Clients cannot obtain IP addresses through DHCP after the DHCP relay agent is upgraded

3

This problem may occur on a fixed switch in the following scenario:
- The switch was upgraded from V100R002/V100R003 to V100R005/V100R006.
- The switch functions as a DHCP relay agent and is configured with the dhcp relay information enable command.
- An authentication mechanism is enabled before the DHCP server allocates an IP address to a client. The authentication server authenticates the client based on the option 82 field.
After the dhcp relay information enable command is configured on the switch, the interface name that the switch encapsulates in the DHCP option 82 field varies according to the system software version:
- For V100R003 and earlier versions, a VLANIF interface name is encapsulated.
- For V100R005 and later versions, a physical interface name is encapsulated.
As different interface names may be encapsulated in the option 82 field before and after the upgrade, the authentication server may fail to authenticate the user based on the option 82 field. If this problem occurs, modify the user authentication configuration on the authentication server after the upgrade. To be specific, change the content of the option 82 field on the authentication server to the physical interface name, or change the user authentication policy by disabling DHCP option 82 field-based authentication.

Other related questions:
DHCP client cannot obtain a correct IP address
The request packets (DHCP discover) are broadcast by the DHCP clients. If multiple DHCP servers are located on the same subnet (for example, bogus DHCP server), the clients may obtain IP addresses from a bogus DHCP server. To address this problem, configure DHCP snooping. Then clients can receive DHCP packets from only the trusted DHCP server. Perform the following configuration: [Huawei] dhcp enable [Huawei] dhcp snooping enable [Huawei] interface gigabitethernet 1/0/1 //Enter the view of the interface connected to the DHCP client. [Huawei-GigabitEthernet1/0/1] dhcp snooping enable [Huawei-GigabitEthernet1/0/1] quit [Huawei] interface gigabitethernet 1/0/2 [Huawei-GigabitEthernet1/0/2] dhcp snooping trusted //Configure the interface of the DHCP server as the trusted interface. [Huawei-GigabitEthernet1/0/2] quit Note: - When you configure DHCP snooping on a Layer 2 access device, steps 1, 2, and 3 are mandatory and must be performed in the following sequence. - When you configure DHCP snooping on a DHCP relay agent, only steps 1 and 2 are required.

DHCP clients cannot obtain IP addresses. How do I solve this problem
Ensure that the DHCP configuration is correct, and reduce the IP address lease. If a long IP address lease is set, after all addresses in the address pool are allocated, addresses that are not required cannot be released immediately. As a result, other DHCP clients cannot obtain IP addresses.

An AR used as a DHCP client cannot obtain an IP address
When the configuration is correct, you can shorten the IP address lease. If the IP address lease is long, after addresses in the address pool are allocated, the address that has been allocated to a client is no longer used and cannot be released. As a result, other DHCP clients cannot obtain the IP address.

DHCP clients fail to obtain IP addresses from the DHCP server on the AR
The causes that DHCP clients fail to obtain IP addresses from the DHCP server are as follows: - The configuration is incorrect. - There is no allocable IP address in the DHCP address pool. - STP is enabled on upper-level access devices of some diskless workstations. For details on troubleshooting and solutions, see AR150&AR160&AR200&AR510&AR1200&AR2200&AR3200 FAQ.
About the AR ClientExceptions occurs when the IP address is obtained. For details, see the Revelations of Troublesolving on the right page.

Why does a user on an AR slowly obtain an IP address
The cause is that the interface is enabled with STP. By default, all interfaces of an AR are configured with STP. When the interface changes from Down to Up, STP convergence is performed (the process takes about 30s). During STP convergence, an interface on an AR directly discards received packets. That is, DHCP Request messages are all discarded during the STP convergence period. IP addresses are obtained slowly in this case. Use either of the following methods to solve this problem: - Run the stp edged-port enable command on the AR interface connected to a user terminal to configure the interface as an edge interface. If the AR is configured with the stp bpdu-protection command, the edge interface of the AR becomes Down when there are malicious attacks of BPDUs. To enable the edge interface to automatically go Up, run the error-down auto-recovery cause bpdu-protection interval interval-value command. - If there is no physical loop, run the stp disable command on the AR in the system view or the AR interface connected to a user terminal.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top