Reason why the lease of some addresses in the address pool displays - on S series switches

25

Run the display ip pool [ { interface interface-pool-name | name ip-pool-name } [ start-ip-address [ end-ip-address ] | all | conflict | expired | used ] ] command to check DHCP address pool allocation on S series switches excluding the S1700. You can find that some addresses�?lease display -. This is because these addresses are one of idle, excluded, statically bound, and conflicting addresses.

Other related questions:
The leases of some addresses are displayed as - on S series switch
When the display ip pool [ { interface interface-pool-name | name ip-pool-name } [ start-ip-address [ end-ip-address ] | all | conflict | expired | used ] ] command is executed on an S series switch (except an S1700 switch) to display information about IP addresses in a DHCP address pool, the Lease field in the command output is displayed as hyphens (-) for idle, excluded, statically bound, and conflicting IP addresses.

Reasons why the DHCP address pool is exhausted on S series switches
If the allocated address pool resources far exceed the number of clients connected to a switch, the following causes may result in address pool exhaustion: - An attacker sends a large number of DHCP Discover messages by continuously changing the CHADDR field. As a result, the address pool resources are exhausted. In this case, DHCP snooping can be deployed. - DHCP server is configured with the DHCP server ping function. With this function, the switch attempts to ping the allocated address before sending the DHCP Offer message. If clients respond to ping packets on the network, the DHCP server may incorrectly determine address conflicts. As a result, the address pool resources are exhausted. There are two solutions: Obtain the packet header through port mirroring on the DHCP server and check whether the determination is correct. If so, the client can be disabled. 2. Disable the DHCP server ping function by using the undo dhcp server ping packet command.

IP addresses in a DHCP address pool on S series switch are exhausted
If the number of allocatable IP addresses in the address pool exceeds the number of DHCP clients connected to the DHCP server, the address pool resources may be exhausted in the following situation: - Many attackers apply for IP addresses or an attacker applies for many IP addresses by changing the CHADDR field in DHCP Discover messages. In this case, configure DHCP snooping. - The DHCP server ping function has been configured on the DHCP server. This function allows the switch to ping allocated IP addresses before sending DHCP Offer messages. Any reply to the ping packets may cause the DHCP server to consider that an IP address conflict occurs, resulting in exhaustion of address pool resources. To solve this problem, use either of the following methods: 1. Configure port mirroring on the DHCP server to obtain the packet header, and determine whether address pool exhaustion is caused by the second reason. If yes, disable the corresponding client. 2. Run the undo dhcp server ping packet command to disable the DHCP server ping function.

Method to release DHCP address pool and configure the lease on S series switches
S series switches excluding the S1700 allow the DHCP address pool to be manually released and support configurable lease for IP addresses dynamically assigned through DHCP.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top