Active IPs not showing in DHCP Address Lease table - Causing IP conflicts

We have a single Windows Server 2008 R2 AD/DHCP server with 4 DHCP scopes on it.  Two for data and two for voice.  We use Cisco 3750X switches with voice VLAN enabled on every port and Cisco SPA504G phones with CDP enabled.

Every now and then I notice that a new phone won't pull an IP.  During investigation, I discover that the voice VLAN scope on the server has assigned a lease to the MAC of the new phone and that the switch shows the phone's MAC as assigned to that IP in the ARP table.  So all seems fine, until I unplug the new phone, ping the assigned IP, and get a response.  

It turns out that even though some phones are on and responding, they are being dropped from the DHCP address lease table which causes the server to think those IPs are available for assignment.  The only way I've found to make the leases show back up is to reboot the phone.  I tried to reconcile the scope, but that made no difference at all.

I'm using an 8-hour lease and the rest of the options are default on the server.  And the switch is using standard DHCP helper commands to forward the DHCP traffic to the server.

Should I be setting some special DHCP option(s) on the 504G's (I can't find any to set)?  Should I change the lease time on the server?  Is there a way to force the server to confirm all leases or force the phones to remind the server, so to say, that they still have their IPs?  I thought that was the purpose of the reconcile option, but it reports that all is ok.

Thanks for your help!
Jason HeathNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason HeathNetwork EngineerAuthor Commented:
I think I found the solution - will someone please confirm that enabling DHCP Conflict Detection is the way to go?  And if so, what's the recommended number of tries?
Paul MacDonaldDirector, Information SystemsCommented:
Conflict detection should only be necessary if DHCP is working correctly and there aren't any rogue devices on the network.  Conflict detection may alleviate the problem, but it isn't a cure.

Why the 8-hour lease?  Do people move phones around a lot?  

Do the phones have a practical limit on when they can request lease renewal?  That is, is their DHCP client constrained somehow in how often it can ask for renewal?

Is it possible the phones are requesting a renewal on their lease, but the DHCP server is busy or unavailable to handle the request?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason HeathNetwork EngineerAuthor Commented:
Hi Paul - thanks for the quick response!

We don't have any rogue devices of which I am aware.

I don't remember why we set the lease at 8 hours.  No, phones are not moved often.  What's the best practice for lease times?

As far as I know, the Cisco 504G has no limitation or odd settings around lease renewal.  There's not a great deal of load on this server - it serves less than 100 users.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Paul MacDonaldDirector, Information SystemsCommented:
The default lease time (on a Microsoft network, at least) is 7 days.  An 8-hour lease time is fine, but generates a fair amount of necessary network traffic.

When an IP is re-assigned, what device gets that IP?  Is it always another phone?  Does your scope have enough addresses to satisfy all the requests?
Jason HeathNetwork EngineerAuthor Commented:
I assume since it's the MS default, that they consider that best practice.

The only time we see this issue is when we introduce a new phone into the environment or move one from one building (scope) to another.

So even if I change the lease time to 7 days, we might not connect a new phone for 10 days and could still run into this issue.  That said, for the sake of reducing unnecessary traffic, I'm going to change it to 24 hours.  

I'm hopeful that plus the conflict detection will resolve this and am marking this as solved.

Thanks again!
Fred MarshallPrincipalCommented:
I generally recommend 8 hour lease time or even 4 hours in a dynamic environment which is all too common these days with phones moving in and out all the time.  It's a little hard to imagine a lot of traffic from that frequency of lease renewal - a few packets per computer every few hours seems not so bad.

If the phones leave the premises, this should have no effect on the lease information on the DHCP server.  
What happens is that the leases are renewed by the client when the lease time is at half the original value.  So, if the phone isn't there at that time then it doesn't renew (extend) its lease.  
Then, again at 87.5% of the lease time, the client should try again.  If the phone is still not on premises at the time, the lease will expire (on both the client and the server) at 100% of the lease time.
It is the client's responsibility to drop the lease immediately.

One can conjure up all sorts of reasons why this process could fail.
One might be that the phone doesn't know what time it is but that seems unlikely as phones tend to do pretty good at having the right time.
One might be that the phone doesn't drop the lease as it should.
One might be, as you've suggested, that the server drops the lease prematurely.

The only way I've found to make the leases show back up is to reboot the phone.
So this rather strongly suggests that the phone isn't dropping the lease when it should.  Lease dropping (as above) is an independent and uncoordinated process between the client and the server - depending on the individual time clocks as nearly as I can tell.
Jason HeathNetwork EngineerAuthor Commented:
Good info, Fred!  Thanks for sharing!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.