Observing Dynamic Host Configuration Protocol (DHCP) Traffic - dummies

Observing Dynamic Host Configuration Protocol (DHCP) Traffic

By Edward Tetz

To observe the traffic on your network in regard to Dynamic Host Configuration Protocol (DHCP), enable the following debug options. Though you can monitor several options (debug ip dhcp server packet is probably the most useful), you can also choose from others:

  • ip dhcp server events: Reports address assignments, lease expirations, and other events that take place with the DHCP service

  • ip dhcp server class: Displays class-based address allocation

  • ip dhcp server linkage: Displays database linkage

  • dchp detail: Displays DHCP packet contents

Here is the output for debug ip dhcp server packet:

Router2#terminal monitor
Router2#debug ip dhcp server packet
DHCPD:DHCPDISCOVER received from client 0b07.1134.a029 through relay
DHCPD:assigned IP address to client 0a06.1335.a126.
DHCPD: DHCPREQUEST received from client 0100.2241.806c.f3.
DHCPD: DHCPDISCOVER received from client 0100.16ec.7a50.d7 on interface FastEthernet0/1.
DHCPD: Sending DHCPOFFER to client 0100.16ec.7a50.d7 (
DHCPD: broadcasting BOOTREPLY to client 0016.ec7a.50d7.
DHCPD: DHCPREQUEST received from client 0100.16ec.7a50.d7.
DHCPD: Sending DHCPACK to client 0100.16ec.7a50.d7 (
DHCPD: DHCPINFORM received from client 0100.1d6a.44f1.c4 (
DHCPD: DHCPREQUEST received from client 0100.16ec.7a50.d7.
DHCPD: unicasting BOOTREPLY to client 0016.ec7a.50d7 (
Router2#no debug ip dhcp server packet

If you enable too many debug options, you will affect the performance of your router and may have trouble reading items that are going across the screen. You can use the command no debug all to disable all debugging on your router.

If you need to remove a specific address pairing or DHCP lease from your DHCP database, use the clear command, like this command removing the lease for

Router2# clear ip dhcp binding

You can also use clear ip dhcp binding to remove all automatic bindings (DHCP leases) from your DHCP database:

Router2# clear ip dhcp binding *

To view the DHCP database (which is common when you are trying to locate a device on the network), use the command that follows. At times, you may have an IP address or device that you need to locate, perhaps you are following up on an issue discovered from a firewall log or other source.

The show command allows you to identify the MAC address of the device. From there, you can move to network switches to locate the switch port the device is connected to; or refer to client computer documentation, if you happen to record the MAC addresses before giving your network users their computers.

Router2#show ip dhcp binding
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name        0100.16ec.7a50.d7       Mar 14 2002 07:40 AM    Automatic

To see information about your pools and their usage, use this command:

Router2#show ip dhcp pool
Pool DHCP-Pool :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 4
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses      -     4

Finally, to determine the amount of work your router is doing to support DHCP, view its statistics for DHCP with the following command:

Router2#show ip dhcp server statistics
Memory usage         16566
Address pools        1
Database agents      0
Automatic bindings   4
Manual bindings      0
Expired bindings     15
Malformed messages   0
Secure arp entries   0
Message              Received
BOOTREQUEST          0
DHCPREQUEST          230
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           19
Message              Sent
BOOTREPLY            0
DHCPOFFER            34
DHCPACK              22
DHCPNAK              82