How do you diagnose and fix DHCP errors?
The exact steps for IP address and DHCP configuration are different for each type of user device. Contact your network administrator to get instructions for your specific device. For the purposes of this tip, we assume the endpoint has a good wired or wireless connection to the network and that the problem is specific to DHCP.
The first step in diagnosing DHCP is to examine your device's IP address and network settings. You'll need to verify it is using DHCP and not a manually configured address.
If it is configured to use DHCP and has an IP address, note the address, subnet mask, default router and DNS servers. The image below shows this information for a MacBook Pro.
If a device is unable to get an IP address via DHCP, it will use an automatic private IP address from the address range 169.254.x.y, as shown in the image below.
The following reasons could cause DHCP errors and compel a device to use a self-assigned IP address:
Error 1. No address assigned
The first DHCP error is no assigned IP address. The most common reasons for this error include DHCP server failure, no available addresses and network failure. To start diagnosis, verify the following items:
If any devices in the affected subnet can get or renew their addresses, then the server and the network are functioning properly. Check that the DHCP server's address pool still has addresses available.
You should also check for a network problem in the part of the network where the failing device is connected. It could be an incorrect switch port configuration, or perhaps the switch for your device has disconnected from the rest of the subnet. If your device is portable, move it to a good network connection, and try to get a DHCP address. A failure at this point indicates something is incorrect in the device configuration itself, not in the network or with the DHCP server.
For a new installation where no devices are working correctly, you should investigate network configuration mistakes that prevent the DHCP relay operation from working correctly. Also, check for MAC address filtering, which isn't used often, but should be verified.
The most challenging step will likely be checking network connectivity, simply because a variety of causes could cause a failure. You can start the diagnostic process by assigning a manual address to one device. Use that address to verify basic network connectivity to the DHCP server with ping and traceroute. If that works, then you'll need to check that the network device configurations are set to relay DHCP packets and that no blocking firewall rules exist. Look for simple things like typographical mistakes in addresses.
Be advised that some malware can create a denial-of-service attack by making DHCP requests until all addresses have been consumed. Each request uses a different MAC address, so you can examine the switch forwarding table to find the port on which many MAC addresses have been detected. This enables you to identify the infected device.
Error 2. Address is assigned but no connectivity
The next DHCP error is when an address is assigned but the device can't communicate with other devices. In this case, the following reasons could cause a DHCP error:
For conflicting IP addresses, you'll need to track down both devices by finding the MAC address of both devices. You'll then need to find the switch port to which each device is connected. A good network management system can help you with this process. One of the devices may have a manually assigned address from the DHCP address range. A best practice is to reserve separate address ranges for devices with fixed addresses.
In another case, a rogue DHCP server may hand out addresses from the same address range or a different address range. You may need to conduct network sleuthing with packet capture tools to identify the location of rogue servers.
The key symptom of a rogue DHCP server is the endpoints always get their addresses via DHCP. The addresses can be from the same range, or the rogue server may be using a different range than what's assigned to the subnet. In either case, you'll need to track down the rogue server and remove it from the network or disable DHCP on it.
Some network equipment vendors have a feature to detect rogue DHCP servers, frequently calledDHCP snooping. You may be able to use it to identify and suppress the action of undesirable DHCP servers.
Error 3. Address is valid but is missing DHCP options
The next DHCP error is where an address is valid but the DHCP options are not properly configured. DHCP options pass additional information to the endpoint to do things like identify a default gateway (option 3), make DNS requests (option 6) or identify a Trivial FTP server from which to download a device configuration (option 66).
The exact troubleshooting steps vary by the endpoint device type and its function. For example, VoIP phones need multiple DHCP options set. You'll need to refer to vendor documentation for configuration guidance.
About the Author
