Observing Dynamic Host Configuration Protocol (DHCP) Traffic
To observe the traffic on your network in regard to Dynamic Host Configuration Protocol (DHCP), enable the following debug options. Though you can monitor several options (debug ip dhcp server packet is probably the most useful), you can also choose from others:
ip dhcp server events: Reports address assignments, lease expirations, and other events that take place with the DHCP service
ip dhcp server class: Displays class-based address allocation
ip dhcp server linkage: Displays database linkage
dchp detail: Displays DHCP packet contents
Here is the output for debug ip dhcp server packet:
Router2>enable Password: Router2#terminal monitor Router2#debug ip dhcp server packet DHCPD:DHCPDISCOVER received from client 0b07.1134.a029 through relay 192.168.5.1. DHCPD:assigned IP address 192.168.5.73 to client 0a06.1335.a126. DHCPD: DHCPREQUEST received from client 0100.2241.806c.f3. DHCPD: DHCPDISCOVER received from client 0100.16ec.7a50.d7 on interface FastEthernet0/1. DHCPD: Sending DHCPOFFER to client 0100.16ec.7a50.d7 (192.168.5.20). DHCPD: broadcasting BOOTREPLY to client 0016.ec7a.50d7. DHCPD: DHCPREQUEST received from client 0100.16ec.7a50.d7. DHCPD: Sending DHCPACK to client 0100.16ec.7a50.d7 (192.168.5.20). DHCPD: DHCPINFORM received from client 0100.1d6a.44f1.c4 (192.168.1.132). DHCPD: DHCPREQUEST received from client 0100.16ec.7a50.d7. DHCPD: unicasting BOOTREPLY to client 0016.ec7a.50d7 (192.168.5.20). Router2#no debug ip dhcp server packet
If you enable too many debug options, you will affect the performance of your router and may have trouble reading items that are going across the screen. You can use the command no debug all to disable all debugging on your router.
If you need to remove a specific address pairing or DHCP lease from your DHCP database, use the clear command, like this command removing the lease for 172.30.1.175:
Router2# clear ip dhcp binding 172.30.1.175
You can also use clear ip dhcp binding to remove all automatic bindings (DHCP leases) from your DHCP database:
Router2# clear ip dhcp binding *
To view the DHCP database (which is common when you are trying to locate a device on the network), use the command that follows. At times, you may have an IP address or device that you need to locate, perhaps you are following up on an issue discovered from a firewall log or other source.
The show command allows you to identify the MAC address of the device. From there, you can move to network switches to locate the switch port the device is connected to; or refer to client computer documentation, if you happen to record the MAC addresses before giving your network users their computers.
Router2#show ip dhcp binding 192.168.5.20 IP address Client-ID/ Lease expiration Type Hardware address/ User name 192.168.5.20 0100.16ec.7a50.d7 Mar 14 2002 07:40 AM Automatic
To see information about your pools and their usage, use this command:
Router2#show ip dhcp pool Pool DHCP-Pool : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 4 Pending event : none 1 subnet is currently in the pool : Current index IP address range Leased addresses 192.168.5.21 192.168.5.1 - 192.168.5.254 4
Finally, to determine the amount of work your router is doing to support DHCP, view its statistics for DHCP with the following command:
Router2#show ip dhcp server statistics Memory usage 16566 Address pools 1 Database agents 0 Automatic bindings 4 Manual bindings 0 Expired bindings 15 Malformed messages 0 Secure arp entries 0 Message Received BOOTREQUEST 0 DHCPDISCOVER 67 DHCPREQUEST 230 DHCPDECLINE 0 DHCPRELEASE 0 DHCPINFORM 19 Message Sent BOOTREPLY 0 DHCPOFFER 34 DHCPACK 22 DHCPNAK 82