1841 DHCP Service not working

**This is not a Linux zone question**    Mistakingly put it there.

Experts,

Hit another stump.  I'm trying to get the DHCP service running on my 1841.

Unfortunately, it's only receiving the requests, and not responding at all.

-------------------

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         13
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           6

-------------------

Here's the current config for DHCP:

no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.208.1 10.0.208.50
!
ip dhcp pool *****_LocalNetwork
   network 10.0.208.0 255.255.254.0
   domain-name *****
   dns-server ***** *****
   netbios-name-server ***** *****
   default-router 10.0.208.1
   lease 0 8

interface FastEthernet0/0
 description *****
 ip address 10.0.208.1 255.255.254.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex


----------

What am I doing wrong?

I have entered the "service dhcp" command - but I'm not seeing it my running config.  That may be the issue.

LVL 5
usslindstromAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Anthony MellorChartered AccountantCommented:
shouldn't  network 10.0.208.0 255.255.254.0 be

 network 10.0.208.0 255.255.255.0

I'd have thought the DHCP server would be deaf with 254

(linux is not my field)

Anthony
0
Anthony MellorChartered AccountantCommented:
A broadcast sent to a subnet in the form 10.1.1.255 is a subnet broadcast if the subnet mask is 255.255.255.0.

from here:

http://www.comptechdoc.org/independent/networking/guide/netbroadcasting.html
0
usslindstromAuthor Commented:
Na - I'm running /23 subnets.

the 10.0.208.0/23 subnet encompasses both 10.0.208.0 through 10.0.209.255

10.0.209.255 is the broadcast address for that network.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

HodepineCommented:
Router(config)#service ?
 ...
 dhcp                   Enable DHCP server and relay agent
 ...

You might be missing this one, can't tell for sure since you've only posted parts of the config.

0
lanboyoCommented:
dhcp service is a default command. Depending on your IOS you can run

show running-config all
and

show running-config all | include dhcp


to see what the default dhcp commands are.

I think you need to put an excluded range in the dhcp pool configuration.

ip dhcp excluded-address low-address [high-address]

This should include at least the .1 gateway address.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lanboyoCommented:
debug ip dhcp server {events | packets | linkage}

is your friend...

Are you sure that the dhcp is not working? the DHCP request is sent by the client after it gets an offer from the dhcp server. The dhcp server then sends a dhcpack ( not shown in the stats ) and the pc has an address.

Do a show ip arp on the router  and  "show ip dhcp binding" and "show ip dhcp database"
0
usslindstromAuthor Commented:
Thanks for all the help so far guys.  I really appreciate it.


Here's a copy (pasted in the code block below) of the current scrubbed running config with the "all" modifier.  Unfortunately, I'm still not seeing "service DHCP"

:-------------------

Lemme' answer everybody in order here:

Hodepine: - Yeah, I put the "service dchp" command into the router, but I'm not seeing it in my running config.  I believe this is the problem all together, but I'm not sure.

lanboyo: - I do infact have an excluded range.   10.0.208.1 - 10.0.208.50

     Here's the whole dchp status output from the 1841 currently:

     Memory usage         24164
     Address pools        1
     Database agents      0
     Automatic bindings   0
     Manual bindings      0
     Expired bindings     2
     Malformed messages   0
     Secure arp entries   0

     Message              Received
     BOOTREQUEST          0
     DHCPDISCOVER         17
     DHCPREQUEST          3
     DHCPDECLINE          0
     DHCPRELEASE          0
     DHCPINFORM           20

     Message              Sent
     BOOTREPLY            0
     DHCPOFFER            4
     DHCPACK              0
     DHCPNAK              0





Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.208.1              -   001e.1369.46e0  ARPA   FastEthernet0/0
Internet  10.0.208.9              1   0003.ffe7.4fd2  ARPA   FastEthernet0/0
Internet  10.0.208.10             0   0014.0b65.837e  ARPA   FastEthernet0/0
Internet  192.168.0.1             0   0090.cc88.a2b7  ARPA   FastEthernet0/1
Internet  192.168.0.2             -   001e.1369.46e1  ARPA   FastEthernet0/1


***The .9 and .10 are machines that I've set statically, to configure the router***




I'm about ready to drop kick the router.  :0

Thanks for all the suggestions so far, please keep them coming.
Current configuration with default configurations exposed : 5669 bytes
!
version 12.4
parser cache
no service log backtrace
no service config
no service exec-callback
no service nagle
service slave-log
no service slave-coredump
no service pad to-xot
no service pad from-xot
no service pad cmns
service pad
no service telnet-zeroidle
no service tcp-keepalives-in
no service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service exec-wait
no service linenumber
no service internal
no service compress-config
service prompt config
no service old-slip-prompts
no service pt-vty-logging
no service disable-ip-fast-frag
no service sequence-numbers
!
hostname *****
!
boot-start-marker
boot-end-marker
!
enable secret *****
!
aaa new-model
!
!
aaa group server radius *****_DC
 server ***** auth-port 1645 acct-port 1646
 server ***** auth-port 1645 acct-port 1646
!
aaa group server radius *****_DC
 server ***** auth-port 1645 acct-port 1646
 server ***** auth-port 1645 acct-port 1646
!
aaa group server radius *****DC
 server ***** auth-port 1645 acct-port 1646
 server ***** auth-port 1645 acct-port 1646
!
aaa authentication login *****_Access group *****_DC local
!
!
aaa session-id common
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.208.1 10.0.208.50
!
ip dhcp pool *****_LocalNetwork
   network 10.0.208.0 255.255.254.0
   domain-name *****.com
   dns-server ***** *****
   netbios-name-server ***** *****
   default-router 10.0.208.1
   lease 0 8
!
!
ip domain list *****.com
ip domain name *****.com
ip name-server *****
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
!
!
username ***** privilege 15 secret *****
username ***** privilege 15 secret *****
archive
 log config
  no record rc
  no logging enable
  logging size 100
  no notify syslog contenttype plaintext
  no notify syslog contenttype xml
  hidekeys
 no path
 no rollback filter adaptive
 rollback retry timeout 0
!
!
crypto isakmp policy 1
 encr aes 256
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ***** address *****
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ESP-AES esp-aes 256
!
crypto map *****_VPNMap 1 ipsec-isakmp
 set peer *****
 set transform-set ESP-AES
 set pfs group2
 match address *****_VPNTraffic
!
!
!
bridge irb
!
!
!
interface FastEthernet0/0
 description *****
 ip address 10.0.208.1 255.255.254.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address ***** *****
 ip nat outside
 ip virtual-reassembly
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 *****
 speed 100
 full-duplex
 crypto map *****_VPNMap
!
interface ATM0/0/0
 no ip address
 no ip route-cache cef
 no ip route-cache
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
router ospf 1
 router-id 10.0.208.1
 log-adjacency-changes
 redistribute rip
 network 10.0.208.0 0.0.1.255 area 10.0.208.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 *****
!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list *****_NAT interface FastEthernet0/1 overload
!
ip access-list extended *****_NAT
 deny   ip 10.0.0.0 0.0.255.255 10.0.0.0 0.0.255.255
 permit ip 10.0.0.0 0.0.255.255 any
ip access-list extended USSID1841A_VPNTraffic
 permit ip 10.0.208.0 0.0.1.255 10.0.0.0 0.0.15.255
 permit ip 10.0.208.0 0.0.1.255 10.0.224.0 0.0.15.255
!
!
!
!
!
!
radius-server host ***** auth-port 1645 acct-port 1646 key *****
radius-server host ***** auth-port 1645 acct-port 1646 key *****
radius-server host ***** auth-port 1645 acct-port 1646 key *****
radius-server host ***** auth-port 1645 acct-port 1646 key *****
radius-server host ***** auth-port 1645 acct-port 1646 key *****
radius-server host ***** auth-port 1645 acct-port 1646 key *****
!
control-plane
!
!
banner motd ^C

*************************************************************
************  Unauthorized Access is Prohibited  ************
*************************************************************

  Access to this system is for the use of authorized
  personel only.

  You are hereby advised that all actions performed are
  subject to monitoring and are being recorded.  In the
  event of any possible criminal activity, evidence will
  be turned over to proper Law Enforcement personnel,
  and offenders will be prosecuted!

  You have accessed:  $(hostname).$(domain)

*************************************************************
************  Unauthorized Access is Prohibited  ************
*************************************************************
^C
alias exec h help
alias exec lo logout
alias exec p ping
alias exec r resume
alias exec s show
alias exec u undebug
alias exec un undebug
alias exec w where
default-value exec-character-bits 7
default-value special-character-bits 7
default-value data-character-bits 8
!
line con 0
 privilege level 15
 logging synchronous
 login authentication *****_Access
line aux 0
 logging synchronous
 login authentication *****_Access
line vty 0 4
 logging synchronous
 login authentication *****_Access
line vty 5 807
 logging synchronous
 login authentication *****_Access
!
scheduler allocate 20000 1000
end

Open in new window

0
HodepineCommented:
Well, you're sending DHCPOFFER, and you receive DHCPREQUEST, but you're never sending out any DHCPACK.

I'd try two things together:

- The debug ip dhcp server packet command as mentioned by a different poster
- Wireshark on a client to capture the traffic on the client side to see what's actually happening.

That way you'll see the process on both ends.

On the router end it SHOULD look like this:

Router#debug ip dhcp server packet
*Mar  1 00:06:46.463: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63.3430.312e.3134.3238.2e30.3030.302d.4661.302f.30 on interface FastEthernet0/0.
*Mar  1 00:06:46.463: DHCPD: Allocate an address without class information (10.1.1.0)
*Mar  1 00:06:48.467: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d63.3430.312e.3134.3238.2e30.3030.302d.4661.302f.30 (10.1.1.5).
*Mar  1 00:06:48.467: DHCPD: broadcasting BOOTREPLY to client c401.1428.0000.
*Mar  1 00:06:48.523: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d63.3430.312e.3134.3238.2e30.3030.302d.4661.302f.30.
*Mar  1 00:06:48.527: DHCPD: Appending default domain from pool
*Mar  1 00:06:48.527: DHCPD: Using hostname 'Router.test.com.' for dynamic update (from hostname option)
*Mar  1 00:06:48.527: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d63.3430.312e.3134.3238.2e30.3030.302d.4661.302f.30 (10.1.1.5).
*Mar  1 00:06:48.531: DHCPD: broadcasting BOOTREPLY to client c401.1428.0000.

Yours might look different, since you don't seem to send DHCPACKs. Maybe the debug will tell us why. If not, I fully support the dropkick approach.
0
GJHopkinsCommented:
I have a router running as a dhcp server without problem and the command

ip dhcp server

doesn't appear in any version of my config - standard or all.   So " all" doesn't do exactly what it says on the tin.


So although its a default it's not shown and I don't think that's your issue. Go with the debug proposal fron Hodepine
0
HodepineCommented:
Come to think of it, cisco switches can be configured with "dhcp snooping". It might not fit 100% with your symptoms, but can you just to be safe provide us with the config on the switchport the router is connected to? Or just confirm you're not using dhcp snooping, so we can rule that out.
0
usslindstromAuthor Commented:
Ok on the debugs.   Thanks for the suggestion guys.  I'll run through it here in a sec.

For the question about config on the switch...  the 1841 is only connected to a l2 unmanaged...  I'll keep truckin' through this...
0
lanboyoCommented:
Wireshark on the pc as above would be the most telling thing.
0
usslindstromAuthor Commented:
Thanks everyone for the assistance here.

After debugging and not seeing anything that I was wanting to, I was about 10 seconds from just completely dropping the router out the window - it started working after another restart.

It's working exactly like it's supposed to be.

I have a feeling that it's related to my other issue I recently posted on EE regarding a tunnel interface.  On the DHCP scope in question, I have it giving the clients a DNS server that's on the other side of the tunnel.  As the tunnel wasn't up, I think this is what was making the 1841 not send the DHCP info.

Interesting in any case.

Thanks for the help guys.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.