Introduction to DHCP

Hello Rodrigo

You are correct that at some point during the DHCP process, the IP addresses and MAC addresses of both server and client become known to each other, and it would make sense to use those so that the communication becomes unicast. Some of these DHCP messages can indeed be unicast as well, but that depends on the manufacturer and operating system being used. Take a look at this post that describes this situation in more detail:

I hope this has been helpful!

Laz

Got It!

Thanks for answering!

Regards

Dear sir,

        In our Windows server 2016 - DHCP server pool shows many ip address are bad address as below screen shot. 

Our server provides IP address to many network.
However one of the networks like 10.25.181.0/24 have issue. Unable to issue to IP address to the client when connected to LAN port. The event log shows there is no IP address available to lease in the scope. We have two dhcp server as have same config.

What is the reason to appear this BAD Address in the DHCP server ?
How to solve this bad address in the DHCP server ?

Thank you

Regards,
Mani

Hello Mani

According to Microsoft’s technet forum, the “BAD_ADDRESS” indicator is most often seen when an IP conflict is detected. This is confirmed by the description in your screenshot that says “This address is already in use”.

A DHCP server will typically try to ping an address several times before assigning it to a DHCP client. This is done to ensure that the address does not exist. If a response is received from the ping, then the address is considered in use, and is marked by the DHCP server as a bad address.

A duplicate address may be seen in the following cases:

1. If you have manually configured a device to have an IP address that is within the range of the DHCP server’s address scope
2. If you have two DHCP servers on the network and they are not properly configured to function in a redundant manner
3. The DHCP server was recently rebooted, and it lost its bindings, and it is trying to provide already assigned addresses to new devices before the lease on the old devices has expired.

The Microsoft link also provides some other cases where this may occur. This information should help direct you in your troubleshooting.

I hope this has been helpful!

Laz

Dear Laz,
Actually have one dhcp server only. Both have the same configuration.
I have removed all the BAD IP address that is displayed on both earlier and then connect new my laptop i get IP address 10.25.181.133.
And also noticed that the existing IP address also changed to today date except two reserved IP address. And some BAD ADDRESS also displayed.
How to resolve it ?
Why the DHCP lease expiration date have changed to today date ?
Except two reserve IP address.
Please help.

Thank you

Regards,
Mani
Thank you

Hello Mani

From the screenshot you have now shared, it looks like the DHCP server is now working correctly. I see that there are no more bad addresses, and it seems that the addresses are being leased correctly by the server.

The lease expiration shown in the screenshot depends upon the lease time provided for this scope. From the moment the address is given, the lease expiration time is calculated based on this lease time.

As for the bad addresses, if you still see some in the list, then this means that there are indeed duplicate addresses somewhere on the network provided either statically, or by a rogue DHCP server. According to this Microsoft technet thread:

After the DHCP client receives a lease from the DHCP server, the client sends an Address Resolution Protocol (ARP) request to the address that it has been assigned. If a reply to the ARP request is received, the client has detected a conflict and sends a DHCPDecline message to the DHCP server. The DHCP server attaches a BAD_ADDRESS value to the IP address in the scope for the length of the lease. The client then begins the lease process again, and is offered the next available address in the scope.

For the bad addresses, you must become a detective and figure out exactly where the duplicate addresses are.

I hope this has been helpful!

Laz

Dear Sir,

   The issue have resolved. Appreciate your help.

 Event logs shows information. 

Is there any way we can configure in DHCP server to alert us if there is any DHCP running out of IP ?

Thanks ,
Regards,
Mani

Dear Sir,

Is there any way to forward logs from dhcp server 2016 to syslog cacti ? Any idea . Please help.

Thank you

Regards,
Mani

Hello Mani

This question is a little outside the scope of this lesson, or this forum, however, I’ll mention a couple of things I found in my brief research of the topic.

It looks like Cacti is not able to use the Windows Server DHCP logs in any way, for monitoring or even to parse them to get some pertinent information from them. There are however some other options which include:

• using Nagios which has built-in plugins to monitor DHCP and to interact with Windows DHCP server for this purpose
• Use Windows Event Viewer to parse and view important DHCP events
• send the event logs for DHCP to a syslog server

If you are committed to using Cacti, then it does have a plugin that can receive syslog messages and parse and store them for display, and if you capture DHCP events using a syslog server, you can then send them to the Cacti server. I’m not sure if this is more involved than you were looking for, but there it is.

I hope this has been helpful!

Laz

Dear Sir,

Appreciate your help.
Syslog server is it open Source. Provide the help information to install and configure to collect the dhcp logs .

Thank you

Regards,
Mani

Hello Mani

Because this is outside the scope of these lessons, I suggest you take a look at some Microsoft technet documentation that you can find using your favourite search engine. The following link may help you get started.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn800668(v=ws.11)

I hope this has been helpful!

Laz

What is the difference between DHCP Rebind and DHCP Renew. Please explain detail more about DHCP Inform, and other DHCP packets apart from the DORA ones

Hello Manish

A DHCP renewal occurs when a DHCP lease expires. The DHCP host will contact the original leasing DHCP server and request a new lease. A renewal simply renews the lease time. The actual IP address and the MAC address in the server entry, and any DHCP options used all remain the same.

A rebinding is when a host will remove all network information it may have previously obtained from a DHCP server and will begin from scratch. This is essentially the same process as a host would use when it initially powers up. It sends out a broadcast asking for a DHCP server to respond and binds to the server that responds successfully. In this process, it relearns IP address, subnet mask gateway, DNS server, and any options that may be made available.

When a host attempts to perform a DHCP renew and it fails for some reason, it will then attempt a rebind.

I hope this has been helpful!

Laz

Thank you very much Laz.

1. DHCP Discover packet is Broadcast based on the 15th bit in the Flags Filed if it is 0x8000 it is broadcast. Why is it not possible that DHCP Server use Client MAC Address and Server’s MAC Address and directly unicast to the Client instead of broadcasting.
2. If there are two DHCP Servers in the network on what basis the Client accepts one IP Address and rejects another IP Address? On what parameters that IP Address offered is rejected by Client.
3. Does DHCP Server work on First Come First Serve basis?
4. How many minimum DHCP Servers needed in Local area network? In order to maintain reliability and high availability.
5. Can we have multiple DHCP Servers providing the same IP Address Range in the same network?
6. Why DHCP Offer is Broadcast?
7. Why DHCP Request is Broadcast?
8. After completion of DHCP DORA Process the client sents GARP in the Local network to find if there is any Client assigned same IP. If there is response from any of the Client then the Client understands that there is duplicate IP. Now I see that client sends message to DHCP Server will it be Broadcast or Unicast and also fills DHCPDECLINE Message in the Packet. How DHCP Server understands that it should not assign the IP Declined to any other Client in the Local area network?
9. Does DHCP Server send periodical ARP Packets for the range of IP Addresses available at its end in the Local Area Network.
10. What if the one IP Address is declined by an Client due to one client in the Network assigned IP Statically i.e. (10.1.1.1) and DHCP Server assigned next available IP Address in it’s pool i.e. 10.1.1.2 and it was successful. Now the scenario is DHCP Scope is 10.1.1.0/24 you have all the possible IP Addresses assigned starting from 10.1.1.2 – 10.1.1.254 you are left with 10.1.1.1 IP Address which we had conflict will it be assigned or not.
11. Adding to 10th Question what if you have offered 10.1.1.2 IP Address to the client and it is successful why cannot server immediately try to assign back 10.1.1.1 again to other client who requests IP Address why is it not happening? By the way remaining IP Addresses are still available 10.1.1.3 – 10.1.1.254.
12. Does DHCP Server sees for the first available IP Address in its scope and starts assigning IP Addresses?
13. For example in the scope 10.1.1.0/24 first 5 IP Addresses are assigned successfully via DORA Process to clients (10.1.1.1 – 10.1.1.5). Next 5 IP’s (10.1.1.6 – 10.1.1.10) are rejected due to DHCPDECLINE messages from the client. Now DHCP Server assigned 10.1.1.11 to client and it is successful does DHCP Server start assigning to other client form 10.1.1.12 or will it try assigning form the rejected IP Addresses (10.1.1.6 – 10.1.1.10) on what basis it considers and offers?

If IP Address is given for lease for 24 hours and DHCP Server will make it unavailable in its records the client went down after 1 hour now DHCP Server will know client is down and how will it make available?

Hello Vikram

Wow, that’s a lot of questions! I’ll do my best to briefly address each one…

1. Take a look at this post: Introduction to DHCP - #30 by lagapides
2. See https://datatracker.ietf.org/doc/html/rfc2131#page-36
3. Yes
4. One DHCP server is typically enough. Since DHCP leases have some duration, even if a DHCP server fails, it does not immediately affect the current network. However, if you do want DHCP server backup, then having a second server (appropriately configured) should be more than enough.
5. No. Otherwise, you may run into duplicate IP addresses.
6. See number 1.
7. See number 1
8. The client will simply restart the DHCP process as usual. Also, see https://datatracker.ietf.org/doc/html/rfc2131#section-4.3.3
9. There is no such indication in the related RFC. However, some DHCP server vendors may choose to implement this process.
10. See link in number 8
11. See link in number 8
12. Typically yes, but different vendors may choose to implement it differently.
13. See answers to numbers 8 and 12

Note that the related RFCs are the best places to fully understand how DHCP and other protocols work. They are the definitive location from which you can get your most trustworthy information.

I hope this has been helpful!

Laz

Hi Lazaros Agapides,

Thank you for your time in responding to my queries.

It really helped me to understand in depth about DHCP.

Wishing you a Wonderful Day.

Hello Vikram

When a DHCP server issues an IP address to a client for the specified lease time, that address is reserved for that lease time regardless of whether the client is connected or not. For example, you may turn on your PC, and it may get an IP address with a lease time of 24 hours. You may turn off your PC an hour later. That IP address is still reserved in the DHCP server for that configured lease time. The server will not “detect” that the client is off line and give its address elsewhere.

This is typical DHCP server behavior, however, your DHCP server vendor may provide additional mechanisms that can configure different behavior, and you may find some environments where such behavior is useful.

For example, in a wireless environment where you have dozens or even hundreds of users connecting and disconnecting all the time, you would typically reduce lease times to a few hours. But some clients may inadvertently connect simply because, as someone is walking by, their smartphone briefly connects and disconnects (if they’re set to automatically reconnect). In this case, you wouldn’t want that address to be allocated for several hours. Your DHCP server may have the capability of saying “if an address is not active for X number of minutes, release it.”

So you see, different behaviors can be configured and be beneficial for various environments.

I hope this has been helpful!

Laz

Hello.
I have a project of a CPE, a PE with vrfs and a DHCP_SERVER. When I activate ip address dhcp from the CPE, the DHCPDISCOVER goes to the PE, and through the ip helper-address goes to the DHCP_SERVER. The thing is that the OFFER comes back to the CPE, and the REQUEST reaches the server, but the ACK does not appear anywhere. It doesn’t work with C3745 neither with C7200, but it does work with a VPC native of GNS3. I can’t see the solution, appreciate some help.