Direct connection PC Obtain IP failed after the configuration of DHCP in interface

Publication Date:  2012-09-13 Views:  442 Downloads:  0
Issue Description
USG2200-------PC

PC connect the USG2200, Obtain the IP failed.

Configuration as below:

#
sysname LSJJCY-Inter-1
#
super password level 3 cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
#
nat address-group 10 58.46.64.16 58.46.64.16
nat server protocol tcp global 58.46.64.17 www inside 192.168.1.5 www
undo nat alg enable esp
nat alg enable ftp
nat alg enable dns
nat alg enable icmp
nat alg enable netbios
undo nat alg enable h323
undo nat alg enable hwcc
undo nat alg enable ils
undo nat alg enable pptp
undo nat alg enable qq
undo nat alg enable msn
undo nat alg enable user-define
undo nat alg enable sip
undo nat alg enable mgcp
undo nat alg enable mms
undo nat alg enable sqlnet
undo nat alg enable rtsp
firewall permit sub-ip
#
dhcp server forbidden-ip 192.168.1.1 192.169.1.10
dhcp enable
dhcp server detect
#
firewall statistic system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
description inside
ip address 192.168.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 59.51.78.210 218.76.138.66
dhcp server domain-name huawei.com
#
interface Ethernet0/0/1
description outside
ip address 58.46.64.17 255.255.255.0
#
interface NULL0
#
right-manager server-group
#
acl number 2001
rule 0 permit source 192.168.1.0 0.0.0.255
#
acl number 3000
rule 0 permit ip destination 192.168.1.5 0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface Ethernet0/0/0
#
firewall zone untrust
set priority 5
add interface Ethernet0/0/1
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local dmz
#
firewall interzone trust untrust
packet-filter 3000 inbound
packet-filter 2001 outbound
nat outbound 2001 address-group 10
#
#
#
firewall interzone dmz untrust
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 58.46.64.1
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return

Alarm Information
none
Handling Process
Change the PC, problem is as old. And this PC can obtain the address normally otherwhere.
Command : dis dhcp ser sta
Global Pool:
Pool Number: 0
Binding
Auto: 0
Manual: 0
Expire: 0
Interface Pool:
Pool Number: 1
Binding
Auto: 0
Manual: 0
Expire: 0
Boot Request: 123
Dhcp Discover: 123
Dhcp Request: 0
Dhcp Decline: 0
Dhcp Release: 0
Dhcp Inform: 0
Boot Reply: 0
Dhcp Offer: 0
Dhcp Ack: 0
Dhcp Nak: 0
Bad Messages: 0

HA Message:
BatchBackup send msg: 0
BatchBackup recv msg: 0
BatchBackup send lease: 0
BatchBackup recv lease: 0

Found out the PC is always apply for the DHCP resource.

Found out by debug:

DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15198233 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15198416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15220150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
*0.15220283 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15220416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15220600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15223150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15223416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15223600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15231150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
*0.15231283 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15231416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15231600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15246150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
*0.15246283 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15246416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15246600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted

DHCP resource pool is exhaust.
display dhcp server ip-in-use all, found out no IP Address is distributed.
display dhcp server free-ip, found out the problem that it exist only one IP Address 192.168.1.1 in the free-ip.
Recheck the configuration: found out in the “dhcp server forbidden-ip 192.168.1.1 192.169.1.10”, the client mistake the end IP Address, the whole network segment was been covered.
Change the configuration, problem solved.
Root Cause
DHCP is not effective.

PC network card fault

Suggestions
Please be careful when we command the “dhcp server forbidden-ip”, avoid the large resource devotion later.

END