此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。
思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。
本文档介绍如何解决 Cisco Catalyst 交换机网络中动态主机配置协议 (DHCP) 的几个常见问题。
本文档没有任何特定的前提条件。
本文档不限于特定的软件和硬件版本。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
注意:只有注册的思科客户端可以访问内部漏洞报告。
DHCP 提供一种机制,通过这种机制,使用传输控制协议/互联网协议 (TCP/IP) 的计算机能够通过网络自动获取协议配置参数。DHCP 是由互联网工程任务组 (IETF) 的动态主机配置工作组 (DHC-WG) 开发的开放标准。
DHCP 基于客户端-服务器模式,在该模式中,DHCP 客户端(例如台式机)联系 DHCP 服务器以获得配置参数。DHCP 服务器一般位于中心位置,并且由网络管理员进行操作。由于服务器由网络管理员负责运行,因此 DHCP 客户端可以可靠、动态地配置适合当前网络体系结构的参数。
多数企业网络由多个子网组成,这些网络分成称为虚拟 LAN (VLAN) 的多个子网络,路由器在子网络之间路由。由于路由器默认情况下不传递广播,因此每个子网都需要一台DHCP服务器,除非路由器配置为使用DHCP中继代理功能转发DHCP广播。
以下是关于 DHCP 的一些关键概念:
DHCP客户端最初没有配置IP地址,因此必须发送广播请求以从DHCP服务器获取IP地址。
默认情况下,路由器不转发广播。如果 DHCP 服务器在另一个广播域上(第 3 层 (L3) 网络),则必须能够处理客户端的 DHCP 广播请求。 该功能需使用 DHCP 中继代理执行。
Cisco 路由器实施 DHCP 中继需由接口级的 ip helper 命令来执行
情形 1:DHCP客户端和服务器网络之间的思科路由器路由
如图所示,接口Ethernet1通过接口Ethernet1将客户端广播的DHCPDISCOVER转发到192.168.2.2。DHCP服务器通过单播完成请求。在本例中无需对路由器进行其他配置。
方案 2:Cisco Catalyst交换机,带DHCP客户端和服务器网络之间的L3模块路由
如图所示,接口VLAN20通过接口VLAN10将客户端广播的DHCPDISCOVER转发到192.168.2.2。DHCP服务器通过单播完成请求。在本例中无需对路由器进行其他配置。需要将交换机端口配置为主机端口,然后启用生成树协议 (STP) Portfast,并禁用中继和信道。
DHCP最初在请求注解(RFC)1531中定义,后来被RFC 2131取代。DHCP基于RFC 951中定义的引导协议(BootP)。
工作站(主机)在启动时使用 DHCP 获取初始配置信息,例如 IP 地址、子网掩码和默认网关。使用DHCP时,您无需手动为每台主机配置IP地址。此外,如果主机移至其他 IP 子网,它使用的 IP 地址不得与先前使用的 IP 地址相同。DHCP 会自动处理此问题。它允许主机在正确的 IP 子网中选择 IP 地址。
RFC 2131 - DHCP
RFC 2132 - DHCP 选项和 BootP 厂商扩展
RFC 1534 - DHCP 和 BootP 之间的互操作
RFC 1542 - BootP 的说明与扩展
RFC 2241 - Novell 目录服务的 DHCP 选项
RFC 2242 - Netware/IP 域名和信息
RFC 2489 - 定义新 DHCP 选项的步骤
DHCP 采用客户端-服务器模式,在该模式下,一个或多个服务器(DHCP 服务器)在客户端启动时将 IP 地址和其他可选配置参数分配给客户端(主机)。在指定时间内,服务器将这些配置参数租给客户端。主机启动时,主机中的 TCP/IP 协议栈将传输广播 (DHCPDISCOVER) 消息,以获取 IP 地址和子网掩码以及其他配置参数。DHCP 服务器与主机间的交换过程随之启动。在此交换过程中,客户端将经历以下明确定义的状态:
正在初始化
正在选择
正在请求
已绑定
正在续约
正在重新绑定
要在这些状态之间移动,客户端和服务器可以交换DHCP消息表中列出的消息类型。
参考 | 邮件 | 描述 |
---|---|---|
0x01 | DHCPDISCOVER | 客户端查找可用的DHCP服务器。 |
0x02 | DHCPOFFER | 服务器响应客户端的 DHCPDISCOVER。 |
0x03 | DHCPREQUEST | 客户端向服务器广播,请求从一台服务器提供的参数,具体如数据包中所定义。 |
0x04 | DHCPDECLINE | 客户端与服务器之间的通信,表示网络地址已在使用中。 |
0x05 | DHCPACK | 服务器到客户端的通信,带有配置参数以及承诺的网络地址。 |
0x06 | DHCPNAK | 服务器到客户端的通信会拒绝配置参数请求。 |
0x07 | DHCPRELEASE | 客户端到服务器的通信,会放弃网络地址并取消剩余租期。 |
0x08 | DHCPINFORM | 客户端到服务器的通信仅要求客户端已将其外部配置为地址的本地配置参数。 |
当客户端第一次启动时,我们认为它处在初始化状态,它通过用户数据报协议 (UDP) 端口 67(BootP 服务器)在本地物理子网上传输 DHCPDISCOVER 消息。 由于客户端无法知道它所属的子网,因此DHCPDISCOVER是全子网广播(目的IP地址为255.255.255.255),源IP地址为0.0.0.0。源IP地址为0.0.0.0,因为客户端没有已配置的IP地址。如果DHCP服务器存在于此本地子网上,并且已正确配置并正常运行,则DHCP服务器会侦听广播并以DHCPOFFER消息进行响应。如果本地子网中没有 DHCP 服务器,则该本地子网中必须要有 DHCP/BootP 中继代理以将 DHCPDISCOVER 消息转发到包含 DHCP 服务器的子网。
此中继代理可以是专用主机(例如,Microsoft Windows Server)或路由器(例如,配置了接口级IP帮助程序语句的Cisco路由器)。
接收DHCPDISCOVER消息的DHCP服务器可以在UDP端口68(BootP客户端)上使用DHCPOFFER消息进行响应。 客户端接收到 DHCPOFFER,并进入选择状态。此 DHCPOFFER 消息包含客户端的初始配置信息。例如,DHCP服务器使用请求的IP地址填充DHCPOFFER消息的yiaddr字段。选项域、子网掩码和路由器选项分别指定了子网掩码和默认网关。DHCPOFFER 消息中的其他常用选项包括 IP 地址租用时间、续订时间、域名服务器和 NetBIOS 名称服务器 (WINS)。 DHCP服务器将DHCPOFFER发送到广播地址,但客户端硬件地址包含在提供的主机地址字段中,因此客户端知道它是预期目的地。如果DHCP服务器不在本地子网上,则DHCP服务器会在UDP端口67上将DHCPOFFER作为单播数据包发送回DHCPDISCOVER来自的DHCP/BootP中继代理。然后,DHCP/BootP中继代理在UDP端口68的本地子网上广播或单播DHCPOFFER,这取决于Bootp客户端设置的广播标志。
客户端收到DHCPOFFER后,会以DHCPREQUEST消息进行响应,并表明其愿意接受DHCPOFFER中的参数,然后进入请求状态。客户端可以接收多个DHCPOFFER消息,来自接收原始DHCPDISCOVER消息的每个DHCP服务器。客户端选择一个DHCPOFFER并仅对该DHCP服务器作出响应,并隐式地拒绝所有其他DHCPOFFER消息。客户端使用DHCP服务器IP地址填充Server Identifier选项字段后识别所选服务器。DHCPREQUEST也是广播,因此发送DHCPOFFER的所有DHCP服务器都会看到DHCPREQUEST,并且每台服务器都知道其DHCPOFFER是被接受还是被拒绝。客户端需要的任何其他配置选项都包含在DHCPREQUEST消息的选项字段中。即使已向客户端提供IP地址,它也会发送源IP地址为0.0.0.0的DHCPREQUEST消息。此时,客户端尚未收到可明确使用该IP地址的验证。
DHCP服务器收到DHCPREQUEST后,使用DHCPACK消息确认请求,然后完成初始化过程。DHCPACK 消息包含 DHCP 服务器的源 IP 地址,且其目标地址也是广播地址。DHCPACK 消息包含客户端在 DHCPREQUEST 消息中请求的所有参数。客户端收到 DHCPACK 后将进入已绑定状态,此时可以自由使用 IP 地址在网络上进行通信。同时,DHCP服务器将租期存储在其数据库中,并使用客户端标识符或机箱以及关联的IP地址来唯一标识租期。客户端和服务器都使用此标识符组合来引用租用。客户端标识符是设备的 MAC 地址加上介质类型。
在DHCP客户端开始使用新地址之前,DHCP客户端必须计算与租用地址关联的时间参数,即租用时间(LT)、续订时间(T1)和重新绑定时间(T2)。 一般默认的 LT 是 72 个小时。如果需要,您也可以使用较短的租用时间,以便节约地址资源。
如果所选服务器无法满足DHCPREQUEST消息,则DHCP服务器会使用DHCPNAK消息进行响应。当客户端收到DHCPNAK消息或者没有收到对DHCPREQUEST消息的响应时,客户端在进入请求状态时重新启动配置进程。客户端在60秒内至少重新传输DHCPREQUEST四次,然后才会重新启动初始化状态。
客户端接收DHCPACK,或者,对参数执行最终检查。当客户端发送地址解析协议(ARP)请求以获取DHCPACK中提供的IP地址时,将执行此过程。如果客户端在收到对ARP请求的回复时检测到该地址已在使用,则客户端会向服务器发送DHCPDECLINE消息,并在请求状态下重新启动配置过程。
如果客户端通过其他方式获得网络地址或具有手动配置的IP地址,客户端工作站可以使用DHCPINFORM请求消息获取其他本地配置参数,例如域名和域名服务器(DNS)。 当DHCP服务器收到DHCPINFORM消息时,会使用适用于客户端的任何本地配置参数构建DHCPACK消息,而不使用新的IP地址。此DHCPACK单播发送到客户端。
当DHCP客户端向DHCP服务器发送DHCPRELEASE消息时,可以选择放弃其对网络地址的租用。客户端通过在DHCPRELEASE消息中使用client identifierfield和网络地址来标识要释放的租用。如果需要扩展当前DHCP池范围,请删除当前地址池,并在DHCP池下指定新的IP地址范围。若要删除您想放置在 DHCP 池中的特定 IP 地址或特定 IP 地址范围,请使用 ip dhcp excluded-address 命令。
注意:如果设备使用的是 BOOTP,路由器的 DHCP 绑定将显示无限租期。
由于 IP 地址只是从服务器租用的,因此必须时常续订租期。当一半的租用时间到期(T1=0.5 x LT)时,客户端尝试续订租约。客户端将进入续订状态,并向保有当前租用信息的服务器发送 DHCPREQUEST 消息。如果服务器同意续订租期,则服务器会回复更新请求,并附上DHCPACK消息。DHCPACK消息包含新的租用和任何新的配置参数,以备在上一次租用期间对服务器进行任何更改时使用。如果客户端由于某种原因在持有租约时无法访问服务器,则当原始DHCP服务器在T2时间内未响应续订请求时,它会尝试从任何DHCP服务器更新地址。T2的默认值为(7/8 x LT)。 也就是说 T1 < T2 < LT。
如果客户端以前分配有DHCP的IP地址并且重新启动,则客户端会特别请求DHCPREQUEST数据包中以前租用的IP地址。此DHCPREQUEST的源IP地址仍为0.0.0.0,目标地址仍为IP广播地址255.255.255.255。
当客户端在重新启动过程中发送DHCPREQUEST时,它不能填写服务器标识符字段,而必须填写请求的IP地址选项字段。只有RFC兼容的客户端使用请求的地址填充ciaddr字段,而不是DHCP选项字段。DHCP服务器接受任一方法。DHCP服务器的行为取决于许多因素,例如Windows NT DHCP服务器的情况、使用的系统版本以及其他因素(例如超级修饰)。如果DHCP服务器确定客户端仍然可以使用所请求的IP地址,则它要么保持静默,要么发送DHCPACK来执行DHCPREQUEST。如果服务器确定客户端无法使用请求的IP地址,它会将DHCPNACK发送回客户端。然后,客户端进入Initializing状态并发送DHCPDISCOVER消息。
注意:DHCP 服务器将 IP 地址池的底部 IP 地址分配给 DHCP 客户端。在底部地址租期过期后,如果此地址再次被请求,则其将会被分配给另一客户端。您不能更改 DHCP 地址的分配顺序。
DHCP消息的长度可变,由DHCP数据包表中列出的字段组成。
注意:此数据包是原始 BootP 数据包的修订版本。
字段 | 字节 | 名称 | 描述 |
---|---|---|---|
op | 1 | OpCode | 将数据包标识为请求或应答:1=BOOTREQUEST、2=BOOTREPLY |
htype | 1 | 硬件类型 | 指定网络硬件地址类型。 |
hlen | 1 | 硬件地址长度 | 指定硬件地址的长度。 |
跳数 | 1 | 跳数 | 客户端将该值设置为零,如果通过路由器转发请求,则该值会递增。 |
xid | 4 | 事务 ID | 客户端随机选取的数值。所有针对特定 DHCP 事务交换的 DHCP 消息都使用此 ID (xid)。 |
秒 | 2 | 秒 | 指定自 DHCP 过程开始后的秒数。 |
标志 | 2 | 标志 | 指示消息是广播消息还是单播消息。 |
ciaddr | 4 | 客户端 IP 地址 | 只有当客户端知道其 IP 地址时(例如客户端处于已绑定、续订或重新绑定状态时)才能使用。 |
yiaddr | 4 | 您的 IP 地址 | 如果客户端IP地址为0.0.0.0,则DHCP服务器将提供的客户端IP地址放在此字段中。 |
siaddr | 4 | 服务器 IP 地址 | 如果客户端知道DHCP服务器的IP地址,此字段将填入DHCP服务器地址。否则,它将用在 DHCP 服务器的 DHCPOFFER 和 DHCPACK 中。 |
giaddr | 4 | 路由器 IP 地址 (GI ADDR) | 由 DHCP/BootP 中继代理填写的网关 IP 地址。 |
chaddr | 16 | 客户端 MAC 地址 | DHCP 客户端的 MAC 地址。 |
sname | 64 | 服务器名称 | 可选的服务器主机名。 |
文件 | 128 | 引导文件名称 | 引导文件的名称。 |
选项 | 变量 | 选项参数 | 可由 DHCP 服务器提供的选项参数。RFC 2132 给出了所有可能的选项。 |
数据包描述 | 源 MAC 地址 | 目标 MAC 地址 | 源 IP 地址 | 目标 IP 地址 |
---|---|---|---|---|
DHCPDISCOVER | 客户端 | 广播 | 0.0.0.0 | 255.255.255.255 |
DHCPOFFER | DHCP 服务器 | 广播 | DHCP 服务器 | 255.255.255.255 |
DHCPREQUEST | 客户端 | 广播 | 0.0.0.0 | 255.255.255.255 |
DHCPACK | DHCP 服务器 | 广播 | DHCP 服务器 | 255.255.255.255 |
默认情况下,路由器不转发广播数据包。由于DHCP客户端消息使用目的IP地址255.255.255.255(所有网络广播),因此DHCP客户端无法向不同子网上的DHCP服务器发送请求,除非路由器上配置了DHCP/BootP中继代理。DHCP/BootP中继代理代表DHCP客户端将DHCP请求转发到DHCP服务器。DHCP/BootP中继代理会将自己的IP地址附加到发往DHCP服务器的DHCP帧的源IP地址。这使得 DHCP 服务器可以通过单播响应 DHCP/BootP 中继代理。DHCP/BootP中继代理还使用从客户端接收DHCP消息的接口的IP地址填充Gateway IP address字段。DHCP 服务器使用网关 IP 地址字段确定 DHCPDISCOVER、DHCPREQUEST 或 DHCPINFORM 消息所来自的子网。
配置Cisco路由器转发BootP或DHCP请求的过程非常简单。您只需配置一个指向DHCP/BootP服务器或服务器所在网络的子网广播地址的IP帮助地址。
网络示例:
要将 BootP/DHCP 请求从客户端转发到 DHCP 服务器,可使用 ip helper-address interface 命令。可配置 IP 帮助地址以根据 UDP 端口号转发所有 UDP 广播。默认情况下,IP帮助地址转发以下UDP广播:
简单文件传输协议 (TFTP)(端口 69)
DNS(端口 53)、时间服务(端口 37)
NetBIOS 名称服务器(端口 137)
NetBIOS 数据报服务器(端口 138)
引导协议 (DHCP/BootP) 客户端和服务器数据报(端口 67 和 68)
终端访问控制器访问控制系统 (TACACS) 服务(端口 49)
IEN-116 名称服务(端口 42)
IP帮助地址可以将UDP广播定向到单播或广播IP地址。但是,由于可能出现大量广播泛洪,请勿使用IP帮助地址将UDP广播从一个子网转发到另一个子网的广播地址。也支持单个接口上的多个IP帮助地址条目:
version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router ! ! ! interface Ethernet0 ip address 192.168.2.1 255.255.255.0 no ip directed-broadcast ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.2.2 ip helper-address 192.168.2.3 !--- IP helper-address pointing to DHCP server no ip directed-broadcast ! ! ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 login ! end |
Cisco 路由器不支持在已配置为 DHCP 中继代理的 DHCP 服务器上实现负载平衡。Cisco 路由器会将 DHCPDISCOVER 消息转发到所提及的该接口的所有帮助地址。使用两台或多台DHCP服务器作为子网只会增加DHCP流量,因为DHCPDISCOVER、DHCPOFFER和DHCPREQUEST/DHCPDISCLINE消息是在每对DHCP客户端和服务器之间交换的。
有两种方式可设置手动绑定;一种适用于 Windows 主机,另一种适用于非 Windows 主机。有两种不同的用来配置的命令;一个用于Microsoft DHCP客户端,另一个用于非Microsoft DHCP客户端:DHCPclient-identifier(手动绑定 — Microsoft DHCP客户端)和DHCPhardware-address(手动绑定 — 非Microsoft DHCP客户端)。 使用两个不同命令的原因是,运行Windows的PC会修改其MAC,并且会在地址开头添加01。以下为示例配置:
这是Microsoft DHCP客户端的配置:
configure terminal ip dhcp pool new_pool host ip_address subnet_mask client-identifier 01XXXXXXXXXXXX
!--- xxxxxx represents 48 bit MAC address prepended with 01
以下是适用于非Microsoft DHCP客户端的配置:
configure terminal ip dhcp pool new_pool host ip_address subnet_mask hardware-address XXXXXXXXXXXX
!--- xxxxxx represents 48 bit MAC address
默认情况下,DHCP 对发送应答数据包有所限制,只有当接收的请求是来自配置有主 IP 地址的接口时,才会发送应答数据包。DHCP 数据流使用广播地址。路由器接口接收到 DHCP 请求后,会将其转发到具有该接口上配置的主 IP 地址的源地址的 DHCP 服务器(已配置 IP 帮助地址),使 DHCP 服务器知道在 DHCP 应答数据包中必须使用哪一个 IP 池(分配给客户端)。
路由器无法判断 DHCP 广播请求是否来自接口上配置的备用 IP 网络上的设备。应急方案是,通过配置子接口配置(前提是连接到路由器的设备支持 dot1q 标记)来分开两个子网,这样二者都可正常地获得它们各自的 IP 地址。
如果想要首选备用地址,还有另一个应急方案,就是启用全局配置命令 ip dhcp smart-relay。这个方法有所限制,即只有在对主地址池进行三次连续的请求而 DHCP 服务器均无响应的情况下,才使用备选 IP 来中继 DHCP 请求。
另一种解决方法是将辅助子网移至需要远程服务器处理DHCP请求的主子网。
下表说明了DHCP客户端从DHCP服务器获取IP地址的过程。此表是根据前面的“配置DHCP/BootP中继代理功能”网络图建模的。图中每个数值代表下表描述的数据包。使用此表了解DHCP客户端 — 服务器会话的数据包流。它还有助于确定问题发生的地点。
数据包 | 客户端 IP 地址 | 服务器 IP 地址 | GI 地址 | 数据包的源 MAC 地址 | 数据包的源 IP 地址 | 数据包的目标 MAC 地址 | 数据包的目标 IP 地址 |
---|---|---|---|---|---|---|---|
1.从客户端发送DHCPDISCOVER。 | 0.0.0.0 | 0.0.0.0 | 0.0.0.0 | 0005.DCC9.C640 | 0.0.0.0 | ffff.ffff.fffff(广播) | 255.255.255.255 |
2.路由器在E1接口上接收DHCPDISCOVER。路由器识别出此数据包为 DHCP UDP 广播。路由器现在充当DHCP/BootP中继代理,并使用传入接口IP地址填写Gateway IP address字段,将源IP地址更改为传入接口IP地址,并将请求直接转发到DHCP服务器。 | 0.0.0.0 | 0.0.0.0 | 192.168.1.1 | E2 接口的 MAC 地址 | 192.168.1.1 | DHCP 服务器的 MAC 地址 | 192.168.2.2 |
3. DHCP服务器已收到DHCPDISCOVER并向DHCP中继代理发送DHCPOFFER。 | 192.168.1.2 | 192.168.2.2 | 192.168.1.1 | DHCP 服务器的 MAC 地址 | 192.168.2.2 | E2 接口的 MAC 地址 | 192.168.1.1 |
4. DHCP中继代理接收DHCPOFFER并在本地LAN上转发DHCPOFFER广播。 | 192.168.1.2 | 192.168.2.2 | 192.168.1.1 | E1 接口的 MAC 地址 | 192.168.1.1 | ffff.ffff.ffff(广播) | 255.255.255.255 |
5.客户端发送的DHCPREQUEST。 | 0.0.0.0 | 0.0.0.0 | 0.0.0.0 | 0005.DCC9.C640 | 0.0.0.0 | ffff.ffff.fffff(广播) | 255.255.255.255 |
6.路由器在E1接口上收到DHCPREQUEST。路由器识别出此数据包为 DHCP UDP 广播。路由器现在充当DHCP中继代理,使用发送的接口IP地址填写Gateway IP address字段,将源IP地址更改为传入接口IP地址,并将请求直接转发到DHCP服务器。 | 0.0.0.0 | 0.0.0.0 | 192.168.1.1 | E2 接口的 MAC 地址 | 192.168.1.1 | DHCP 服务器的 MAC 地址 | 192.168.2.2 |
7. DHCP服务器已收到DHCPREQUEST并将DHCPACK发送到DHCP/BootP中继代理。 | 192.168.1.2 | 192.168.2.2 | 192.168.1.1 | DHCP 服务器的 MAC 地址 | 192.168.2.2 | E2 接口的 MAC 地址 | 192.168.1.1 |
8. DHCP/BootP中继代理接收DHCPACK并在本地LAN上转发DHCPACK广播。客户端接受确认并使用客户端IP地址。 | 192.168.1.2 | 192.168.2.2 | 192.168.1.1 | E1 接口的 MAC 地址 | 192.168.1.1 | ffff.ffff.ffff(广播) | 255.255.255.255 |
预执行环境(PXE)允许工作站在本地硬盘驱动器上引导系统之前从网络上的服务器引导。网络管理员无需实际接触特定工作站并手动启动该工作站。操作系统和其他软件(如诊断程序)可以通过网络从服务器加载到设备上。PXE环境使用DHCP配置其IP地址。
如果 DHCP 服务器位于网络的另一个路由段上,则必须在路由器上执行 DHCP/BootP 中继代理配置。必须在本地路由器接口上配置ip helper-address命令。有关配置信息,请参阅本文档的在Cisco IOS路由器上配置DHCP/BootP中继代理功能部分。
嗅探器跟踪示例包含六个帧。这六个帧说明了DHCP客户端和服务器位于同一物理或逻辑网段上的场景。使用以下代码示例对DHCP进行故障排除。将您的嗅探器跟踪与此示例中的跟踪进行匹配非常重要。与下一个图示踪迹相比,可能存在一些差异,但一般数据包流必须完全相同。数据包跟踪功能跟踪先前关于DHCP工作方式的讨论。
- - - - - - - - - - - - - - - - - - - - Frame 1 - DHCPDISCOVER - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 1[0.0.0.0] [255.255.255.255] 618 0:01:26.810 0.575.244 05/07/2001 11:52:03 AM DHCP: Request, Message type: DHCP Discover DLC: ----- DLC Header ----- DLC: DLC: Frame 1arrived at 11:52:03.8106; frame size is 618 (026A hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 0005DCC9C640 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 604 bytes IP: Identification = 9 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = B988 (correct) IP: Source address = [0.0.0.0] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 68 (BootPc/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 584 UDP: No checksum UDP: [576 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 1 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00000882 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [0.0.0.0] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [0.0.0.0] DHCP: Client hardware address = 0005DCC9C640 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 1 (DHCP Discover) DHCP: Maximum message size = 1152 DHCP: Client identifier = 00636973636F2D303030352E646363392E633634302D564C31 DHCP: Parameter Request List: 7 entries DHCP: 1 = Client's subnet mask DHCP: 66 = TFTP Option DHCP: 6 = Domain name server DHCP: 3 = Routers on the client's subnet DHCP: 67 = Boot File Option DHCP: 12 = Host name server DHCP: 150 = Unknown Option DHCP: Class identifier = 646F63736973312E30 DHCP: Option overload =3 (File and Sname fields hold options) DHCP: - - - - - - - - - - - - - - - - - - - - Frame 2 - DHCPOFFER - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 2[192.168.1.1] [255.255.255.255] 331 0:01:26.825 0.015.172 05/07/2001 11:52:03 AM DHCP: Reply, Message type: DHCP Offer DLC: ----- DLC Header ----- DLC: DLC: Frame 2 arrived at 11:52:03.8258; frame size is 331 (014B hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 0005DCC42484 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 317 bytes IP: Identification = 5 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = F901 (correct) IP: Source address = [192.168.1.1] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 68 (BootPc/DHCP) UDP: Length = 297 UDP: No checksum UDP: [289 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 2 (Reply) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00000882 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [192.168.1.2] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [0.0.0.0] DHCP: Client hardware address = 0005DCC9C640 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 2 (DHCP Offer) DHCP: Server IP address = [192.168.1.1] DHCP: Request IP address lease time = 85535 (seconds) DHCP: Address Renewal interval = 42767 (seconds) DHCP: Address Rebinding interval = 74843 (seconds) DHCP: Subnet mask = [255.255.255.0] DHCP: Domain Name Server address = [192.168.1.3] DHCP: Domain Name Server address = [192.168.1.4] DHCP: Gateway address = [192.168.1.1] DHCP: - - - - - - - - - - - - - - - - - - - - Frame 3 - DHCPREQUEST - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 3[0.0.0.0] [255.255.255.255] 618 0:01:26.829 0.003.586 05/07/2001 11:52:03 AM DHCP: Request, Message type: DHCP Request DLC: ----- DLC Header ----- DLC: DLC: Frame 56 arrived at 11:52:03.8294; frame size is 618 (026A hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 0005DCC9C640 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 604 bytes IP: Identification = 10 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = B987 (correct) IP: Source address = [0.0.0.0] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 68 (BootPc/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 584 UDP: No checksum UDP: [576 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 1 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00000882 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [0.0.0.0] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [0.0.0.0] DHCP: Client hardware address = 0005DCC9C640 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 3 (DHCP Request) DHCP: Maximum message size = 1152 DHCP: Client identifier = 00636973636F2D303030352E646363392E633634302D564C31 DHCP: Server IP address = [192.168.1.1] DHCP: Request specific IP address = [192.168.1.2] DHCP: Request IP address lease time = 85535 (seconds) DHCP: Parameter Request List: 7 entries DHCP: 1 = Client's subnet mask DHCP: 66 = TFTP Option DHCP: 6 = Domain name server DHCP: 3 = Routers on the client's subnet DHCP: 67 = Boot File Option DHCP: 12 = Host name server DHCP: 150 = Unknown Option DHCP: Class identifier = 646F63736973312E30 DHCP: Option overload =3 (File and Sname fields hold options) DHCP: - - - - - - - - - - - - - - - - - - - - Frame 4 - DHCPACK - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 4[192.168.1.1] [255.255.255.255] 331 0:01:26.844 0.014.658 05/07/2001 11:52:03 AM DHCP: Reply, Message type: DHCP Ack DLC: ----- DLC Header ----- DLC: DLC: Frame 57 arrived at 11:52:03.8440; frame size is 331 (014B hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 0005DCC42484 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 317 bytes IP: Identification = 6 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = F900 (correct) IP: Source address = [192.168.1.1] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 68 (BootPc/DHCP) UDP: Length = 297 UDP: No checksum UDP: [289 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 2 (Reply) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00000882 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [192.168.1.2] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [0.0.0.0] DHCP: Client hardware address = 0005DCC9C640 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 5 (DHCP Ack) DHCP: Server IP address = [192.168.1.1] DHCP: Request IP address lease time = 86400 (seconds) DHCP: Address Renewal interval = 43200 (seconds) DHCP: Address Rebinding interval = 75600 (seconds) DHCP: Subnet mask = [255.255.255.0] DHCP: Domain Name Server address = [192.168.1.3] DHCP: Domain Name Server address = [192.168.1.4] DHCP: Gateway address = [192.168.1.1] DHCP: - - - - - - - - - - - - - - - - - - - - Frame 5 - ARP - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 5 0005DCC9C640 Broadcast 60 0:01:26.846 0.002.954 05/07/2001 11:52:03 AM ARP: R PA=[192.168.1.2] HA=0005DCC9C640 PRO=IP DLC: ----- DLC Header ----- DLC: DLC: Frame 58 arrived at 11:52:03.8470; frame size is 60 (003C hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 0005DCC9C640 DLC: Ethertype = 0806 (ARP) DLC: ARP: ----- ARP/RARP frame ----- ARP: ARP: Hardware type = 1 (10Mb Ethernet) ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 2 (ARP reply) ARP: Sender's hardware address = 0005DCC9C640 ARP: Sender's protocol address = [192.168.1.2] ARP: Target hardware address = FFFFFFFFFFFF ARP: Target protocol address = [192.168.1.2] ARP: ARP: 18 bytes frame padding ARP: - - - - - - - - - - - - - - - - - - - - Frame 6 - ARP - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 6 0005DCC9C640 Broadcast 60 0:01:27.355 0.508.778 05/07/2001 11:52:04 AM ARP: R PA=[192.168.1.2] HA=0005DCC9C640 PRO=IP DLC: ----- DLC Header ----- DLC: DLC: Frame 59 arrived at 11:52:04.3557; frame size is 60 (003C hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 0005DCC9C640 DLC: Ethertype = 0806 (ARP) DLC: ARP: ----- ARP/RARP frame ----- ARP: ARP: Hardware type = 1 (10Mb Ethernet) ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 2 (ARP reply) ARP: Sender's hardware address = 0005DCC9C640 ARP: Sender's protocol address = [192.168.1.2] ARP: Target hardware address = FFFFFFFFFFFF ARP: Target protocol address = [192.168.1.2] ARP: ARP: 18 bytes frame padding ARP:
- - - - - - - - - - - - - - - - - - - - Frame 1 - DHCPDISCOVER - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 1 [0.0.0.0] [255.255.255.255] 618 0:02:05.759 0.025.369 05/31/2001 06:53:04 AM DHCP: Request, Message type: DHCP Discover DLC: ----- DLC Header ----- DLC: DLC: Frame 124 arrived at 06:53:04.2043; frame size is 618 (026A hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 0005DCF2C441 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 604 bytes IP: Identification = 183 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = B8DA (correct) IP: Source address = [0.0.0.0] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 68 (BootPc/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 584 UDP: No checksum UDP: [576 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 1 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00001425 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [0.0.0.0] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [0.0.0.0] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 1 (DHCP Discover) DHCP: Maximum message size = 1152 DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30 DHCP: Parameter Request List: 7 entries DHCP: 1 = Client's subnet mask DHCP: 6 = Domain name server DHCP: 15 = Domain name DHCP: 44 = NetBIOS over TCP/IP name server DHCP: 3 = Routers on the client's subnet DHCP: 33 = Static route DHCP: 150 = Unknown Option DHCP: Class identifier = 646F63736973312E30 DHCP: Option overload =3 (File and Sname fields hold options) DHCP: - - - - - - - - - - - - - - - - - - - - Frame 2 - DHCPOFFER - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summaryr 125 [192.168.1.1] [255.255.255.255] 347 0:02:05.772 0.012.764 05/31/2001 06:53:04 AM DHCP: Reply, Message type: DHCP Offer DLC: ----- DLC Header ----- DLC: DLC: Frame 125 arrived at 06:53:04.2171; frame size is 347 (015B hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 003094248F71 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 333 bytes IP: Identification = 45 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = F8C9 (correct) IP: Source address = [192.168.1.1] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 68 (BootPc/DHCP) UDP: Length = 313 UDP: Checksum = 8517 (correct) UDP: [305 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 2 (Reply) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00001425 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [192.168.1.2] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [192.168.1.1] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 2 (DHCP Offer) DHCP: Server IP address = [192.168.2.2] DHCP: Request IP address lease time = 99471 (seconds) DHCP: Address Renewal interval = 49735 (seconds) DHCP: Address Rebinding interval = 87037 (seconds) DHCP: Subnet mask = [255.255.255.0] DHCP: Domain Name Server address = [192.168.10.1] DHCP: Domain Name Server address = [192.168.10.2] DHCP: NetBIOS Server address = [192.168.10.1] DHCP: NetBIOS Server address = [192.168.10.3] DHCP: Domain name = "cisco.com" DHCP: - - - - - - - - - - - - - - - - - - - - Frame 3 - DHCPREQUEST - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 3 [0.0.0.0] [255.255.255.255] 618 0:02:05.774 0.002.185 05/31/2001 06:53:04 AM DHCP: Request, Message type: DHCP Request DLC: ----- DLC Header ----- DLC: DLC: Frame 126 arrived at 06:53:04.2193; frame size is 618 (026A hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station Cisc14F2C441 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 604 bytes IP: Identification = 184 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = B8D9 (correct) IP: Source address = [0.0.0.0] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 68 (BootPc/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 584 UDP: No checksum UDP: [576 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 1 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00001425 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [0.0.0.0] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [0.0.0.0] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 3 (DHCP Request) DHCP: Maximum message size = 1152 DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30 DHCP: Server IP address = [192.168.2.2] DHCP: Request specific IP address = [192.168.1.2] DHCP: Request IP address lease time = 99471 (seconds) DHCP: Parameter Request List: 7 entries DHCP: 1 = Client's subnet mask DHCP: 6 = Domain name server DHCP: 15 = Domain name DHCP: 44 = NetBIOS over TCP/IP name server DHCP: 3 = Routers on the client's subnet DHCP: 33 = Static route DHCP: 150 = Unknown Option DHCP: Class identifier = 646F63736973312E30 DHCP: Option overload =3 (File and Sname fields hold options) DHCP: - - - - - - - - - - - - - - - - - - - - Frame 4 - DHCPACK - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 4 [192.168.1.1] [255.255.255.255] 347 0:02:05.787 0.012.875 05/31/2001 06:53:04 AM DHCP: Reply, Message type: DHCP Ack DLC: ----- DLC Header ----- DLC: DLC: Frame 127 arrived at 06:53:04.2321; frame size is 347 (015B hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station 003094248F71 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 333 bytes IP: Identification = 47 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = F8C7 (correct) IP: Source address = [192.168.1.1] IP: Destination address = [255.255.255.255] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 68 (BootPc/DHCP) UDP: Length = 313 UDP: Checksum = 326F (correct) UDP: [305 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 2 (Reply) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 00001425 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [192.168.1.2] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [192.168.1.1] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 5 (DHCP Ack) DHCP: Server IP address = [192.168.2.2] DHCP: Request IP address lease time = 172800 (seconds) DHCP: Address Renewal interval = 86400 (seconds) DHCP: Address Rebinding interval = 151200 (seconds) DHCP: Subnet mask = [255.255.255.0] DHCP: Domain Name Server address = [192.168.10.1] DHCP: Domain Name Server address = [192.168.10.2] DHCP: NetBIOS Server address = [192.168.10.1] DHCP: NetBIOS Server address = [192.168.10.3] DHCP: Domain name = "cisco.com" DHCP: - - - - - - - - - - - - - - - - - - - - Frame 5 - ARP - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 5 Cisc14F2C441 Broadcast 60 0:02:05.798 0.011.763 05/31/2001 06:53:04 AM ARP: R PA=[192.168.1.2] HA=Cisc14F2C441 PRO=IP DLC: ----- DLC Header ----- DLC: DLC: Frame 128 arrived at 06:53:04.2439; frame size is 60 (003C hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station Cisc14F2C441 DLC: Ethertype = 0806 (ARP) DLC: ARP: ----- ARP/RARP frame ----- ARP: ARP: Hardware type = 1 (10Mb Ethernet) ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 2 (ARP reply) ARP: Sender's hardware address = 00E01EF2C441 ARP: Sender's protocol address = [192.168.1.2] ARP: Target hardware address = FFFFFFFFFFFF ARP: Target protocol address = [192.168.1.2] ARP: ARP: 18 bytes frame padding ARP: - - - - - - - - - - - - - - - - - - - - Frame 6 - ARP - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 5 Cisc14F2C441 Broadcast 60 0:02:05.798 0.011.763 05/31/2001 06:53:04 AM ARP: R PA=[192.168.1.2] HA=Cisc14F2C441 PRO=IP DLC: ----- DLC Header ----- DLC: DLC: Frame 128 arrived at 06:53:04.2439; frame size is 60 (003C hex) bytes. DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast DLC: Source = Station Cisc14F2C441 DLC: Ethertype = 0806 (ARP) DLC: ARP: ----- ARP/RARP frame ----- ARP: ARP: Hardware type = 1 (10Mb Ethernet) ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 2 (ARP reply) ARP: Sender's hardware address = 00E01EF2C441 ARP: Sender's protocol address = [192.168.1.2] ARP: Target hardware address = FFFFFFFFFFFF ARP: Target protocol address = [192.168.1.2] ARP: ARP: 18 bytes frame padding ARP:
- - - - - - - - - - - - - - - - - - - - Frame 1 - DHCPDISCOVER - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 118 [192.168.1.1] [192.168.2.2] 618 0:00:51.212 0.489.912 05/31/2001 07:02:54 AM DHCP: Request, Message type: DHCP Discover DLC: ----- DLC Header ----- DLC: DLC: Frame 118 arrived at 07:02:54.7463; frame size is 618 (026A hex) bytes. DLC: Destination = Station 0005DC0BF2F4 DLC: Source = Station 003094248F72 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 604 bytes IP: Identification = 52 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 3509 (correct) IP: Source address = [192.168.1.1] IP: Destination address = [192.168.2.2] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 584 UDP: Checksum = 0A19 (correct) UDP: [576 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 1 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 1 DHCP: Transaction id = 000005F4 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [0.0.0.0] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [192.168.1.1] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 1 (DHCP Discover) DHCP: Maximum message size = 1152 DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30 DHCP: Parameter Request List: 7 entries DHCP: 1 = Client's subnet mask DHCP: 6 = Domain name server DHCP: 15 = Domain name DHCP: 44 = NetBIOS over TCP/IP name server DHCP: 3 = Routers on the client's subnet DHCP: 33 = Static route DHCP: 150 = Unknown Option DHCP: Class identifier = 646F63736973312E30 DHCP: Option overload =3 (File and Sname fields hold options) DHCP: - - - - - - - - - - - - - - - - - - - - Frame 2 - DHCPOFFER - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 2 [192.168.2.2] [192.168.1.1] 347 0:00:51.214 0.002.133 05/31/2001 07:02:54 AM DHCP: Request, Message type: DHCP Offer DLC: ----- DLC Header ----- DLC: DLC: Frame 119 arrived at 07:02:54.7485; frame size is 347 (015B hex) bytes. DLC: Destination = Station 003094248F72 DLC: Source = Station 0005DC0BF2F4 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 333 bytes IP: Identification = 41 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 3623 (correct) IP: Source address = [192.168.2.2] IP: Destination address = [192.168.1.1] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 313 UDP: Checksum = A1F8 (correct) UDP: [305 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 2 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 000005F4 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [192.168.1.2] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [192.168.1.1] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 2 (DHCP Offer) DHCP: Server IP address = [192.168.2.2] DHCP: Request IP address lease time = 172571 (seconds) DHCP: Address Renewal interval = 86285 (seconds) DHCP: Address Rebinding interval = 150999 (seconds) DHCP: Subnet mask = [255.255.255.0] DHCP: Domain Name Server address = [192.168.10.1] DHCP: Domain Name Server address = [192.168.10.2] DHCP: NetBIOS Server address = [192.168.10.1] DHCP: NetBIOS Server address = [192.168.10.3] DHCP: Domain name = "cisco.com" DHCP: - - - - - - - - - - - - - - - - - - - - Frame 3 - DHCPREQUEST - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 3 [192.168.1.1] [192.168.2.2] 618 0:00:51.240 0.025.974 05/31/2001 07:02:54 AM DHCP: Request, Message type: DHCP Request DLC: ----- DLC Header ----- DLC: DLC: Frame 120 arrived at 07:02:54.7745; frame size is 618 (026A hex) bytes. DLC: Destination = Station 0005DC0BF2F4 DLC: Source = Station 003094248F72 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 604 bytes IP: Identification = 54 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 3507 (correct) IP: Source address = [192.168.1.1] IP: Destination address = [192.168.2.2] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 584 UDP: Checksum = 4699 (correct) UDP: [576 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 1 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 1 DHCP: Transaction id = 000005F4 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [0.0.0.0] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [192.168.1.1] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 3 (DHCP Request) DHCP: Maximum message size = 1152 DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30 DHCP: Server IP address = [192.168.2.2] DHCP: Request specific IP address = [192.168.1.2] DHCP: Request IP address lease time = 172571 (seconds) DHCP: Parameter Request List: 7 entries DHCP: 1 = Client's subnet mask DHCP: 6 = Domain name server DHCP: 15 = Domain name DHCP: 44 = NetBIOS over TCP/IP name server DHCP: 3 = Routers on the client's subnet DHCP: 33 = Static route DHCP: 150 = Unknown Option DHCP: Class identifier = 646F63736973312E30 DHCP: Option overload =3 (File and Sname fields hold options) DHCP: - - - - - - - - - - - - - - - - - - - - Frame 4 - DHCPACK - - - - - - - - - - - - - - - - - - - - Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 4 [192.168.2.2] [192.168.1.1] 347 0:00:51.240 0.000.153 05/31/2001 07:02:54 AM DHCP: Request, Message type: DHCP Ack DLC: ----- DLC Header ----- DLC: DLC: Frame 121 arrived at 07:02:54.7746; frame size is 347 (015B hex) bytes. DLC: Destination = Station 003094248F72 DLC: Source = Station 0005DC0BF2F4 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit IP: .... ...0 = CE bit - no congestion IP: Total length = 333 bytes IP: Identification = 42 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 3622 (correct) IP: Source address = [192.168.2.2] IP: Destination address = [192.168.1.1] IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 67 (BootPs/DHCP) UDP: Destination port = 67 (BootPs/DHCP) UDP: Length = 313 UDP: Checksum = 7DF6 (correct) UDP: [305 byte(s) of data] UDP: DHCP: ----- DHCP Header ----- DHCP: DHCP: Boot record type = 2 (Request) DHCP: Hardware address type = 1 (10Mb Ethernet) DHCP: Hardware address length = 6 bytes DHCP: DHCP: Hops = 0 DHCP: Transaction id = 000005F4 DHCP: Elapsed boot time = 0 seconds DHCP: Flags = 8000 DHCP: 1... .... .... .... = Broadcast IP datagrams DHCP: Client self-assigned IP address = [0.0.0.0] DHCP: Client IP address = [192.168.1.2] DHCP: Next Server to use in bootstrap = [0.0.0.0] DHCP: Relay Agent = [192.168.1.1] DHCP: Client hardware address = 0005DCF2C441 DHCP: DHCP: Host name = "" DHCP: Boot file name = "" DHCP: DHCP: Vendor Information tag = 63825363 DHCP: Message Type = 5 (DHCP Ack) DHCP: Server IP address = [192.168.2.2] DHCP: Request IP address lease time = 172800 (seconds) DHCP: Address Renewal interval = 86400 (seconds) DHCP: Address Rebinding interval = 151200 (seconds) DHCP: Subnet mask = [255.255.255.0] DHCP: Domain Name Server address = [192.168.10.1] DHCP: Domain Name Server address = [192.168.10.2] DHCP: NetBIOS Server address = [192.168.10.1] DHCP: NetBIOS Server address = [192.168.10.3] DHCP: Domain name = "cisco.com" DHCP:
当DHCP服务器和客户端位于同一LAN网段或VLAN上且客户端无法从DHCP服务器获取IP地址时。但是,本地路由器不太可能导致DHCP问题。此问题与连接DHCP服务器和DHCP客户端的设备有关。但是,问题可能出在DHCP服务器或客户端本身。这些模块有助于排除故障并确定导致问题的设备。
注意:要在每个VLAN上配置DHCP服务器,请为向客户端提供DHCP地址的每个VLAN定义不同的DHCP池。
当DHCP服务器和客户端位于不同的LAN网段或VLAN上时,路由器将充当DHCP/BootP中继代理,负责将DHCPREQUEST转发到DHCP服务器。对DHCP/BootP中继代理以及DHCP服务器和客户端进行故障排除需要执行其它步骤。如果跟踪这些模块,您可以确定导致问题的设备。
有些地址虽然已被从池中释放,但可能仍然被客户端占用。这可以通过 show ip dhcp conflict 命令的输出进行验证。当两台主机使用相同的 IP 地址时,就会产生地址冲突。进行地址分配时,DHCP 会通过 ping 和无故 ARP 来检查是否存在冲突。
如果检测到冲突,就会将相关地址从池中删除。直到管理员解决该冲突问题,该地址才会被分配。配置 ip dhcp conflict logging 以解决此问题。
DHCP 问题可能有多种起因。最常见的起因就是配置问题。但是,许多DHCP问题都可能是由在路由器上运行的系统、网络接口卡(NIC)驱动程序或DHCP/BootP中继代理中的软件缺陷引起的。由于存在潜在问题的区域较多,因此需要采用系统化的方法进行故障排除。
Catalyst 交换机的默认配置
DHCP/BootP 中继代理的配置
NIC 兼容问题或 DHCP 功能问题
NIC 故障或 NIC 驱动程序安装不正确
因频繁的生成树计算导致的间歇性网络中断
操作系统的行为或软件缺陷
DHCP 服务器的范围配置或软件缺陷
Cisco Catalyst交换机或Cisco IOS DHCP/BootP中继代理软件缺陷
因在非预计接口接收到 DHCP offer,造成单播反向路径转发 (uRPF) 检查失败。在接口上启用反向路径转发(RPF)功能时,Cisco路由器可以丢弃源地址为0.0.0.0且目标地址为255.255.255.255的动态主机配置协议(DHCP)和引导协议(BOOTP)数据包。路由器还可以丢弃在接口上具有组播IP目标的所有IP数据包。Cisco Bug ID CSCdw中记录了此问题31925
注意:只有注册的思科客户可以访问错误报告。
未使用DHCP数据库代理,但DHCP冲突日志记录未禁用
本过程适用于所有案例研究。
首先,验证 DHCP 客户端和服务器的物理连接。如果连接到Catalyst交换机,请验证DHCP客户端和服务器均具有物理连接。对于基于Cisco IOS的交换机(例如Catalyst 2900XL/3500XL/2950/3550),show port status 的等效命令是show interface <interface>。 如果接口的状态不是<interface>为up,线路协议为up,则端口不传输流量,甚至DHCP客户端请求也不传输。命令的输出如下:
Switch#show interface fastEthernet 0/1 FastEthernet0/1 is up, line protocol is up Hardware is Fast Ethernet, address is 0030.94dc.acc1 (bia 0030.94dc.acc1)
如果物理连接已经过验证,并且Catalyst交换机和DHCP客户端之间确实没有链路,请使用Cisco Catalyst交换机与NIC兼容性问题故障排除部分排除与物理层连接问题相关的问题。
过多的数据链路错误会导致某些Catalyst交换机上的端口进入anerrdisabledstate。有关详细信息,请参阅Cisco IOS平台上的Errdisable端口状态恢复,其中描述了errdisable状态,说明了如何从该状态恢复,并提供了从该状态恢复的示例。
B.配置客户端工作站和静态IP以测试网络连接
本过程适用于所有案例研究。
排除任何DHCP故障时,在客户端工作站上配置静态IP地址以验证网络连接非常重要。如果工作站虽然具有静态配置的IP地址,但却无法访问网络资源,则问题的根本原因不是DHCP。此时,您需要排除网络连接故障。
本过程适用于所有案例研究。
如果DHCP客户端在启动时无法从DHCP服务器获取IP地址,您可以手动强制客户端发送DHCP请求。发出后续步骤,从DHCP服务器为列出的操作系统手动获取IP地址。
Microsoft Windows 95/98/ME:
Microsoft Windows NT/2000:
如果PC完成启动过程后,DHCP客户端能够通过手动更新IP地址来获取IP地址,则问题很可能是DHCP启动问题。如果DHCP客户端连接到Cisco Catalyst交换机,则问题很可能是由涉及STP portfast和/或信道和中继的配置问题引起的。也有可能是 NIC 卡问题和交换机端口启动问题。复习步骤D和E以排除交换机端口配置和NIC卡问题是导致DHCP问题的根本原因。
如果交换机是 Catalyst 2900/4000/5000/6000,请验证端口是否启用了 STP portfast,并禁用了中继/信道。默认配置是 STP portfast 为禁用,而中继/通道功能为自动(如果适用)。对于 2900XL/3500XL/2950/3550 交换机而言,STP Portfast 是唯一需要进行的配置。这些配置更改可以解决 Catalyst 交换机初始安装导致的最常见 DHCP 客户端问题。
有关连接到Catalyst交换机时DHCP正常运行所需的交换机端口配置要求的更多文档,请参阅使用Portfast和其他命令解决工作站启动连接延迟问题。
阅读完文档后,您可以继续排除这些问题。
如果Catalyst交换机配置正确,则可能导致DHCP问题的Catalyst交换机或DHCP客户端NIC上存在软件兼容性问题。故障排除的下一个步骤是查看Cisco Catalyst交换机到NIC兼容性问题的故障排除,并排除导致该问题的Catalyst交换机或NIC的任何软件问题。
需要了解DHCP客户端操作系统以及特定网卡信息(例如制造商、型号和驱动程序版本),才能正确排除任何兼容性问题。
当客户端与DHCP服务器位于同一子网或VLAN时,必须区分DHCP是否正常工作。如果DHCP与DHCP服务器在同一子网或VLAN上正常工作,则DHCP问题主要由DHCP/BootP中继代理引起。如果即使在与DHCP服务器相同的子网或VLAN上测试DHCP时问题依然存在,则问题实际上可能出在DHCP服务器。
要验证配置,请执行以下操作:
在路由器上配置DHCP中继时,请验证ip helper-address命令是否位于正确的接口上。ip helper-address 命令必须位于 DHCP 客户端工作站的入站接口上,并且必须定向到正确的 DHCP 服务器。
验证是否存在全局配置命令 no service dhcp。此配置参数禁用路由器上的所有DHCP服务器和中继功能。默认配置service dhcp
不会显示在配置中,而是默认配置命令。如果未启用服务dhcp,客户端将不会从DHCP服务器接收IP地址。
注意:在运行较早 Cisco IOS 版本的路由器中,处理 DHCP 中继代理功能的是 ip bootp server 命令而非 service dhcp 命令。因此,如果将 ip helper-address 命令配置为转发 DHCP UDP 广播并作为代表 DHCP 客户端的 DHCP 中继代理,则需在路由器中启用 ip bootp server 命令。
no ip directed-broadcast
。阻止no ip directed-broadcast
定向广播到物理广播的任何转换。此接口配置是软件版本12.0及更高版本中的默认配置。将DHCP广播转发到DHCP服务器子网广播地址时,可能会出现软件问题。排除DHCP故障时,尝试将DHCP UDP广播转发到DHCP服务器IP地址:
version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption no service dhcp |
将 DHCP 请求从 DHCP 客户端转发到 DHCP 服务器时,DHCP 中继代理信息(选项 82)功能使得 DHCP 中继代理(Catalyst 交换机)可将有关其自身和所连接的客户端的信息包括在其中。
DHCP 服务器可利用该信息为服务提供商网络中的每个用户分配 IP 地址、执行访问控制并设置服务质量 (QoS) 和安全策略(或其他参数分配策略)。当在交换机上启用DHCP监听时,它会自动启用选项82。如果未配置DHCP服务器来处理选项82的数据包,它将停止为该请求分配地址。为了解决此问题,请使用全局配置命令no ip dhcp relay information option禁用交换机(中继代理)中的用户标识选项(82)。
DHCP 数据库代理是存储 DHCP 绑定数据库的任何主机,如 FTP、TFTP 或 RCP 服务器。您可以配置多个 DHCP 数据库代理,并且为每个代理配置每次数据库更新和转移之间的间隔。请使用 ip dhcp database 命令配置数据库代理和数据库代理参数。
如果选择不配置 DHCP 数据库代理,请在 DHCP 服务器上禁用 DHCP 地址冲突记录。执行noip dhcp conflict logging命令以禁用DHCP地址冲突日志记录。可使用 clear ip dhcp conflict 清除已记录的冲突。
如果以此方式禁用冲突日志记录失败,则会出现以下错误消息:
%DHCPD-4-DECLINE_CONFLICT: DHCP address conflict: client
当与 Cisco IP 电话连接的交换端口禁用了 Cisco 设备发现协议 (CDP) 时,DHCP 服务器无法为电话分配合适的 IP 地址。DHCP 服务器倾向于分配属于数据 VLAN/交换端口子网的 IP 地址。如果已启用 CDP,则交换机能够检测到 Cisco IP 电话对 DHCP 的请求,并提供正确的子网信息。然后,DHCP 服务器可从语音 VLAN/子网池中分配一个 IP 地址。将 dhcp 服务绑定到语音 VLAN 并没有要求明确的步骤。
在 Cisco Catalyst 6500 系列交换机上,将 DHCP 配置为监听特定 VLAN 后,将会自动创建 SVI(处于关闭状态)。此 SVI 的存在对于正确进行 DHCP 监听操作有直接影响。
运行本地Cisco IOS的Cisco Catalyst 6500系列交换机上的DHCP监听主要在路由处理器(RP或MSFC)上实施,而不是在交换机处理器(SP或Supervisor)上实施。 Cisco Catalyst 6500 系列使用 VACL 拦截硬件中的数据包,VACL 将数据包提供给 RP 预定的本地目标逻辑 (LTL)。帧进入 RP 后,在被传送到监听部分前,首先需要与 L3 接口 (SVI) IDB 关联。如果 SVI 不存在,则 IDB 也将无法存在,数据包将在 RP 处被丢弃。
当 DHCP 客户端在 DHCP 数据包内设置了广播位时,DHCP 服务器和中继代理会将 DHCP 消息发送到具有全 1 广播地址 (255.255.255.255) 的客户端。 如果已将ip broadcast-address命令配置为发送网络广播,则DHCP发送的全一广播将被覆盖。要解决此问题,请使用 ip dhcp limited-broadcast-address 命令来确保配置的网络广播不会覆盖默认 DHCP 行为。
除非在连接到客户端的路由器接口上配置了此命令,否则某些 DHCP 客户端只能接受全 1 广播并且无法获得 DHCP 地址。
使用debug命令检验路由器是否收到DHCP请求
在支持处理DHCP数据包的软件的路由器上,您可以验证路由器是否收到来自客户端的DHCP请求。如果路由器未收到来自客户端的请求,则DHCP过程会失败。在此步骤中,配置访问列表以调试输出。此访问列表仅用于调试命令,不会干扰路由器。
在全局配置模式下,输入以下访问列表:
access-list 100 permit ip host 0.0.0.0 host 255.255.255.255
在执行模式下,输入以下debug命令:
debug ip packet detail 100
Router#debug ip packet detail 100 IP packet debugging is on (detailed) for access list 100 Router# 00:16:46: IP: s=0.0.0.0 (Ethernet4/0), d=255.255.255.255, len 604, rcvd 2 00:16:46: UDP src=68, dst=67 00:16:46: IP: s=0.0.0.0 (Ethernet4/0), d=255.255.255.255, len 604, rcvd 2 00:16:46: UDP src=68, dst=67
从该输出示例可以看出,路由器主动接收来自客户端的DHCP请求。输出仅显示数据包总结信息,而不是数据包本身。因此,无法判断数据包是否正确。然而,路由器确实接收了包含正确的(对 DHCP 而言)源和目标 IP 和 UDP 端口的广播数据包。
使用debug ip udp命令检验路由器接收和转发DHCP请求
debug ip udp命令可以通过路由器跟踪DHCP请求的路径。但是,由于所有处理的交换UDP数据包都会显示到控制台,因此这种调试在生产环境中是干扰性的。此debug命令不得在生产环境中使用。
警告:debug ip udp命令具有侵入性,可能导致中央处理器(CPU)使用率过高。
在执行模式下,输入以下debug命令:debug ip udp
Router#debug ip udp UDP packet debugging is on Router# 00:18:48: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584 !--- Router receiving DHCPDISCOVER from DHCP client. 00:18:48: UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604 !--- Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP/BootP Relay Agent source IP address. 00:18:48: UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=313 !--- Router receiving DHCPOFFER from DHCP server directed to DHCP/BootP Relay Agent IP address. 00:18:48: UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=333 !--- Router forwarding DHCPOFFER from DHCP server to DHCP client via DHCP/BootP Relay Agent. 00:18:48: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584 !--- Router receiving DHCPREQUEST from DHCP client. 00:18:48: UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604 !--- Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP/BootP Relay Agent source IP address. 00:18:48: UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=313 !--- Router receiving DHCPACK (or DHCPNAK) from DHCP directed to DHCP/BootP Relay Agent IP address. 00:18:48: UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=333 !--- Router forwarding DHCPACK (or DHCPNAK) to DHCP client via DHCP/BootP Relay Agent. 00:18:48: UDP: rcvd src=192.168.1.2(520), dst=255.255.255.255(520), length=32 !--- DHCP client verifying IP address not in use by sending ARP request for its own IP address. 00:18:50: UDP: rcvd src=192.168.1.2(520), dst=255.255.255.255(520), length=32 !--- DHCP client verifying IP address not in use by sending ARP request for its own IP address.
使用debug ip dhcp server packet命令检验路由器接收和转发DHCP请求
如果路由器Cisco IOS是12.0.x.T或12.1,并且支持Cisco IOS DHCP服务器功能,则可以使用debug ip dhcp server packet命令。此调试旨在与Cisco IOS DHCP服务器功能一起使用,并用于对DHCP/BootP中继代理功能进行故障排除。与前面的步骤一样,路由器调试不能准确确定问题,因为无法查看实际数据包。但是,调试确实允许对DHCP处理进行推断。在执行模式下,输入以下debug命令:
debug ip dhcp server packet
Router#debug ip dhcp server packet 00:20:54: DHCPD: setting giaddr to 192.168.1.1. !--- Router received DHCPDISCOVER/REQUEST/INRORM and setting Gateway IP address to 192.168.1.1 for forwarding. 00:20:54: DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3065.302e.3165.6632.2e63.. !--- BOOTREQUEST includes DHCPDISCOVER, DHCPREQUEST, and DHCPINFORM. !--- 0063.6973.636f.2d30.3065.302e.3165.6632.2e63 indicates client identifier. 00:20:54: DHCPD: forwarding BOOTREPLY to client 00e0.1ef2.c441. !--- BOOTREPLY includes DHCPOFFER and DHCPNAK. !--- Client's MAC address is 00e0.1ef2.c441. 00:20:54: DHCPD: broadcasting BOOTREPLY to client 00e0.1ef2.c441. !--- Router is forwarding DHCPOFFER or DHCPNAK broadcast on local LAN interface. 00:20:54: DHCPD: setting giaddr to 192.168.1.1. !--- Router received DHCPDISCOVER/REQUEST/INFORM and set Gateway IP address to 192.168.1.1 for forwarding. 00:20:54: DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3065.302e.3165.6632.2e63.. !--- BOOTREQUEST includes DHCPDISCOVER, DHCPREQUEST, and DHCPINFORM. !--- 0063.6973.636f.2d30.3065.302e.3165.6632.2e63 indicates client identifier. 00:20:54: DHCPD: forwarding BOOTREPLY to client 00e0.1ef2.c441. !--- BOOTREPLY includes DHCPOFFER and DHCPNAK. !--- Client's MAC address is 00e0.1ef2.c441. 00:20:54: DHCPD: broadcasting BOOTREPLY to client 00e0.1ef2.c441. !--- Router is forwarding DHCPOFFER or DHCPNAK broadcast on local LAN interface.
同时运行多个调试
当同时运行多个调试时,可以发现有关DHCP/BootP中继代理和服务器运行的大量信息。如果使用上述大纲进行故障排除,可以推断DHCP/BootP中继代理功能无法正常运行的位置。
IP: s=0.0.0.0 (Ethernet0), d=255.255.255.255, len 604, rcvd 2 UDP src=68, dst=67 UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584 DHCPD: setting giaddr to 192.168.1.1. UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604 IP: s=192.168.1.1 (local), d=192.168.2.2 (Ethernet1), len 604, sending UDP src=67, dst=67 DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30 forwarded to 192.168.2.2. IP: s=192.168.2.2 (Ethernet1), d=192.168.1.1, len 328, rcvd 4 UDP src=67, dst=67 UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=308 DHCPD: forwarding BOOTREPLY to client 0000.0000.0001. DHCPD: broadcasting BOOTREPLY to client 0000.0000.0001. UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=328 IP: s=0.0.0.0 (Ethernet0), d=255.255.255.255, len 604, rcvd 2 UDP src=68, dst=67 UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584 DHCPD: setting giaddr to 192.168.1.1. UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604 IP: s=192.168.1.1 (local), d=192.168.2.2 (Ethernet1), len 604, sending UDP src=67, dst=67 DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30 forwarded to 192.168.2.2. IP: s=192.168.2.2 (Ethernet1), d=192.168.1.1, len 328, rcvd 4 UDP src=67, dst=67 UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=308 DHCPD: forwarding BOOTREPLY to client 0000.0000.0001. DHCPD: broadcasting BOOTREPLY to client 0000.0000.0001. UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=328.
获取嗅探器踪迹并且确定 DHCP 问题的根本原因
复习同一LAN网段上DHCP客户端和服务器的解码嗅探器跟踪和被配置为DHCP中继代理的路由器分隔的DHCP客户端和服务器的解码嗅探器跟踪部分
破解DHCP数据包跟踪。
有关如何在Catalyst交换机上使用交换端口分析器(SPAN)功能获取嗅探器跟踪的信息,请参阅配置Catalyst交换端口分析器(SPAN)配置示例。
路由器上使用Debug协议进行数据包解码的另一种方法
使用Cisco路由器上的debug ip packet detail dump <acl> 命令,系统日志或命令行界面(CLI)中可能会以十六进制显示整个数据包。 查看Verify Router Receives DHCP Request with debug Commands和Verify Router Receives DHCP Request and Forwards Request to DHCP Server with debug Commands部分,以及添加到访问列表的dump关键字,以获得相同的调试信息,但数据包详细信息以十六进制显示。要确定数据包的内容,需要转换数据包。附录 A 中提供了相关示例。
DHCP 服务器数据库为树状结构。树根是自然网络的地址池,树枝是子网络地址池,树叶是客户端的手动绑定。子网继承网络参数,客户端继承子网参数。因此,必须在树的最高(网络或子网)级别配置通用参数,例如域名。
有关如何配置DHCP及与其关联的命令的详细信息,请参阅DHCP配置任务列表。
version 12.1 ! service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable password cisco ip subnet-zero no ip domain-lookup ip dhcp excluded-address 10.10.1.1 10.10.1.199 !--- Address range excluded from DHCP pools. ip dhcp pool test_dhcp !--- DHCP pool (scope) name is test_dhcp. network 10.10.1.0 255.255.255.0 !--- DHCP pool (address will be assigned in this range) for associated Gateway IP address. default-router 10.10.1.1 !--- DHCP option for default gateway. dns-server 10.30.1.1 !--- DHCP option for DNS server(s). netbios-name-server 10.40.1.1 !--- DHCP option for NetBIOS name server(s) (WINS). lease 0 0 1 !--- Lease time. interface Ethernet0 description DHCP Client Network ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ! interface Ethernet1 description Server Network ip address 10.10.2.1 255.255.255.0 no ip directed-broadcast ! line con 0 transport input none line aux 0 transport input all line vty 0 4 login ! end |
注意:请注意,命令subnet prefix-length对DHCP池的正常运行不是必需的。此命令的使用重点是需要子网分配池的场景,有关此命令的详细信息,请参阅配置DHCP服务器按需地址池管理器文档中的子网分配服务器操作部分。
版本 | 发布日期 | 备注 |
---|---|---|
2.0 |
22-Sep-2023 |
重新认证 |
1.0 |
07-Feb-2014 |
初始版本 |