排查企业网络中的 DHCP 故障

简介

本文档介绍如何解决 Cisco Catalyst 交换机网络中动态主机配置协议 (DHCP) 的几个常见问题。

先决条件

要求

本文档没有任何特定的前提条件。

使用的组件

本文档不限于特定的软件和硬件版本。

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。

规则

有关文档规则的详细信息，请参阅 Cisco 技术提示规则。

注意：只有已注册的思科客户端可以访问内部漏洞报告。

背景信息

DHCP 提供一种机制，通过这种机制，使用传输控制协议/互联网协议 (TCP/IP) 的计算机能够通过网络自动获取协议配置参数。DHCP 是由互联网工程任务组 (IETF) 的动态主机配置工作组 (DHC-WG) 开发的开放标准。

DHCP 基于客户端-服务器模式，在该模式中，DHCP 客户端（例如台式机）联系 DHCP 服务器以获得配置参数。DHCP 服务器一般位于中心位置，并且由网络管理员进行操作。由于服务器由网络管理员负责运行，因此 DHCP 客户端可以可靠、动态地配置适合当前网络体系结构的参数。

多数企业网络由多个子网组成，这些网络分成称为虚拟 LAN (VLAN) 的多个子网络，路由器在子网络之间路由。由于默认情况下路由器不传递广播，因此每个子网都需要DHCP服务器，除非将路由器配置为使用DHCP中继代理功能转发DHCP广播。

关键概念

以下是关于 DHCP 的一些关键概念：

• DHCP客户端最初没有配置IP地址，因此必须发送广播请求以从DHCP服务器获取IP地址。

• 默认情况下，路由器不转发广播。如果 DHCP 服务器在另一个广播域上（第 3 层 (L3) 网络），则必须能够处理客户端的 DHCP 广播请求。该功能需使用 DHCP 中继代理执行。

• Cisco 路由器实施 DHCP 中继需由接口级的 ip helper 命令来执行

示例情景

场景1：Cisco路由器在DHCP客户端网络与DHCP服务器网络之间进行路由

如图所示，接口Ethernet1通过接口Ethernet1将客户端广播的DHCPDISCOVER转发到192.168.2.2。DHCP 服务器通过单播满足请求。在本例中无需对路由器进行其他配置。

在DHCP客户端网络与服务器网络之间进行路由

场景2：带有L3模块的Cisco Catalyst交换机在DHCP客户端网络与DHCP服务器网络之间路由

如图所示，接口VLAN20通过接口VLAN10将客户端广播的DHCPDISCOVER转发到192.168.2.2。DHCP 服务器通过单播满足请求。在本例中无需对路由器进行其他配置。需要将交换机端口配置为主机端口，然后启用生成树协议 (STP) Portfast，并禁用中继和信道。

L3模块在DHCP客户端网络与服务器网络之间的路由

了解DHCP

DHCP最初在请求注解(RFC) 1531 中进行了定义，但该定义已经过时，最新的定义可在RFC 2131 中找到。 DHCP 基于 RFC 951 中定义的引导协议 (BootP)。

工作站（主机）在启动时使用 DHCP 获取初始配置信息，例如 IP 地址、子网掩码和默认网关。使用DHCP时，您无需手动为每台主机配置IP地址。此外，如果主机移至其他 IP 子网，它使用的 IP 地址不得与先前使用的 IP 地址相同。DHCP 会自动处理此问题。它允许主机在正确的 IP 子网中选择 IP 地址。

当前的 DHCP RFC 参考

• RFC 2131 - DHCP

• RFC 2132 - DHCP 选项和 BootP 厂商扩展

• RFC 1534 - DHCP 和 BootP 之间的互操作

• RFC 1542 - BootP 的说明与扩展

• RFC 2241 - Novell 目录服务的 DHCP 选项

• RFC 2242 - Netware/IP 域名和信息

• RFC 2489 - 定义新 DHCP 选项的步骤

DHCP 采用客户端-服务器模式，在该模式下，一个或多个服务器（DHCP 服务器）在客户端启动时将 IP 地址和其他可选配置参数分配给客户端（主机）。在指定时间内，服务器将这些配置参数租给客户端。主机启动时，主机中的 TCP/IP 协议栈将传输广播 (DHCPDISCOVER) 消息，以获取 IP 地址和子网掩码以及其他配置参数。DHCP 服务器与主机间的交换过程随之启动。在此交换过程中，客户端会经过这些明确定义的状态：

1. 正在初始化

2. 正在选择

3. 正在请求

4. 已绑定

5. 正在续约

6. 正在重新绑定

要在这些状态之间移动，客户端和服务器可以交换DHCP消息表中列出的消息类型。

DHCP 消息表

DHCPDISCOVER

当客户端第一次启动时，我们认为它处在初始化状态，它通过用户数据报协议 (UDP) 端口 67（BootP 服务器）在本地物理子网上传输 DHCPDISCOVER 消息。由于客户端无法知道它属于哪个子网，因此DHCPDISCOVER是全子网广播（目的IP地址为255.255.255.255），源IP地址为0.0.0.0。由于客户端没有配置IP地址，因此源IP地址为0.0.0.0。如果DHCP服务器位于此本地子网上，并且已正确配置并正常运行，则DHCP服务器将监听广播并以DHCPOFFER消息做出响应。如果本地子网中没有 DHCP 服务器，则该本地子网中必须要有 DHCP/BootP 中继代理以将 DHCPDISCOVER 消息转发到包含 DHCP 服务器的子网。

此中继代理可以是专用主机（例如，Microsoft Windows Server）或路由器（例如，配置了接口级IP帮助语句的Cisco路由器）。

DHCPOFFER

接收DHCPDISCOVER消息的DHCP服务器可在UDP端口68（BootP客户端）上使用DHCPOFFER消息做出响应。客户端接收到 DHCPOFFER，并进入选择状态。此 DHCPOFFER 消息包含客户端的初始配置信息。例如，DHCP服务器使用请求的IP地址填充DHCPOFFER消息的yiaddr字段。选项域、子网掩码和路由器选项分别指定了子网掩码和默认网关。DHCPOFFER 消息中的其他常用选项包括 IP 地址租用时间、续订时间、域名服务器和 NetBIOS 名称服务器 (WINS)。DHCP服务器将DHCPOFFER发送到广播地址，但客户端硬件地址包含在提供的主机地址字段中，因此客户端知道它是预期目的地。如果DHCP服务器不在本地子网上，DHCP服务器将在UDP端口67上将DHCPOFFER作为单播数据包发送回DHCPDISCOVER来自的DHCP/BootP中继代理。然后，DHCP/BootP中继代理在UDP端口68的本地子网上广播或单播DHCPOFFER，这取决于Bootp客户端设置的广播标记。

DHCPREQUEST

客户端收到DHCPOFFER后，会以DHCPREQUEST消息做出响应，并表明其愿意接受DHCPOFFER中的参数，然后进入请求状态。客户端可以接收多个DHCPOFFER消息，从接收原始DHCPDISCOVER消息的每个DHCP服务器接收一个。客户端选择一个DHCPOFFER并仅对该DHCP服务器作出响应，并隐式拒绝所有其他DHCPOFFER消息。客户端使用DHCP服务器IP地址填充Server Identifier选项字段后，将标识所选服务器。DHCPREQUEST也是广播，因此所有发送DHCPOFFER的DHCP服务器都会看到DHCPREQUEST，并且每台服务器都知道其DHCPOFFER是被接受还是被拒绝。客户端需要的任何其他配置选项都包含在DHCPREQUEST消息的选项字段中。即使已为客户端提供IP地址，它也会发送源IP地址为0.0.0.0的DHCPREQUEST消息。此时，客户端还没有收到使用 IP 地址的明确确认。

DHCPACK

DHCP服务器收到DHCPREQUEST后，用DHCPACK消息确认请求，然后完成初始化过程。DHCPACK 消息包含 DHCP 服务器的源 IP 地址，且其目标地址也是广播地址。DHCPACK 消息包含客户端在 DHCPREQUEST 消息中请求的所有参数。客户端收到 DHCPACK 后将进入已绑定状态，此时可以自由使用 IP 地址在网络上进行通信。同时，DHCP服务器将租期存储在其数据库中，并用客户端标识符或机箱以及关联的IP地址唯一标识租期。客户端和服务器都使用标识符的组合来引用租用。客户端标识符是设备的 MAC 地址加上介质类型。

在DHCP客户端开始使用新地址之前，DHCP客户端必须计算与租用地址关联的时间参数，即租用时间(LT)、续订时间(T1)和重新绑定时间(T2)。一般默认的 LT 是 72 个小时。如果需要，您也可以使用较短的租用时间，以便节约地址资源。

DHCPNAK

如果所选服务器无法满足DHCPREQUEST消息，DHCP服务器将以DHCPNAK消息做出响应。当客户端收到DHCPNAK消息或没有收到对DHCPREQUEST消息的响应时，客户端在进入请求状态时重新启动配置过程。客户端在60秒内至少重新传输DHCPREQUEST四次，然后才会重新启动初始化状态。

DHCPDECLINE

客户端接收DHCPACK，或者对参数执行最终检查。当客户端发送地址解析协议(ARP)请求以获取DHCPACK中提供的IP地址时，将执行此过程。如果客户端在收到对ARP请求的回复时检测到地址已在使用，客户端将向服务器发送DHCPDECLINE消息，并在请求状态下重新启动配置过程。

DHCPINFORM

如果客户端通过其他方式获得网络地址或手动配置IP地址，客户端工作站可以使用DHCPINFORM请求消息获取其他本地配置参数，例如域名和域名服务器(DNS)。当DHCP服务器收到DHCPINFORM消息时，会构建一条包含适用于客户端且没有新IP地址的本地配置参数的DHCPACK消息。此DHCPACK单播发送到客户端。

DHCPRELEASE

当DHCP客户端向DHCP服务器发送DHCPRELEASE消息时，可以选择放弃其对网络地址的租用。客户端在DHCPRELEASE消息中使用client identifierfield和网络地址来标识要释放的租期。如果需要扩展当前DHCP池范围，请删除当前地址池，并在DHCP池下指定新的IP地址范围。若要删除您想放置在 DHCP 池中的特定 IP 地址或特定 IP 地址范围，请使用 ip dhcp excluded-address 命令。

注意：如果设备使用BOOTP，路由器的DHCP绑定中将显示无限长度的租用。

续租合同

由于 IP 地址只是从服务器租用的，因此必须时常续订租期。当租用时间的一半到期(T1=0.5 x LT)时，客户端会尝试续订租期。客户端将进入续订状态，并向保有当前租用信息的服务器发送 DHCPREQUEST 消息。如果服务器同意续订租期，则使用DHCPACK消息回复续订请求。DHCPACK消息包含新的租用和任何新的配置参数，如果在上次租用期间对服务器进行了任何更改。如果客户端由于某种原因无法到达租用服务器，则在原始DHCP服务器未在T2时间内响应续订请求后，它尝试从任何DHCP服务器续订地址。T2 的默认值是 (7/8 x LT)。也就是说 T1 < T2 < LT。

如果客户端之前有一个DHCP分配的IP地址并且重新启动，则客户端会特别在DHCPREQUEST数据包中请求先前租用的IP地址。此DHCPREQUEST的源IP地址仍为0.0.0.0，目标地址仍为IP广播地址255.255.255.255。

当客户端在重新启动过程中发送DHCPREQUEST时，它不能填写服务器标识符字段，而必须填写请求的IP地址选项字段。只有RFC兼容的客户端使用请求的地址填充ciaddr字段，而不是DHCP选项字段。DHCP服务器接受任一方法。DHCP服务器的行为取决于许多因素，例如，对于Windows NT DHCP服务器，使用的系统版本以及其他因素，例如超级作用域。如果DHCP服务器确定客户端仍然可以使用请求的IP地址，则它要么保持静默，要么为DHCPREQUEST发送DHCPACK。如果服务器确定客户端无法使用请求的IP地址，它会向客户端发回DHCPNACK。然后，客户端进入“正在初始化”状态并发送DHCPDISCOVER消息。

注意：DHCP服务器将IP地址池中的底部IP地址分配给DHCP客户端。在底部地址租期过期后，如果此地址再次被请求，则其将会被分配给另一客户端。您不能更改 DHCP 地址的分配顺序。

DHCP数据包表

DHCP消息的长度可变，由DHCP数据包表中列出的字段组成。

注意：此数据包是原始BootP数据包的修改版本。

客户端和DHCP服务器位于同一子网时，用于获取DHCP地址的客户端的客户端-服务器会话

DHCP/BootP 中继代理的角色

默认情况下，路由器不转发广播数据包。由于DHCP客户端消息使用目的IP地址255.255.255.255（所有网络广播），因此DHCP客户端无法向不同子网上的DHCP服务器发送请求，除非路由器上配置了DHCP/BootP中继代理。DHCP/BootP中继代理代表DHCP客户端将DHCP请求转发到DHCP服务器。DHCP/BootP中继代理会将自己的IP地址附加到发往DHCP服务器的DHCP帧的源IP地址。这使得 DHCP 服务器可以通过单播响应 DHCP/BootP 中继代理。DHCP/BootP中继代理还会使用接收来自客户端的DHCP消息的接口的IP地址填充Gateway IP address字段。DHCP 服务器使用网关 IP 地址字段确定 DHCPDISCOVER、DHCPREQUEST 或 DHCPINFORM 消息所来自的子网。

在Cisco IOS^®路由器上配置DHCP/BootP中继代理功能

配置Cisco路由器转发BootP或DHCP请求的过程很简单。您只需配置一个指向DHCP/BootP服务器或服务器所在网络的子网广播地址的IP帮助地址。

网络示例：

DHCP/BootP中继代理

要将 BootP/DHCP 请求从客户端转发到 DHCP 服务器，可使用 ip helper-address interface 命令。可配置 IP 帮助地址以根据 UDP 端口号转发所有 UDP 广播。默认情况下，IP帮助地址转发以下UDP广播：

• 简单文件传输协议 (TFTP)（端口 69）

• DNS（端口 53）、时间服务（端口 37）

• NetBIOS 名称服务器（端口 137）

• NetBIOS 数据报服务器（端口 138）

• 引导协议 (DHCP/BootP) 客户端和服务器数据报（端口 67 和 68）

• 终端访问控制器访问控制系统 (TACACS) 服务（端口 49）

• IEN-116 名称服务（端口 42）

IP helper-address可以将UDP广播定向到单播或广播IP地址。但是，由于可能发生大量广播泛洪，请勿使用IP helper-address将UDP广播从一个子网转发到另一个子网的广播地址。还支持单个接口上的多个IP帮助地址条目：

version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
!
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
no ip directed-broadcast
! 
interface Ethernet1
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.2.2 
ip helper-address 192.168.2.3 

!--- IP helper-address pointing to DHCP server

no ip directed-broadcast
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
login
!
end 

Cisco 路由器不支持在已配置为 DHCP 中继代理的 DHCP 服务器上实现负载平衡。Cisco 路由器会将 DHCPDISCOVER 消息转发到所提及的该接口的所有帮助地址。使用两台或多台DHCP服务器为子网提供服务只会增加DHCP流量，因为DHCPDISCOVER、DHCPOFFER和DHCPREQUEST/DHCPDISCATE消息会在每对DHCP客户端和服务器之间交换。

设置手动绑定

设置手动绑定有两种方法：一种用于Windows主机，另一种用于非Windows主机。有两个不同的命令可用于配置；一个用于Microsoft DHCP客户端，另一个用于非Microsoft DHCP客户端：DHCPclient-identifier（手动绑定- Microsoft DHCP客户端）和DHCPhardware-address（手动绑定-非Microsoft DHCP客户端）。采用两种不同的命令是因为运行Windows的计算机会修改本机的MAC地址，即在地址的起始处加上01。以下为示例配置：

• 以下是Microsoft DHCP客户端的配置：

configure terminal
ip dhcp pool new_pool
host ip_address subnet_mask
client-identifier 01XXXXXXXXXXXX

!--- xxxxxx represents 48 bit MAC address prepended with 01

• 以下是非Microsoft DHCP客户端的配置：

  configure terminal
  ip dhcp pool new_pool
  host ip_address subnet_mask
  hardware-address XXXXXXXXXXXX
  
  !--- xxxxxx represents 48 bit MAC address

如何使 DHCP 在备用 IP 分段工作

默认情况下，DHCP 对发送应答数据包有所限制，只有当接收的请求是来自配置有主 IP 地址的接口时，才会发送应答数据包。DHCP 数据流使用广播地址。路由器接口接收到 DHCP 请求后，会将其转发到具有该接口上配置的主 IP 地址的源地址的 DHCP 服务器（已配置 IP 帮助地址），使 DHCP 服务器知道在 DHCP 应答数据包中必须使用哪一个 IP 池（分配给客户端）。

路由器无法判断 DHCP 广播请求是否来自接口上配置的备用 IP 网络上的设备。应急方案是，通过配置子接口配置（前提是连接到路由器的设备支持 dot1q 标记）来分开两个子网，这样二者都可正常地获得它们各自的 IP 地址。

如果想要首选备用地址，还有另一个应急方案，就是启用全局配置命令 ip dhcp smart-relay。这个方法有所限制，即只有在对主地址池进行三次连续的请求而 DHCP 服务器均无响应的情况下，才使用备选 IP 来中继 DHCP 请求。

使用 DHCP 中继功能的 DHCP 客户端服务器会话

下表说明了DHCP客户端从DHCP服务器获取IP地址的过程。下表是根据前面的“配置DHCP/BootP中继代理功能”网络图建立的。图中的每个数字值都表示下表中描述的数据包。使用下表了解DHCP客户端-服务器会话的数据包流。它还有助于确定问题发生的位置。

DHCP客户端获取IP地址的过程

预执行环境(PXE)启动DHCP注意事项

预执行环境(PXE)允许工作站在本地硬盘引导系统之前从网络上的服务器引导。网络管理员无需实际接触特定工作站并手动启动该工作站。可以通过网络将操作系统和其他软件（如诊断程序）从服务器加载到设备上。PXE环境使用DHCP配置其IP地址。

如果 DHCP 服务器位于网络的另一个路由段上，则必须在路由器上执行 DHCP/BootP 中继代理配置。必须对本地路由器接口的ip helper-address命令进行配置。有关配置信息，请参阅本文档的在Cisco IOS路由器上配置DHCP/BootP中继代理功能部分。

使用嗅探器踪迹了解和排除DHCP故障

解码同一LAN段上的DHCP客户端和服务器的嗅探器踪迹

DHCP客户端和服务器位于同一LAN网段上的网络拓扑

嗅探器跟踪示例包含六个帧。这六个帧说明了DHCP客户端和服务器位于同一物理或逻辑网段的情况。使用下一个代码示例排除DHCP故障。将您的嗅探器踪迹与此示例中的踪迹进行匹配非常重要。与下面显示的跟踪数据相比，可能存在一些差异，但一般数据包流必须完全相同。数据包跟踪功能跟踪之前有关DHCP工作原理的讨论。

- - - - - - - - - - - - - - - - - - - - Frame 1 - DHCPDISCOVER - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
1[0.0.0.0] [255.255.255.255] 618 0:01:26.810 0.575.244 05/07/2001 11:52:03 AM DHCP: Request, 
 Message type: DHCP Discover
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 1arrived at 11:52:03.8106; frame size is 618 (026A hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 0005DCC9C640
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 604 bytes
IP: Identification = 9
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = B988 (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 68 (BootPc/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 584
UDP: No checksum
UDP: [576 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 1 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00000882
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [0.0.0.0]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [0.0.0.0]
DHCP: Client hardware address = 0005DCC9C640
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 1 (DHCP Discover)
DHCP: Maximum message size = 1152
DHCP: Client identifier = 00636973636F2D303030352E646363392E633634302D564C31
DHCP: Parameter Request List: 7 entries
DHCP: 1 = Client's subnet mask
DHCP: 66 = TFTP Option
DHCP: 6 = Domain name server
DHCP: 3 = Routers on the client's subnet
DHCP: 67 = Boot File Option
DHCP: 12 = Host name server
DHCP: 150 = Unknown Option
DHCP: Class identifier = 646F63736973312E30
DHCP: Option overload =3 (File and Sname fields hold options)
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 2 - DHCPOFFER - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
2[192.168.1.1] [255.255.255.255] 331 0:01:26.825 0.015.172 05/07/2001 11:52:03 AM DHCP: Reply, 
	Message type: DHCP Offer
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 2 arrived at 11:52:03.8258; frame size is 331 (014B hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 0005DCC42484
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 317 bytes
IP: Identification = 5
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = F901 (correct)
IP: Source address = [192.168.1.1]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 68 (BootPc/DHCP)
UDP: Length = 297
UDP: No checksum
UDP: [289 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 2 (Reply)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00000882
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [192.168.1.2]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [0.0.0.0]
DHCP: Client hardware address = 0005DCC9C640
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 2 (DHCP Offer)
DHCP: Server IP address = [192.168.1.1]
DHCP: Request IP address lease time = 85535 (seconds)
DHCP: Address Renewal interval = 42767 (seconds)
DHCP: Address Rebinding interval = 74843 (seconds)
DHCP: Subnet mask = [255.255.255.0]
DHCP: Domain Name Server address = [192.168.1.3]
DHCP: Domain Name Server address = [192.168.1.4]
DHCP: Gateway address = [192.168.1.1]
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 3 - DHCPREQUEST - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
3[0.0.0.0] [255.255.255.255] 618 0:01:26.829 0.003.586 05/07/2001 11:52:03 AM DHCP: Request, 
	Message type: DHCP Request
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 56 arrived at 11:52:03.8294; frame size is 618 (026A hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 0005DCC9C640
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 604 bytes
IP: Identification = 10
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = B987 (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 68 (BootPc/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 584
UDP: No checksum
UDP: [576 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 1 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00000882
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [0.0.0.0]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [0.0.0.0]
DHCP: Client hardware address = 0005DCC9C640
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 3 (DHCP Request)
DHCP: Maximum message size = 1152
DHCP: Client identifier = 00636973636F2D303030352E646363392E633634302D564C31
DHCP: Server IP address = [192.168.1.1]
DHCP: Request specific IP address = [192.168.1.2]
DHCP: Request IP address lease time = 85535 (seconds)
DHCP: Parameter Request List: 7 entries
DHCP: 1 = Client's subnet mask
DHCP: 66 = TFTP Option
DHCP: 6 = Domain name server
DHCP: 3 = Routers on the client's subnet
DHCP: 67 = Boot File Option
DHCP: 12 = Host name server
DHCP: 150 = Unknown Option
DHCP: Class identifier = 646F63736973312E30
DHCP: Option overload =3 (File and Sname fields hold options)
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 4 - DHCPACK - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
4[192.168.1.1] [255.255.255.255] 331 0:01:26.844 0.014.658 05/07/2001 11:52:03 AM DHCP: Reply, 
 Message type: DHCP Ack
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 57 arrived at 11:52:03.8440; frame size is 331 (014B hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 0005DCC42484
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 317 bytes
IP: Identification = 6
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = F900 (correct)
IP: Source address = [192.168.1.1]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 68 (BootPc/DHCP)
UDP: Length = 297
UDP: No checksum
UDP: [289 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 2 (Reply)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00000882
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [192.168.1.2]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [0.0.0.0]
DHCP: Client hardware address = 0005DCC9C640
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 5 (DHCP Ack)
DHCP: Server IP address = [192.168.1.1]
DHCP: Request IP address lease time = 86400 (seconds)
DHCP: Address Renewal interval = 43200 (seconds)
DHCP: Address Rebinding interval = 75600 (seconds)
DHCP: Subnet mask = [255.255.255.0]
DHCP: Domain Name Server address = [192.168.1.3]
DHCP: Domain Name Server address = [192.168.1.4]
DHCP: Gateway address = [192.168.1.1]
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 5 - ARP - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
5 0005DCC9C640 Broadcast 60 0:01:26.846 0.002.954 05/07/2001 11:52:03 AM ARP: R PA=[192.168.1.2] 
 HA=0005DCC9C640 PRO=IP
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 58 arrived at 11:52:03.8470; frame size is 60 (003C hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 0005DCC9C640
DLC: Ethertype = 0806 (ARP)
DLC: 
ARP: ----- ARP/RARP frame -----
ARP: 
ARP: Hardware type = 1 (10Mb Ethernet)
ARP: Protocol type = 0800 (IP)
ARP: Length of hardware address = 6 bytes
ARP: Length of protocol address = 4 bytes
ARP: Opcode 2 (ARP reply)
ARP: Sender's hardware address = 0005DCC9C640
ARP: Sender's protocol address = [192.168.1.2]
ARP: Target hardware address = FFFFFFFFFFFF
ARP: Target protocol address = [192.168.1.2]
ARP: 
ARP: 18 bytes frame padding
ARP: 

- - - - - - - - - - - - - - - - - - - - Frame 6 - ARP - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
6 0005DCC9C640 Broadcast 60 0:01:27.355 0.508.778 05/07/2001 11:52:04 AM ARP: R PA=[192.168.1.2]  
 HA=0005DCC9C640 PRO=IP
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 59 arrived at 11:52:04.3557; frame size is 60 (003C hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 0005DCC9C640
DLC: Ethertype = 0806 (ARP)
DLC: 
ARP: ----- ARP/RARP frame -----
ARP: 
ARP: Hardware type = 1 (10Mb Ethernet)
ARP: Protocol type = 0800 (IP)
ARP: Length of hardware address = 6 bytes
ARP: Length of protocol address = 4 bytes
ARP: Opcode 2 (ARP reply)
ARP: Sender's hardware address = 0005DCC9C640
ARP: Sender's protocol address = [192.168.1.2]
ARP: Target hardware address = FFFFFFFFFFFF
ARP: Target protocol address = [192.168.1.2]
ARP: 
ARP: 18 bytes frame padding
ARP: 

解码被配置为DHCP中继代理的路由器分隔的DHCP客户端和服务器的嗅探器踪迹

嗅探器 B 踪迹

- - - - - - - - - - - - - - - - - - - - Frame 1 - DHCPDISCOVER - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
1 [0.0.0.0] [255.255.255.255] 618 0:02:05.759 0.025.369 05/31/2001 06:53:04 AM DHCP: Request, 
 Message type: DHCP Discover
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 124 arrived at 06:53:04.2043; frame size is 618 (026A hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 0005DCF2C441
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 604 bytes
IP: Identification = 183
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = B8DA (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 68 (BootPc/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 584
UDP: No checksum
UDP: [576 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 1 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00001425
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [0.0.0.0]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [0.0.0.0]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 1 (DHCP Discover)
DHCP: Maximum message size = 1152
DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30
DHCP: Parameter Request List: 7 entries
DHCP: 1 = Client's subnet mask
DHCP: 6 = Domain name server
DHCP: 15 = Domain name
DHCP: 44 = NetBIOS over TCP/IP name server
DHCP: 3 = Routers on the client's subnet
DHCP: 33 = Static route
DHCP: 150 = Unknown Option
DHCP: Class identifier = 646F63736973312E30
DHCP: Option overload =3 (File and Sname fields hold options)
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 2 - DHCPOFFER - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summaryr
125 [192.168.1.1] [255.255.255.255] 347 0:02:05.772 0.012.764 05/31/2001 06:53:04 AM DHCP: Reply, 
 Message type: DHCP Offer
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 125 arrived at 06:53:04.2171; frame size is 347 (015B hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 003094248F71
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 333 bytes
IP: Identification = 45
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = F8C9 (correct)
IP: Source address = [192.168.1.1]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 68 (BootPc/DHCP)
UDP: Length = 313
UDP: Checksum = 8517 (correct)
UDP: [305 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 2 (Reply)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00001425
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [192.168.1.2]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [192.168.1.1]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 2 (DHCP Offer)
DHCP: Server IP address = [192.168.2.2]
DHCP: Request IP address lease time = 99471 (seconds)
DHCP: Address Renewal interval = 49735 (seconds)
DHCP: Address Rebinding interval = 87037 (seconds)
DHCP: Subnet mask = [255.255.255.0]
DHCP: Domain Name Server address = [192.168.10.1]
DHCP: Domain Name Server address = [192.168.10.2]
DHCP: NetBIOS Server address = [192.168.10.1]
DHCP: NetBIOS Server address = [192.168.10.3]
DHCP: Domain name = "cisco.com"
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 3 - DHCPREQUEST - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
3 [0.0.0.0] [255.255.255.255] 618 0:02:05.774 0.002.185 05/31/2001 06:53:04 AM DHCP: Request, 
 Message type: DHCP Request
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 126 arrived at 06:53:04.2193; frame size is 618 (026A hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station Cisc14F2C441
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 604 bytes
IP: Identification = 184
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = B8D9 (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 68 (BootPc/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 584
UDP: No checksum
UDP: [576 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 1 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00001425
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [0.0.0.0]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [0.0.0.0]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 3 (DHCP Request)
DHCP: Maximum message size = 1152
DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30
DHCP: Server IP address = [192.168.2.2]
DHCP: Request specific IP address = [192.168.1.2]
DHCP: Request IP address lease time = 99471 (seconds)
DHCP: Parameter Request List: 7 entries
DHCP: 1 = Client's subnet mask
DHCP: 6 = Domain name server
DHCP: 15 = Domain name
DHCP: 44 = NetBIOS over TCP/IP name server
DHCP: 3 = Routers on the client's subnet
DHCP: 33 = Static route
DHCP: 150 = Unknown Option
DHCP: Class identifier = 646F63736973312E30
DHCP: Option overload =3 (File and Sname fields hold options)
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 4 - DHCPACK - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
4 [192.168.1.1] [255.255.255.255] 347 0:02:05.787 0.012.875 05/31/2001 06:53:04 AM DHCP: Reply, 
 Message type: DHCP Ack
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 127 arrived at 06:53:04.2321; frame size is 347 (015B hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station 003094248F71
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 333 bytes
IP: Identification = 47
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = F8C7 (correct)
IP: Source address = [192.168.1.1]
IP: Destination address = [255.255.255.255]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 68 (BootPc/DHCP)
UDP: Length = 313
UDP: Checksum = 326F (correct)
UDP: [305 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 2 (Reply)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 00001425
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [192.168.1.2]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [192.168.1.1]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 5 (DHCP Ack)
DHCP: Server IP address = [192.168.2.2]
DHCP: Request IP address lease time = 172800 (seconds)
DHCP: Address Renewal interval = 86400 (seconds)
DHCP: Address Rebinding interval = 151200 (seconds)
DHCP: Subnet mask = [255.255.255.0]
DHCP: Domain Name Server address = [192.168.10.1]
DHCP: Domain Name Server address = [192.168.10.2]
DHCP: NetBIOS Server address = [192.168.10.1]
DHCP: NetBIOS Server address = [192.168.10.3]
DHCP: Domain name = "cisco.com"
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 5 - ARP - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
5 Cisc14F2C441 Broadcast 60 0:02:05.798 0.011.763 05/31/2001 06:53:04 AM ARP: R PA=[192.168.1.2] 
 HA=Cisc14F2C441 PRO=IP
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 128 arrived at 06:53:04.2439; frame size is 60 (003C hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station Cisc14F2C441
DLC: Ethertype = 0806 (ARP)
DLC: 
ARP: ----- ARP/RARP frame -----
ARP: 
ARP: Hardware type = 1 (10Mb Ethernet)
ARP: Protocol type = 0800 (IP)
ARP: Length of hardware address = 6 bytes
ARP: Length of protocol address = 4 bytes
ARP: Opcode 2 (ARP reply)
ARP: Sender's hardware address = 00E01EF2C441
ARP: Sender's protocol address = [192.168.1.2]
ARP: Target hardware address = FFFFFFFFFFFF
ARP: Target protocol address = [192.168.1.2]
ARP: 
ARP: 18 bytes frame padding
ARP: 

- - - - - - - - - - - - - - - - - - - - Frame 6 - ARP - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
5 Cisc14F2C441 Broadcast 60 0:02:05.798 0.011.763 05/31/2001 06:53:04 AM ARP: R PA=[192.168.1.2] 
 HA=Cisc14F2C441 PRO=IP
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 128 arrived at 06:53:04.2439; frame size is 60 (003C hex) bytes.
DLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source = Station Cisc14F2C441
DLC: Ethertype = 0806 (ARP)
DLC: 
ARP: ----- ARP/RARP frame -----
ARP: 
ARP: Hardware type = 1 (10Mb Ethernet)
ARP: Protocol type = 0800 (IP)
ARP: Length of hardware address = 6 bytes
ARP: Length of protocol address = 4 bytes
ARP: Opcode 2 (ARP reply)
ARP: Sender's hardware address = 00E01EF2C441
ARP: Sender's protocol address = [192.168.1.2]
ARP: Target hardware address = FFFFFFFFFFFF
ARP: Target protocol address = [192.168.1.2]
ARP: 
ARP: 18 bytes frame padding
ARP: 

嗅探器 A 踪迹

- - - - - - - - - - - - - - - - - - - - Frame 1 - DHCPDISCOVER - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
118 [192.168.1.1] [192.168.2.2] 618 0:00:51.212 0.489.912 05/31/2001 07:02:54 AM DHCP: Request, 
 Message type: DHCP Discover
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 118 arrived at 07:02:54.7463; frame size is 618 (026A hex) bytes.
DLC: Destination = Station 0005DC0BF2F4
DLC: Source = Station 003094248F72
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 604 bytes
IP: Identification = 52
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = 3509 (correct)
IP: Source address = [192.168.1.1]
IP: Destination address = [192.168.2.2]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 584
UDP: Checksum = 0A19 (correct)
UDP: [576 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 1 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 1
DHCP: Transaction id = 000005F4
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [0.0.0.0]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [192.168.1.1]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 1 (DHCP Discover)
DHCP: Maximum message size = 1152
DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30
DHCP: Parameter Request List: 7 entries
DHCP: 1 = Client's subnet mask
DHCP: 6 = Domain name server
DHCP: 15 = Domain name
DHCP: 44 = NetBIOS over TCP/IP name server
DHCP: 3 = Routers on the client's subnet
DHCP: 33 = Static route
DHCP: 150 = Unknown Option
DHCP: Class identifier = 646F63736973312E30
DHCP: Option overload =3 (File and Sname fields hold options)
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 2 - DHCPOFFER - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
2 [192.168.2.2] [192.168.1.1] 347 0:00:51.214 0.002.133 05/31/2001 07:02:54 AM DHCP: Request, 
 Message type: DHCP Offer
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 119 arrived at 07:02:54.7485; frame size is 347 (015B hex) bytes.
DLC: Destination = Station 003094248F72
DLC: Source = Station 0005DC0BF2F4
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 333 bytes
IP: Identification = 41
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = 3623 (correct)
IP: Source address = [192.168.2.2]
IP: Destination address = [192.168.1.1]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 313
UDP: Checksum = A1F8 (correct)
UDP: [305 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 2 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 000005F4
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [192.168.1.2]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [192.168.1.1]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 2 (DHCP Offer)
DHCP: Server IP address = [192.168.2.2]
DHCP: Request IP address lease time = 172571 (seconds)
DHCP: Address Renewal interval = 86285 (seconds)
DHCP: Address Rebinding interval = 150999 (seconds)
DHCP: Subnet mask = [255.255.255.0]
DHCP: Domain Name Server address = [192.168.10.1]
DHCP: Domain Name Server address = [192.168.10.2]
DHCP: NetBIOS Server address = [192.168.10.1]
DHCP: NetBIOS Server address = [192.168.10.3]
DHCP: Domain name = "cisco.com"
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 3 - DHCPREQUEST - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
3 [192.168.1.1] [192.168.2.2] 618 0:00:51.240 0.025.974 05/31/2001 07:02:54 AM DHCP: Request, 
 Message type: DHCP Request
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 120 arrived at 07:02:54.7745; frame size is 618 (026A hex) bytes.
DLC: Destination = Station 0005DC0BF2F4
DLC: Source = Station 003094248F72
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 604 bytes
IP: Identification = 54
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = 3507 (correct)
IP: Source address = [192.168.1.1]
IP: Destination address = [192.168.2.2]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 584
UDP: Checksum = 4699 (correct)
UDP: [576 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 1 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 1
DHCP: Transaction id = 000005F4
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [0.0.0.0]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [192.168.1.1]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 3 (DHCP Request)
DHCP: Maximum message size = 1152
DHCP: Client identifier = 00636973636F2D303065302E316566322E633434312D4574302F30
DHCP: Server IP address = [192.168.2.2]
DHCP: Request specific IP address = [192.168.1.2]
DHCP: Request IP address lease time = 172571 (seconds)
DHCP: Parameter Request List: 7 entries
DHCP: 1 = Client's subnet mask
DHCP: 6 = Domain name server
DHCP: 15 = Domain name
DHCP: 44 = NetBIOS over TCP/IP name server
DHCP: 3 = Routers on the client's subnet
DHCP: 33 = Static route
DHCP: 150 = Unknown Option
DHCP: Class identifier = 646F63736973312E30
DHCP: Option overload =3 (File and Sname fields hold options)
DHCP: 

- - - - - - - - - - - - - - - - - - - - Frame 4 - DHCPACK - - - - - - - - - - - - - - - - - - - -

Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
4 [192.168.2.2] [192.168.1.1] 347 0:00:51.240 0.000.153 05/31/2001 07:02:54 AM DHCP: Request, 
 Message type: DHCP Ack
DLC: ----- DLC Header -----
DLC: 
DLC: Frame 121 arrived at 07:02:54.7746; frame size is 347 (015B hex) bytes.
DLC: Destination = Station 003094248F72
DLC: Source = Station 0005DC0BF2F4
DLC: Ethertype = 0800 (IP)
DLC: 
IP: ----- IP Header -----
IP: 
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 333 bytes
IP: Identification = 42
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = 3622 (correct)
IP: Source address = [192.168.2.2]
IP: Destination address = [192.168.1.1]
IP: No options
IP: 
UDP: ----- UDP Header -----
UDP: 
UDP: Source port = 67 (BootPs/DHCP)
UDP: Destination port = 67 (BootPs/DHCP)
UDP: Length = 313
UDP: Checksum = 7DF6 (correct)
UDP: [305 byte(s) of data]
UDP: 
DHCP: ----- DHCP Header -----
DHCP: 
DHCP: Boot record type = 2 (Request)
DHCP: Hardware address type = 1 (10Mb Ethernet)
DHCP: Hardware address length = 6 bytes
DHCP: 
DHCP: Hops = 0
DHCP: Transaction id = 000005F4
DHCP: Elapsed boot time = 0 seconds
DHCP: Flags = 8000
DHCP: 1... .... .... .... = Broadcast IP datagrams
DHCP: Client self-assigned IP address = [0.0.0.0]
DHCP: Client IP address = [192.168.1.2]
DHCP: Next Server to use in bootstrap = [0.0.0.0]
DHCP: Relay Agent = [192.168.1.1]
DHCP: Client hardware address = 0005DCF2C441
DHCP: 
DHCP: Host name = ""
DHCP: Boot file name = ""
DHCP: 
DHCP: Vendor Information tag = 63825363 
DHCP: Message Type = 5 (DHCP Ack)
DHCP: Server IP address = [192.168.2.2]
DHCP: Request IP address lease time = 172800 (seconds)
DHCP: Address Renewal interval = 86400 (seconds)
DHCP: Address Rebinding interval = 151200 (seconds)
DHCP: Subnet mask = [255.255.255.0]
DHCP: Domain Name Server address = [192.168.10.1]
DHCP: Domain Name Server address = [192.168.10.2]
DHCP: NetBIOS Server address = [192.168.10.1]
DHCP: NetBIOS Server address = [192.168.10.3]
DHCP: Domain name = "cisco.com"
DHCP: 

当客户端工作站无法获得DHCP地址时，排除DHCP故障

案例研究#1：DHCP服务器与DHCP客户端位于同一个LAN网段或VLAN上

当DHCP服务器和客户端位于同一个LAN网段或VLAN上且客户端无法从DHCP服务器获取IP地址时。但是，本地路由器不太可能导致DHCP问题。此问题与连接DHCP服务器和DHCP客户端的设备有关。但是，问题可能出在DHCP服务器或客户端本身。这些模块有助于排除故障并确定导致问题的设备。

注意：要基于每个VLAN配置DHCP服务器，请为向客户端提供DHCP地址的每个VLAN定义不同的DHCP池。

案例研究#2：DHCP服务器和DHCP客户端被配置用于DHCP/BootP中继代理功能的路由器分隔

当DHCP服务器和客户端位于不同的LAN网段或VLAN上时，路由器将用作DHCP/BootP中继代理，负责将DHCPREQUEST转发到DHCP服务器。排除DHCP/BootP中继代理以及DHCP服务器和客户端故障需要执行其他步骤。如果您跟踪这些模块，则可以确定导致问题的设备。

路由器上的 DHCP 服务器由于 POOL EXHAUSTED 错误而无法分配地址

有些地址虽然已被从池中释放，但可能仍然被客户端占用。这可以通过 show ip dhcp conflict 命令的输出进行验证。当两台主机使用相同的 IP 地址时，就会产生地址冲突。进行地址分配时，DHCP 会通过 ping 和无故 ARP 来检查是否存在冲突。

如果检测到冲突，就会将相关地址从池中删除。直到管理员解决该冲突问题，该地址才会被分配。配置 ip dhcp conflict logging 以解决此问题。

DHCP故障排除模块

了解DHCP问题可能发生在何处

DHCP 问题可能有多种起因。最常见的起因就是配置问题。但是，许多DHCP问题可能是由系统中的软件缺陷、网络接口卡(NIC)驱动程序或在路由器上运行的DHCP/BootP中继代理引起的。由于存在大量潜在问题，因此需要采取系统化的方法来排除故障。

可能造成 DHCP 问题的原因简表：

• Catalyst 交换机的默认配置

• DHCP/BootP 中继代理的配置

• NIC 兼容问题或 DHCP 功能问题

• NIC 故障或 NIC 驱动程序安装不正确

• 因频繁的生成树计算导致的间歇性网络中断

• 操作系统的行为或软件缺陷

• DHCP 服务器的范围配置或软件缺陷

• Cisco Catalyst交换机或Cisco IOS DHCP/BootP中继代理软件缺陷

• 因在非预计接口接收到 DHCP offer，造成单播反向路径转发 (uRPF) 检查失败。当接口启用反向路径转发 (RPF) 功能时，Cisco 路由器会丢弃源地址为 0.0.0.0 以及目标地址为 255.255.255.255 的动态主机配置协议 (DHCP) 和引导协议 (BOOTP) 数据包。路由器也会在接口上丢弃所有含组播目标 IP 地址的 IP 数据包。Cisco Bug ID CSCdw31925中记录了此问题

注意：只有已注册的思科客户端可以访问漏洞报告。

• 未使用DHCP数据库代理，但DHCP冲突日志记录未禁用

A.检验物理连通性

本过程适用于所有案例研究。

首先，验证 DHCP 客户端和服务器的物理连接。如果连接到 Catalyst 交换机，请验证 DHCP 客户端和服务器与交换机之间的物理连接。 对于基于Cisco IOS的交换机（如Catalyst 2900XL/3500XL/2950/3550），与show port status等效的命令是show interface <interface>。  如果接口状态不是<interface>处于up状态，线路协议处于up状态，则端口不会传输数据流，甚至DHCP客户端请求也不会传输。命令的输出为：

Switch#show interface fastEthernet 0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0030.94dc.acc1 (bia 0030.94dc.acc1) 

如果验证了物理连接，证实Catalyst交换机和DHCP客户端之间没有链路，则使用排除Cisco Catalyst交换机的NIC兼容性问题部分排除与物理层连接问题有关的故障。

过多的数据链路错误会导致某些Catalyst交换机上的端口进入anerrdisabledstate。有关详细信息，请参阅Cisco IOS平台上的Errdisable端口状态恢复，其中描述了errdisable状态、说明了如何从此状态恢复，并且提供了从此状态恢复的示例。

B.配置客户端工作站和静态IP以测试网络连接

本过程适用于所有案例研究。

排除任何DHCP故障时，在客户端工作站上配置静态IP地址以验证网络连接非常重要。如果工作站虽然具有静态配置的IP地址，但仍无法访问网络资源，则问题的根源不是DHCP。此时，您需要排除网络连接故障。

C. 验证问题是否为启动问题

本过程适用于所有案例研究。

如果DHCP客户端无法在启动时从DHCP服务器获取IP地址，您可以手动强制客户端发送DHCP请求。执行后续步骤，从所列操作系统的DHCP服务器手动获取IP地址。

Microsoft Windows 95/98/ME：

1. 单击Startbutton并运行WINIPCFG.exe程序。
2. 点击Release Allbutton(由Renew Allbutton跟踪)。
3. DHCP 客户端此时是否能获得 IP 地址？

IP配置窗口

Microsoft Windows NT/2000：

1. 在“开始/运行”字段中输入cmd以打开命令提示符窗口。
2. 在命令提示符窗口中发出命令ipconfig/renew。
3. DHCP 客户端此时是否能获得 IP 地址？

命令行提示符

如果PC完成启动过程后，DHCP客户端能够通过手动更新IP地址来获取IP地址，则问题很可能是DHCP启动问题。如果DHCP客户端连接到Cisco Catalyst交换机，则问题很可能是由涉及STP portfast和/或信道和中继的配置问题引起的。也有可能是 NIC 卡问题和交换机端口启动问题。复习步骤D和E，确定交换机端口配置和NIC卡问题是导致DHCP问题的根本原因。

D. 验证交换机端口配置（STP Portfast 和其他命令）

如果交换机是 Catalyst 2900/4000/5000/6000，请验证端口是否启用了 STP portfast，并禁用了中继/信道。默认配置是 STP portfast 为禁用，而中继/通道功能为自动（如果适用）。对于 2900XL/3500XL/2950/3550 交换机而言，STP Portfast 是唯一需要进行的配置。这些配置更改可以解决 Catalyst 交换机初始安装导致的最常见 DHCP 客户端问题。

有关在连接到Catalyst交换机时DHCP正常运行所需的交换机端口配置要求的更多文档，请参阅使用Portfast和其他命令解决工作站启动连接延迟问题。

阅读完该文档后，您可以继续排除这些问题。

E.检查已知NIC卡或Catalyst交换机问题

如果Catalyst交换机配置正确，则可能是Catalyst交换机或DHCP客户端NIC上存在可能导致DHCP问题的软件兼容性问题。故障排除的下一步是检查排除Cisco Catalyst交换机的NIC兼容性问题，并排除Catalyst交换机或NIC上导致问题的任何软件问题。

要正确排除任何兼容性问题，需要了解DHCP客户端操作系统以及特定NIC信息（例如制造商、型号和驱动程序版本）。

F.区分DHCP客户端在DHCP服务器所处的子网或VLAN上获取IP地址

当客户端与DHCP服务器位于同一子网或VLAN时，必须区分DHCP是否正常运行。如果DHCP与DHCP服务器在同一子网或VLAN上工作正常，则DHCP问题主要由DHCP/BootP中继代理引起。如果即使在DHCP服务器所在的子网或VLAN上测试DHCP，问题仍然存在，则问题可能出在DHCP服务器。

G. 验证路由器 DHCP/BootP 中继配置

要验证配置，请执行以下操作：

1. 在路由器上配置DHCP中继时，请验证ip helper-address 命令是否位于正确的接口上。ip helper-address 命令必须位于 DHCP 客户端工作站的入站接口上，并且必须定向到正确的 DHCP 服务器。

2. 验证是否存在全局配置命令 no service dhcp。此配置参数禁用路由器上的所有DHCP服务器和中继功能。默认配置service dhcp不会出现在配置中，它是默认配置命令。如果未启用eservice dhcp，则客户端无法从DHCP服务器获得IP地址。

   注意：在运行较早Cisco IOS版本的路由器中，处理DHCP中继代理功能的是ip bootp server命令而非service dhcp命令。因此，如果将 ip helper-address 命令配置为转发 DHCP UDP 广播并作为代表 DHCP 客户端的 DHCP 中继代理，则需在路由器中启用 ip bootp server 命令。

3. 使用ip helper-address命令将UDP广播转发到子网广播地址时，请验证UDP广播数据包需要穿过的任何出站接口上都未配置no ip directed-broadcast。no ip directed-broadcast会阻止定向广播到物理广播的任何转换。此接口配置是软件版本12.0及更高版本中的默认配置。

4. 当DHCP广播转发到DHCP服务器子网广播地址时，可能会出现软件问题。当您排除DHCP故障时，尝试将DHCP UDP广播转发到DHCP服务器IP地址：

   version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption no service dhcp !--- This configuration command will disable all DHCP server and relay functionality on the router. hostname router ! ! ! interface Ethernet0 ip address 192.168.2.1 255.255.255.0 no ip directed-broadcast !--- This configuration will prevent translation of a directed broadcast to a physical broadcast. interface Ethernet1 !--- DHCP client workstations reside of this interface. ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.2.255 !--- IP helper-address pointing to DHCP server's subnet. no ip directed-broadcast ! ! ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 login ! end

H. 打开用户标识 (82) 选项

将 DHCP 请求从 DHCP 客户端转发到 DHCP 服务器时，DHCP 中继代理信息（选项 82）功能使得 DHCP 中继代理（Catalyst 交换机）可将有关其自身和所连接的客户端的信息包括在其中。

DHCP 服务器可利用该信息为服务提供商网络中的每个用户分配 IP 地址、执行访问控制并设置服务质量 (QoS) 和安全策略（或其他参数分配策略）。当在交换机中启用 DHCP 监听时，会自动启用选项 82。 如果未对 DHCP 服务器进行配置以使其可处理带选项 82 的数据包，则 DHCP 服务器会停止为该请求分配地址。 要解决此问题，请用全局配置命令 no ip dhcp relay information option 在交换机（中继代理）中禁用用户标识选项 (82)。

I. DHCP 数据库代理和 DHCP 冲突日志记录

DHCP 数据库代理是存储 DHCP 绑定数据库的任何主机，如 FTP、TFTP 或 RCP 服务器。您可以配置多个 DHCP 数据库代理，并且为每个代理配置每次数据库更新和转移之间的间隔。请使用 ip dhcp database 命令配置数据库代理和数据库代理参数。

如果选择不配置 DHCP 数据库代理，请在 DHCP 服务器上禁用 DHCP 地址冲突记录。执行noip dhcp conflict logging命令以禁用DHCP地址冲突日志记录。可使用 clear ip dhcp conflict 清除已记录的冲突。

如果以此方式禁用冲突日志记录失败，则会出现以下错误消息：

%DHCPD-4-DECLINE_CONFLICT: DHCP address conflict: client

J.检查CDP以验证IP电话连接情况

当与 Cisco IP 电话连接的交换端口禁用了 Cisco 设备发现协议 (CDP) 时，DHCP 服务器无法为电话分配合适的 IP 地址。DHCP 服务器倾向于分配属于数据 VLAN/交换端口子网的 IP 地址。如果已启用 CDP，则交换机能够检测到 Cisco IP 电话对 DHCP 的请求，并提供正确的子网信息。然后，DHCP 服务器可从语音 VLAN/子网池中分配一个 IP 地址。将 dhcp 服务绑定到语音 VLAN 并没有要求明确的步骤。

K.删除SVI会干扰DHCP监听操作

在 Cisco Catalyst 6500 系列交换机上，将 DHCP 配置为监听特定 VLAN 后，将会自动创建 SVI（处于关闭状态）。此 SVI 的存在对于正确进行 DHCP 监听操作有直接影响。

运行本地Cisco IOS的Cisco Catalyst 6500系列交换机上的DHCP监听主要在路由处理器（RP或MSFC）上实施，而不是在交换机处理器（SP或Supervisor）上实施。Cisco Catalyst 6500 系列使用 VACL 拦截硬件中的数据包，VACL 将数据包提供给 RP 预定的本地目标逻辑 (LTL)。帧进入 RP 后，在被传送到监听部分前，首先需要与 L3 接口 (SVI) IDB 关联。如果 SVI 不存在，则 IDB 也将无法存在，数据包将在 RP 处被丢弃。

L. 有限的广播地址

当 DHCP 客户端在 DHCP 数据包内设置了广播位时，DHCP 服务器和中继代理会将 DHCP 消息发送到具有全 1 广播地址 (255.255.255.255) 的客户端。如果ip broadcast-address命令被配置为发送网络广播，则会覆盖DHCP发送的全1广播。要解决此问题，请使用 ip dhcp limited-broadcast-address 命令来确保配置的网络广播不会覆盖默认 DHCP 行为。

除非在连接到客户端的路由器接口上配置了此命令，否则某些 DHCP 客户端只能接受全 1 广播并且无法获得 DHCP 地址。

M.使用路由器Debug命令调试DHCP

使用debug命令验证路由器是否收到DHCP请求

在支持软件处理DHCP数据包的路由器上，您可以验证路由器是否收到来自客户端的DHCP请求。如果路由器没有收到来自客户端的请求，则DHCP过程会失败。在此步骤中，配置访问列表以调试输出。此访问列表仅用于调试命令，不会干扰路由器。

在全局配置模式下，输入以下访问列表：

access-list 100 permit ip host 0.0.0.0 host 255.255.255.255

在执行模式下，输入此debug命令：

debug ip packet detail 100

示例输出

Router#debug ip packet detail 100
IP packet debugging is on (detailed) for access list 100
Router#
00:16:46: IP: s=0.0.0.0 (Ethernet4/0), d=255.255.255.255, len 604, rcvd 2
00:16:46: UDP src=68, dst=67
00:16:46: IP: s=0.0.0.0 (Ethernet4/0), d=255.255.255.255, len 604, rcvd 2
00:16:46: UDP src=68, dst=67

从该输出示例可以清楚地看出，路由器主动接收来自客户端的DHCP请求。输出仅显示数据包总结信息，而不是数据包本身。因此，无法判断数据包是否正确。然而，路由器确实接收了包含正确的（对 DHCP 而言）源和目标 IP 和 UDP 端口的广播数据包。

使用debug ip udp命令验证路由器是否接收和转发DHCP请求

debug ip udp 命令可以跟踪DHCP请求通过路由器的路径。但是，此调试在生产环境中是强制性的，因为所有已处理的交换UDP数据包都会显示到控制台。此debug命令不得在生产中使用。

警告：因为debug ip udp命令会产生干扰，可能会导致中央处理器(CPU)使用率较高。

在执行模式下，输入此debug命令：debug ip udp

示例输出

Router#debug ip udp
UDP packet debugging is on
Router#

00:18:48: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584 

!--- Router receiving DHCPDISCOVER from DHCP client.

00:18:48: UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604 

!--- Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP/BootP Relay Agent source IP address.

00:18:48: UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=313 

!--- Router receiving DHCPOFFER from DHCP server directed to DHCP/BootP Relay Agent IP address.

00:18:48: UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=333 

!--- Router forwarding DHCPOFFER from DHCP server to DHCP client via DHCP/BootP Relay Agent.

00:18:48: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584 

!--- Router receiving DHCPREQUEST from DHCP client.

00:18:48: UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604 

!--- Router forwarding DHCPDISCOVER unicast to DHCP server using DHCP/BootP Relay Agent source IP address.

00:18:48: UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=313 

!--- Router receiving DHCPACK (or DHCPNAK) from DHCP directed to DHCP/BootP Relay Agent IP address.

00:18:48: UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=333 

!--- Router forwarding DHCPACK (or DHCPNAK) to DHCP client via DHCP/BootP Relay Agent.

00:18:48: UDP: rcvd src=192.168.1.2(520), dst=255.255.255.255(520), length=32 

!--- DHCP client verifying IP address not in use by sending ARP request for its own IP address.

00:18:50: UDP: rcvd src=192.168.1.2(520), dst=255.255.255.255(520), length=32 

!--- DHCP client verifying IP address not in use by sending ARP request for its own IP address.

使用debug ip dhcp server packet命令验证路由器是否接收和转发DHCP请求

如果路由器Cisco IOS是12.0.x.T或12.1并支持Cisco IOS DHCP服务器功能，可以使用debug ip dhcp server packet命令。此调试旨在与Cisco IOS DHCP服务器功能一起使用，并用于排除DHCP/BootP中继代理功能故障。与之前步骤一样，路由器调试不能准确确定问题，因为无法查看实际数据包。但是，调试允许对DHCP处理进行推断。 在执行模式下，输入此debug命令：

debug ip dhcp server packet

Router#debug ip dhcp server packet
00:20:54: DHCPD: setting giaddr to 192.168.1.1. 

!--- Router received DHCPDISCOVER/REQUEST/INRORM and setting Gateway IP address to 192.168.1.1 for forwarding.

00:20:54: DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3065.302e.3165.6632.2e63..

!--- BOOTREQUEST includes DHCPDISCOVER, DHCPREQUEST, and DHCPINFORM.
 

!--- 0063.6973.636f.2d30.3065.302e.3165.6632.2e63 indicates client identifier.
 
00:20:54: DHCPD: forwarding BOOTREPLY to client 00e0.1ef2.c441. 

!--- BOOTREPLY includes DHCPOFFER and DHCPNAK.
 

!--- Client's MAC address is 00e0.1ef2.c441. 

00:20:54: DHCPD: broadcasting BOOTREPLY to client 00e0.1ef2.c441. 

!--- Router is forwarding DHCPOFFER or DHCPNAK broadcast on local LAN interface.

00:20:54: DHCPD: setting giaddr to 192.168.1.1. 

!--- Router received DHCPDISCOVER/REQUEST/INFORM and set Gateway IP address to 192.168.1.1 for forwarding.

00:20:54: DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3065.302e.3165.6632.2e63.. 

!--- BOOTREQUEST includes DHCPDISCOVER, DHCPREQUEST, and DHCPINFORM.


!--- 0063.6973.636f.2d30.3065.302e.3165.6632.2e63 indicates client identifier.

00:20:54: DHCPD: forwarding BOOTREPLY to client 00e0.1ef2.c441. 

!--- BOOTREPLY includes DHCPOFFER and DHCPNAK.


!--- Client's MAC address is 00e0.1ef2.c441.

00:20:54: DHCPD: broadcasting BOOTREPLY to client 00e0.1ef2.c441. 

!--- Router is forwarding DHCPOFFER or DHCPNAK broadcast on local LAN interface.

同时运行多个调试

当同时运行多个调试时，可以发现有关DHCP/BootP中继代理和服务器运行的大量信息。如果使用上述大纲进行故障排除，则可以推断DHCP/BootP中继代理功能无法正确运行的位置。

IP: s=0.0.0.0 (Ethernet0), d=255.255.255.255, len 604, rcvd 2
UDP src=68, dst=67
UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584
DHCPD: setting giaddr to 192.168.1.1.
UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604
IP: s=192.168.1.1 (local), d=192.168.2.2 (Ethernet1), len 604, sending
UDP src=67, dst=67
DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30 forwarded to 192.168.2.2.
IP: s=192.168.2.2 (Ethernet1), d=192.168.1.1, len 328, rcvd 4
UDP src=67, dst=67
UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=308
DHCPD: forwarding BOOTREPLY to client 0000.0000.0001.
DHCPD: broadcasting BOOTREPLY to client 0000.0000.0001.
UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=328
IP: s=0.0.0.0 (Ethernet0), d=255.255.255.255, len 604, rcvd 2
UDP src=68, dst=67
UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=584
DHCPD: setting giaddr to 192.168.1.1.
UDP: sent src=192.168.1.1(67), dst=192.168.2.2(67), length=604
IP: s=192.168.1.1 (local), d=192.168.2.2 (Ethernet1), len 604, sending
UDP src=67, dst=67
DHCPD: BOOTREQUEST from 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30 forwarded to 192.168.2.2.
IP: s=192.168.2.2 (Ethernet1), d=192.168.1.1, len 328, rcvd 4
UDP src=67, dst=67
UDP: rcvd src=192.168.2.2(67), dst=192.168.1.1(67), length=308
DHCPD: forwarding BOOTREPLY to client 0000.0000.0001.
DHCPD: broadcasting BOOTREPLY to client 0000.0000.0001.
UDP: sent src=0.0.0.0(67), dst=255.255.255.255(68), length=328. 

获取嗅探器踪迹并且确定 DHCP 问题的根本原因

复习解码同一LAN段上的DHCP客户端和服务器的嗅探器踪迹和解码由配置为DHCP中继代理的路由器分隔的DHCP客户端和服务器的嗅探器踪迹部分

来破解DHCP数据包跟踪。

有关如何使用Catalyst交换机上的交换端口分析器(SPAN)功能获取嗅探器踪迹的信息，请参阅配置Catalyst交换端口分析器(SPAN)配置示例。

在路由器上使用Debug命令进行数据包解码的其他方法

通过在思科路由器上使用debug ip packet detail dump <acl> 命令，可以在系统日志或命令行界面(CLI)中以十六进制形式显示完整的数据包。复习上述使用debug命令验证路由器是否接收DHCP请求和使用debug命令验证路由器是否接收DHCP请求并将其转发到DHCP服务器部分以及添加到访问列表中的dump关键字可以得到相同的调试信息，但数据包的详细信息是以十六进制格式显示的。要确定数据包的内容，需要转换数据包。附录 A 中提供了相关示例。

附录A：Cisco IOS DHCP示例配置

DHCP 服务器数据库为树状结构。树根是自然网络的地址池，树枝是子网络地址池，树叶是客户端的手动绑定。子网继承网络参数，客户端继承子网参数。因此，必须在树的最高（网络或子网）级别配置通用参数，例如域名。

有关如何配置DHCP及与其关联的命令的详细信息，请参阅DHCP配置任务列表。

version 12.1
! 
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password cisco 
ip subnet-zero 
no ip domain-lookup 
ip dhcp excluded-address 10.10.1.1 10.10.1.199 

!--- Address range excluded from DHCP pools. 

ip dhcp pool test_dhcp 

!--- DHCP pool (scope) name is test_dhcp.
 
network 10.10.1.0 255.255.255.0 

!--- DHCP pool (address will be assigned in this range) for associated Gateway IP address.
 
default-router 10.10.1.1 

!--- DHCP option for default gateway.
 
dns-server 10.30.1.1 

!--- DHCP option for DNS server(s).
 
netbios-name-server 10.40.1.1 

!--- DHCP option for NetBIOS name server(s) (WINS).
  
lease 0 0 1 

!--- Lease time. 
 
interface Ethernet0 
description DHCP Client Network 
ip address 10.10.1.1 255.255.255.0 
no ip directed-broadcast 
! 
interface Ethernet1 
description Server Network 
ip address 10.10.2.1 255.255.255.0 
no ip directed-broadcast 
!   
line con 0 
transport input none 
line aux 0 
transport input all 
line vty 0 4 
login 
! 
end 

注意：请注意，命令subnet prefix-length对DHCP池的正常运行不是必需的。此命令的使用集中于需要子网分配池的情况，有关此命令的详细信息，请参阅配置DHCP服务器按需地址池管理器文档中的子网分配服务器操作部分。

相关信息

• 工具和资源
• 思科技术支持和下载