02 September, 2014

Exhausted DHCP address range in a WLAN

Had a problem with some clients suddenly not being able to get an IP address lease via DHCP.

The DHCP server was configured inside a Catalyst 2960S switch:

ip dhcp excluded-address 172.16.40.1 172.16.40.49
ip dhcp pool ADDRESSPOOL
 network 172.16.40.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 172.16.40.1
 lease 0 8
!

As seen the host address range for Wifi clients should be 204 addresses from 172.16.40.50 to 172.16.40.254.

However looking at sh ip dhcp pool I see the following:

Wifi-cat#sh ip dhcp pool

Pool Wifi-SSID-PILV :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 82
 Excluded addresses             : 172
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 0.0.0.0              172.16.40.1      - 172.16.40.254     82    / 172   / 254

The ip address range for hosts has been exhausted because the excluded address range has grown to 172 for some reason.
Looking at sh ip dhcp conflict reveals that there is a ton of dhcp conflicts:

Wifi-cat#sh ip dhcp conflict
IP address        Detection method   Detection time          VRF
172.16.40.87      Gratuitous ARP     Nov 05 2013 01:43 PM
172.16.40.211     Gratuitous ARP     Nov 19 2013 08:05 AM
172.16.40.188     Gratuitous ARP     Nov 19 2013 09:16 AM
172.16.40.123     Gratuitous ARP     Nov 22 2013 06:51 AM
172.16.40.187     Gratuitous ARP     Nov 22 2013 06:57 AM
172.16.40.61      Gratuitous ARP     Nov 27 2013 01:42 PM
172.16.40.97      Gratuitous ARP     Dec 05 2013 08:19 AM
.....
.....

This could be a result of someone manually assigning static IP addresses to their WLAN interface, thus causing IP address conflicts in the WLAN. Catalyst switches automatically add that conflicting IP address to its' Excluded IP addresses database and won't remove them from it unless configured otherwise.

The solution was to clear the conflict database on the Catalyst switch:
clear ip dhcp conflict *

Then added a command for the switch to recheck (every 1440 minutes) the conflict database for remaining conflicts (and clear from database if conflict is resolved):
ip dhcp conflict resolution interval 1440

And configured to log a message if the DHCP IP address utilization went over 80%:
ip dhcp pool ADDRESSPOOL
 utilization mark high 80 log


Posted by at
Labels: , , , , ,

2 comments:

Subscribe to: Post Comments (Atom)