch is connected to our (ISA)server.Now two outputs are there from this server out of which one is going to the guest network (Cisco Catalayst on the Left Side of the ISA server in diagram) and another output is going for office network through an 8 port switch (located in Mezz Floor area of the diagram).Than the uplink has been setup through the guest catalyst switch to the first floor catalyst switch and than the rest of the floors has been looped through first floor catalyst switch using CAT-6 Cable.

One more thing i would like to mention is that we don't have any configuration of cisco pix.I mean how its been configured and how its been communicating with the ISA Server.As i said its never been a problem,it was all working fine and what we still suspect that all this is happening just because of that DHCP (ISA) server.

Below i have attached two more screenshots includes address pool and scope properties of my DHCP.Thank you.
Map.jpg
SC1.jpg
SC2.jpg
Distinguished Expert 2017
Commented:
What are the conflict resolution settings (properties of the DHCP server, advanced tab) 1,2 or 0?
You have two hour lease time. You have under allocated resources. You have too few available IPs versus the number of possible guests.
The alert is at night when people return or late check in.

The fix is not simple but requires a separate IP block.
Check the AP whether it can be configured as a relay agent.  Then test an AP with a DHCP rely agent configuration. Define a new scope completely dedicated to the Guests. test to see if a laptop sync up to this AP whether it will be able to browse the net, etc. while getting an IP from the new range.
Then change an AP at a time.  With this you will double the available IPs for the guest.  Alternatively, you can create multiple AP groups that will be using alternate blocks of IPs.
I think you would need to configure the ISA to handle/process the new IPs.

ibrahim52Team Leader

Author

Commented:
But the highest traffic i had or i am having is not more than 30 or 40 guest at a time.Actually just recently we have changed the lease time to 2 hours but earlier it was 5 hours.Even if i run ARP or IPSCAN ,i dont get any much users where i could say that the IPs i have is not enough for my network.About the AP,the APs we are using are not much advanced,we are already facing password issues with the APs connected.TP Link are the APs we are using and even if we want to reconfigure the AP we have to enter into the guest room and manually configure the AP which is quite impossible and even if we are trying it would take around months to accomplish this.The problem is the password,TP Link have this password issues where if i am trying to access the AP remotely it says password is wrong,some APs work with the passwords we had setup and some are not plus it does have only one settings i.e., put the ip address,subnet and gateway.Later on,we found that it is the issue of the firmware.To be really honest,it would be a long procedure for us to reconfigure or to try with the new APs.The hotel management will not allow us as i said that i am not the IT for that hotel , i am just working as a solution provider.I really appreciate your help arnold but this is the situation i have and whatever solutions i am receiving here i am trying it through remotely as the hotel is located 250 kms from my location.I have attached one screenshot as i didn't get by the conflict resolution settings.One more thing,there is no particular time ,i have to clear all the leased ips in every three or four hours in a day.Even if there is no traffic or less.
Prop.jpg
Distinguished Expert 2017
Commented:
The conflict is part of the properties of the DHCP server and not the properties of the scope.
The problem with deleting IPs without conflict adjustment is that you might be deleting an entry for an IP that is in use. Without conflict resolution settings, the IP might be assigned to a new individual leading to trouble.

The options you have are few.
ibrahim52Team Leader

Author

Commented:
I hope this is what you are talking about,is it ?and the conflict settings is 0
DP2.jpg
DP.jpg
Distinguished Expert 2017
Commented:
Change the conflict setting to 1 or 2.
It will double check to see if an IP is in use prior to assigning it.
ibrahim52Team Leader

Author

Commented:
Thanks arnold once again,ill try and ill let u know if I'm having any repsonse.thanks
ibrahim52Team Leader

Author

Commented:
I am sorry but it is still the same.I asked the person who is looking for IT there in the hotel and he said that after making changes to Conflict settings he made a restart and again yesterday he had to delete all the IP addresses in DHCP leased.He have to do it because he receives calls from reception that guest are not able to surf the internet.There has to be some solution.Isn't it ?
Distinguished Expert 2017
Commented:
The solution is to increase the available IPs.
The problem is that you have just as many IPs allocated for the guests as you do for the APs' and related equipment.

More and more devices are wi-fi capable these days.  The other part is that people are no longer required to pay for the wifi access as it is provided as a value added service.  Given the lower prices for laptop/notebook/netbooks, more people have them.
More wifi devices and individuals no longer have to pay for use means more people will try to use.

Isn't the problem occur when it is highly likely that most guests will be back in their rooms?

Breaking down AP's into different groups to allow allocation from different scopes.

Adding another IP scope for allocation is what you have to do.



ibrahim52Team Leader

Author

Commented:
arnold,thanks,you are really helping me a lot.The problem is ,we are able to access the APs from the server side but it has this password error issues besides that we cannot enter each and every room to reconfigure the APs.Even if we are doing it ,it will take a month or two to complete.As i said that even if there is any traffic or not ,i have to delete all the IPs that appears in DHCP window in every 3 hours.Because even if i delete and check the stats ,same moment it shows that 30 or 40% of ip addresses is already in use and in three to four hours all have been reserved.The hotel was running this APs from two years ,only the 2000 server is having errors in releasing DHCP.If i am doing the IP scan ,it shows the APs i have and the connected devices with not more than 20 or 25 people users online,as 10.139.235.0 is just for guest and it is accessible only through rooms.No corridors or lobbys or restaurents are having its signals to access.
Distinguished Expert 2017
Commented:
The 10.139.235.120-250 is available to the guests.
The DHCP can allocate other IPs and may works just as well.
See if you can setup a test environment where the DHCP server allocates one scope and then add a second scope bound to the same interface
i.e. 10.139.235.120-250 and 10.139.236.2-254.
You would need to add the 10.139.236.1/24 to your firewall/router and see if that works.
A way to test this is to reserve an IP 10.139.236.5/24 for one of your laptops. then see if the laptop when near an AP will get the reserved IP assigned and once it is assigned whether you can access the internet, etc.

Your problem is that the IP scope you have designated for the guests is too small for the times.
You may not need to alter the IPs associated with the AP's but you do need to increase the available IPs for the guests.

I.e. the AP does not have to be on the same IP segment as the guest systems.
i.e. your AP's are on the 10.139.235.2-120.  You could leave them and start assigning guests with a completely differnet IP block.

Alternatively, if the average use by a guess is 30 minutes, you should set the IP lease time to 15 minutes.  While this will add to the network usage by the DHCP requests, the IPs will become available on a more frequent basis.  

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial