KB24542 - SBR is unable to fetch an IP address from the DHCP server and the 'Could not allocate IP address via DHCP' error message is generated

Users are configured with the Framed-IP-address return list attribute and SBR is configured to fetch an IP address from the DHCP server via dhcp.ini and pool.dhc files.

The issue is that SBR is unable to obtain an IP address from the DHCP server and assign it to users; as a result, SBR authentication fails with the following errors in the debug logs:

05/31/2012 05:38:17 User NATIVEGUY being passed to attribute editing authentication methods
05/31/2012 05:38:32 DHCP Requester: No response to DISCOVER
05/31/2012 05:38:32 Could not allocate IP address via DHCP (pool POOL1)
05/31/2012 05:38:32 Error allocating dynamic resources, Rejecting

On performing a packet capture in the DHCP server, it was noticed that it was not responding to the DHCP discover packet, which is received from SBR. It is supposed to respond with a DHCP offer.

The following image illustrates the Wireshark capture from the DHCP server:

• SBR IP address = 10.141.232.62

 

• DHCP server IP address = 10.141.232.63
  
  

• The IP addresses, which are configured in DHCP scope, are not in the same subnet  as the DHCP server.

 

• A DHCP server can provide IP addresses to clients spanning multiple subnets, if the router that separates them can act as a  relay agent (BOOTP); for more information, refer to RFC1542.

 

• If the router cannot function as relay agent, each subnet that has DHCP clients requires a DHCP server. In this case, the DHCP scope is configured with an IP address range of 30.0.0.0/8; whereas the DHCP server was on the 10.141.232.0/24 subnet and there was no DHCP relay agent configured.

 

• The DHCP server has exhausted all the IP addresses, which were were contained within the scope.

 

• The DHCP server is not reachable from SBR server.

 

• There is a firewall between DHCP and SBR, which blocks traffic on the 67 and 68 UDP ports.

In the absence of a router, which can act as a DHCP relay agent, the only way to make the DHCP server to assign IP addresses is to delete the existing scope and re-create a new scope that contains the IP range, which is in the same subnet as the DHCP server.

However, the exception is that the DHCP server should have multiple NICs, which have IP addresses configured on them and the subnet of those IP addresses should match the subnets configured in the DHCP scope. In this case, a new scope with an IP range of 10.141.232.0/24 is created (the same subnet as the DHCP server), after which the issue was resolved.

The following image illustrates the Wireshark capture, when DHCP leased an IP address to SBR:



In the SBR debug logs, the following messages are displayed:

05/31/2012 07:40:49 User NATIVEGUY being passed to attribute editing authentication methods
05/31/2012 07:40:49 DHCP Requester: Allocated address 10.141.232.100 via DHCP (pool POOL1)
05/31/2012 07:40:49 Class subattribute: DistName : String Value = NATIVEGUY
05/31/2012 07:40:49 Class subattribute: AuthType : String Value = 0
05/31/2012 07:40:49 Class subattribute: IpAddr : String Value = 10.141.232.100:POOL1
05/31/2012 07:40:49 Class subattribute: DhcpInfo : String Value = 000A8DE83E4FC782F100000002,10.141.232.63:67,86000