DHCPCCNA 200-301

DHCP Assigning IPs from Wrong Pool to Multi-VLAN Network

Presenting Symptom

Clients in VLAN 20 receive IP addresses from the DHCP pool intended for VLAN 10, causing connectivity issues.

Network Context

A small branch office network with a Cisco 4321 router acting as DHCP server for two VLANs: VLAN 10 (192.168.10.0/24) and VLAN 20 (192.168.20.0/24). The router is connected to a Cisco 2960 switch via a trunk link. DHCP pools are configured on the router, but clients in VLAN 20 are getting addresses from the VLAN 10 pool.

Diagnostic Steps

Verify DHCP bindings on the router

show ip dhcp binding

IP address       Client-ID/              Lease expiration        Type
                  Hardware address
192.168.10.1     0063.6973.636f.2d63.     Mar 01 2025 12:00 PM    Automatic
                  6330.3030.2e30.3030.
                  302e30.3030.302d.4574.
                  682d30.2f30
192.168.10.2     0063.6973.636f.2d63.     Mar 01 2025 12:05 PM    Automatic
                  6330.3030.2e30.3030.
                  302e30.3030.302d.4574.
                  682d30.2f31
...

If you see IP addresses from the wrong subnet (e.g., 192.168.10.x for a client in VLAN 20), it indicates the DHCP server is assigning from the wrong pool.

Check DHCP pool configuration

show ip dhcp pool

Pool vlan10 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)        : 0 / 0
 Total addresses                 : 254
 Leased addresses                : 10
 Pending event                   : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 192.168.10.1         192.168.10.1 - 192.168.10.254        10

Pool vlan20 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)        : 0 / 0
 Total addresses                 : 254
 Leased addresses                : 0
 Pending event                   : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 192.168.20.1         192.168.20.1 - 192.168.20.254        0

Notice that the vlan20 pool shows 0 leased addresses while clients are getting IPs from vlan10 pool. This suggests the DHCP server is not matching requests to the correct pool.

Examine DHCP relay configuration on the switch (if any) or check router's DHCP server debug

debug ip dhcp server events

DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63.6330.3030.2e30.3030.302e30.3030.302d.4574.682d30.2f30 on interface GigabitEthernet0/0.10
DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d63.6330.3030.2e30.3030.302e30.3030.302d.4574.682d30.2f30 (192.168.10.1).
DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d63.6330.3030.2e30.3030.302e30.3030.302d.4574.682d30.2f30.
DHCPD: Sending DHCPACK to client 0063.6973.636f.2d63.6330.3030.2e30.3030.302e30.3030.302d.4574.682d30.2f30 (192.168.10.1).

The debug shows the DHCP server is receiving requests on interface GigabitEthernet0/0.10 (subinterface for VLAN 10) even from clients that should be in VLAN 20. This indicates the DHCP server is not receiving the correct VLAN information, possibly due to missing or incorrect DHCP relay configuration.

Check the router's interface configuration for DHCP relay

show running-config interface GigabitEthernet0/0.20

interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip helper-address 192.168.10.1
!

The ip helper-address points to the router's own IP address (192.168.10.1) instead of a DHCP server address. This is incorrect; the helper address should point to the DHCP server, but since the router is the server, it should not have a helper address. Alternatively, if the DHCP server is external, the helper address should be the server's IP. In this case, the helper address is misconfigured, causing the router to relay DHCP broadcasts to itself, which may cause the server to assign IPs from the wrong pool based on the incoming interface.

Root Cause

The DHCP server (router) is configured with ip helper-address on the subinterface for VLAN 20, pointing to its own IP address (192.168.10.1). This causes the router to relay DHCP broadcasts from VLAN 20 to itself, but the DHCP server process receives the request on the interface where the helper address is configured (GigabitEthernet0/0.20) and matches it to the DHCP pool associated with that interface's primary subnet (192.168.20.0/24) only if the pool is correctly configured. However, due to the helper address pointing to itself, the server may misinterpret the incoming interface and assign an IP from the pool that matches the helper address's subnet (192.168.10.0/24) instead of the client's subnet. In this scenario, the router's DHCP server is assigning IPs from the VLAN 10 pool because the helper address is set to 192.168.10.1, causing the server to use that pool.

Resolution

Remove the ip helper-address from the VLAN 20 subinterface since the router is the DHCP server and should directly serve DHCP requests on that interface. Ensure the DHCP pool for VLAN 20 is correctly configured. 1. Enter global configuration mode: configure terminal 2. Remove the helper address: interface GigabitEthernet0/0.20 no ip helper-address 192.168.10.1 3. Verify the DHCP pool for VLAN 20 exists and is correct: ip dhcp pool vlan20 network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 dns-server 8.8.8.8 4. Exit and save configuration: end write memory

Verification

After applying the fix, verify that clients in VLAN 20 receive IP addresses from the correct pool: 1. Clear existing DHCP bindings to force clients to renew: clear ip dhcp binding * 2. On a client in VLAN 20, release and renew the IP address (e.g., ipconfig /release and ipconfig /renew on Windows). 3. Check DHCP bindings again: show ip dhcp binding Expected output should show IP addresses from 192.168.20.x for clients in VLAN 20. 4. Check DHCP pool utilization: show ip dhcp pool vlan20 Expected output should show leased addresses > 0.

Prevention

1. When the router is the DHCP server, do not configure ip helper-address on any interface that the router directly serves; the server automatically responds to broadcasts on its own interfaces. 2. Use distinct DHCP pool names and ensure the network statement matches the subnet of the interface where DHCP requests are received. 3. Implement DHCP snooping on the switch to prevent rogue DHCP servers and ensure proper VLAN-to-DHCP server mapping.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario tests understanding of DHCP operation in a multi-VLAN environment. The exam may present a troubleshooting scenario where clients in one VLAN receive IPs from another VLAN's pool, and you must identify the misconfigured ip helper-address or DHCP pool. Questions can be multiple-choice or drag-and-drop, requiring you to select the correct commands to fix the issue. Key knowledge: ip helper-address is used to forward DHCP broadcasts to a DHCP server; if the server is local, no helper address is needed; DHCP pools are matched based on the interface's primary subnet or the giaddr field in the DHCP packet.

Exam Tips

Remember that ip helper-address is only needed when the DHCP server is on a different subnet; if the router is the server, do not configure it on its own interfaces.

The DHCP server uses the gateway IP address (giaddr) in the DHCP packet to select the pool; if the helper address points to itself, the giaddr may be set to the helper address's subnet, causing pool mismatch.

Know the 'debug ip dhcp server events' command to see which pool the server is using for each request.

Commands Used in This Scenario

show ip dhcp binding

Displays the current DHCP binding table, showing which IP addresses have been leased to clients, along with their MAC addresses, lease expiration, and type of binding.

show ip dhcp pool

Displays the configuration and utilization statistics of a DHCP pool, used to verify pool settings and address allocation status.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions